Skip to content

lebr0nli/PHPFun

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits

demo

demo

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

phpfun.py

phpfun.py

 
 

Repository files navigation

PHPFun: ([.^])

Inspired by aemkei/jsfuck and based on splitline/PHPFuck

Using only 6 different characters to write and execute PHP.

Only support PHP 7+ currently.

Demo

The following source will execute phpinfo();:

<?php ((([]^[]).[]^(([].[])[[]]^([].[])[[[]]]^[[]]).[]^([].[])[([].[])[[]]^([].[])[[[]]]]).(([].[])[[[]]]).(([]^[]).[]^(([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))).[]^([].[])[([].[])[[]]^([].[])[[[]]]]).(([].[])[([].[])[[]]^([].[])[[[]]]]).((([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))^[[]]).[]^([].[])[[]]).(([]^[]).[]^(([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))).[]^([].[])[([].[])[[]]^([].[])[[[]]]]).((([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))^[[]]).[]^([].[])[[[]]]^([].[])[([].[])[[]]^([].[])[[[]]]]^([].[])[([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))]).((([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))).[]^([].[])[[]]^([].[])[[[]]]^([].[])[([].[])[[]]^([].[])[[[]]]]).((([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))).[]^([].[])[[]]).(([]^[]).[]^(([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))).[]^([].[])[[[]]]^([].[])[([].[])[[]]^([].[])[[[]]]]^([].[])[([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))]).(([]^[]).[]^(([].[])[[]]^([].[])[[[]]]^[[]]).[]^([].[])[([].[])[[]]^([].[])[[[]]]]).((([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))^[[]]).[]^([].[])[[]]).(([]^[]).[]^([].[])[[]]^([].[])[([].[])[[]]^([].[])[[[]]]]^([].[])[([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))]).((([].[])[[]]^([].[])[[[]]]^[[]]^(([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]])))).[]^([].[])[[]]^([].[])[([].[])[[]]^([].[])[[[]]]]^([].[])[([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))]).(([]^[]).[]^(([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))).[]^([].[])[[[]]]^([].[])[([].[])[[]]^([].[])[[[]]]]^([].[])[([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))]))(...(((([].[])[[]]^([].[])[[[]]]^[[]]).[]^([].[])[[]]).((([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))^[[]]).[]^([].[])[[]]).(([].[])[[[]]]).((([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))^[[]]).[]^([].[])[[[]]]^([].[])[([].[])[[]]^([].[])[[[]]]]^([].[])[([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))]).((([].[])[[]]^([].[])[[[]]]^[[]]).[]^(([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))).[]^([].[])[([].[])[[]]^([].[])[[[]]]]).(([]^[]).[]^(([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))).[]^([].[])[([].[])[[]]^([].[])[[[]]]]).((([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))^[[]]).[]^([].[])[[]]).(([]^[]).[]^(([].[])[[]]^([].[])[[[]]]^[[]]).[]^([].[])[([].[])[[]]^([].[])[[[]]]]).((([].[])[[]]^([].[])[[[]]]^[[]]).[]^([].[])[[]]).(([]^[]).[]^(([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))).[]^([].[])[[[]]]))(((([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))).[]^([].[])[([].[])[[]]^([].[])[[[]]]]^([].[])[([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))]).(([]^[[]]).[]^([].[])[[[]]]^([].[])[([].[])[[]]^([].[])[[[]]]]).(([]^[[]]).[]^([].[])[[]]).(([]^[[]]).[]^([].[])[[]]^([].[])[([].[])[[]]^([].[])[[[]]]]^([].[])[([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))]).(([]^[[]]).[]^([].[])[[]]).(([]^[]).[]^([].[])[[]]^([].[])[([].[])[[]]^([].[])[[[]]]]^([].[])[([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))]).(([]^[]).[]^(([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))).[]^([].[])[[[]]]^([].[])[([].[])[[]]^([].[])[[[]]]]^([].[])[([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))]).((([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))).[]^([].[])[[]]^([].[])[[[]]]^([].[])[([].[])[[]]^([].[])[[[]]]]).((([].[])[[]]^([].[])[[[]]]^[[]]^(([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]])))).[]^([].[])[[]]^([].[])[([].[])[[]]^([].[])[[[]]]]^([].[])[([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))]).(([]^[]).[]^([].[])[([].[])[[]]^([].[])[[[]]]]^([].[])[([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))]).(([]^[[]]).[]^([].[])[([].[])[[]]^([].[])[[[]]]]^([].[])[([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))]).(([]^[]).[]^([].[])[[[]]]^([].[])[([].[])[[]]^(([]^[]).[].[])[([]^[[]]).([]^[])]^[]^(([]^[[]]).(([].[])[[]]^([].[])[[[]]]^[[]]))]).(([]^[[]]).[]^([].[])[[[]]]^([].[])[([].[])[[]]^([].[])[[[]]]])))() ?>

Usage

usage: phpfun.py [-h] [-O FILE] [-P] [-E {assert,create_function}] code

positional arguments:
  code                  any string to encode.

optional arguments:
  -h, --help            show this help message and exit
  -O FILE, --output-file FILE
                        write encoded string into some file.
  -P, --plain-string    encode as plain string (without eval it).
  -E {assert,create_function}, --eval {assert,create_function}
                        choose eval mode. (`assert` mode only support PHP < 7.1)

You can just use it like this: python3 phpfun.py "system('id');"

Arguments

  • code (required)
    • Any string or php code to encode.
  • -O, --output-file
    • Write encoded string into some file.
  • -P, --plain-string
    • Encode as plain string (without eval it).
    • With this argument, I will not wrap your code into assert or create_function to eval.
  • -E, --eval
    • You can choose your eval mode!
    • create_function mode (default)
      • create_function('', YOUR_CODE)();
    • assert mode
      • Only support PHP < 7.1 (=7.0.x).
      • assert( '(function(){ YOUR_CODE; return 1; })()' );

TODO

  • Don't use deprecated feature. (create_function has been DEPRECATED)
  • Compatible with PHP 8
  • With [^a-zA-Z0-9] and len(set(encoded)) < 6

About

Write and execute PHP with only 6 different characters: ([.^])

lebr0nli.github.io/PHPFun/

Topics

php obfuscator ctf-tools phpfuck

Resources

Readme

License

MIT license
Activity

Stars

17 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages