 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 45
 Members: 0
 Total: 45
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
PHPLockIt! Decode Request |
|
 Posted: Sun Apr 11, 2010 8:12 am |
 |
|
| larsm |
| Beginner |
 |
|
| Joined: Apr 11, 2010 |
| Posts: 4 |
|
|
|
 |
|
 |
|
I can't do it myself so I need your help, can someone please decode this?
| Code: | | <?php /* Copyright SomeMax */$OOO000000=urldecode('%66%67%36%73%62%65%68%70%72%61%34%63%6f%5f%74%6e%64');$OOO0000O0=$OOO000000{4}.$OOO000000{9}.$OOO000000{3}.$OOO000000{5};$OOO0000O0.=$OOO000000{2}.$OOO000000{10}.$OOO000000{13}.$OOO000000{16};$OOO0000O0.=$OOO0000O0{3}.$OOO000000{11}.$OOO000000{12}.$OOO0000O0{7}.$OOO000000{5};$OOO000O00=$OOO000000{0}.$OOO000000{12}.$OOO000000{7}.$OOO000000{5}.$OOO000000{15};$O0O000O00=$OOO000000{0}.$OOO000000{1}.$OOO000000{5}.$OOO000000{14};$O0O000O0O=$O0O000O00.$OOO000000{11};$O0O000O00=$O0O000O00.$OOO000000{3};$O0O00OO00=$OOO000000{0}.$OOO000000{8}.$OOO000000{5}.$OOO000000{9}.$OOO000000{16};$OOO00000O=$OOO000000{3}.$OOO000000{14}.$OOO000000{8}.$OOO000000{14}.$OOO000000{8};$OOO0O0O00=__FILE__;$OO00O0000=1800;eval($OOO0000O0('JE8wMDBPME8wMD0kT09PMDAwTzAwKCRPT08wTzBPMDAsJ3JiJyk7JE8wTzAwT08wMCgkTzAwME8wTzAwLDB4NDhhKTskT08wME8wME8wPSRPT08wMDAwTzAoJE9PTzAwMDAwTygkTzBPMDBPTzAwKCRPMDAwTzBPMDAsMHgxZmMpLCdPWVBkRDRWU0tCd25JaDdiM1JGeDVqK3VybXRmc2VhbC8wQ3o5VUFHTEhFSnlwTmdpdm9RTTZYY1pXOFRrMnExPScsJ0FCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXowMTIzNDU2Nzg5Ky8nKSk7ZXZhbCgkT08wME8wME8wKTs='));return;?>eX0HfV5LeVUpmF/HbzDohz3W7dKMIdOHmVUUwPe5tVUQKShzsAUiePYLruI/mu0ituBUmPZ/5VvUruhUKVhgfGR0rc3/euI/mA2oKV6gsA5/t+WAfcBpruRHfXZNBo9TBD2bIdYbIdYbId6QeSBlsAjifV4zmF/Gu62VF5v4u6kGnPKGKCZ9xM2bIDkixQOinCKGKCi9xM2bIdOiIDkiwPRbxMkiIdOiIDkLBDkixQOixMkiIP/9xQOiIDkixQOinPRbxQOixQOiIdOHnPeb+jY9RdR+5MpPeXWBtdeCI6BVadjEwcjofuRAsXj0fPki3cLWj54SxD04FGUixAeHeA2Rxxmrr6Hu74RJIGDvbFsyBM4P3MR4R9eKF5HnxD67x6YR5Uh5jjmu+4Utr+BzmVjAmX0HtApyf+WgsS4oscR6eGeZauLiIxKQhd5XhQ/WwokGwF9H7XmzfV2QmF/9xQOiIDkixQOiwxpUeA4ywPRbxQOixQOixQOH7i==PAUAKP/0mVjAt+WUmP/GR4IGwF9/aiH9m+mHfA5LBMRxBovDFjB436Rb5UUl5Mj33jBYjD2Fwxywl3HHmCOLK+RUmAUNm+3LB6Bbx63GwF9/aiH9m+mHfA5LB6Bbx63GnVRHsAW0f+5LmVUofA4pmF09tuBNr+6Uw42lR9UIRj2lwF9Hwxywl3HHmCOLK+RUmAUNm+3LBM43542DFjKGwF9/aiH9m+mHfA5LBM43542DFjKGnVB0sXjNr+6UwVRHsAW0f+5LmVUofA4pmF0luMmBxDjluo9HwF9TPGMwt+r/wP49m+mHfAj9wPed35p4uMhb59jlF5Wdx4jDRj233jRKBo9HKSywmVjAt+WUwPed35p4uMhb59jlF5Wdx4jDRj233jRKBovFxM25wxywl3HHmCOLK+RUmAUNm+3LB6e43UBbx6RlRDUFBo9HKSywmVjAt+WUwPeuR5BFxM25uMRB5CsyrA4Qm+W0f+5LmVUofA4pmF0luMmBxDjluo9Hwxywl3HHmCOLK+RUmAUNm+3LB6euj62FxM25Bo9HKSywmVjAt+WUwPeuj6el592bjPsymVUofA4pmF0luMmBxDjluo9/n9Rxwxywl3HHmCOLK+RUmAUNm+3LBMhb59jl5D45FPsHwFYTPAUAKP0Ae+WzeVUgfU2UaVUQeSILBXUNtj2Qmu3GwFOABAUNtj2Qmu3LBXUNrXv6mVjlsV4MtPsy3M4nRj2dx6B4uMU73MvjRDjl5D45FPON5D45F42xRjYY5945x6K/nUBbx63/n9RxKPWY54YlRDUFKPWD5oON5D45F42xRjYY5945x6K/nAUNtj2Gmu3LBXUNrXv6mVjlsV4MtPsHwF9/aiH9m+mHfA5LBM4354233jRKBovNe+vywxywmVjAt+WUwPedx6B4u6YYjD/GnVW6fViH7iH2m+vQmFYTPARUmAUNmF/G3jY3u6YYjD/Gn4Bbx63/n9RxKPWY54YlRDUFKPWD5o9TPARUmAUNmF/G3M2FRj233jRKBovd35p4uMhb59jlF5Wdx4jDRj233jRKKPWD5o9TPGMwl3HHmCOLK+UNrXv6mV5L3M2FRj233jRKKPZGrX4JmFsNR4I/nCeCfX2MscRoruONsV0iBo9HKSyweSBHmXeUsU2UsGBgsC/C3X4JmjYK5PYzfcBUKVhge+v9KVWgePYCmFYAfcjNmPZ/KDhLm+hJKSRLmFYXr+v6mFYgmCYd35p4uMhb59jlF5Wdx4jDRj233jRKKVUNKD435P2cm+BofX2MnXUNmVjZnGYLsPZ/KDUMKShLfcjymPYifXUNePYMfoYMtV5/mVUom+hMfcBWKVhgfGR0t+WHfAs/a+26sCOCn9RxKPZCrX4JmFYzfcBUKVRHsAjzeV2oaFY0fA3/a+26sCOCn9RxKPZCeAjNmV2osoYofX2MKVRHsAjzeV2oaFZCnDjljjh45U245UBb5C9TPGMwt+r/wVUQsXjMwPRlRMj5+oe6sAiGuF9/BCr9uMe4j4yGeuByB6M/bxM2KPeArumHrX2NnAUzfosHKSywsAjMeuBN7iH2m+vQmFYTPCRBF5UBF5UBfDUyF+i/bFYNmus/RVUQsV4MrX0UsC/H7iL9F5UBF5UBF+vBfDUynxW9tuhiruRztP/9euBywxywl3HHmCOL3X2NmAUGeuBU7zHom+49wP9/bzOHKSywm+hLfoOCbPDpnFOCnGBge+W9wVeUeD6HrcBgeVUpmF/HKPM9F5UBF5UBF+vBfD9vnd3HKPZCsoOpnxZC7iH2P/== |
|
|
|
|
|
|
|
|
|
| Posted: Sun Apr 11, 2010 1:31 pm |
|
|
| Cyko |
| Moderator |
 |
|
| Joined: Jul 21, 2009 |
| Posts: 375 |
|
|
|
|
|
|
|
Looks like its from a telebid/auction script?
| Code: | <?php
if (!defined('DS')) {
define('DS',DIRECTORY_SEPARATOR);
}
if (!defined('ROOT')) {
define('ROOT',dirname(dirname(dirname(__FILE__))));
}
if (!defined('APP_DIR')) {
define('APP_DIR',basename(dirname(dirname(__FILE__))));
}
if (!defined('CAKE_CORE_INCLUDE_PATH')) {
define('CAKE_CORE_INCLUDE_PATH',ROOT);
}
if (!defined('WEBROOT_DIR')) {
define('WEBROOT_DIR',basename(dirname(__FILE__)));
}
if (!defined('WWW_ROOT')) {
define('WWW_ROOT',dirname(__FILE__) .DS);
}
if (!defined('CORE_PATH')) {
if (function_exists('ini_set') &&ini_set('include_path',CAKE_CORE_INCLUDE_PATH .PATH_SEPARATOR .ROOT .DS .APP_DIR .DS .PATH_SEPARATOR .ini_get('include_path'))) {
define('APP_PATH',null);
define('CORE_PATH',null);
}
else {
define('APP_PATH',ROOT .DS .APP_DIR .DS);
define('CORE_PATH',CAKE_CORE_INCLUDE_PATH .DS);
}
}
if (!include(CORE_PATH .'cake'.DS .'bootstrap.php')) {
trigger_error("CakePHP core could not be found. Check the value of CAKE_CORE_INCLUDE_PATH in APP/webroot/index.php. It should point to the directory containing your ".DS ."cake core directory and your ".DS ."vendors root directory.",E_USER_ERROR);
}
if (isset($_GET['url']) &&$_GET['url'] === 'favicon.ico') {
return;
}
else {
$IIIIIIIlIlIl = new Dispatcher();
$IIIIIIIlIlIl->dispatch($url);
}
if (Configure::read() >0) {
echo "<!-- ".round(getMicrotime() -$IIIIIIIlIlI1,4) ."s -->";
}
?> |
|
|
|
|
|
|
|
|
|
| Posted: Sun Apr 11, 2010 2:16 pm |
|
|
| larsm |
| Beginner |
|
|
| Joined: Apr 11, 2010 |
| Posts: 4 |
|
|
|
|
|
|
|
Yes it is:p But ty very much!
One more question: how do you do it? Because I have 4 other encoded pages which are encoded in the same way... |
|
|
|
|
| Posted: Sun Apr 11, 2010 2:39 pm |
|
|
| Cyko |
| Moderator |
|
|
| Joined: Jul 21, 2009 |
| Posts: 375 |
|
|
|
|
|
|
|
| larsm wrote: | Yes it is:p But ty very much!
One more question: how do you do it? Because I have 4 other encoded pages which are encoded in the same way... |
If its the swoopo/telebid script I think I've already decoded the whole script.
I'll look through my files see if I still have it. |
|
|
|
|
| Posted: Sun Apr 11, 2010 2:42 pm |
|
|
| larsm |
| Beginner |
|
|
| Joined: Apr 11, 2010 |
| Posts: 4 |
|
|
|
|
|
|
|
K thanks!
If you have time left, can you please tell me how you have done it?
I'm curious, because I have tried myself. |
|
|
|
|
| Posted: Sun Apr 11, 2010 3:37 pm |
|
|
| Cyko |
| Moderator |
|
|
| Joined: Jul 21, 2009 |
| Posts: 375 |
|
|
|
|
|
|
|
| larsm wrote: | K thanks!
If you have time left, can you please tell me how you have done it?
I'm curious, because I have tried myself. |
PHP Knowledge, $OOO0000O0 = base64_decode, decode that base64 string and it will give you what you need to decode the file.
But to save time, I use my decoder. |
|
|
|
|
| Posted: Sun Apr 11, 2010 3:40 pm |
|
|
| larsm |
| Beginner |
|
|
| Joined: Apr 11, 2010 |
| Posts: 4 |
|
|
|
|
|
|
|
| I was so far, but there was one point (with the str_replace) when I got useless outputs. Can I have your decoder please? Is it a php script? |
|
|
|
|
www.waraxe.us Forum Index -> PHP script decode requests
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
