Waraxe IT Security Portal
Login or Register
December 26, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 44
Members: 0
Total: 44
Full disclosure
CyberDanube Security Research 20241219-0 | Authenticated Remote Code Execution in Ewon Flexy 205
Stored XSS with Filter Bypass - blogenginev3.3.8
[SYSS-2024-085]: Broadcom CA Client Automation - Improper Privilege Management (CWE-269)
[KIS-2024-07] GFI Kerio Control <= 9.4.5 Multiple HTTP Response Splitting Vulnerabilities
RansomLordNG - anti-ransomware exploit tool
APPLE-SA-12-11-2024-9 Safari 18.2
APPLE-SA-12-11-2024-8 visionOS 2.2
APPLE-SA-12-11-2024-7 tvOS 18.2
APPLE-SA-12-11-2024-6 watchOS 11.2
APPLE-SA-12-11-2024-5 macOS Ventura 13.7.2
APPLE-SA-12-11-2024-4 macOS Sonoma 14.7.2
APPLE-SA-12-11-2024-3 macOS Sequoia 15.2
APPLE-SA-12-11-2024-2 iPadOS 17.7.3
APPLE-SA-12-11-2024-1 iOS 18.2 and iPadOS 18.2
SEC Consult SA-20241211-0 :: Reflected Cross-Site Scripting in Numerix License Server Administration System Login
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> PHP script decode requests -> decode request
Post new topicReply to topic View previous topic :: View next topic
decode request
PostPosted: Thu Jul 17, 2008 12:58 pm Reply with quote
ozzy_nutter
Beginner
Beginner
Joined: Jul 17, 2008
Posts: 3




Hi there all,

Hope you can help, I am trying to decode the following code:

Code:

<?php $_F=__FILE__;$_X='P3cwPw19bSoqDX0qWQpneXN1Z3JZXUhyZ1l5VjVZdEhsPGd1UVlybHJRZzxZdDFwS3N1cg19Kg19Km0NfU4xSHJyWXRIbDxndVFZPg19DX1ZWVlZbW1OMXNndVFZZzxIczEsWXJnUVFnNVkvczExWV1nWU5IMTFnW1lzdVlnZnVhVnNOZw19WVlZWWFINVkkTjFzZ3VRX2c8SHMxWWtZJyc7DX0NfVlZWVltbU4xc2d1UVl5czVyUVl1SDxnLFk8SFFOMlk0NCxZcHRbSFFnWU4xc2d1UVl0NVZ5czFnWXN5WXVnZ1tnW24NfVlZWVlhSDVZJE4xc2d1UV95dUg8Z1lrWScnOw19DX1ZWVlZbW1OMXNndVFZPHNbWzFnWXVIPGcNfVlZWVlhSDVZJE4xc2d1UV88dUg8Z1lrWScnOw19DX1ZWVlZbW1OMXNndVFZMUhyUVl1SDxnDX1ZWVlZYUg1WSROMXNndVFfMXVIPGdZa1knJzsNfQ19WVlZWW1tTjFzZ3VRWUhbWzVncnINfVlZWVlhSDVZJE4xc2d1UV9IW1s1Z3JyWWtZJyc7DX0NfVlZWVltbU4xc2d1UVlOc1FsDX1ZWVlZYUg1WSROMXNndVFfTnNRbFlrWScnOw19DX1ZWVlZbW1OMXNndVFZclFIUWcNfVlZWVlhSDVZJE4xc2d1UV9yUUhRZ1lrWScnOw19DX1ZWVlZbW1OMXNndVFZSnN0WU5WW2cNfVlZWVlhSDVZJE4xc2d1UV9Kc3RZa1knJzsNfQ19WVlZWW1tTjFzZ3VRWU5WcHVRNWwNfVlZWVlhSDVZJE4xc2d1UV9OVnB1UTVsWWtZJyc7DX0NfVlZWVltbU4xc2d1UVlRZzFndDJWdWdZTlZwdVE1bFlOVltnbg19WVlZWWFINVkkTjFzZ3VRX1FnMV9OUTVsWWtZJyc7DX0NfVlZWVltbU4xc2d1UVlRZzFndDJWdWdZSDVnSFlOVltnDX1ZWVlZYUg1WSROMXNndVFfUWcxX0g1Z0hZa1knJzsNfQ19WVlZWW1tTjFzZ3VRWVFnMWd0MlZ1Z1l1cDxdZzVuDX1ZWVlZYUg1WSROMXNndVFfUWcxX3VWWWtZJyc7DX0NfVlZWVltbXJncnJzVnVZc1sNfVlZWVlhSDVZJGdzdWFfcmdycnNWdV9zW1lrWScnOw19DX1ZWVlZbSoqDX1ZWVlZKlk0VnVyUTVwTlFWNQ19WVlZWSptDX1ZWVlZeXB1TlFzVnVZdEhsPGd1USgpPg19DX1ZWVlZTA19DX1ZWVlZbSoqDX1ZWVlZKlllZ1tzNWdOUVlRVll0SGw8Z3VRWXJsclFnPFlWNVk8SHhnWVZRMmc1WUhOUXNWdVl5VjVZdEhsPGd1UQ19WVlZWSpZezJzcll5cHVOUXNWdVk1Z1FwNXVyWVEyZ1lve0JjWTFzdXhZUVZZW1ZZdEhsPGd1UXJuDX1ZWVlZKg19WVlZWSpZezJnWXlWMTFWL3N1S1l0SDVIPGd1UWc1clkvczExWV1nWXRIcnJnW1lzdVl5VjVZbFZwWVFWWXByZw19WVlZWSpZc3VZUTJzcll5cHVOUXNWdW4NfVlZWVkqWUB0SDVIPFlzdVFnS2c1WVkkTjFzZ3VRX3NbWVlZWVlZWTQxc2d1UVlmCg19WVlZWSpZQHRINUg8WXN1UWdLZzVZWSRzdWFWc05nX3NbWVlZWVlZZnVhVnNOZ1lmCg19WVlZWSpZQHRINUg8WXN1UWdLZzVZWSR0NXNOZ1lZWVlZWVlZWVlZc3VhVnNOZ1lIPFZwdVENfVlZWVkqWUB0SDVIPFlyUTVzdUtZWVkkMXN1eF9RZ2lRWVlZWVlZWVEyZ1lRZ2lRWVFWWXIyVi9ZUVZZTjFzZ3VRWXlWNVlRMmdZMXN1eFk1Z1FwNXVnW1lRVllNZm4NfVlZWVkqWUB0SDVIPFlyUTVzdUtZWVkkdHROcDU1Z3VObE5WW2dZWTlIbDlIMVlOcDU1Z3VObFlOVltnLFlsVnBZPEhsWTxIdFlRMnNyWVFWWWxWcDVZTnA1NWd1TmxZTlZbZ1lWeVlsVnA1WXRIbDxndVFZdDFwS3N1DX1ZWVlZKllAdEg1SDxZXVZWMWdIdVlZJHByZ19zTlZ1WVlZWVlZWVlmeVlRNXBnLFlIdVlzTlZ1WXM8SEtnWXNyWXByZ1tZeVY1WTFzdXgsWXN1clFnSFtZVnlZMXN1eFlRZ2lRbg19WVlZWSpZQDVnUXA1dVlyUTVzdUtZezJnWTFzdXhZUVZZdEhsPGd1UVlLSFFnL0hsbg19WVlZWSptDX1ZWVlZbW15cHVOUXNWdVlbVl90SGw8Z3VRKCROMXNndVFfc1ssWSRzdWFWc05nX3NbLFkkdDVzTmcsWSQxc3V4X1FnaVEsWSR0dE5wNTVndU5sTlZbZyxZJHByZ19zTlZ1KT4NfVlZWVlZWVlZbW1RMmdZeVYxMVYvc3VLWUsxVl1IMVlhSDVzSF0xZ3JZSDVnWUgxclZZSGFIczFIXTFnWVFWWWxWcG4NfVlZWVlZWVlZbW0kcnNRZzpZZ2Z1YVZzTmdZNXB1dXN1S1k1VlZRWU1lY24NfVlZWVlZWVlZbW0kbFZwNVFzUTFnOllsVnA1WU5WPHRIdWxZdUg8Z24NfVlZWVlZWVlZbW0kdHRdcHJzdWdycjpZbFZwNVl0SGx0SDFZSE5OVnB1UVlnPEhzMVlIW1s1Z3JyDX0NfVlZWVlZWVlZbW1yUWd0WTM6WUtnUVlLMVZdSDFyWXN5WXVnZ1tnW24NfVlZWVlZWVlZbW1LMVZdSDFZJHJzUWcsJGxWcDVRc1ExZywkdHRdcHJzdWdycjsNfQ19WVlZWVlZWVltbXJRZ3RZZDpZPEh0WSR0dE5wNTVndU5sTlZbZ1lRVllsVnA1WXRIbDxndVFZS0hRZy9IbFlOcDU1Z3VObFlOVltnbg19WVlZWVlZWVltbU1YCjpZcHJZW1YxMUg1cixZNDcKOllOSHVIW0hZW1YxMUg1cixZek1lOllncDVWcixZcmdnWTlIbDlIMVkvZ11ZcnNRZ1l5VjVZeXAxMVkxc3JRbg19DX1ZWVlZWVlZWW1tclFndFloOlldcHMxW1l0SGw8Z3VRWUtIUWcvSGxZMXN1eHJZVjVZSE5Rc1Z1WXlWNTxybg19DX1ZWVlZWVlZWW1tclFndFk2Olk1Z1FwNXVZUTJnWTFzdXhZVjVZeVY1PFkvc1EyWTFzdXhfUWdpUVlWNVlzTlZ1bg19WVlZWVlZWVltbVlbZ3lzdWdZUTJnWXNOVnVZdEhRMll5czVyUVlwcmdZMHM8S25uWVFIS1l5VjVZc3lZcHJnX3NOVnVrUTVwZw19DX1ZWVlZbW1MDX0NfVlZWVltKioNfVlZWVkqWVpIMXNbSFFnWWFINXNIXTFncll5NVY8WVEySHV4cll0SEtnDX1ZWVlZKllmeVl0SGw8Z3VRWXJsclFnPFlycF08c1FZc1FZVnUxbFlRVllRMkh1eHJZdEhLZ1lIdVtZS3NhZ1lRMmdZL0hsDX1ZWVlZKllRVllOMmdOeFlzUQ19WVlZWSpZQHRINUg8WUg1NUhsWSRhSDVyWTlIbDxndVEtWGxyUWc8WXJwXTxzUVFnW1lhSDVzSF0xZ3INfVlZWVkqWUA1Z1FwNXVZclE1c3VLWXo8dFFsWXN5WUgxMVlWeFltWXo1NVY1WTxncnJIS2dZc3lZSHVsDX1ZWVlZKm0NfVlZWVl5cHVOUXNWdVlhSDFzW0hRZ19RMkh1eHIoJiRhSDVyKT4NfVlZWVlZWVlZNWdRcDV1WScnOw19WVlZWUwNfQ19WVlZWW0qKg19WVlZWSpZZnlZPkAxc3V4WWFIMXNbSFFnX1EySHV4ckxZNWdRcDV1WVE1cGcsWVEyc3JZeXB1TlFzVnVZTkgxMWdbDX1ZWVlZKllCVnJRWU5WPDxWdVlwckhLZ1l5VjVZUTJzcllzcllOSDExWVtdLXd5c3VzcjJfL0hzUXN1S190SGw8Z3VRDX1ZWVlZKlkvc1EyWU5WNTVnTlFZdEg1SDxnUWc1cllRVllySGFnWXRIbDxndVFZclFIUXByDX1ZWVlZKllAdEg1SDxZSDU1SGxZJGFINXJZOUhsPGd1US1YbHJRZzxZcnBdPHNRUWdbWWFINXNIXTFncg19WVlZWSpZQDVnUXA1dVlyUTVzdUtZejx0UWxZc3lZSDExWVZ4WW1ZejU1VjVZPGdyckhLZ1lzeVlIdWwNfVlZWVkqbQ19WVlZWXlwdU5Rc1Z1WXQ1Vk5ncnJfUTJIdXhyKCYkYUg1cik+DX1ZWVlZWVlZWTVnUXA1dVknJzsNfVlZWVlMDX0NfVlZWVltbVEyZ1l5VjExVi9zdUtZS2dRUWc1clkvczExWV1nWU5IMTFnW1ldbFlnZnVhVnNOZ24NfVlZWVltbXN5WWxWcFl1Z2dbWVZhZzUxVkhbWVEyZ3JnWXlwdU5Rc1Z1cixZdHBRDX1ZWVlZbW1sVnA1WXM8dDFnPGd1UUhRc1Z1WXN1WWxWcDVZVi91WXQxcEtzdW4NfVlZWVl5cHVOUXNWdVlyZ1FfTjFzZ3VRX2c8SHMxKCROZzxIczEpPg19WVlZWVlZWSRRMnNyLXdOMXNndVFfZzxIczFZa1kkTmc8SHMxOw19WVlZWUwNfQ19WVlZWXlwdU5Rc1Z1WXJnUV9OMXNndVFfeXVIPGcoJHl1SDxnKT4NfVlZWVlZWVkkUTJzci13TjFzZ3VRX3l1SDxnWWtZJHl1SDxnOw19WVlZWUwNfQ19WVlZWXlwdU5Rc1Z1WXJnUV9OMXNndVFfPHVIPGcoJDx1SDxnKT4NfVlZWVlZWVkkUTJzci13TjFzZ3VRXzx1SDxnWWtZJDx1SDxnOw19WVlZWUwNfQ19WVlZWXlwdU5Rc1Z1WXJnUV9OMXNndVFfMXVIPGcoJDF1SDxnKT4NfVlZWVlZWVkkUTJzci13TjFzZ3VRXzF1SDxnWWtZJDF1SDxnOw19WVlZWUwNfQ19WVlZWXlwdU5Rc1Z1WXJnUV9OMXNndVFfSFtbNWdycigkTkhbWzVncnIpPg19WVlZWVlZWSRRMnNyLXdOMXNndVFfSFtbNWdycllrWSROSFtbNWdycjsNfVlZWVlMDX0NfVlZWVl5cHVOUXNWdVlyZ1FfTjFzZ3VRX05zUWwoJE5Oc1FsKT4NfVlZWVlZWVkkUTJzci13TjFzZ3VRX05zUWxZa1kkTk5zUWw7DX1ZWVlZTA19DX1ZWVlZeXB1TlFzVnVZcmdRX04xc2d1UV9yUUhRZygkTnJRSFFnKT4NfVlZWVlZWVkkUTJzci13TjFzZ3VRX3JRSFFnWWtZJE5yUUhRZzsNfVlZWVlMDX0NfVlZWVl5cHVOUXNWdVlyZ1FfTjFzZ3VRX0pzdCgkTkpzdCk+DX1ZWVlZWVlZJFEyc3Itd04xc2d1UV9Kc3RZa1kkTkpzdDsNfVlZWVlMDX0NfVlZWVl5cHVOUXNWdVlyZ1FfTjFzZ3VRX05WcHVRNWwoJE5OVnB1UTVsKT4NfVlZWVlZWVkkUTJzci13TjFzZ3VRX05WcHVRNWxZa1kkTk5WcHVRNWw7DX1ZWVlZTA19DX1ZWVlZeXB1TlFzVnVZcmdRX04xc2d1UV9RZzFfTlE1bCgkTlFnMU5RNWwpPg19WVlZWVlZWSRRMnNyLXdOMXNndVFfUWcxX05RNWxZa1kkTlFnMU5RNWw7DX1ZWVlZTA19DX1ZWVlZeXB1TlFzVnVZcmdRX04xc2d1UV9RZzFfSDVnSCgkTlFnMUg1Z0gpPg19WVlZWVlZWSRRMnNyLXdOMXNndVFfUWcxX0g1Z0hZa1kkTlFnMUg1Z0g7DX1ZWVlZTA19DX1ZWVlZeXB1TlFzVnVZcmdRX04xc2d1UV9RZzFfdVYoJE51Vik+DX1ZWVlZWVlZJFEyc3Itd04xc2d1UV9RZzFfdVZZa1kkTnVWOw19WVlZWUwNfQ19WVlZWXlwdU5Rc1Z1WXJnUV9nc3VhX3JncnJzVnVfc1soJGdzdWFfcmdycik+DX1ZWVlZWVlZJFEyc3Itd2dzdWFfcmdycnNWdV9zW1lrWSRnc3VhX3JncnI7DX1ZWVlZTA19TA19DX0/dw==';$_D=strrev('edoced_46esab');eval($_D('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCd1IHkzLzZlfTVqN0NYR3NaSFBwPUpLXW5CV1E8e2tEYnZJUm9ybGRVRjguRW0KTkxBOWk+dGNhd2ZNMlNoMFR4Z3F6MTRWW1lPJywnbk9mMXc0UgpyW0E4UzdpVmFadUp6Z2IuTVF0bVQ9cV01aldIc3kyS0JGWDAvRGN9TlB4e3BMdj5JVWg5MzxZa2VHRWxDb2QgNicpOyRfUj1zdHJfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));?>


I got as far as getting the following:

Code:

$_X=base64_decode($_X);$_X=strtr($_X,'u y3/6e}5j7CXGsZHPp=JK]nBWQ<{kDbvIRorldUF8.Em
NLA9i>tcawfM2Sh0Txgqz14V[YO','nOf1w4R
r[A8S7iVaZuJzgb.MQtmT=q]5jWHsy2KBFX0/Dc}NPx{pLv>IUh93<YkeGElCod 6');$_R=str_replace('__FILE__',"'".$_F."'",$_X);eval($_R);$_R=0;$_X=0;


But can't seem to make any sense of the code thats decrypted using the above?

Any help is grately appreciated!
View user's profile Send private message
PostPosted: Thu Jul 17, 2008 3:03 pm Reply with quote
mge
Valuable expert
Valuable expert
Joined: Jul 16, 2008
Posts: 142




i got this
Code:
?><?
/**
* Defines base for payment system plugins
*
*/
class payment {

//client email, setter will be called in eInvoice
var $client_email = '';

//client first name, match CC, update client profile if needed.
var $client_fname = '';

//client middle name
var $client_mname = '';

//client last name
var $client_lname = '';

//client address
var $client_address = '';

//client city
var $client_city = '';

//client state
var $client_state = '';

//client zip code
var $client_zip = '';

//client country
var $client_country = '';

//client telephone country code.
var $client_tel_ctry = '';

//client telephone area code
var $client_tel_area = '';

//client telephone number.
var $client_tel_no = '';

//session id
var $einv_session_id = '';

/**
* Constructor
*/
function payment(){

}

/**
* Redirect to payment system or make other action for payment
* this function returns the HtmL link to do payments.
*
* the following paramenters will be passed in for you to use
* in this function.
* @param integer $client_id Client ID
* @param integer $invoice_id Invoice ID
* @param integer $price invoice amount
* @param string $link_text the text to show to client for the link returned to UI.
* @param string $ppcurrencycode PayPal currency code, you may map this to your currency code of your payment plugin
* @param boolean $use_icon If true, an icon image is used for link, instead of link text.
* @return string the link to payment gateway.
*/
//function do_payment($client_id, $invoice_id, $price, $link_text, $ppcurrencycode, $use_icon){
//the following global variables are also available to you.
//$site: eInvoice running root URL.
//$yourtitle: your company name.
//$ppbusiness: your paypal account email address

//step 1: get globals if needed.
//global $site,$yourtitle,$ppbusiness;

//step 2: map $ppcurrencycode to your payment gateway currency code.
//USD: us dollars, CAD: canada dollars, EUR: euros, see PayPal web site for full list.

//step 3: build payment gateway links or action forms.

//step 4: return the link or form with link_text or icon.
// define the icon path first use <img.. tag for if use_icon=true

//}

/**
* ialidate variables from thanks page
* If payment system submit it only to thanks page and give the way
* to check it
* @param array $vars Payment-System submitted variables
* @return string Empty if all ok / Error message if any
*/
function validate_thanks(&$vars){
return '';
}

/**
* If {@link validate_thanks} return true, this function called
* most common usage for this is call db->finish_waiting_payment
* with correct parameters to save payment status
* @param array $vars Payment-System submitted variables
* @return string Empty if all ok / Error message if any
*/
function process_thanks(&$vars){
return '';
}

//the following getters will be called by eInvoice.
//if you need overload these functions, put
//your implementation in your own plugin.
function set_client_email($cemail){
$this->client_email = $cemail;
}

function set_client_fname($fname){
$this->client_fname = $fname;
}

function set_client_mname($mname){
$this->client_mname = $mname;
}

function set_client_lname($lname){
$this->client_lname = $lname;
}

function set_client_address($caddress){
$this->client_address = $caddress;
}

function set_client_city($ccity){
$this->client_city = $ccity;
}

function set_client_state($cstate){
$this->client_state = $cstate;
}

function set_client_zip($czip){
$this->client_zip = $czip;
}

function set_client_country($ccountry){
$this->client_country = $ccountry;
}

function set_client_tel_ctry($ctelctry){
$this->client_tel_ctry = $ctelctry;
}

function set_client_tel_area($ctelarea){
$this->client_tel_area = $ctelarea;
}

function set_client_tel_no($cno){
$this->client_tel_no = $cno;
}

function set_einv_session_id($einv_sess){
$this->einv_session_id = $einv_sess;
}
}

?>

it is possible that a few letters aren't right (for the commentaries) but I think the code works.

i hope i could be of help Smile
View user's profile Send private message
Thanks!
PostPosted: Thu Jul 17, 2008 3:43 pm Reply with quote
ozzy_nutter
Beginner
Beginner
Joined: Jul 17, 2008
Posts: 3




Hey thats great, if you dont mind me asking, how did you manage that?

I tried a few things but I think i just kept encrypting it even more! D'OH!

Much appreciated though.
View user's profile Send private message
PostPosted: Thu Jul 17, 2008 3:58 pm Reply with quote
mge
Valuable expert
Valuable expert
Joined: Jul 16, 2008
Posts: 142




eval () is the key Smile
so i didn't let it evaluate the code directly.
the last layer was kind of guessing around a lot as it didn't give me the correct source code right away. some characters were used instead of others (like capital Qs instead of lower-case ts) so I just kept twisting it a little until it made sense Very Happy
View user's profile Send private message
PostPosted: Thu Jul 17, 2008 8:59 pm Reply with quote
ozzy_nutter
Beginner
Beginner
Joined: Jul 17, 2008
Posts: 3




Genius! Thanks for the explanation too!
View user's profile Send private message
decode request
www.waraxe.us Forum Index -> PHP script decode requests
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 1

Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.048 Seconds