Waraxe IT Security Portal

Borat · Beginner

I was trying to decode this script:

<?php
$OOO0O0O00=__FILE__;$O00O00O00=__LINE__;$OO00O0000=2904;eval((base64_decode('JE8wMDBPME8wMD1mb3BlbigkT09PME8wTzAwLCdyYicpO3doaWxlKC0tJE8wME8wME8wMClmZ2V0cygkTzAwME8wTzAwLDEwMjQpO2ZnZXRzKCRPMDAwTzBPMDAsNDA5Nik7JE9PMDBPMDBPMD0oYmFzZTY0X2RlY29kZShzdHJ0cihmcmVhZCgkTzAwME8wTzAwLDg4MCksJ0NSVlBsMkpCS0hlWDRiSXRqdXFzRCswckxmRkExRWRndndjNXg5eVNHODdOelo2VGlta09ubzNXaFVhUU1ZcC89JywnQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVphYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ejAxMjM0NTY3ODkrLycpKSk7ZXZhbCgkT08wME8wME8wKTs=')));return;?>
F0LGEJ9Zfqv8t5lk4s1UIPCh4PC8fJ99eVEDFJ9OKBb51y9iEVRGLr4vfrwiFrH9fVhbVx9yKB9TEqRw1yDvLqR5AJ99ASjzKJ8o1WjvEJ2zFkRnAkRbDnhvA3hvLr2oLrH9dS8CFJYnA028AVU5A3nSesZ8fcvGeJ9O13+neVuK+2ujrob2D9f2D9Y0j+Hs0kEsu+H0u+Hgsx2buqEEeqxyHcvwfrH9f3xGHkvGXc81Xcx/f32UL3Y6EJ+6E2i6AWHSeq1zHlwD+2RgDn+q+x+qrofRD9bAHob2D9f2D9YIjDo2Hon8eq9MgVvGFrbOfrjGH2Ysu+H0u+HAHnwD+2RgqlYs+VEEeqxyHcvwfrH9f3xGHkvGXc81Xcx/f32UL3Y6EJ+6E2i6AWHSeq1zH2Ysu+H0u+HAHnwD+2RgqlYs+VEEeqx8e0u8fqvS+Jw81kROLWH81BjvFr4vAJY5F3+xKBuTKBEWEkUSLr95A3Unf0UnXyYkfkhSeszxsnMi4lMi4lMit0+kf0Eg1y+iAJ25fqvSroYJqDm2roMSXVKSKchxsnYt4lMisOCiXcKSKciGLy2OfsLnr3u9L3YxfqwOEBHn1cwy1y+wfVvxsOCi4lMisOCiXVutsOCisOCi4PC8XVEPD9fjAPHejxZKf+vnLx9nFS+m1njN4BH4fxfR4D+xfWfWLO+hIr9suOvWsS8Fb9u8A0ZtAyMO+3w+L+2b0rCTtq1zHn2Vjnu2uxEKqD8XsloIsoRuD9bD++fr029FL0H5fJ+yf3w8FyZzA0UT1B2k1WuoESEhdrGi4sKObPD3bOvUekMSeqx8esZyL3mT13DGHlMi4PRt4lMi4VxQfrfwAVvxsnMi4lMi4lMiesz=f0bGAkCStJw9L0jpPjGMEJ9nAJDpDBHwAy25ErHTK2Hw1J9xD3bkFrRnK2LmX5lMXWu8EJm9tvnetVYGf02xtvnetJHTfBxvLy25F3EkAW+6fPncFBun1PGTX3xk4O161JwTEJYcE0bNfrj6L3YZX32zLS+Z1kYyf5v3Xn2mE02kfr8aX3HSXslmXy8ifkKpPjGSIkR91SHT19YkfrRT1Su8Ay1Gu+YRslivrcR2rnUt+l9PuqxQKPZ9L3wTKV1SIineHBHOAJ96FW4vtqCxroRtDouAKSHOAJ96FW4crszbVy9yeVuk13m8AyZOtsncKcxvdinePj89L3wTKVKML3+6EJ+ktvneKPmyAWHZKJo9EJwTfPoiAWbnt5m5f0UnfrKptJ9ZfkRO1y4YFBun1PGTX3xkbcUnF0UU1J95XybTAqMkIJbxLS+xXy8ifOhMLSKptVY5f0UnfrKpPj8jErjvd0Yo1cROFru9Ay2ZfqRWFJ+kfqRnFJDvXywnL0b5frbOKJf8AJDvFr4vAJY5Lru9fVCGuJY6HWjvL0uxKJwnEBCaXkM8KVCvI5m8ASRoEVRndrR9tru9dBjvAy2Zfsoo13+kt5mc15hbV5m8ASRoEVRndrR9t0w8fJu9AcR6L0o9trRw1W4ptJHktvneDJ2OEJDvd0Yo1cRqLrR8fBbGLrH9XybTAqRzF0UN1kR8AcRnFJ9OKJfkL0o9KJ26fVR5AJ95FkCSu3+nKlm8AyZOHkRwfSu91SEw1yuOIcC6tJHkt5mnfrwnLrH9LqRkAWEOtsDvL3Yz1OnW4VR6L0o9trHOAJ96FW4ptVYnfrwnLrH9LshMLSKpPjGMF0UiErjvEB9ifsoOE0HZFrjvEy2zE0DYHnE9EVRzF0UN1k1ptVYyAWHZt5iTL3+6EJ+kt5mc1cCTtvnetJb9ASu915hML5Uqf02xKBuGFr4wtVYct5mc15hbV5m8A01v1WH5t0wnEBCaXkY8454WXSRGAWuTLS+5F3+nXybTAqYwAJHoAr4TfyLhbcYR1r+w1y+adcYxFrb5AJ28A0+kXSR6fOhMX3b9ASu915hbVchcIinefrw8EVv8Iinegjnef0mOfjnedineHB+OfrKvtqCxroRtDouAKS+OfrKcrszbVcuiLrbOKPnvH2YjsobD0kHiLrbOK9nQPjGx1SbzF0UN1Onx1SbzF0UN1khcrJhcIineHBHOAJ96FW4YErHzfJ+5A3u9eVuk13m8AyZOeszbVcuk13m8AyZOt0+kf0E8rWH91JmwL3DGKywnEBR1IcMTKcicKcix1SbzF0UN1kxQPjGxAJ96FW8at0+h1JmTfJDGKSHw1J9x13ww1yD6L3YZX3f8AJ+OKcix1SbzF0UN1kxQPjGbVcunF0o9t0uwEJDGH3ivf24vrJYyKlLv0qRGIyxa1kRRHkxQPjGbVyfT1y+wL3vGHJm8AyZadcRw1kCxF3+UKPnpKVuk13m8Ayz8Pj8QPjGxAyfTt0+h1JmTfJDGKcMcXVuk13m8Ayz8IineHJUyAOow1SHwd+Ykfrf91Sb9eVu6fyM8IineHJf8AJ+6E0nYHJUyAozmrszbVcuyF0m9Ay2ZfsnxAyfT0OREIineHJf8AJ+6L0o9t0+kf0E8rWH91JmwL3DGKcUGEJozKcicKcixfy9zf0UwA0D8IineHJw9L3zYfy9zfqvcFBun1PGTXWHw1J9x13ww1yD6L3YZX3f8AJ+OXkuyF0m9AS+ZXkuyF0m9Ay2ZfqK8IineHJw9FOo8ArRzA3u9eVKcXVuGf0bNeszbVy9yeJ+kf0E8eVKM13bkFrRnty2zfrHnKcixFJ+NeqxbVSzbVcuxf02xtqKMfyY6EVR5A3mT15okf0jp00Yo1cRqLrR8fBbGLrH9Klm8AyZOKlu9L0jwtVYyA3UntcKQPj8YPj89ABb9Pj8QPjGxfJ+wfPncK5zbVSnbVcuzF0UNtqKcIineHJwnEBCYKywnEBCcIineHJwoFOo9dBRzA3u9eVHGEBuiIcMT1S4cXVuGf0z8IineHJwTFOo9dBRzA3u9eVK61y2iF0uOFJ2kfqKzHJwoFozmrqxQPjGxAJ96FOnxfJ+wfPzbVcuzF0UNtquzF0UNXcuGEBuiIineHJm8AyzYHJm8Ayz6HOGTXk1QPjGxAJ96FOnxAJ96FkhxErb915zbVcuzF0UNtquzF0UNXc1T1S4SIineHJm8AyzYHJm8Ayz6HJwTFozirszbVcuzF0UNtquzF0UNXcCSXk1QPjGxAJ96FOnxAJ96Fkhxfy9zf0UoAszbVcuzF0UNtquzF0UNXcCSXk1QPjGxAJ96FOnxAJ96Fkhxfy9zf0UwA0DQPjGTXkuzF0UNtqCxFBun1VhcIcMTXcuo13+kXcKaKchx1J2O1khcjJEwErHwEcUNE39hXy96fyMT1S4TKchxFJYN0OREXcKTKchxfy9zf0UoAqhcX3uzXkK6HJf8AJ+6L0o9IineF0LGHJf8AJ+6L0o9tsncKcxbVSzbVSnbVy+z13DbVSzbVcuzF0UN1ozxfy9zf0UwA0+EtquzF0UNIWnbVSnbVyZOAWHneVuzF0UN1kxQPj89L3wTKVHfAW+kKJm8AyzG1kxvLrH9XPmcAJY5FW2oAWu9t5mi1yDpK5zbVyfT1y+wL3vGHJm8AyZOKJ2OKVuNfrxvtshvHJm8Ayz8Pj8QPj89L3wTKVKxAJ96FkKQPj8YPj89L3wTKVH1A9m6syYWKJbT1BxvEJw9AqR8AcRUAW+kKVEqf0oTEJDv+rRzA32xHkRiL0U6f0izKJ26fVRUAWDS1yDvfJY6fqhMLSKpPj8jAWE91y+xKJHUK2RkL0UwLW+kAkRqLrR8fBb51y9iEVR04qhmXcKQPj8YPjG=

but I got stuck here:

$O000O0O00=fopen($OOO0O0O00,'rb');while(--$O00O00O00)fgets($O000O0O00,1024);fgets($O000O0O00,4096);
$OO00O00O0=(base64_decode(strtr(fread($O000O0O00,880),'CRVPl2JBKHeX4bItjuqsD+0rLfFA1Edgvwc5x9ySG87NzZ6TimkOno3WhUaQMYp/=','ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/')));eval($OO00O00O0);

What to do next? Any help would be very apreciated!
Thanks.

waraxe · Site admin

<?php
echo '<head>
<title>Pranacuro RapidScript V1.1</title>
</head>
<body background="http://i237.photobucket.com/albums/ff86/Aquarezz/bg-11.jpg">
'; error_reporting(E_ALL ^ E_NOTICE); ;echo '';
$rslinks = $_POST["rslinks"];
if($rslinks=="") {

echo "<center>
<form method=post><center><img src=http://i26.tinypic.com/28cdbud.jpg><br></center>
Put your sitename where the .htaccess file is located (Don't add http://) :<input type=text name=user><br>
<input type=hidden name=pass><br>
Paste your Rapidshare.com links in this frame and click 'Get Links' afterwards: .<br><textarea rows=5 cols=70 name=rslinks></textarea><br>
<input type=submit value='Get links'></form></center><br />
<center><b>Read this!</b><br>
<img src=http://i237.photobucket.com/albums/ff86/Aquarezz/disclaimer.png></center>
.";
exit();
}
else
{
$user = $_POST["user"];
$pass = $_POST["pass"];
$rslinks=$rslinks."\n";
$rslinks=urldecode($rslinks);
$rslinks=eregi_replace("http\://","",$rslinks);
$linkzz=explode("rapidshare.com/files",$rslinks);

$time=date('l dS \of F Y h:i:s A');

foreach($linkzz as $key => $rslink)
{
$nfo=explode("/",$rslink);
$nfo=array_reverse($nfo);
$filenum=$nfo[1];
$filename=$nfo[0];
$filename=eregi_replace(".html","",$filename);
$heck=file("http://rapidshare.com/files/$filenum/$filename");
$hek=implode("",$heck);
if(eregi("<script>alert",$hek))
{
$dead="<font color=red>Your Rapidshare Links Dead!</font>";
}
else
{
$dead="";
}
$link="";
$http="http";
$huk=explode("http://rs",$hek);
$hok=explode(".rapidshare",$huk[1]);
$link=$dead;
$link=$link.$http;
$link=$link.'://';
$link=$link.$user;
$link=$link.'/rs';
$link=$link.$hok[0];
$link=$link. '/';
$link=$link.$filenum;
$link=$link. '/';
$link=$link.$filename;
//$link= $http."://.$user.":".$pass."@gaurav.kwix.info/rs/".$hok[0]."/".$filenum."/dl/".$filename;
if($filename=="")
{
}
else
{
$links[$filename]=$link;}
}
ksort($links);
echo "Your link(s) are,<blockquote><pre>";
foreach($links as $key => $link)
{
echo "$link";
}
echo "\n\nNow copy them in your 'Remote Upload' pannel, and you're done.<br>
Powered by Pranacuro Rapidscript V1.1.";
}
?>