|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 119
Members: 0
Total: 119
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Please help decode |
|
Posted: Fri Dec 03, 2010 10:37 pm |
|
|
DanqeR |
Beginner |
|
|
Joined: Dec 04, 2010 |
Posts: 3 |
|
|
|
|
|
|
|
Hello... please help me to decode this.
Code: | <?php
$OOO0O0O00=__FILE__;$O00O00O00=__LINE__;$OO00O0000=1128;eval((base64_decode('JE8wMDBPME8wMD1mb3BlbigkT09PME8wTzAwLCdyYicpO3doaWxlKC0tJE8wME8wME8wMClmZ2V0cygkTzAwME8wTzAwLDEwMjQpO2ZnZXRzKCRPMDAwTzBPMDAsNDA5Nik7JE9PMDBPMDBPMD0oYmFzZTY0X2RlY29kZShzdHJ0cihmcmVhZCgkTzAwME8wTzAwLDM3MiksJ0VudGVyeW91d2toUkhZS05XT1VUQWFCYkNjRGRGZkdnSWlKakxsTW1QcFFxU3NWdlh4WnowMTIzNDU2Nzg5Ky89JywnQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVphYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ejAxMjM0NTY3ODkrLycpKSk7ZXZhbCgkT08wME8wME8wKTs=')));return;?>
kr9NHenNHenNHe1lFMamb3klFoxiC2APk19gOLlHOa9gkZXJkZwVkr9NTznNHr8XHt4JkZwShokiF2A2Yy9LcBYvcoAPF3OZfuwPcmklCBWPkr8XHenNHr8XHtXLT08XHr8XHeEXhUXmOB50cbk5d3a3D2iUUylRTlfNaaOnCAkJW2YrcrcMO2fkDApQToxYdanXAbyTF1c2BuiDGjExHjH0YTC3KeLqRz0mRtfnWLYrOAcuUrlhU0xYTL9WAakTayaBa1icBMyJC2OlcMfPDBpqdo1Vd3nxFmY0fbc3Gul6HerZHzW1YjF4KUSvkZLphUL7cMYSd3YlhtONHeEXTznNHeEpK2a2CBXPkr9NHenNHenNHtL7cBYPdZEmNt9LDbC+eWPkNtrsRUnydMWIW29VfoaVftEsRT4YtJEIwtE8DB1mwuYZCz0JkzSICMxvc2lVcM8Pk3Y0GBxlF2ilcbOgcolZcBY0d3k5kZLIK2ajDo8IkZ9pdBymcbHvC29VfoaVft1Jd3O0d20Vc2lMwJniduW9wMYvdmOldmWIfo9XwJnjdoyzFz0JC29VfoaVft13FMyXwJEvNI0htW0htTXiRU0IOM9vfoaZwyfpcoflfuHIRU0+eWPkNoOpfJnpce0JcM9vfoaZb3fpcoflfuHJNI0htWL8wU0swrcvd3OlFJnbDBOmcbWIA3OiFmWsRT4YtILkkzSIDBCIhtEicmaVC3Opd25gcbipF3OzhtfLGB5idBljb3YpcoaJCbwmhUn8gtEiculVCB1pC19zDBOlCMyZhtfod290cbwmhUEpwePIK2ajDo8IkZEYtILkkzSIcB5LDBC7weslC2ivwtFktW0htTXvcol2NI0htTXiRU0IOM9vfoaZwyfpcoflfuHIOo9VcUEsRT4YtIL8col2wolLNUkMd290cbwJNI0htWL8Ftnpce0JC29XGbkpc2i0wj4mKZngcUImAo93cbklctnJGUEmRtfWd2xpF2ilctFpKZE7cBYPdZEmNorIDuklcj0JDuO0FePvR3f3fZ5MFMalRbnZcB1pfB0sf29ZcunZcbYzRbOPcB1lFZ5jd20Jwuklde0Jco9Md2xSd3FJNLcZcBAIAukldBl1dUnbd3kLFuklF3HIaoildBazNt9iNJn8wtF7wy9lhtfrcbYpc25lctnJGUEmRtfWd2xpF2ilctFpKZE7cBYPdZEmNorIDuklcj0JDuO0FePvR3f3fZ5sCBfldmOvDo9zfolVc3PVC29sRZw+dBymcB50dZn3cBkPd3Y0Nt9iNjXvFe4YtIL8R2Opfj4YtjXvcol2NI0hNtrsRUnbFMyXwraVctEsRT4YtI0heWPmKZnpdMYSfBOlhyOyTanHWaOyAryAUtEVwtFvDB5jduaLcbHvF2YZDbn0FZ5XDuEmhTSIK2ajDo8IkX0hkzSIf3ngcM9vfoaZhtL7weslC2ivwtFkeWP8R2kvcuL+eWP8R2i0dBX+kzS= |
I've decoded to this... but i don't know how to do it next. Please help me. Thanks
Code: | $O000O0O00=fopen($OOO0O0O00,'rb');while(--$O00O00O00)fgets($O000O0O00,1024);fgets($O000O0O00,4096);$OO00O00O0=(base64_decode(strtr(fread($O000O0O00,372),'EnteryouwkhRHYKNWOUTAaBbCcDdFfGgIiJjLlMmPpQqSsVvXxZz0123456789+/=','ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/')));eval($OO00O00O0); |
|
|
|
|
|
|
|
|
|
Posted: Sat Dec 04, 2010 1:52 am |
|
|
tsabitah |
Valuable expert |
|
|
Joined: Jul 07, 2010 |
Posts: 328 |
Location: surabaya |
|
|
|
|
|
|
run this code in the webserver
Code: | <?php
/**
* Returns the portion of string specified by the start and length parameters.
* If the start parameter indicates the position of a negative truncation or beyond, false is returned. Prior to this version, an empty string was returned.
* echo substr('abcdef', 1); // bcdef
*/
$O000O0O00='kr9NHenNHenNHe1lFMamb3klFoxiC2APk19gOLlHOa9gkZXJkZwVkr9NTznNHr8XHt4JkZwShokiF2A2Yy9LcBYvcoAPF3OZfuwPcmklCBWPkr8XHenNHr8XHtXLT08XHr8XHeEXhUXmOB50cbk5d3a3D2iUUylRTlfNaaOnCAkJW2YrcrcMO2fkDApQToxYdanXAbyTF1c2BuiDGjExHjH0YTC3KeLqRz0mRtfnWLYrOAcuUrlhU0xYTL9WAakTayaBa1icBMyJC2OlcMfPDBpqdo1Vd3nxFmY0fbc3Gul6HerZHzW1YjF4KUSvkZLphUL7cMYSd3YlhtONHeEXTznNHeEpK2a2CBXPkr9NHenNHenNHtL7cBYPdZEmNt9LDbC+eWPkNtrsRUnydMWIW29VfoaVftEsRT4YtJEIwtE8DB1mwuYZCz0JkzSICMxvc2lVcM8Pk3Y0GBxlF2ilcbOgcolZcBY0d3k5kZLIK2ajDo8IkZ9pdBymcbHvC29VfoaVft1Jd3O0d20Vc2lMwJniduW9wMYvdmOldmWIfo9XwJnjdoyzFz0JC29VfoaVft13FMyXwJEvNI0htW0htTXiRU0IOM9vfoaZwyfpcoflfuHIRU0+eWPkNoOpfJnpce0JcM9vfoaZb3fpcoflfuHJNI0htWL8wU0swrcvd3OlFJnbDBOmcbWIA3OiFmWsRT4YtILkkzSIDBCIhtEicmaVC3Opd25gcbipF3OzhtfLGB5idBljb3YpcoaJCbwmhUn8gtEiculVCB1pC19zDBOlCMyZhtfod290cbwmhUEpwePIK2ajDo8IkZEYtILkkzSIcB5LDBC7weslC2ivwtFktW0htTXvcol2NI0htTXiRU0IOM9vfoaZwyfpcoflfuHIOo9VcUEsRT4YtIL8col2wolLNUkMd290cbwJNI0htWL8Ftnpce0JC29XGbkpc2i0wj4mKZngcUImAo93cbklctnJGUEmRtfWd2xpF2ilctFpKZE7cBYPdZEmNorIDuklcj0JDuO0FePvR3f3fZ5MFMalRbnZcB1pfB0sf29ZcunZcbYzRbOPcB1lFZ5jd20Jwuklde0Jco9Md2xSd3FJNLcZcBAIAukldBl1dUnbd3kLFuklF3HIaoildBazNt9iNJn8wtF7wy9lhtfrcbYpc25lctnJGUEmRtfWd2xpF2ilctFpKZE7cBYPdZEmNorIDuklcj0JDuO0FePvR3f3fZ5sCBfldmOvDo9zfolVc3PVC29sRZw+dBymcB50dZn3cBkPd3Y0Nt9iNjXvFe4YtIL8R2Opfj4YtjXvcol2NI0hNtrsRUnbFMyXwraVctEsRT4YtI0heWPmKZnpdMYSfBOlhyOyTanHWaOyAryAUtEVwtFvDB5jduaLcbHvF2YZDbn0FZ5XDuEmhTSIK2ajDo8IkX0hkzSIf3ngcM9vfoaZhtL7weslC2ivwtFkeWP8R2kvcuL+eWP8R2i0dBX+kzS=';
$a=substr($O000O0O00, 372);
/**
* then follow your code above
*/
$OO00O00O0=highlight_string(base64_decode(strtr($a,'EnteryouwkhRHYKNWOUTAaBbCcDdFfGgIiJjLlMmPpQqSsVvXxZz0123456789+/=','ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/')));
?> |
|
|
|
|
|
|
|
|
|
Posted: Sat Dec 04, 2010 1:48 pm |
|
|
DanqeR |
Beginner |
|
|
Joined: Dec 04, 2010 |
Posts: 3 |
|
|
|
|
|
|
|
Thank you very much |
|
|
|
|
|
|
|
|
Posted: Sat Dec 04, 2010 10:16 pm |
|
|
DanqeR |
Beginner |
|
|
Joined: Dec 04, 2010 |
Posts: 3 |
|
|
|
|
|
|
|
Again thanks for helping... but i don't think is decoded very well... please check a little bit.
Code: | echo '</div>
<!-- End Content -->
<img src="'; bloginfo('stylesheet_directory') ;echo '/images/content-bottom.gif" alt="content top" class="content-wrap" />
<!-- Footer Widgets -->
<div id="footer_widgets">
<!-- Footer Widget Start-->
'; if ( !function_exists('dynamic_sidebar') || !dynamic_sidebar('Footer') ) : ;echo '
'; endif; ;echo '
</div>
<!-- Footer Widgets Done -->
<div id="footer">
<p id="copyright">'; _e('Powered by ','Polished'); ;echo '<a href="http://www.free-premium-wordpress-themes.com" rel="dofollow">Free Premium Wordpress Themes</a> | '; _e('Designed by ','Polished'); ;echo '<a href="http://www.magentohostingz.com/">magento webhost</a></p>
</div>
</div>
<!-- Wrap End -->
'; include(TEMPLATEPATH . '/includes/scripts.php'); ;echo '
'; wp_footer(); ;echo '
</body>
</html>'; |
|
|
|
|
|
|
|
|
|
Posted: Sun Dec 05, 2010 1:13 am |
|
|
tsabitah |
Valuable expert |
|
|
Joined: Jul 07, 2010 |
Posts: 328 |
Location: surabaya |
|
|
|
|
|
|
In some types of PHPLockit (like in this case), PHPLockit shuffles and scrambles the variable names, function names and string text
you should fix the php tags
Such examples
Replace ;echo ' with ?>
Code: | <img src="<?php bloginfo('stylesheet_directory') ?>/images/content-bottom.gif" alt="content top" class="content-wrap" /> |
|
|
|
|
|
www.waraxe.us Forum Index -> PHP script decode requests
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|