|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 162
Members: 0
Total: 162
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Wondering what this is obfuscated in |
|
Posted: Fri Nov 18, 2011 2:57 am |
|
|
jimmyrimmy |
Beginner |
|
|
Joined: Nov 18, 2011 |
Posts: 2 |
|
|
|
|
|
|
|
Trying to deobfuscate this and cant seem to get anything to work.
<?php if (!function_exists("T7FC56270E7A70FA81A5935B72EACBE29")) { function T7FC56270E7A70FA81A5935B72EACBE29($TF186217753C37B9B9F958D906208506E) { $TF186217753C37B9B9F958D906208506E = base64_decode($TF186217753C37B9B9F958D906208506E); $T7FC56270E7A70FA81A5935B72EACBE29 = 0; $T9D5ED678FE57BCCA610140957AFAB571 = 0; $T0D61F8370CAD1D412F80B84D143E1257 = 0; $TF623E75AF30E62BBD73D6DF5B50BB7B5 = (ord($TF186217753C37B9B9F958D906208506E[1]) << + ord($TF186217753C37B9B9F958D906208506E[2]); $T3A3EA00CFC35332CEDF6E5E9A32E94DA = 3; $T800618943025315F869E4E1F09471012 = 0; $TDFCF28D0734569A6A693BC8194DE62BF = 16; $TC1D9F50F86825A1A2302EC2449C17196 = ""; $TDD7536794B63BF90ECCFD37F9B147D7F = strlen($TF186217753C37B9B9F958D906208506E); $TFF44570ACA8241914870AFBC310CDB85 = __FILE__; $TFF44570ACA8241914870AFBC310CDB85 = file_get_contents($TFF44570ACA8241914870AFBC310CDB85); $TA5F3C6A11B03839D46AF9FB43C97C188 = 0; preg_match(base64_decode("LyhwcmludHxzcHJpbnR8ZWNobykv"), $TFF44570ACA8241914870AFBC310CDB85, $TA5F3C6A11B03839D46AF9FB43C97C188); for (;$T3A3EA00CFC35332CEDF6E5E9A32E94DA<$TDD7536794B63BF90ECCFD37F9B147D7F;) { if (count($TA5F3C6A11B03839D46AF9FB43C97C188)) exit; if ($TDFCF28D0734569A6A693BC8194DE62BF == 0) { $TF623E75AF30E62BBD73D6DF5B50BB7B5 = (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) << ; $TF623E75AF30E62BBD73D6DF5B50BB7B5 += ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]); $TDFCF28D0734569A6A693BC8194DE62BF = 16; } if ($TF623E75AF30E62BBD73D6DF5B50BB7B5 & 0x8000) { $T7FC56270E7A70FA81A5935B72EACBE29 = (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) << 4); $T7FC56270E7A70FA81A5935B72EACBE29 += (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA]) >> 4); if ($T7FC56270E7A70FA81A5935B72EACBE29) { $T9D5ED678FE57BCCA610140957AFAB571 = (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) & 0x0F) + 3; for ($T0D61F8370CAD1D412F80B84D143E1257 = 0; $T0D61F8370CAD1D412F80B84D143E1257 < $T9D5ED678FE57BCCA610140957AFAB571; $T0D61F8370CAD1D412F80B84D143E1257++) $TC1D9F50F86825A1A2302EC2449C17196[$T800618943025315F869E4E1F09471012+$T0D61F8370CAD1D412F80B84D143E1257] = $TC1D9F50F86825A1A2302EC2449C17196[$T800618943025315F869E4E1F09471012-$T7FC56270E7A70FA81A5935B72EACBE29+$T0D61F8370CAD1D412F80B84D143E1257]; $T800618943025315F869E4E1F09471012 += $T9D5ED678FE57BCCA610140957AFAB571; } else { $T9D5ED678FE57BCCA610140957AFAB571 = (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) << ; $T9D5ED678FE57BCCA610140957AFAB571 += ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) + 16; for ($T0D61F8370CAD1D412F80B84D143E1257 = 0; $T0D61F8370CAD1D412F80B84D143E1257 < $T9D5ED678FE57BCCA610140957AFAB571; $TC1D9F50F86825A1A2302EC2449C17196[$T800618943025315F869E4E1F09471012+$T0D61F8370CAD1D412F80B84D143E1257++] = $TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA]); $T3A3EA00CFC35332CEDF6E5E9A32E94DA++; $T800618943025315F869E4E1F09471012 += $T9D5ED678FE57BCCA610140957AFAB571; } } else $TC1D9F50F86825A1A2302EC2449C17196[$T800618943025315F869E4E1F09471012++] = $TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]; $TF623E75AF30E62BBD73D6DF5B50BB7B5 <<= 1; $TDFCF28D0734569A6A693BC8194DE62BF--; if ($T3A3EA00CFC35332CEDF6E5E9A32E94DA == $TDD7536794B63BF90ECCFD37F9B147D7F) { $TFF44570ACA8241914870AFBC310CDB85 = implode("", $TC1D9F50F86825A1A2302EC2449C17196); $TFF44570ACA8241914870AFBC310CDB85 = "?".">".$TFF44570ACA8241914870AFBC310CDB85."<"."?"; return $TFF44570ACA8241914870AFBC310CDB85; } } } } eval(T7FC56270E7A70FA81A5935B72EACBE29("QAAAPGgzPlN1Ym1pdHRlZCBXZQAAYnNpdGUgRGlyZWN0b3JpZRAAczwvAiANCjx0YWJsZSBpZD0AICJkaXJsaXN0Ij4BYD9waHANAAAKICRyZXN1bHQgPSBAbXlzAABxbF9xdWVyeSgiU0VMRUNUAAAgKiBGUk9NIHVybHMgV0hFIIBSRQCxb3duZXIDICckdXNyaWQEAicgIik7BLB3aGlsZSgkdQLRPYAEBNNmZXRjaF9hcnJheSgGpCkpQAB7AsAgIHByaW50KCI8dGhlYQQAZD48dHIAQGggY2xhc3M9XCKCYARAXCI+Ii4E41snAQAAMCddLiI8EC0vdGgCunN0YXR1cwLgUwCSAgMvBQHBIgKgBcNib2R5PgpTICALUGVyXxLSPQAAIHN0cl9yZXBsYWNlKCJodAAedHA6Ly8iLCAiIiwHrQ4yA+8D53cWYnd3LgO1cwYkA1VnZRYvFiRkLmQNoCwBdHNzLnN1aWQAgXUJwQ1jF+NzHmJzIAgDc3MsIBwwcyBkIHdoZXJlARADUKBmASA9BFBpZCBhbmQBMwQRPSIT2RpgXWFwKRpRDCBudW1fBzBzHCAaYwERcm93cyCGKCQKgCk7ICAgGiJpZigkAbECwT5CgTAbdC8vVG8IUHMTMHkgYWxsIBwAwYABACdWIHdpdGgBUgwkb2YgYXBwcgAgb3ZhbDpCZWdpbgXFISRjaGU8vGNrBEAFtCQEDuNlZA2AcyR/CkMDJAqgIGUA+3h0cmFjdCgkA4kOtAIBJoYmEWQmHxfh+D8lYihRAgcL4yVgPHNwYW4oohVhAXMDAQFyJtCrnQNwLybQIgc0fQ3yAGMSz2hlEs8UEQVzIBLJHw9FbmcEsgBSBKIS8hdPZXM6IBWaFY85ghIJ4t8VjxWKFU9pcnMOFCQZgEYieTRPNE4V0QOPFJG8ACfQczfJM+gGGwP1c2VhcmNoS2V5dxWLb3JkA+AiBGE6LlAC+y4iIAFAdTgVLzP9/CBIGoUBNh83LoAfACQLQR2CAr8j5hsDAuAh4zxkJMBpdlYRXCIoYGlkAYADzXNjcmlwdICFV4AJCQkgIHNkHMJlcignALYuWQAAuCcsICdzaz0kDsomQYEBQEHgJmNzIoY9JEH4JywnBxInElEJCTwvBnQH7S+9EAoAPgHgLKENsgBQclEWLy9DOJEgc2lucANnYpAQcCdEPGEgb25jbGlja1kgCpb/HwtOCz8LP2mwE0MLOBJwB5M8L2ERoDrQM3MAYy8/gwczuTogRW5kCnIAUn1lbHNlZYMEcGXHmiA/RG9sOuEMUDIHQE5vIHNyc3Npb24DYHMgeWV0LhDwPH8gCIEF4mZ1bmN0kIwC0CBjEcBfZ29vEnAoJGsos0i2JHAzmWFnWVB05CIiJ7NXAE+gdWUrIQE3Y2gBAIGCBOJpbml0KCkCxQEyc2V0b3BNEGMAH2gsIENVUkxPUFRfAHAhwGoUMsEIYwQALmNvbS8i4z9obD1lbiZxPSdBgC4KYGVuY29keNAKVS4nJmJ0bkckDz1HC9IrUzTSJm1ldGE9I9ITYQ3zB+8AAFRfUkVUVVJOVFJBTlNGRVIQQCwgMQsWJGRhdGEMxWV4ZWMoJCCAY2gB5kAkZG9tAeBuZXcgRE9NAwBEb2N1bWV/YAIbLT5sb2FkSFQYA01MKATyAeENCgkgJHhwYXQSkQP0MzhYUADwAjBvbQIhCyIkaS2gbJECwy0+ZYALFtFhdGUoIi9odG1sL3+hLy/xMTUAASAgZm9yICgkaSA9IDA7IACAcEM8AFAEYQhwZW5ndGgBUSsrKSAk8AhA5eQGEQKwBpMtPiyAbQPQCBEB0gG1LT5zsEF0BYh0cmlidQfgJ3cAAkNpZiADAGQ9PWeIIpaTilFzIiNRQIAh2AYSLT50V7BDb25vDXQSYCFACShBAFR44Q3RZSE9IgQGJ0xBdpI+HWVkJpEDcDFUBpECnFBlbmQ+4AKELlIgH/MKA2Nsb3MjgGMcV3JldHVybiAEKAmgX4YgCaE/O2AzsBZBAKOmkQChYnIgLwCApmBwsaBTNCJ6MDQgcyI+RVCeUyISoHRvbiIgAAdocmVmPSJleHBvcnRzjrKtEF1lwYKsgFGhP3U9PD9PwacAPz4iPkUC4iAAsHRvIEV4Y2VsRCEgBa8Fo2luZGVkW3gEUifQdT0GM2VkXwY4JqySBjkmWiKJ0B1QPXllC2BKkxvRdbWAYVTQcA4Q")); ?> |
|
|
|
|
|
|
|
|
Posted: Fri Nov 18, 2011 3:15 pm |
|
|
jimmyrimmy |
Beginner |
|
|
Joined: Nov 18, 2011 |
Posts: 2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Posted: Sat Jul 28, 2012 6:55 pm |
|
|
demon |
Moderator |
|
|
Joined: Sep 22, 2010 |
Posts: 485 |
|
|
|
|
|
|
|
Code: | <h3>Submitted Website Directories</h3>
<table id="dirlist">
<?php
$result = @mysql_query("SELECT * FROM urls WHERE urlowner = '$usrid' ");
while($uurls=mysql_fetch_array($result)){
print("<thead><tr><th class=\"url\">".$uurls['urlurl']."</th><th class=\"status\">Status</th></tr></thead><tbody>");
$user_site = str_replace("http://", "",$uurls['urlurl']);
$user_site = str_replace("www.", "",$user_site);
$get = @mysql_query("SELECT d.durl,ss.suid,ss.usitestatus FROM submits ss, dirs d where ss.sudir=d.did and ss.susite=".$uurls['urlid']);
$num_urls = mysql_num_rows($get);
if($num_urls>0){
//To display all the directories with the status of approval:Begin
if(!$checkall){
while($submiteddirs=mysql_fetch_array($get)){
extract($submiteddirs);
print("<tr><td class=\"url\">".$durl."</td><td class=\"status\"><span>".$usitestatus."</span></td></tr>");
}
}
//To display all the directories with the status of approval:Eng
//To check all the directories: Begin
if($checkall){
while($submiteddirs=mysql_fetch_array($get)){
extract($submiteddirs);
$directory_site = str_replace("http://", "",$durl);
$directory_site = str_replace("www.", "",$directory_site);
$searchKeyword = "site:".$directory_site." ".$user_site;
print("<tr>");
print("<td class=\"url\">$durl</td>");
print("<td class=\"status\"><span><div id=\"$suid\">");
print("<script>
sdchecker('sdchecker.php', 'sk=$searchKeyword&suid=$suid&cs=$usitestatus','$suid');
</script>");
print("</div></span></td></tr>");
//Check single url
//<a onclick=\"sdchecker('sdchecker.php','sk=$searchKeyword&suid=$suid&cs=$usitestatus','$suid');\">Check </a>
}
}
//To check all the directories: End
}else{
print("<tr><td colspan=\"2\">No Submissions yet.</td></tr>");
}
}
function curl_google($keyword){
$pageresult = "";
$value = "";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'http://www.google.com/search?hl=en&q='.urlencode($keyword).'&btnG=Google+Search&meta=');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$data = curl_exec($ch);
@$dom = new DOMDocument();
@$dom->loadHTML($data);
$xpath = new DOMXPath($dom);
$idivs = $xpath->evaluate("/html/body//div");
for ($i = 0; $i < $idivs->length; $i++) {
$idiv = $idivs->item($i);
$id = $idiv->getAttribute('id');
if ($id=="resultStats"){
$value = $idiv->textContent;
}
}
if($value!=""){
$pageresult = "Approved";
}else{
$pageresult = "Pending";
}
curl_close($ch);
return $pageresult;
}
?>
</tbody>
</table>
<br />
<p class="actions"><a class="button" href="exportsubmitteddirectories.php?u=<?=$usrid?>">Export to Excel</a> <a class="button" href="index.php?menu=submited_directories&usrid=<?=$usrid?>&checkall=yes">Check Status</a></p> |
|
|
|
|
|
|
www.waraxe.us Forum Index -> Php
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|