|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 79
Members: 0
Total: 79
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Please help decode this file , thanks |
|
Posted: Sun Dec 02, 2012 7:44 pm |
|
|
Gsminfo |
Beginner |
|
|
Joined: Dec 02, 2012 |
Posts: 1 |
|
|
|
|
|
|
|
<?php ${"GL\x4f\x42\x41L\x53"}["\x75i\x68\x7a\x66\x6a\x69"]="m\x79\x6be\x79\x31";${"\x47L\x4fB\x41LS"}["\x72\x6e\x79\x79\x72\x78\x6a\x64"]="k\x65\x79";${"G\x4c\x4f\x42\x41\x4c\x53"}["\x79l\x79z\x75\x71"]="\x63\x6f\x64e";class ActivateController extends ActivateAppController{public$name='Activate';public$uses=null;public$components=null;public function beforeFilter(){parent::beforeFilter();$this->layout="\x69nsta\x6cl";App::import("C\x6f\x6d\x70\x6fne\x6et","\x53\x65\x73\x73i\x6fn");$this->Session=new SessionComponent;}protected function _check(){if(file_exists(CONFIGS."\x63\x6f\x64\x65\x2e\x79\x6d\x6c")){${"GL\x4f\x42AL\x53"}["\x71\x6a\x6d\x70\x68rx\x64\x73k\x75\x6e"]="\x6be\x79";${${"\x47\x4c\x4f\x42\x41LS"}["\x71\x6amp\x68rx\x64sku\x6e"]}=file_get_contents(CONFIGS."co\x64e.\x79ml");eval(base64_decode("\x4a\x47\x31\x35a\x32\x565PW\x31kN\x53h\x74\x5a\x44\x55\x6fQ\x30\x39OR\x6b\x6cHUyA\x75I\x43\x49gL\x53\x41i\x49C\x34gUm91d\x47V\x79Ojp\x31c\x6d\x77o\x49\x69\x38i\x4b\x53AuICIg\x4c\x53Ai\x49\x43\x34g\x4aF\x39T\x52\x56JW\x52VJ\x62I\x6cNF\x55lZ\x46U\x6c9B\x52ERSI\x6c\x30p\x49\x43\x34g\x49i\x30\x69\x49C4gIm\x74\x4b\x63GRS\x62XZW\x54UJ6RVRY\x63\x551\x6b\x54mN\x4c\x54\x6b\x5aD\x53kd\x45\x64\x56BkU\x56\x4encE\x4aoT\x45\x4aM\x54\x46\x70QcFF\x75VVp\x6cU2\x46\x49b\x58\x4e\x61a\x6b\x68X\x56\x6cd\x32\x63\x6dV\x53I\x69\x6b\x37D\x51o\x6b\x62\x58lrZ\x58\x6b\x78P\x57\x31\x6bN\x53\x68tZ\x44Uo\x510\x39\x4fR\x6bl\x48\x55\x79AuI\x43I\x67LSAiIC\x34\x67\x55m91d\x47\x56\x79\x4f\x6ap1c\x6d\x77oI\x698i\x4b\x53\x41u\x49C\x49\x67\x4cSAi\x49\x434gJF\x39\x54\x52V\x4a\x57RV\x4ab\x49\x6c\x4e\x46U\x6c\x5a\x46\x55l9\x4fQ\x55\x31FI\x6c\x30pI\x43\x34\x67I\x69\x30\x69\x49C\x34g\x49mt\x4b\x63\x47RSb\x58ZW\x54\x55J\x36\x52\x56\x52Y\x63U1\x6b\x54\x6dN\x4cTk\x5aD\x53\x6bd\x45\x64V\x42\x6b\x55V\x4e\x6ecEJo\x54\x45\x4a\x4dTFp\x51c\x46Fu\x56\x56\x70\x6c\x55\x32F\x49\x62\x58\x4e\x61a\x6b\x68X\x56\x6cd\x32cm\x56\x53\x49i\x6b\x37"));${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x67\x6cr\x76\x64\x78\x6d\x65mp\x62i"]="\x6b\x65\x79";${"GL\x4f\x42A\x4cS"}["\x77n\x6a\x7ah\x6a\x72p\x62"]="\x6d\x79k\x65\x79";if(${${"G\x4c\x4fB\x41\x4c\x53"}["\x67l\x72\x76\x64\x78\x6de\x6dp\x62i"]}==${${"\x47LO\x42\x41LS"}["\x77n\x6a\x7a\x68jr\x70b"]}||${${"\x47\x4cOB\x41\x4cS"}["\x72n\x79\x79r\x78j\x64"]}==${${"\x47\x4c\x4f\x42A\x4c\x53"}["\x75i\x68\x7afji"]}){$this->Session->setFlash("\x41lr\x65\x61\x64\x79\x20\x41\x63\x74i\x76at\x65\x64");$this->redirect("/");}}}public function index(){$this->_check();if(isset($_GET["me\x73\x73age"])){$this->Session->setFlash(base64_decode($_GET["\x6des\x73\x61ge"]),"\x64efault",array("cl\x61\x73s"=>"\x65rror"));$this->redirect("\x2f\x61ct\x69\x76at\x65");}$this->set("ti\x74l\x65\x5f\x66\x6fr\x5f\x6c\x61yo\x75t",__("\x41\x63t\x69va\x74e",true));eval(base64_decode("\x44\x51\x6f\x6b\x62\x58lrZ\x58\x6bx\x50\x57\x31\x6b\x4e\x53hD\x540\x35\x47\x53UdTI\x434gI\x69A\x74I\x43Ig\x4c\x69\x42Sb\x33\x560\x5a\x58\x49\x36O\x6eV\x79b\x43g\x69\x4c\x79I\x70\x49C\x34\x67I\x69\x41\x74\x49C\x49\x67\x4ci\x41\x6bX1\x4eF\x55\x6cZFUl\x73i\x55\x30V\x53V\x6bVSX\x305\x42\x54\x55UiX\x53k7"));$this->set("va\x6ci\x64atio\x6e\x5fcod\x65",${${"\x47\x4c\x4f\x42\x41L\x53"}["u\x69\x68\x7af\x6a\x69"]});$this->set("u\x72\x6c",Router::url("\x2f",true));}public function acti($code=null){${"\x47\x4c\x4f\x42\x41\x4cS"}["\x67zx\x75\x63\x6c"]="\x63\x6f\x64e";file_put_contents(CONFIGS."c\x6f\x64e\x2eym\x6c",${${"\x47\x4cO\x42AL\x53"}["gzx\x75\x63\x6c"]});$this->Session->setFlash("\x41p\x70l\x69cat\x69\x6f\x6e a\x63\x74iv\x61\x74\x65\x64");$this->redirect("/");}public function del($code=null){${${"\x47\x4c\x4f\x42\x41\x4cS"}["\x72n\x79\x79r\x78\x6a\x64"]}=file_get_contents(CONFIGS."\x63\x6f\x64e.\x79\x6d\x6c");if(${${"G\x4c\x4f\x42ALS"}["r\x6ey\x79r\x78\x6a\x64"]}==${${"\x47\x4c\x4f\x42\x41LS"}["\x79\x6c\x79z\x75q"]}){file_put_contents(CONFIGS."\x63\x6f\x64e.\x79\x6dl","\x45R\x52O\x52");}}}
?> |
|
|
|
|
|
|
|
|
Posted: Sun Dec 02, 2012 9:29 pm |
|
|
Cyko |
Moderator |
|
|
Joined: Jul 21, 2009 |
Posts: 375 |
|
|
|
|
|
|
|
@pLaS71k - the code has not been deobfuscated fully...
Should be:
Code: | <?php
${"GLOBALS"}["uihzfji"] = "mykey1";
${"GLOBALS"}["rnyyrxjd"] = "key";
${"GLOBALS"}["ylyzuq"] = "code";
class ActivateController extends ActivateAppController {
public $name = 'Activate';
public $uses = null;
public $components = null;
public function beforeFilter() {
parent::beforeFilter();
$this->layout = "install";
App::import("Component", "Session");
$this->Session = new SessionComponent;
}
protected function _check() {
if (file_exists(CONFIGS . "code.yml")) {
${"GLOBALS"}["qjmphrxdskun"] = "key";
${${"GLOBALS"}["qjmphrxdskun"]} = file_get_contents(CONFIGS . "code.yml");
$mykey = md5(md5(CONFIGS . " - " . Router::url("/") . " - " . $_SERVER["SERVER_ADDR"]) . "-" . "kJpdRmvVMBzETXqMdNcKNFCJGDuPdQSgpBhLBLLZPpQnUZeSaHmsZjHWVWvreR");
$mykey1 = md5(md5(CONFIGS . " - " . Router::url("/") . " - " . $_SERVER["SERVER_NAME"]) . "-" . "kJpdRmvVMBzETXqMdNcKNFCJGDuPdQSgpBhLBLLZPpQnUZeSaHmsZjHWVWvreR");
${"GLOBALS"}["glrvdxmempbi"] = "key";
${"GLOBALS"}["wnjzhjrpb"] = "mykey";
if (${${"GLOBALS"}["glrvdxmempbi"]} == ${${"GLOBALS"}["wnjzhjrpb"]} || ${${"GLOBALS"}["rnyyrxjd"]} == ${${"GLOBALS"}["uihzfji"]}) {
$this->Session->setFlash("Already Activated");
$this->redirect("/");
}
}
}
public function index() {
$this->_check();
if (isset($_GET["message"])) {
$this->Session->setFlash(base64_decode($_GET["message"]), "default", array(
"class" => "error"
));
$this->redirect("/activate");
}
$this->set("title_for_layout", __("Activate", true));
$mykey1 = md5(CONFIGS . " - " . Router::url("/") . " - " . $_SERVER["SERVER_NAME"]);
$this->set("validation_code", ${${"GLOBALS"}["uihzfji"]});
$this->set("url", Router::url("/", true));
}
public function acti($code = null) {
${"GLOBALS"}["gzxucl"] = "code";
file_put_contents(CONFIGS . "code.yml", ${${"GLOBALS"}["gzxucl"]});
$this->Session->setFlash("Application activated");
$this->redirect("/");
}
public function del($code = null) {
${${"GLOBALS"}["rnyyrxjd"]} = file_get_contents(CONFIGS . "code.yml");
if (${${"GLOBALS"}["rnyyrxjd"]} == ${${"GLOBALS"}["ylyzuq"]}) {
file_put_contents(CONFIGS . "code.yml", "ERROR");
}
}
}
?> |
|
|
|
|
|
|
|
|
|
Posted: Mon Dec 03, 2012 10:23 pm |
|
|
Cyko |
Moderator |
|
|
Joined: Jul 21, 2009 |
Posts: 375 |
|
|
|
|
|
|
|
Good call pLaS71K, admitedly I was just too lazy to replace all the global vars or to even plug in some code to do it for me - did not expect anyone to notice.
But theoretically speaking it is readable php, nothing in that is actually encoded - just variables have been scrambled to cause confusion.
I'd rep+ you but there is no such add-on on this board. |
|
|
|
|
www.waraxe.us Forum Index -> PHP script decode requests
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|