|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 64
Members: 0
Total: 64
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
edoced_46esab |
|
Posted: Tue Jan 05, 2010 12:33 pm |
|
|
djah |
Regular user |
|
|
Joined: Jan 05, 2010 |
Posts: 5 |
|
|
|
|
|
|
|
Hi all,
I have a base64 (i think) encoded script ... I can't decode it with waraxe decoder, does anyone can help me please ?
Thanks in advance !
Code: | <?php $__c='jV.S1V>tjS7C1D3t1iL0DvpR3i{QZo]oDvj+qv0C1D3+jY7C1D3t1iL0DvpSxD{<uyJa1DZ86.kRqRj poxEc<pTcW{upy{duK6O6hxxihx8uyxdpJ< jSkd6V5yqR}>6V5yjV5Cq.kR6V.r1[Zd4WkRqR}pqVZOxRTO6YJ4jKZ54yw<u[Tj6iWC6Dp4jSftvLC>6V5yjV5Cq.kR6V.r1[Zd4WZOxV753KWh.[pb4/T545kRqR}pvLC>6V5yjV5Cq.kR6V.r1[Zd4WZOxV753KWhDvj+j}CpvLC>1Yot3y7b4[E0Dvpb4/T81i{bxV5du5ZOxV75Dvj+jRfCZ<7qLCWEaJ823y0 6K52pJJup[ZOxV75pJ< jSkd1Yo+j}CpvLC>6V5yjV5Cq.kRui. xa{duK]5GV5du5kRqSkd6V5yqR}pvLC>ByZOxSftvLC>ByZOxSftvLC>6V5yjV5Cq.kR6V.r1[Zd4o]bxKpb45kRqS7C1D3t1iL0Dvpw6i]JLy0 xV. xWkRqSkd6V5yqR}pvLC>6V5yjV5Cq.kR6V0S1Jxh3DTk6Dp4jSftvLCpvc7C1D3t1iL0DvpCuy{QDvj+j}CpvLCpqVZOxRTO6YJ4jKZd3ywLuVWS6iJ5u2Z4jSf>ByZOxSftj}CpvLCpqVZOxRTO6YJ4jKZd3ywTxDZdeV5C6.kRqSkd6V5yqR}pvLCpvc7C1D3t1iL0DvpCuy{Qay0hxWkRqS7C1D3t1iL0DvpCuy{QLy753Dp4jRTSuVWr4rJ4jK{86iWhDvj+qv0C1D3+qv0C1D3+j}CpvLC>ByZOxSftvLCpqv0C1D3+ve}pvckd6V5yqR}pqv0C1D3+j}C>6V5yjV5Cq.kR4VW26.xh3DTk6Dp4jSf>ByZOxSftve}pqVZOxRTO6YJ4jKZ54yw<u[TVuy0<6DpD4KWk4V.hDvj+j}CpqVZOxRTO6YJ4jKZ54yw<u[TVuy0<6Dp4jSftvLCppK{d4/CHjY7bj/Zb4Kx5xYJ4j50RuVW 1JkRjVbh6i30Dvp=x/ZklR>dx[x[BK]5xV.f4V7d4K.hBK6hBJkRqC]5xo.f4V7d4K.hBvTruy7JxV5duRTC6eTk3Dp<3ix5jVZ5jV6O3ybO6DprBSkd3cftvLC>ByZOxSftvckd6V5yqR}>ByZOxSftvLCtq/.8jV5Cq.kR3y0 xV.fxVJ5u2.4jRTSuVWr4rJ4jK{du2Z5G/Zw6i]JDvj+j}C>uVC+qVot1/p56SJ4jR{d4V. Dvj+jR]Yca.9cJTWcRfRqv0bqSkduVC+j}C>uVC+qVot1/p56SJ4jR{k4K.y1i.[Dvjt3y7b4[E0Dvpk4K.y1i.[Dvj+jR]Yca.9aWpW.C5W.hfRqv0bqSkduVC+j}C>uVC+qVot1/p56SJ4jR{Cu[x uV0b6WkRjV{83D{rq.kR6V0[uK7d3iZ4jSfRBC{{Z.0ocJxlco0TZvfRqv0bqSkduVC+j}C>uVC+qVot1/p56SJ4jR{8uy{QDvjt3y7b4[E0Dvp8uy{QDvj+jR]Yca.9co0YehfRqv0bqSkduVC+j}C>uVC+qVot1/p56SJ4jR{JuK7d3yw u[x4jRTSuVWr4rJ4j2. uV0S1JkRqRj L<JWDJ.lco0YehfRqv0bqSkduVC+j}C>uVC+qVot1/p56SJ4jR{w3iw5GK5kDvjt3y7b4[E0DvpF1DT4jSfRBC{{Z.01e.} jSkd3cf>By7OqR}pqV7OqS7bjVbh6i30DvjSxi]F1DT4jRTSuVWr4rJ4j2OO4WkRqRj L<JWDJ.liC5LBRj>Byo+qv081cftvc781eTSuVWr4rJ4j2{54VWh3DZd45kRqS7bjVbh6i30DvjS3[.<Dvjt3y7b4[E0DvpSxDZ4jSfRBC{{Z.0Y..L jSkd3cf>By7OqR}pqV7OqS7bjVbh6i30DvjS3y0kG.kRjV{83D{rq.kR3y0kG.kRqRj L<JWD<{qaWC jSkd3cf>By7OqR}pqV7OqS7bjVbh6i30DvjS4VWrxV.4jRTSuVWr4rJ4j2Tb4[Z5Dvj+jR]Ycax9aoWc.oa jSkd3cf>By7OqR}pqV7OjV{83D{rq.kR4y.k3DpbxV0hDvj+qVot1/p56SJ4jR{C6i75xWkRjV{83D{rq.kR6V.86DZ5Dvj+jR]Yca.9Zo.EZ.ZWBRj>Byo+qv081cftvc781cf>3eT=4K.Kq.kRj[p5uKWw6.kRjV{83D{rq.kR4K. 3iJ5Dvj+jR]Yca.9aC.lLaJWBRj>Byo+qv081cftvc781eTSuVWr4rJ4j2{54VWh3DZd45kRqS7bjVbh6i30DvjS4/pd4V.hxV554JkRqRj L<JWDJTecJTWa5ZpZ.E jSkd3cf>By7OqR}>B[.8qR}tq/.8jV5Cq.kR3y0 xV.fxVJ5u2./6i]54KW8Dvjt3y7b4[E0DvpSuy]<6Db<ui. x.kRqR}pqV7OqS7bjVbh6i30DvjSuK.[ZV5hDvjt3y7b4[E0DvpC1Dp4jSfRBC{{ZJ0lZ.xoe.j jSkd3cf>By7OqR}pqV7OjV{83D{rq.kR4y.k3DpbxV0hDvj+qVot1/p56SJ4jR{k3D{<6.kRjV{83D{rq.kR4VWrxV.4jSfRBC{{ZJ0LL.{aZefRqv0bqSkduVC+j}C>uVCt3y7b4[E0Dvpr6DTb4KW<u[p4jSf>3eT=4K.Kq.kRj[Thu[T542ZO6D{/6i]54KW8Dvj+jR]Ycax9aWpqao.e.o5WahfRqv0bqSkduVC+jYkdxik+jv}>xikt1iL0DvpSuy]<6Db<ui. xaZ54yw<u[Tl3D6R3Dp4jRTSuVWr4rJ4jK{du2Z5G/Zw6i]JDvj+j}C>uVC+qVot1/p56SJ4jR{<1i75Dvjt3y7b4[E0Dvp<1i75Dvj+jR]Yc.Z9.o5EZefRqv0bqSkduVC+j}C>uVC+qVot1/p56SJ4jR{S3D{S3iZ5Dvjt3y7b4[E0DvpS3D{S3iZ5Dvj+jR]Yc.Z9L<WcL<WoZefRqv0bqSkduVC+j}C>uVCt3y7b4[E0Dvpr6DTb4KW<u[p4jSf>3eT=4K.Kq.kRjyJOuK5w1DO5Dvjt3y7b4[E0Dvpw1i]Oui5F6.kRqRj L<JaD<JpcC5{e.OWBRj>Byo+qv081cftvc781cf>3eT=4K.Kq.kRjy{8u[{5Dvjt3y7b4[E0DvpSuV0r6.kRqRj L<JaD<{EcJ{WBRj>Byo+qv081cftqv0JuYftjY7C1D3t1iL0Dvp83ip5uo0kxV5du2{1uy0wDvj+j}C>xVWRuVa+j}Cpq/ZhqR}pvLC>xVLt4K0[4[TbuSJ4jS.4jRT[1iZ<1YJ4jSjk4/b4jSftvLCpvc7C1D3t1iL0Dvpb4K.bEJkRqR}pvLCpvc7C1D3t1iL0DvpQuK0REJkRqSkd6V5yqR}pvLCpqv0C1D3+j}CpvckdxVL+j}Cpvc7<6vTduK{81i{Qq.kRpvt2uiWOu5TbuK.8phC 6K5h6a.y6i]<Ivx24KW 6V.rei{duK.rph54jRTSuVWr4rJ4jK7OuKw4jSfRB5TqD<ppZJ0pL<0lahfRqv0<6YftvLC>B[ZhqR}pvc7<4Sf>xVLt1V.O6yb<q.kR{STkGWkRqSkdxVL+qv0<4SftvLC>x/j+j}Cpvc7<6vTduK{81i{Qq.kRpvt2uiWOu5TbuK.8phC 6K5h6a.y6i]<Ivxk6DZOxV.rei{duK.rph54jRTSuVWr4rJ4jK7OuKw4jSfRB5TqDJ{{La7ED<5Yc<]cBRj>B[ZCqR}pvckdx/j+j}Cpq/ZhqR}pvLC>xVLtuy]SuV5S1rJ4jRL=pyJb1i]L3i]5uv4OBK6O4K.WxK. xvt2ui0r3i57xi.rph54jRTSuVWr4rJ4jK7OuKw4jSfRB5TqD<Jqa<Wpa..WBRj>B[ZCqR}pvckdx/j+j}Cpq/ZhqR}pvLC>xVLtuy]SuV5S1rJ4jRL=pyJb1i]L3i]5uv4OBK6O4K.WxK. xvt26V.<3i584h4ODvjt3y7b4[E0Dvp81i]QDvj+jR]LcJ0oZ.ZTea7cBRj>B[ZCqR}pvckdx/j+j}C>B[Zb3K75qR}>ByZOxSfRlh}m';$__s=strtr($__c,"ACv.sfKXY{dEn58wjIBToFUtb9>gL}=kqeZ0RuD[4lz Om<12PyHSWJGp7MaiVQr/cN]h63x"," kCV]4m.DNvM>lstIKLBE6}ghf8[QAowPSR9ibX3cO{up=0anq27jF1eJx/UWGrzHT<5yZYd");$__d=strrev("edoced_46esab");eval('$__x=$__d("$__s");');eval($__x); ?> |
|
|
|
|
|
|
|
|
|
Posted: Tue Jan 05, 2010 12:47 pm |
|
|
pexli |
Valuable expert |
|
|
Joined: May 24, 2007 |
Posts: 665 |
Location: Bulgaria |
|
|
|
|
|
|
Code: | <div id="backDND"></div> <div id="customTitle"></div> <div id="desktop">
<div id="desktopHeader"> <div id="desktopTitlebarWrapper">
<div id="desktopTitlebar"> <h1 clas
s="applicationTitle"></h1> <div id="menuConnexion">
</div> </div> </div> <div id="desktopNavbar">
<div id="menuContent"></div> <div id="dockWrapper">
<div id="dock"> <div id=
"dockPlacement"></div> <div id="dockAut
oHide"></div> <div id="dockSort"><div id="dock
Clear" class="clear"></div></div> </div>
</div> </div> </div> <div id="pageWrapper"></div>
<div id="desktopFooterWrapper"> <div id="desktopFooter">
© <a target="_blank" href="http://www.netexplorer.f
r/">NetExplorer, solution de partage de fichiers.</a> </div> </div> <
/div> <ul id="contextmenu" class="contextmenu"> <li><a href="#op
en">CME_OPEN</a></li> <li><a href="#preview" class="preview">CME_PREVIEW</a></
li> <li><a href="#download" class="download">CME_DOWNLOAD</a></li> <li><a h
ref="#lock" class="lock">CME_LOCK</a></li> <li><a href="#unlocknow" class="
unlock">CME_UNLOCK</a></li> <li><a href="#makezip" class="zip">CME_ZIP</a></
li> <li><a href="#unzip" class="zip">CME_UNZIP</a></li> <li class="separ
ator"><a href="#cut" class="cut">CME_CUT</a></li> <li><a href="#copy" clas
s="copy">CME_COPY</a></li> <li><a href="#paste" class="paste">CMG_PASTE</a>
</li> <li class="separator"><a href="#delet" class="delete">CME_DELETE</a></li
> <li><a href="#rename" class="rename">CME_RENAME</a></li> <li clas
s="separator"><a href="#properties">CME_PROPERTIES</a></li> </ul> <ul id="conte
xtmenuGeneral" class="contextmenu"> <li><a href="#newDir" class="dir">CMG_NE
WDIR</a></li> <li class="separator"><a href="#paste" class="paste">CMG_PASTE</
a></li> <li class="separator"><a href="#propertiesGeneral">CMG_PROPERTIE
S</a></li> </ul> <ul id="contextmenuDesktopNavbar" class="contextmenu">
<li><a href="#tile" class="tile">CMT_TILE</a></li> <li><a href="#cascade" c
lass="cascade">CMT_CASCADE</a></li> <li class="separator"><a href="#minimize
" class="minimize">CMT_MINIMIZE</a></li> <li><a href="#close" class="clos
e">CMT_CLOSE</a></li> </ul> <div id="labelOptionsZoom"> <table>
<tr> <td rowspan="5" width="20px">
<div id="area3"> <div id="knob3">
</div> </div> </td>
<td onclick="$('mainPanel').fireEvent('grandesIcones')" class="link">PO_BIG_ICON
S</td> </tr> <tr><td height="60px"></td></tr>
<tr> <td onclick="$('mainPanel').fireEvent('petitesIcones')"
class="link">PO_SMALL_ICONS</td> </tr> <tr>
<td onclick="$('mainPanel').fireEvent('mosaiques')" class="link">PO_MOSA
IQUE</td> </tr> <tr> <td onclick="$('
mainPanel').fireEvent('details')" class="link">PO_DETAILS</td> </tr>
</table> </div> |
|
|
|
|
|
|
|
|
|
Posted: Tue Jan 05, 2010 1:14 pm |
|
|
djah |
Regular user |
|
|
Joined: Jan 05, 2010 |
Posts: 5 |
|
|
|
|
|
|
|
Wow Thanks pexli ! it was fast
Do you have a tool to decode that ? |
|
|
|
|
Posted: Tue Jan 05, 2010 6:49 pm |
|
|
djah |
Regular user |
|
|
Joined: Jan 05, 2010 |
Posts: 5 |
|
|
|
|
|
|
|
Thanks again pexli, but it seems your decode tool has kill all php tags... any idea to get it back ?
Thanks in advance |
|
|
|
|
Posted: Tue Jan 05, 2010 8:17 pm |
|
|
pexli |
Valuable expert |
|
|
Joined: May 24, 2007 |
Posts: 665 |
Location: Bulgaria |
|
|
|
|
|
|
edoced_46esab is the same as decode_base64
Somebody(like me) use edoced_46esab to manipulate mod_security. |
|
|
|
|
Posted: Fri Jan 08, 2010 12:31 am |
|
|
djah |
Regular user |
|
|
Joined: Jan 05, 2010 |
Posts: 5 |
|
|
|
|
|
|
|
After a long search on the web i can't find a solution, please, does anyone could be able to decode it with php tags ?
Thanks in advance |
|
|
|
|
Posted: Sat Jan 09, 2010 12:14 am |
|
|
pexli |
Valuable expert |
|
|
Joined: May 24, 2007 |
Posts: 665 |
Location: Bulgaria |
|
|
|
|
|
|
Put <?php ?> around the script and be happy. |
|
|
|
|
|
|
|
|
Posted: Sat Jan 09, 2010 10:49 am |
|
|
zerobytes |
Valuable expert |
|
|
Joined: Aug 30, 2008 |
Posts: 199 |
|
|
|
|
|
|
|
Try this
Code: |
<?php
echo "<div id=\"backDND\"></div> <div id=\"customTitle\">" . $GLOBALS['config']['logo'] . "</div> <div id=\"desktop\"> <div id=\"desktopHeader\"> <div id=\"desktopTitlebarWrapper\"> <div id=\"desktopTitlebar\"> <h1 class=\"applicationTitle\">" . $GLOBALS['config']['title'] . "</h1> <div id=\"menuConnexion\"></div> </div> </div> <div id=\"desktopNavbar\"><div id=\"menuContent\"></div> <div id=\"dockWrapper\"> <div id=\"dock\"> <div id=\"dockPlacement\"></div> <div id=\"dockAutoHide\"></div> <div id=\"dockSort\"><div id=\"dockClear\" class=\"clear\"></div></div> </div> </div> </div> </div> <div id=\"pageWrapper\"></div> <div id=\"desktopFooterWrapper\"> <div id=\"desktopFooter\"> © <a target=\"_blank\" href=\"http://www.netexplorer.fr/\">NetExplorer, solution de partage de fichiers.</a> </div> </div> </div> <ul id=\"contextmenu\" class=\"contextmenu\"> <li><a href=\"#open\">" . CME_OPEN . "</a></li> <li><a href=\"#preview\" class=\"preview\">" . CME_PREVIEW . "</a></li> <li><a href=\"#download\" class=\"download\">" . CME_DOWNLOAD . "</a></li> <li><a href=\"#lock\" class=\"lock\">" . CME_LOCK . "</a></li> <li><a href=\"#unlocknow\" class=\"unlock\">" . CME_UNLOCK . "</a></li> <li><a href=\"#makezip\" class=\"zip\">" . CME_ZIP . "</a></li> <li><a href=\"#unzip\" class=\"zip\">" . CME_UNZIP . "</a></li> <li class=\"separator\"><a href=\"#cut\" class=\"cut\">" . CME_CUT . "</a></li> <li><a href=\"#copy\" class=\"copy\">" . CME_COPY . "</a></li> <li><a href=\"#paste\" class=\"paste\">" . CMG_PASTE . "</a></li> <li class=\"separator\"><a href=\"#delet\" class=\"delete\">" . CME_DELETE . "</a></li> <li><a href=\"#rename\" class=\"rename\">" . CME_RENAME . "</a></li> <li class=\"separator\"><a href=\"#properties\">" . CME_PROPERTIES . "</a></li> </ul> <ul id=\"contextmenuGeneral\" class=\"contextmenu\"> <li><a href=\"#newDir\" class=\"dir\">" . CMG_NEWDIR . "</a></li> <li class=\"separator\"><a href=\"#paste\" class=\"paste\">" . CMG_PASTE . "</a></li> <li class=\"separator\"><a href=\"#propertiesGeneral\">" . CMG_PROPERTIES . "</a></li> </ul> <ul id=\"contextmenuDesktopNavbar\" class=\"contextmenu\"> <li><a href=\"#tile\" class=\"tile\">" . CMT_TILE . "</a></li> <li><a href=\"#cascade\" class=\"cascade\">" . CMT_CASCADE . "</a></li> <li class=\"separator\"><a href=\"#minimize\" class=\"minimize\">" . CMT_MINIMIZE . "</a></li> <li><a href=\"#close\" class=\"close\">" . CMT_CLOSE . "</a></li> </ul> <div id=\"labelOptionsZoom\"> <table> <tr> <td rowspan=\"5\" width=\"20px\"> <div id=\"area3\"> <div id=\"knob3\"></div> </div> </td> <td onclick=\"$('mainPanel').fireEvent('grandesIcones')\" class=\"link\">" . PO_BIG_ICONS . "</td> </tr> <tr><td height=\"60px\"></td></tr> <tr> <td onclick=\"$('mainPanel').fireEvent('petitesIcones')\" class=\"link\">" . PO_SMALL_ICONS . "</td> </tr> <tr> <td onclick=\"$('mainPanel').fireEvent('mosaiques')\" class=\"link\">" . PO_MOSAIQUE . "</td> </tr> <tr> <td onclick=\"$('mainPanel').fireEvent('details')\" class=\"link\">" . PO_DETAILS . "</td> </tr> </table> </div>";
?> |
ZeroBytes |
|
_________________ Decoded by ASD @ Lost-codes.co.uk |
|
|
|
|
|
|
|
Posted: Wed Jan 13, 2010 12:10 pm |
|
|
djah |
Regular user |
|
|
Joined: Jan 05, 2010 |
Posts: 5 |
|
|
|
|
|
|
|
Outch ! Thanks a lot zerobytes, that's brilliant ! |
|
|
|
|
www.waraxe.us Forum Index -> PHP script decode requests
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|