Waraxe IT Security Portal
Login or Register
November 5, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 124
Members: 0
Total: 124
Full disclosure
4 vulnerabilities in ibmsecurity
32 vulnerabilities in IBM Security Verify Access
xlibre Xnest security advisory & bugfix releases
APPLE-SA-10-29-2024-1 Safari 18.1
SEC Consult SA-20241030-0 :: Query Filter Injection in Ping Identity PingIDM (formerly known as ForgeRock Identity Management) (CVE-2024-23600)
SEC Consult SA-20241023-0 :: Authenticated Remote Code Execution in Multiple Xerox printers (CVE-2024-6333)
APPLE-SA-10-28-2024-8 visionOS 2.1
APPLE-SA-10-28-2024-7 tvOS 18.1
APPLE-SA-10-28-2024-6 watchOS 11.1
APPLE-SA-10-28-2024-5 macOS Ventura 13.7.1
APPLE-SA-10-28-2024-4 macOS Sonoma 14.7.1
APPLE-SA-10-28-2024-3 macOS Sequoia 15.1
APPLE-SA-10-28-2024-2 iOS 17.7.1 and iPadOS 17.7.1
APPLE-SA-10-28-2024-1 iOS 18.1 and iPadOS 18.1
Open Redirect / Reflected XSS - booked-schedulerv2.8.5
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> PHP script decode requests -> PLEASE DECODE THIS!!!
Post new topicReply to topic View previous topic :: View next topic
PLEASE DECODE THIS!!!
PostPosted: Wed Apr 07, 2010 8:47 pm Reply with quote
milenovanta
Regular user
Regular user
Joined: Apr 07, 2010
Posts: 5




Can someone decode this, please?

Code:
<?php /* This file is protected by copyright law and provided under license. Reverse engineering of this file is strictly prohibited. The commercial version is not encoded. */$OOO000000=urldecode('%66%67%36%73%62%65%68%70%72%61%34%63%6f%5f%74%6e%64');$OOO0000O0=$OOO000000{4}.$OOO000000{9}.$OOO000000{3}.$OOO000000{5};$OOO0000O0.=$OOO000000{2}.$OOO000000{10}.$OOO000000{13}.$OOO000000{16};$OOO0000O0.=$OOO0000O0{3}.$OOO000000{11}.$OOO000000{12}.$OOO0000O0{7}.$OOO000000{5};$OOO000O00=$OOO000000{0}.$OOO000000{12}.$OOO000000{7}.$OOO000000{5}.$OOO000000{15};$O0O000O00=$OOO000000{0}.$OOO000000{1}.$OOO000000{5}.$OOO000000{14};$O0O000O0O=$O0O000O00.$OOO000000{11};$O0O000O00=$O0O000O00.$OOO000000{3};$O0O00OO00=$OOO000000{0}.$OOO000000{8}.$OOO000000{5}.$OOO000000{9}.$OOO000000{16};$OOO00000O=$OOO000000{3}.$OOO000000{14}.$OOO000000{8}.$OOO000000{14}.$OOO000000{8};$OOO0O0O00=__FILE__;$OO00O0000=0x264;eval($OOO0000O0('JE8wMDBPME8wMD0kT09PMDAwTzAwKCRPT08wTzBPMDAsJ3JiJyk7JE8wTzAwT08wMCgkTzAwME8wTzAwLDB4NTI3KTskT08wME8wME8wPSRPT08wMDAwTzAoJE9PTzAwMDAwTygkTzBPMDBPTzAwKCRPMDAwTzBPMDAsMHgxN2MpLCdFbnRlcnlvdXdraFJIWUtOV09VVEFhQmJDY0RkRmZHZ0lpSmpMbE1tUHBRcVNzVnZYeFp6MDEyMzQ1Njc4OSsvPScsJ0FCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXowMTIzNDU2Nzg5Ky8nKSk7ZXZhbCgkT08wME8wME8wKTs='));return;?>B^QYIJH@sxkr9NHenNHenNHe1zfukgFMaXdoyjcUImb19oUAxyb18mRtwmwJ4LT09NHr8XTzEXRJwmwJXLT09NHeEXHr8XhtONT08XHeEXHr8Pkr8XTzEXT08XHtILTzEXHr8XTzEXRtONTzEXTzEXHeEpRtfydmOlFmlvfbfqDykwBAsKa09aaryiWMkeC0OLOMcuc0lpUMpHdr1sAunOFaYzamcCGyp6HerZHzW1YjF4KUSvNUFSk0ytW0OyOLfwUApRTr1KT1nOAlYAaacbBylDCBkjcoaMc2ipDMsSdB5vFuyZF3O1fmf4GbPXHTwzYeA2YzI5hZ8mhULpK2cjdo9zcUILTzEXHr8XTzEXhTslfMyShtONTzEXTzEXTzEpKX==tMOlcMlVcBWPk19hOaiyWZFpwo9ZwoOpcUImAMazfukpC3OlctniC2YlF3HmhTShFMaxfBlZca9vdMYlwtihAryAUy9eT01WT05yTlWVOyHVk2YvdmOZd2xScbwVFoiXkZL7tMlMhtOjd250FM9SdoaZwe0IUlklFbalF3W6KMflfyfvFMWPk2YvdmOZd2xScbwmhULIGXPLFoy0DtE9wrpWWaOwb0YNTanNTLaKat5rAZ4mC29VfukvdoxlFmHmRLOTRJOjd250FM9SdoaZRJFVFoiXkzShDBCIhocpdoagcbipF3OzhtOXCbOPhULIGXpZcby1Dbklb29VC2AIkunifoI7tm1lduYlwuShkoYvdmOZd2xScbwINUEmkzShgWp9tJOjdoyzF25idBAkNUEmOMxpFunpdMftd29qW29VfukvdoxlFJFVfBYMDbkzftILC29VfukvdoxlFJL7tJOjd250FM9SdoaZwe0IdMa3wtOjdoyzF25idBAPwtL7tJOjd250FM9SdoaZRT5lGoajfbOlhrpUcby1cbY0KjpmcbOedBWPk3OiF2SmhUL7tJOjd250FM9SdoaZRT5ZcBOpFMajftIpKX==}\h{KqpPHGAc@PUTbL@z


Thank you very much.
View user's profile Send private message
mediafire upload of the php
PostPosted: Wed Apr 07, 2010 8:52 pm Reply with quote
milenovanta
Regular user
Regular user
Joined: Apr 07, 2010
Posts: 5




Here the php file on mediafire: http://www.mediafire.com/?zdmdwwmdmz2
View user's profile Send private message
PostPosted: Wed Apr 07, 2010 9:49 pm Reply with quote
vince213333
Advanced user
Advanced user
Joined: Aug 03, 2009
Posts: 737
Location: Belgium




I tried doing it manually and my outcome was this:

Code:
defined('_JEXEC') or die('Restricted access');
require_once (JPATH_COMPONENT.DS.'controller.php');
if($controller = JRequest::getWord('controller')) {
$path = JPATH_COMPONENT.DS.'controllers'.DS.$controller.'.php';
if (file_exists($path)) {
require_once $path;
}else {
$controller = '';
}
}
$classname = 'FlippingBookController'.ucfirst($controller);
$controller = new $classname( );
$controller->execute(JRequest::getCmd('task'));
$controller->redirect();


But honnnestly, i'm not sure if it's correct or just a piece Confused
View user's profile Send private message
PostPosted: Wed Apr 07, 2010 10:26 pm Reply with quote
Cyko
Moderator
Moderator
Joined: Jul 21, 2009
Posts: 375




@vince

Good job.

Heres the output according to my decoder/

Code:
<?php
defined('_JEXEC') or die('Restricted access');
require_once (JPATH_COMPONENT.DS.'controller.php');
if($controller = JRequest::getWord('controller')) {
$path = JPATH_COMPONENT.DS.'controllers'.DS.$controller.'.php';
if (file_exists($path)) {
require_once $path;
}
else {
$controller = '';
}
}
$classname = 'FlippingBookController'.ucfirst($controller);
$controller = new $classname( );
$controller->execute(JRequest::getCmd('task'));
$controller->redirect();
?>
View user's profile Send private message
PostPosted: Wed Apr 07, 2010 11:49 pm Reply with quote
vince213333
Advanced user
Advanced user
Joined: Aug 03, 2009
Posts: 737
Location: Belgium




Seems pretty accurate ^^

Took me a while to realize that the text in the file were actually 2 base64 encoded strings concatinated lol
View user's profile Send private message
PostPosted: Thu Apr 08, 2010 12:17 am Reply with quote
Cyko
Moderator
Moderator
Joined: Jul 21, 2009
Posts: 375




vince213333 wrote:
Seems pretty accurate ^^

Took me a while to realize that the text in the file were actually 2 base64 encoded strings concatinated lol


Yep

eval($OOO0000O0('string...

You should haved echo'd $OOO0000O0 to see what function is being called.
View user's profile Send private message
PostPosted: Thu Apr 08, 2010 11:10 am Reply with quote
vince213333
Advanced user
Advanced user
Joined: Aug 03, 2009
Posts: 737
Location: Belgium




I know, I always do that. But the problem is that once you modify the file, the fread/fopen/... doesn't have the right offset anymore from where to start reading the characters Smile
View user's profile Send private message
Software
PostPosted: Thu Apr 08, 2010 11:20 am Reply with quote
milenovanta
Regular user
Regular user
Joined: Apr 07, 2010
Posts: 5




I have some other files like this to decode... Can you share me on mediafire softwares used to decode php, please? Is easy to decode php or is it a long process? Thank you so much.

Bye.
View user's profile Send private message
PostPosted: Thu Apr 08, 2010 11:42 am Reply with quote
vince213333
Advanced user
Advanced user
Joined: Aug 03, 2009
Posts: 737
Location: Belgium




I do it manually, takes around 2 minutes.

Cyko has some tools to do the job though ^^
View user's profile Send private message
How to do?
PostPosted: Thu Apr 08, 2010 12:04 pm Reply with quote
milenovanta
Regular user
Regular user
Joined: Apr 07, 2010
Posts: 5




How I can decode php files "manually"? Can you teach me that, please?
View user's profile Send private message
PostPosted: Thu Apr 08, 2010 1:05 pm Reply with quote
vince213333
Advanced user
Advanced user
Joined: Aug 03, 2009
Posts: 737
Location: Belgium




Some knowledge of PHP will do, and offcourse a local server to run php Smile
View user's profile Send private message
another file
PostPosted: Thu Apr 08, 2010 1:27 pm Reply with quote
milenovanta
Regular user
Regular user
Joined: Apr 07, 2010
Posts: 5




can you decode this last please? http://www.mediafire.com/?dzmmtgr2j4z

Thank you, bye.
View user's profile Send private message
Re: another file
PostPosted: Thu Apr 08, 2010 2:39 pm Reply with quote
Cyko
Moderator
Moderator
Joined: Jul 21, 2009
Posts: 375




milenovanta wrote:
can you decode this last please? http://www.mediafire.com/?dzmmtgr2j4z

Thank you, bye.


Code:
<?php
/**********************************************
* FlippingBook Joomla! Component.
* © Mediaparts Interactive. All rights reserved.
* Released under Commercial License.
* www.page-flip-tools.com
**********************************************/
defined('_JEXEC') or die( 'Restricted access' );
jimport('joomla.application.component.controller');
class FlippingBookController extends JController {
function display() {
if ( ! JRequest::getCmd( 'view' ) ) {
JRequest::setVar('view', 'categories' );
}
if (JRequest::getCmd('view') == 'category') {
$model =& $this->getModel('category');
}
if (JRequest::getCmd('view') == 'book') {
$model =& $this->getModel('book');
}
parent::display();
}
}
?>
View user's profile Send private message
PLEASE DECODE THIS!!!
www.waraxe.us Forum Index -> PHP script decode requests
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 1

Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.061 Seconds