|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 126
Members: 0
Total: 126
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Help to decode script |
|
Posted: Mon Jun 02, 2008 5:10 am |
|
|
Borat |
Beginner |
|
|
Joined: Jun 02, 2008 |
Posts: 1 |
|
|
|
|
|
|
|
I was trying to decode this script:
<?php
$OOO0O0O00=__FILE__;$O00O00O00=__LINE__;$OO00O0000=2904;eval((base64_decode('JE8wMDBPME8wMD1mb3BlbigkT09PME8wTzAwLCdyYicpO3doaWxlKC0tJE8wME8wME8wMClmZ2V0cygkTzAwME8wTzAwLDEwMjQpO2ZnZXRzKCRPMDAwTzBPMDAsNDA5Nik7JE9PMDBPMDBPMD0oYmFzZTY0X2RlY29kZShzdHJ0cihmcmVhZCgkTzAwME8wTzAwLDg4MCksJ0NSVlBsMkpCS0hlWDRiSXRqdXFzRCswckxmRkExRWRndndjNXg5eVNHODdOelo2VGlta09ubzNXaFVhUU1ZcC89JywnQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVphYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ejAxMjM0NTY3ODkrLycpKSk7ZXZhbCgkT08wME8wME8wKTs=')));return;?>
F0LGEJ9Zfqv8t5lk4s1UIPCh4PC8fJ99eVEDFJ9OKBb51y9iEVRGLr4vfrwiFrH9fVhbVx9yKB9TEqRw1yDvLqR5AJ99ASjzKJ8o1WjvEJ2zFkRnAkRbDnhvA3hvLr2oLrH9dS8CFJYnA028AVU5A3nSesZ8fcvGeJ9O13+neVuK+2ujrob2D9f2D9Y0j+Hs0kEsu+H0u+Hgsx2buqEEeqxyHcvwfrH9f3xGHkvGXc81Xcx/f32UL3Y6EJ+6E2i6AWHSeq1zHlwD+2RgDn+q+x+qrofRD9bAHob2D9f2D9YIjDo2Hon8eq9MgVvGFrbOfrjGH2Ysu+H0u+HAHnwD+2RgqlYs+VEEeqxyHcvwfrH9f3xGHkvGXc81Xcx/f32UL3Y6EJ+6E2i6AWHSeq1zH2Ysu+H0u+HAHnwD+2RgqlYs+VEEeqx8e0u8fqvS+Jw81kROLWH81BjvFr4vAJY5F3+xKBuTKBEWEkUSLr95A3Unf0UnXyYkfkhSeszxsnMi4lMi4lMit0+kf0Eg1y+iAJ25fqvSroYJqDm2roMSXVKSKchxsnYt4lMisOCiXcKSKciGLy2OfsLnr3u9L3YxfqwOEBHn1cwy1y+wfVvxsOCi4lMisOCiXVutsOCisOCi4PC8XVEPD9fjAPHejxZKf+vnLx9nFS+m1njN4BH4fxfR4D+xfWfWLO+hIr9suOvWsS8Fb9u8A0ZtAyMO+3w+L+2b0rCTtq1zHn2Vjnu2uxEKqD8XsloIsoRuD9bD++fr029FL0H5fJ+yf3w8FyZzA0UT1B2k1WuoESEhdrGi4sKObPD3bOvUekMSeqx8esZyL3mT13DGHlMi4PRt4lMi4VxQfrfwAVvxsnMi4lMi4lMiesz=f0bGAkCStJw9L0jpPjGMEJ9nAJDpDBHwAy25ErHTK2Hw1J9xD3bkFrRnK2LmX5lMXWu8EJm9tvnetVYGf02xtvnetJHTfBxvLy25F3EkAW+6fPncFBun1PGTX3xk4O161JwTEJYcE0bNfrj6L3YZX32zLS+Z1kYyf5v3Xn2mE02kfr8aX3HSXslmXy8ifkKpPjGSIkR91SHT19YkfrRT1Su8Ay1Gu+YRslivrcR2rnUt+l9PuqxQKPZ9L3wTKV1SIineHBHOAJ96FW4vtqCxroRtDouAKSHOAJ96FW4crszbVy9yeVuk13m8AyZOtsncKcxvdinePj89L3wTKVKML3+6EJ+ktvneKPmyAWHZKJo9EJwTfPoiAWbnt5m5f0UnfrKptJ9ZfkRO1y4YFBun1PGTX3xkbcUnF0UU1J95XybTAqMkIJbxLS+xXy8ifOhMLSKptVY5f0UnfrKpPj8jErjvd0Yo1cROFru9Ay2ZfqRWFJ+kfqRnFJDvXywnL0b5frbOKJf8AJDvFr4vAJY5Lru9fVCGuJY6HWjvL0uxKJwnEBCaXkM8KVCvI5m8ASRoEVRndrR9tru9dBjvAy2Zfsoo13+kt5mc15hbV5m8ASRoEVRndrR9t0w8fJu9AcR6L0o9trRw1W4ptJHktvneDJ2OEJDvd0Yo1cRqLrR8fBbGLrH9XybTAqRzF0UN1kR8AcRnFJ9OKJfkL0o9KJ26fVR5AJ95FkCSu3+nKlm8AyZOHkRwfSu91SEw1yuOIcC6tJHkt5mnfrwnLrH9LqRkAWEOtsDvL3Yz1OnW4VR6L0o9trHOAJ96FW4ptVYnfrwnLrH9LshMLSKpPjGMF0UiErjvEB9ifsoOE0HZFrjvEy2zE0DYHnE9EVRzF0UN1k1ptVYyAWHZt5iTL3+6EJ+kt5mc1cCTtvnetJb9ASu915hML5Uqf02xKBuGFr4wtVYct5mc15hbV5m8A01v1WH5t0wnEBCaXkY8454WXSRGAWuTLS+5F3+nXybTAqYwAJHoAr4TfyLhbcYR1r+w1y+adcYxFrb5AJ28A0+kXSR6fOhMX3b9ASu915hbVchcIinefrw8EVv8Iinegjnef0mOfjnedineHB+OfrKvtqCxroRtDouAKS+OfrKcrszbVcuiLrbOKPnvH2YjsobD0kHiLrbOK9nQPjGx1SbzF0UN1Onx1SbzF0UN1khcrJhcIineHBHOAJ96FW4YErHzfJ+5A3u9eVuk13m8AyZOeszbVcuk13m8AyZOt0+kf0E8rWH91JmwL3DGKywnEBR1IcMTKcicKcix1SbzF0UN1kxQPjGxAJ96FW8at0+h1JmTfJDGKSHw1J9x13ww1yD6L3YZX3f8AJ+OKcix1SbzF0UN1kxQPjGbVcunF0o9t0uwEJDGH3ivf24vrJYyKlLv0qRGIyxa1kRRHkxQPjGbVyfT1y+wL3vGHJm8AyZadcRw1kCxF3+UKPnpKVuk13m8Ayz8Pj8QPjGxAyfTt0+h1JmTfJDGKcMcXVuk13m8Ayz8IineHJUyAOow1SHwd+Ykfrf91Sb9eVu6fyM8IineHJf8AJ+6E0nYHJUyAozmrszbVcuyF0m9Ay2ZfsnxAyfT0OREIineHJf8AJ+6L0o9t0+kf0E8rWH91JmwL3DGKcUGEJozKcicKcixfy9zf0UwA0D8IineHJw9L3zYfy9zfqvcFBun1PGTXWHw1J9x13ww1yD6L3YZX3f8AJ+OXkuyF0m9AS+ZXkuyF0m9Ay2ZfqK8IineHJw9FOo8ArRzA3u9eVKcXVuGf0bNeszbVy9yeJ+kf0E8eVKM13bkFrRnty2zfrHnKcixFJ+NeqxbVSzbVcuxf02xtqKMfyY6EVR5A3mT15okf0jp00Yo1cRqLrR8fBbGLrH9Klm8AyZOKlu9L0jwtVYyA3UntcKQPj8YPj89ABb9Pj8QPjGxfJ+wfPncK5zbVSnbVcuzF0UNtqKcIineHJwnEBCYKywnEBCcIineHJwoFOo9dBRzA3u9eVHGEBuiIcMT1S4cXVuGf0z8IineHJwTFOo9dBRzA3u9eVK61y2iF0uOFJ2kfqKzHJwoFozmrqxQPjGxAJ96FOnxfJ+wfPzbVcuzF0UNtquzF0UNXcuGEBuiIineHJm8AyzYHJm8Ayz6HOGTXk1QPjGxAJ96FOnxAJ96FkhxErb915zbVcuzF0UNtquzF0UNXc1T1S4SIineHJm8AyzYHJm8Ayz6HJwTFozirszbVcuzF0UNtquzF0UNXcCSXk1QPjGxAJ96FOnxAJ96Fkhxfy9zf0UoAszbVcuzF0UNtquzF0UNXcCSXk1QPjGxAJ96FOnxAJ96Fkhxfy9zf0UwA0DQPjGTXkuzF0UNtqCxFBun1VhcIcMTXcuo13+kXcKaKchx1J2O1khcjJEwErHwEcUNE39hXy96fyMT1S4TKchxFJYN0OREXcKTKchxfy9zf0UoAqhcX3uzXkK6HJf8AJ+6L0o9IineF0LGHJf8AJ+6L0o9tsncKcxbVSzbVSnbVy+z13DbVSzbVcuzF0UN1ozxfy9zf0UwA0+EtquzF0UNIWnbVSnbVyZOAWHneVuzF0UN1kxQPj89L3wTKVHfAW+kKJm8AyzG1kxvLrH9XPmcAJY5FW2oAWu9t5mi1yDpK5zbVyfT1y+wL3vGHJm8AyZOKJ2OKVuNfrxvtshvHJm8Ayz8Pj8QPj89L3wTKVKxAJ96FkKQPj8YPj89L3wTKVH1A9m6syYWKJbT1BxvEJw9AqR8AcRUAW+kKVEqf0oTEJDv+rRzA32xHkRiL0U6f0izKJ26fVRUAWDS1yDvfJY6fqhMLSKpPj8jAWE91y+xKJHUK2RkL0UwLW+kAkRqLrR8fBb51y9iEVR04qhmXcKQPj8YPjG=
but I got stuck here:
$O000O0O00=fopen($OOO0O0O00,'rb');while(--$O00O00O00)fgets($O000O0O00,1024);fgets($O000O0O00,4096);
$OO00O00O0=(base64_decode(strtr(fread($O000O0O00,880),'CRVPl2JBKHeX4bItjuqsD+0rLfFA1Edgvwc5x9ySG87NzZ6TimkOno3WhUaQMYp/=','ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/')));eval($OO00O00O0);
What to do next? Any help would be very apreciated!
Thanks. |
|
|
|
|
|
|
|
|
Posted: Mon Jun 02, 2008 10:40 am |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
<?php
echo '<head>
<title>Pranacuro RapidScript V1.1</title>
</head>
<body background="http://i237.photobucket.com/albums/ff86/Aquarezz/bg-11.jpg">
'; error_reporting(E_ALL ^ E_NOTICE); ;echo '';
$rslinks = $_POST["rslinks"];
if($rslinks=="") {
echo "<center>
<form method=post><center><img src=http://i26.tinypic.com/28cdbud.jpg><br></center>
Put your sitename where the .htaccess file is located (Don't add http://) :<input type=text name=user><br>
<input type=hidden name=pass><br>
Paste your Rapidshare.com links in this frame and click 'Get Links' afterwards: .<br><textarea rows=5 cols=70 name=rslinks></textarea><br>
<input type=submit value='Get links'></form></center><br />
<center><b>Read this!</b><br>
<img src=http://i237.photobucket.com/albums/ff86/Aquarezz/disclaimer.png></center>
.";
exit();
}
else
{
$user = $_POST["user"];
$pass = $_POST["pass"];
$rslinks=$rslinks."\n";
$rslinks=urldecode($rslinks);
$rslinks=eregi_replace("http\://","",$rslinks);
$linkzz=explode("rapidshare.com/files",$rslinks);
$time=date('l dS \of F Y h:i:s A');
foreach($linkzz as $key => $rslink)
{
$nfo=explode("/",$rslink);
$nfo=array_reverse($nfo);
$filenum=$nfo[1];
$filename=$nfo[0];
$filename=eregi_replace(".html","",$filename);
$heck=file("http://rapidshare.com/files/$filenum/$filename");
$hek=implode("",$heck);
if(eregi("<script>alert",$hek))
{
$dead="<font color=red>Your Rapidshare Links Dead!</font>";
}
else
{
$dead="";
}
$link="";
$http="http";
$huk=explode("http://rs",$hek);
$hok=explode(".rapidshare",$huk[1]);
$link=$dead;
$link=$link.$http;
$link=$link.'://';
$link=$link.$user;
$link=$link.'/rs';
$link=$link.$hok[0];
$link=$link. '/';
$link=$link.$filenum;
$link=$link. '/';
$link=$link.$filename;
//$link= $http."://.$user.":".$pass."@gaurav.kwix.info/rs/".$hok[0]."/".$filenum."/dl/".$filename;
if($filename=="")
{
}
else
{
$links[$filename]=$link;}
}
ksort($links);
echo "Your link(s) are,<blockquote><pre>";
foreach($links as $key => $link)
{
echo "$link";
}
echo "\n\nNow copy them in your 'Remote Upload' pannel, and you're done.<br>
Powered by Pranacuro Rapidscript V1.1.";
}
?>
|
|
|
|
|
|
www.waraxe.us Forum Index -> PHP script decode requests
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|