 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
phplockitv2 decode??? |
 |
 Posted: Thu Oct 14, 2010 7:20 pm |
 |
|
| klih |
| Regular user |
 |
|
| Joined: Oct 12, 2010 |
| Posts: 11 |
|
|
|
 |
|
 |
|
|
|
|
|
|
|
|
|
| Posted: Fri Oct 15, 2010 12:14 am |
|
|
| tsabitah |
| Valuable expert |
 |
|
| Joined: Jul 07, 2010 |
| Posts: 328 |
| Location: surabaya |
|
|
|
|
|
|
d.php
| Code: | <?php
require_once('../../../wp-load.php');
require_once('../../../wp-config.php');
require_once('functions.class.php');
$file = $_GET[file];
function xkdl_determine_action($att_option, $default_msg = '')
{
global $helper;
if ($att_option) {
if ($helper->isURL($att_option)) {
header('Location: ' . $att_option);
exit();
} else {
exit($att_option);
}
} else
exit($default_msg);
}
if (!empty($file)) {
global $current_user;
get_currentuserinfo();
$helper = new xkdl_funcs();
$file_data = $helper->url_decrypt($file);
$file_args = unserialize($file_data);
$xkdl_reqlogin = isset($file_args[reqlogin]) ? $file_args[reqlogin] : get_option('xkdl_reqlogin');
$xkdl_refcheck = isset($file_args[checkref]) ? $file_args[checkref] : get_option('xkdl_refcheck');
$xkdl_reqlogin_invalid = isset($file_args[reqlogin_invalid]) ? $file_args[reqlogin_invalid] : get_option('xkdl_reqlogin_invalid');
$xkdl_refcheck_invalid = isset($file_args[refcheck_invalid]) ? $file_args[refcheck_invalid] : get_option('xkdl_refcheck_invalid');
$xkdl_link_expired = isset($file_args[link_expired]) ? $file_args[link_expired] : get_option('xkdl_link_expired');
if (!$current_user->ID && $xkdl_reqlogin) {
xkdl_determine_action($xkdl_reqlogin_invalid, 'You must be logged in to download this file.');
}
if ($xkdl_refcheck == 'flash') {
header('Location: ' . $file_args['url']);
exit;
}
if ($xkdl_refcheck && !$helper->verifyReferer()) {
xkdl_determine_action($xkdl_refcheck_invalid, 'You do not have permission to access this file.');
}
$actual = $file_args['url'];
if (strpos($actual, 'http://s3.amazonaws.com') !== false) {
if (!$helper->checkS3LinkActive($actual)) {
exit('Invalid Link');
}
} elseif (isset($file_args[expires])) {
if (time() > $file_args[expires])
xkdl_determine_action($xkdl_link_expired, 'Link has expired.');
}
$helper->sendBrowserFile($actual);
}
?> |
|
|
|
|
|
|
|
|
|
| Posted: Fri Oct 15, 2010 12:15 am |
|
|
| tsabitah |
| Valuable expert |
|
|
| Joined: Jul 07, 2010 |
| Posts: 328 |
| Location: surabaya |
|
|
|
|
|
|
f.php
| Code: | <?php
class xkdl_funcs
{
function xkdl_funcs()
{
return false;
}
function showPre($arr)
{
echo '<pre>';
print_r($arr);
echo '</pre>';
}
function toBase64($str)
{
return base64_encode($str);
}
function fromBase64($str)
{
$str = ($this->lastChar($str) == '=') ? substr($str, 0, -1) : $str;
return base64_decode($str);
}
function lastChar($str)
{
return substr($str, -1);
}
function isURL($str)
{
return(strpos($str, '://') !== false);
}
function url_encrypt($url)
{
$url = trim($url);
$url = $this->encrypt_decrypt($url);
$url = htmlentities(urlencode($url));
$url = urlencode($this->toBase64($url));
return $url;
}
function url_decrypt($url)
{
$url = urldecode($url);
$url = $this->fromBase64($url);
$url = urldecode($url);
$url = $this->encrypt_decrypt($url);
return $url;
}
function encrypt_decrypt($Str_Message)
{
$Len_Str_Message = strlen($Str_Message);
$Str_Encrypted_Message = '';
for ($Position = 0; $Position < $Len_Str_Message; $Position++) {
$Key_To_Use = (($Len_Str_Message + $Position) + 1);
$Key_To_Use = (255 + $Key_To_Use) % 255;
$Byte_To_Be_Encrypted = substr($Str_Message, $Position, 1);
$Ascii_Num_Byte_To_Encrypt = ord($Byte_To_Be_Encrypted);
$Xored_Byte = $Ascii_Num_Byte_To_Encrypt ^ $Key_To_Use;
$Encrypted_Byte = chr($Xored_Byte);
$Str_Encrypted_Message .= $Encrypted_Byte;
}
return $Str_Encrypted_Message;
}
function relativize($url, $dots)
{
if (strpos($url, 'http') === 0)
return $url;
if (strpos($url, '/') === 0) {
$docroot = explode('/', $_SERVER['DOCUMENT_ROOT']);
$drstart = '/' . $docroot[1] . '/' . $docroot[2] . '/';
if (strpos($url, $drstart) === false)
$returl = 'http://' . $_SERVER['HTTP_HOST'] . $url;
else
$returl = $url;
} else {
$returl = $dots . $url;
}
return $returl;
}
function getRemoteFileSize($url)
{
$parsed = parse_url($url);
$host = $parsed['host'];
$fp = @fsockopen($host, 80, $errno, $errstr, 20);
if (!$fp)
return false;
else {
@fputs($fp, "HEAD $url HTTP/1.1\r\n");
@fputs($fp, "HOST: $host\r\n");
@fputs($fp, "Connection: close\r\n\r\n");
$headers = '';
while (!@feof($fp))
$headers .= @fgets($fp, 128);
}
@fclose($fp);
$ret = false;
$arr_headers = explode('\n', $headers);
foreach ($arr_headers as $header) {
$s = 'Content-Length: ';
if (substr(strtolower($header), 0, strlen($s)) == strtolower($s)) {
$ret = trim(substr($header, strlen($s)));
break;
} else {
preg_match('|Content-Length: ([0-9]+)|is', $header, $matches);
$ret = $matches[1];
}
}
return $ret;
}
function sendBrowserFile($download, $fnToUse = false)
{
$file = $download;
$fileparts = explode('/', $download);
$filename = $fileparts[count($fileparts) - 1];
$pURL = parse_url($filename);
$baseFilename = $pURL['path'];
$overrideMIMEType = true;
if (!function_exists('mime_content_type') || $overrideMIMEType) {
function mime_content_type_ii($filename)
{
$idx = strtolower(end(explode('.', $filename)));
$mimetype = array('htm' => 'text/html', 'html' => 'text/html', 'shtml' => 'text/html', 'php' => 'text/html', 'asp' => 'text/html', 'aspx' => 'text/html', 'ai' => 'application/postscript', 'aif' => 'audio/x-aiff', 'aifc' => 'audio/x-aiff', 'mp3' => 'application/iTunes', 'mp3orig' => 'audio/mpeg', 'wav' => 'audio/x-wav', 'swf' => 'application/x-shockwave-flash', 'xyz' => 'chemical/x-xyz', 'zip' => 'application/zip', 'pdf' => 'application/pdf', 'doc' => 'application/msword', 'xls' => 'application/vnd.ms-excel', 'ppt' => 'application/vnd.ms-powerpoint', 'exe' => 'application/octet-stream', 'gif' => 'image/gif', 'png' => 'image/png', 'jpg' => 'image/jpeg', 'jpeg' => 'image/jpeg', 'flv' => 'video/x-flv', 'mpeg' => 'video/mpeg', 'mpg' => 'video/mpeg', 'mpe' => 'video/mpeg', 'mov' => 'video/quicktime', 'avi' => 'video/x-msvideo');
if (isset($mimetype[$idx]))
return $mimetype[$idx];
else
return 'application/octet-stream';
}
}
$fileExists = @fopen($file, 'rb');
if (!$fileExists && $this->isURL($file)) {
$file = str_replace('%20', ' ', $file);
$filename = str_replace('%20', ' ', $filename);
$pURL = parse_url($file);
$file = $_SERVER[DOCUMENT_ROOT] . $pURL[path];
$fileExists = @fopen($file, 'rb');
if (!$fileExists)
exit('File does not exist');
}
$pURL = parse_url($filename);
$baseFilename = $pURL['path'];
$baseFilename = ($fnToUse !== false) ? $fnToUse : $baseFilename;
$Filefilesize = $this->isURL($file) ? $this->getRemoteFileSize($file) : @filesize($file);
$filename = $file;
header("Content-Disposition: attachment; filename=$baseFilename;");
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Content-Description: File Transfer');
header('Content-Type: ' . mime_content_type_ii($baseFilename));
header('Expires: 0');
header('Pragma: public');
header('Content-Transfer-Encoding: binary');
header("Content-Length: $Filefilesize");
$file = @fopen($filename, 'rb');
if ($file) {
while (!feof($file)) {
print(fread($file, 1024 * 8));
flush();
if (connection_status() != 0) {
@fclose($file);
die();
}
}
@fclose($file);
}
}
function getAuthUrl($bucket, $path, $lifespan, $secretKey, $accessKey)
{
$badurl = true;
$count = 0;
while ($badurl && $count < 60) {
$expires = time() + $lifespan * 60 + $count++;
$string_to_sign = "GET\n\n\n" . $expires . "\n/" . $bucket . '/' . $path;
$string_to_sign_utf8_encode = utf8_encode($string_to_sign);
$signature_pre = base64_encode(hash_hmac('sha1', $string_to_sign_utf8_encode, $secretKey, true));
$signature = urlencode($signature_pre);
$badurl = (strpos($signature, '%2B') !== false || strpos($signature, '%2F') !== false);
}
$authParamsPrefix = (strpos($path, '?') !== false) ? '&' : '?';
$authParams = $authParamsPrefix . 'AWSAccessKeyId=' . $accessKey;
$authParams .= '&Expires=' . $expires;
$authParams .= '&Signature=' . $signature;
return 'http://s3.amazonaws.com/' . $bucket . '/' . $path . $authParams;
}
function verifyReferer()
{
if ($_SERVER['HTTP_REFERER'] == '') {
$refererDomain = '';
} else {
$domainReferer = parse_url($_SERVER['HTTP_REFERER']);
$refererDomain = $domainReferer['host'];
}
$validRefererHosts = array($refererDomain, str_replace('www.', '', $refererDomain));
$currentDomain = $_SERVER['HTTP_HOST'];
$sameDomainReferer = ($refererDomain != '' && in_array($currentDomain, $validRefererHosts));
return $sameDomainReferer;
}
function checkS3LinkActive($awsURL)
{
$httpAccess = $this->fetchAndGet($awsURL, 2);
$badAccessStr = 'AccessDenied';
$validAccess = (strpos($httpAccess, $badAccessStr) === false && ($httpAccess !== false));
return $validAccess;
}
function fetchAndGet($url, $qty = 0)
{
$tmon = @fopen($url, 'rb');
$i = 0;
if ($tmon) {
while (!feof($tmon) && $i <= $qty) {
$readfile = $readfile . fread($tmon, 1024);
$i++;
$qty = ($qty == 0) ? $i + 10 : $qty;
}
fclose($tmon);
} else
$readfile = false;
return $readfile;
}
}
?> |
|
|
|
|
|
|
|
|
|
| Posted: Fri Oct 15, 2010 12:17 am |
|
|
| tsabitah |
| Valuable expert |
|
|
| Joined: Jul 07, 2010 |
| Posts: 328 |
| Location: surabaya |
|
|
|
|
|
|
s.php
| Code: | <?php
class xkSecureDL
{
var $xkToken = 'secdl';
var $helper;
function xkSecureDL()
{
$this->helper = new xkdl_funcs();
add_option('xkdl_awslifespan', 10);
add_option('xkdl_reqlogin', true);
add_option('xkdl_refcheck', true);
}
function admin()
{
if (function_exists('add_options_page'))
add_options_page('Secure DL', 'Secure DL', 'manage_options', 'SecureDL/SecureDL.php', 'xkdl_admin');
}
function code_pre($a)
{
echo '<pre>';
print_r($a);
echo '</pre>';
}
function sani_shortcode_callback($content)
{
$true_content = $content[0];
$true_content = eregi_replace('\<br?[ ]?\/\>', ' ', $true_content);
$true_content = str_replace(array('<br />', '<br/>', '<br>'), array(" \n", " \n", " \n"), $true_content);
$true_content = str_replace(array("\r"), ' ', $true_content);
return $true_content;
}
function sani_shortcode($content)
{
preg_match_all('|\[secdl(.*?)\]|is', $content, $matches);
$token_shortcode = 'secdl';
$fixed_content = preg_replace_callback('|(\[' . $token_shortcode . '.*?\/?\])|is', array(&$this, 'sani_shortcode_callback'), $content);
$content = $fixed_content;
return $content;
}
function secure_shortcode($attr_array, $content = null)
{
$bucket = get_option('xkdl_awsbucket');
$hide = false;
foreach ($attr_array as $key => $value) {
switch ($key) {
case 'file':
case 'href':
$url = $value;
break;
case 'bucket':
$type = 'S3';
$bucket = $value;
break;
case 'path':
$type = 'S3';
$path = $value;
break;
case 'life':
$lifespan = $value;
break;
case 'hide':
$hide = (bool)$value;
break;
case 'checkref':
$checkref = $value;
break;
case 'reqlogin':
$reqlogin = $value;
break;
case 'method':
$method = $value;
break;
}
}
if ($type == 'S3') {
$secretKey = get_option('xkdl_awssecretkey');
$accessKey = get_option('xkdl_awskey');
$lifespan = isset($lifespan) ? $lifespan : get_option('xkdl_awslifespan', 10);
$url = $this->helper->getAuthUrl($bucket, $path, $lifespan, $secretKey, $accessKey);
} else
$hide = true;
if ($hide) {
$dlbase = get_option('siteurl') . '/wp-content/plugins/SecureDL/download.php';
$purl = parse_url($_SERVER[SCRIPT_URI]);
$baseUrl = $purl[scheme] . '://' . $purl[host];
$wkgdir = $baseUrl . str_replace('//', '/', dirname($purl[path] . 'a')) . '/';
$url = $this->helper->relativize($url, $wkgdir);
$hide_args = array('url' => $url);
if (isset($checkref))
$hide_args[checkref] = $checkref;
if (isset($reqlogin))
$hide_args[reqlogin] = $reqlogin;
if (isset($lifespan) && $type != 'S3')
$hide_args[expires] = time() + $lifespan * 60;
foreach (array('link_expired', 'reqlogin_invalid', 'refcheck_invalid') as $attr_isset)
if (isset($attr_array[$attr_isset]))
$hide_args[$attr_isset] = $attr_array[$attr_isset];
$hide_data = serialize($hide_args);
$dlfile = $this->helper->url_encrypt($hide_data);
$url = "$dlbase?file=$dlfile";
}
if ($method == 'player') {
$purl = parse_url($url);
$nurl = $purl[scheme] . '://' . $purl[host] . $purl[path];
$endExt = end(explode('.', $nurl));
$addType = (strpos($url, '?') !== false) && strcasecmp($endExt, 'php');
$typeExt = ($addType) ? '&type=' . $endExt : '';
$ampRepl = '%26';
$srchArr = array('?', '&', '=');
$replArr = array('%3F', $ampRepl, '%3D');
$urlprep = str_replace($srchArr, $replArr, $url);
$url = $urlprep . $typeExt;
}
return $url;
}
function relativize($url)
{
if (strpos($url, '/') === 0) {
$docroot = $_SERVER['DOCUMENT_ROOT'];
$drparts = explode('/', $docroot);
$drstart = '/' . $drparts[0] . '/' . $drparts[1];
if (strpos($url, $drstart) === false)
$returl = 'http://' . $_SERVER['HTTP_HOST'] . $url;
else
$returl = $url;
} else {
$returl = '../../../' . $url;
}
return $returl;
}
}
function xkdl_admin()
{
if (isset($_POST['update'])) {
update_option('xkdl_awskey', trim($_POST['awskey']));
update_option('xkdl_awssecretkey', trim($_POST['awssecretkey']));
update_option('xkdl_awsbucket', trim($_POST['awsbucket']));
update_option('xkdl_awslifespan', trim($_POST['awslifespan']));
update_option('xkdl_reqlogin', isset($_POST['reqlogin']));
update_option('xkdl_refcheck', isset($_POST['refcheck']));
update_option('xkdl_reqlogin_invalid', trim($_POST['reqlogin_invalid']));
update_option('xkdl_refcheck_invalid', trim($_POST['refcheck_invalid']));
update_option('xkdl_link_expired', trim($_POST['link_expired']));
} elseif (isset($_POST['reg'])) {
$reg_updated = 1;
update_option('xkdl_activated', $_POST['reg']);
}
$formurl = get_option('siteurl') . '/wp-admin/admin.php?page=SecureDL/SecureDL.php';
$activated = get_option('xkdl_activated');
$ch = curl_init('http://rap-extras.com/extrakick/securedl/register.php');
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$args = array('domain' => $_SERVER['SERVER_NAME'], 'product' => 'SECURE_DL');
if ($reg_updated)
$args['pp'] = $activated;
curl_setopt($ch, CURLOPT_POSTFIELDS, $args);
$resp = curl_exec($ch);
curl_close($ch);
if ($resp == 'OK' && !empty($activated)) {
$xkdl_awssecretkey = get_option('xkdl_awssecretkey');
$xkdl_awskey = get_option('xkdl_awskey');
$xkdl_awsbucket = get_option('xkdl_awsbucket');
$xkdl_awslifespan = get_option('xkdl_awslifespan');
$xkdl_reqlogin = get_option('xkdl_reqlogin');
$xkdl_refcheck = get_option('xkdl_refcheck');
$xkdl_reqlogin_invalid = get_option('xkdl_reqlogin_invalid');
$xkdl_refcheck_invalid = get_option('xkdl_refcheck_invalid');
$xkdl_link_expired = get_option('xkdl_link_expired');
$xkdl_reqlogin_checked = $xkdl_reqlogin ? "checked='true'" : '';
$xkdl_refcheck_checked = $xkdl_refcheck ? "checked='true'" : '';
echo " <div class='wrap'>
<h2>Secure DL Configuration</h2>";
if (isset($_POST['reg']))
echo " <div id=\"message\" class=\"updated fade\"><p><strong>Thank you for registering!</strong></p></div>";
echo " <FORM method='post' action='$formurl&updated=true'>
<table>
<tr><td colspan=3><h3> Amazon S3 Settings</h3></td></tr>
<tr><td>Secret Key</td><td colspan=2><input type=\"text\" size=\"60\"name=\"awssecretkey\" value=\"$xkdl_awssecretkey\"></td></tr>
<tr><td>Access Key</td><td colspan=2><input type=\"text\" size=\"60\"name=\"awskey\" value=\"$xkdl_awskey\"></td></tr>
<tr><td>Bucket</td><td colspan=2><input type=\"text\" size=\"60\"name=\"awsbucket\" value=\"$xkdl_awsbucket\"></td></tr>
<tr><td>Auth Lifespan</td><td><input type=\"text\" size=\"10\" name=\"awslifespan\" value=\"$xkdl_awslifespan\"></td><td align=left>minutes</td></tr>
<tr><td> ;;</td></tr>
<tr><td colspan=3><h3> General Site Settings</h3></td></tr>
<tr><td colspan=3 align=left><input type=checkbox name=\"reqlogin\" $xkdl_reqlogin_checked> Require Login</td></tr>
<tr><td colspan=3 align=left><input type=checkbox name=\"refcheck\" $xkdl_refcheck_checked> Check Referrer</td></tr>
<tr><td> ;;</td></tr>
<tr><td colspan=3><h3> Extra SecureDL Messages/Actions upon Invalidation</h3></td></tr>
<tr><td>Invalid Login:</td><td colspan=2><input type=\"text\" size=\"60\"name=\"reqlogin_invalid\" value=\"$xkdl_reqlogin_invalid\"></td></tr>
<tr><td>Invalid Referrer:</td><td colspan=2><input type=\"text\" size=\"60\"name=\"refcheck_invalid\" value=\"$xkdl_refcheck_invalid\"></td></tr>
<tr><td>Expired Link:</td><td colspan=2><input type=\"text\" size=\"60\"name=\"link_expired\" value=\"$xkdl_link_expired\"></td></tr>
<tr><td> ;;</td></tr>
</table>
<p><INPUT NAME=\"update\" TYPE=\"submit\" VALUE=\"Save Settings\">
</FORM>";
} else {
echo " <div class='wrap'>
<h2>Secure DL Registration</h2>
<form method='post' action='$formurl'>
<table width='100%' cellspacing='2' cellpadding='5' class='editform'>
<tr valign='center'>
<th scope='row'>PayPal Email:</th>
<td><input name='reg' type='text' id='reg' value='' size='80'/></td>
</tr>
</table>
<p class='submit'>
<input type='submit' name='submit' value='Validate Purchase'/>
</form>
</div>";
}
}
function xkdl_settings_link($links)
{
$settings_link = '<a href="options-general.php?page=SecureDL/SecureDL.php">' . __('Settings') . '</a>';
array_unshift($links, $settings_link);
return $links;
}
if (!isset($xkdl))
$xkdl = new xkSecureDL();
add_action('admin_menu', array(&$xkdl, 'admin'));
add_shortcode('secdl', array(&$xkdl, 'secure_shortcode'));
add_filter('the_content', array(&$xkdl, 'sani_shortcode'));
add_filter('the_excerpt', array(&$xkdl, 'sani_shortcode'), 9);
add_filter('the_excerpt', 'do_shortcode');
add_filter('widget_text', array(&$xkdl, 'sani_shortcode'), 9);
add_filter('widget_text', 'do_shortcode');
add_filter('plugin_action_links_' . 'SecureDL/SecureDL.php', 'xkdl_settings_link');
?> |
|
|
|
|
|
|
|
|
|
| Posted: Fri Oct 15, 2010 12:58 pm |
|
|
| klih |
| Regular user |
|
|
| Joined: Oct 12, 2010 |
| Posts: 11 |
|
|
|
|
|
|
|
amazing.
thanks very much. |
|
|
|
|
www.waraxe.us Forum Index -> PHP script decode requests
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 89
Members: 0
Total: 89
