Skip to content

lebr0nli/PHPFun

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
demo
demo
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
phpfun.py
phpfun.py
 
 

Repository files navigation

PHPFun: ([.^])

Inspired by aemkei/jsfuck and based on splitline/PHPFuck

Using only 6 different characters to write and execute PHP.

Only support PHP 7+ currently.

Demo

The following source will execute phpinfo();:

<?php ((([]^[]).[]^(([].[])[[]]^([].[])[[[]]]^[[]]).[]^([].[])[([].[])[[]]^([].[])[[[]]]]).(([].[])[[[]]]).(([]^[]).[]^(([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))).[]^([].[])[([].[])[[]]^([].[])[[[]]]]).(([].[])[([].[])[[]]^([].[])[[[]]]]).((([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))^[[]]).[]^([].[])[[]]).(([]^[]).[]^(([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))).[]^([].[])[([].[])[[]]^([].[])[[[]]]]).((([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))^[[]]).[]^([].[])[[[]]]^([].[])[([].[])[[]]^([].[])[[[]]]]^([].[])[([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))]).((([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))).[]^([].[])[[]]^([].[])[[[]]]^([].[])[([].[])[[]]^([].[])[[[]]]]).((([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))).[]^([].[])[[]]).(([]^[]).[]^(([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))).[]^([].[])[[[]]]^([].[])[([].[])[[]]^([].[])[[[]]]]^([].[])[([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))]).(([]^[]).[]^(([].[])[[]]^([].[])[[[]]]^[[]]).[]^([].[])[([].[])[[]]^([].[])[[[]]]]).((([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))^[[]]).[]^([].[])[[]]).(([]^[]).[]^([].[])[[]]^([].[])[([].[])[[]]^([].[])[[[]]]]^([].[])[([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))]).((([].[])[[]]^([].[])[[[]]]^[[]]^(([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]])))).[]^([].[])[[]]^([].[])[([].[])[[]]^([].[])[[[]]]]^([].[])[([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))]).(([]^[]).[]^(([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))).[]^([].[])[[[]]]^([].[])[([].[])[[]]^([].[])[[[]]]]^([].[])[([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))]))(...(((([].[])[[]]^([].[])[[[]]]^[[]]).[]^([].[])[[]]).((([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))^[[]]).[]^([].[])[[]]).(([].[])[[[]]]).((([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))^[[]]).[]^([].[])[[[]]]^([].[])[([].[])[[]]^([].[])[[[]]]]^([].[])[([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))]).((([].[])[[]]^([].[])[[[]]]^[[]]).[]^(([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))).[]^([].[])[([].[])[[]]^([].[])[[[]]]]).(([]^[]).[]^(([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))).[]^([].[])[([].[])[[]]^([].[])[[[]]]]).((([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))^[[]]).[]^([].[])[[]]).(([]^[]).[]^(([].[])[[]]^([].[])[[[]]]^[[]]).[]^([].[])[([].[])[[]]^([].[])[[[]]]]).((([].[])[[]]^([].[])[[[]]]^[[]]).[]^([].[])[[]]).(([]^[]).[]^(([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))).[]^([].[])[[[]]]))(((([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))).[]^([].[])[([].[])[[]]^([].[])[[[]]]]^([].[])[([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))]).(([]^[[]]).[]^([].[])[[[]]]^([].[])[([].[])[[]]^([].[])[[[]]]]).(([]^[[]]).[]^([].[])[[]]).(([]^[[]]).[]^([].[])[[]]^([].[])[([].[])[[]]^([].[])[[[]]]]^([].[])[([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))]).(([]^[[]]).[]^([].[])[[]]).(([]^[]).[]^([].[])[[]]^([].[])[([].[])[[]]^([].[])[[[]]]]^([].[])[([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))]).(([]^[]).[]^(([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))).[]^([].[])[[[]]]^([].[])[([].[])[[]]^([].[])[[[]]]]^([].[])[([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))]).((([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))).[]^([].[])[[]]^([].[])[[[]]]^([].[])[([].[])[[]]^([].[])[[[]]]]).((([].[])[[]]^([].[])[[[]]]^[[]]^(([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]])))).[]^([].[])[[]]^([].[])[([].[])[[]]^([].[])[[[]]]]^([].[])[([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))]).(([]^[]).[]^([].[])[([].[])[[]]^([].[])[[[]]]]^([].[])[([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))]).(([]^[[]]).[]^([].[])[([].[])[[]]^([].[])[[[]]]]^([].[])[([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))]).(([]^[]).[]^([].[])[[[]]]^([].[])[([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))]).(([]^[[]]).[]^([].[])[[[]]]^([].[])[([].[])[[]]^([].[])[[[]]]])))() ?>

Usage

usage: phpfun.py [-h] [-O FILE] [-P] [-E {assert,create_function}] code positional arguments: code any string to encode. optional arguments: -h, --help show this help message and exit -O FILE, --output-file FILE write encoded string into some file. -P, --plain-string encode as plain string (without eval it). -E {assert,create_function}, --eval {assert,create_function} choose eval mode. (`assert` mode only support PHP < 7.1)

You can just use it like this: python3 phpfun.py "system('id');"

Arguments

  • code (required)
    • Any string or php code to encode.
  • -O, --output-file
    • Write encoded string into some file.
  • -P, --plain-string
    • Encode as plain string (without eval it).
    • With this argument, I will not wrap your code into assert or create_function to eval.
  • -E, --eval
    • You can choose your eval mode!
    • create_function mode (default)
      • create_function('', YOUR_CODE)();
    • assert mode
      • Only support PHP < 7.1 (=7.0.x).
      • assert( '(function(){ YOUR_CODE; return 1; })()' );

TODO

  • Don't use deprecated feature. (create_function has been DEPRECATED)
  • Compatible with PHP 8
  • With [^a-zA-Z0-9] and len(set(encoded)) < 6

About

Write and execute PHP with only 6 different characters: ([.^])

lebr0nli.github.io/PHPFun/

Topics

php obfuscator ctf-tools phpfuck

Resources

Readme

License

MIT license
Activity

Stars

20 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages