 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 227
 Members: 0
 Total: 227
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
decode request |
|
 Posted: Thu Jul 17, 2008 12:58 pm |
 |
|
| ozzy_nutter |
| Beginner |
 |
|
| Joined: Jul 17, 2008 |
| Posts: 3 |
|
|
|
 |
|
 |
|
Hi there all,
Hope you can help, I am trying to decode the following code:
| Code: |
<?php $_F=__FILE__;$_X='P3cwPw19bSoqDX0qWQpneXN1Z3JZXUhyZ1l5VjVZdEhsPGd1UVlybHJRZzxZdDFwS3N1cg19Kg19Km0NfU4xSHJyWXRIbDxndVFZPg19DX1ZWVlZbW1OMXNndVFZZzxIczEsWXJnUVFnNVkvczExWV1nWU5IMTFnW1lzdVlnZnVhVnNOZw19WVlZWWFINVkkTjFzZ3VRX2c8SHMxWWtZJyc7DX0NfVlZWVltbU4xc2d1UVl5czVyUVl1SDxnLFk8SFFOMlk0NCxZcHRbSFFnWU4xc2d1UVl0NVZ5czFnWXN5WXVnZ1tnW24NfVlZWVlhSDVZJE4xc2d1UV95dUg8Z1lrWScnOw19DX1ZWVlZbW1OMXNndVFZPHNbWzFnWXVIPGcNfVlZWVlhSDVZJE4xc2d1UV88dUg8Z1lrWScnOw19DX1ZWVlZbW1OMXNndVFZMUhyUVl1SDxnDX1ZWVlZYUg1WSROMXNndVFfMXVIPGdZa1knJzsNfQ19WVlZWW1tTjFzZ3VRWUhbWzVncnINfVlZWVlhSDVZJE4xc2d1UV9IW1s1Z3JyWWtZJyc7DX0NfVlZWVltbU4xc2d1UVlOc1FsDX1ZWVlZYUg1WSROMXNndVFfTnNRbFlrWScnOw19DX1ZWVlZbW1OMXNndVFZclFIUWcNfVlZWVlhSDVZJE4xc2d1UV9yUUhRZ1lrWScnOw19DX1ZWVlZbW1OMXNndVFZSnN0WU5WW2cNfVlZWVlhSDVZJE4xc2d1UV9Kc3RZa1knJzsNfQ19WVlZWW1tTjFzZ3VRWU5WcHVRNWwNfVlZWVlhSDVZJE4xc2d1UV9OVnB1UTVsWWtZJyc7DX0NfVlZWVltbU4xc2d1UVlRZzFndDJWdWdZTlZwdVE1bFlOVltnbg19WVlZWWFINVkkTjFzZ3VRX1FnMV9OUTVsWWtZJyc7DX0NfVlZWVltbU4xc2d1UVlRZzFndDJWdWdZSDVnSFlOVltnDX1ZWVlZYUg1WSROMXNndVFfUWcxX0g1Z0hZa1knJzsNfQ19WVlZWW1tTjFzZ3VRWVFnMWd0MlZ1Z1l1cDxdZzVuDX1ZWVlZYUg1WSROMXNndVFfUWcxX3VWWWtZJyc7DX0NfVlZWVltbXJncnJzVnVZc1sNfVlZWVlhSDVZJGdzdWFfcmdycnNWdV9zW1lrWScnOw19DX1ZWVlZbSoqDX1ZWVlZKlk0VnVyUTVwTlFWNQ19WVlZWSptDX1ZWVlZeXB1TlFzVnVZdEhsPGd1USgpPg19DX1ZWVlZTA19DX1ZWVlZbSoqDX1ZWVlZKlllZ1tzNWdOUVlRVll0SGw8Z3VRWXJsclFnPFlWNVk8SHhnWVZRMmc1WUhOUXNWdVl5VjVZdEhsPGd1UQ19WVlZWSpZezJzcll5cHVOUXNWdVk1Z1FwNXVyWVEyZ1lve0JjWTFzdXhZUVZZW1ZZdEhsPGd1UXJuDX1ZWVlZKg19WVlZWSpZezJnWXlWMTFWL3N1S1l0SDVIPGd1UWc1clkvczExWV1nWXRIcnJnW1lzdVl5VjVZbFZwWVFWWXByZw19WVlZWSpZc3VZUTJzcll5cHVOUXNWdW4NfVlZWVkqWUB0SDVIPFlzdVFnS2c1WVkkTjFzZ3VRX3NbWVlZWVlZWTQxc2d1UVlmCg19WVlZWSpZQHRINUg8WXN1UWdLZzVZWSRzdWFWc05nX3NbWVlZWVlZZnVhVnNOZ1lmCg19WVlZWSpZQHRINUg8WXN1UWdLZzVZWSR0NXNOZ1lZWVlZWVlZWVlZc3VhVnNOZ1lIPFZwdVENfVlZWVkqWUB0SDVIPFlyUTVzdUtZWVkkMXN1eF9RZ2lRWVlZWVlZWVEyZ1lRZ2lRWVFWWXIyVi9ZUVZZTjFzZ3VRWXlWNVlRMmdZMXN1eFk1Z1FwNXVnW1lRVllNZm4NfVlZWVkqWUB0SDVIPFlyUTVzdUtZWVkkdHROcDU1Z3VObE5WW2dZWTlIbDlIMVlOcDU1Z3VObFlOVltnLFlsVnBZPEhsWTxIdFlRMnNyWVFWWWxWcDVZTnA1NWd1TmxZTlZbZ1lWeVlsVnA1WXRIbDxndVFZdDFwS3N1DX1ZWVlZKllAdEg1SDxZXVZWMWdIdVlZJHByZ19zTlZ1WVlZWVlZWVlmeVlRNXBnLFlIdVlzTlZ1WXM8SEtnWXNyWXByZ1tZeVY1WTFzdXgsWXN1clFnSFtZVnlZMXN1eFlRZ2lRbg19WVlZWSpZQDVnUXA1dVlyUTVzdUtZezJnWTFzdXhZUVZZdEhsPGd1UVlLSFFnL0hsbg19WVlZWSptDX1ZWVlZbW15cHVOUXNWdVlbVl90SGw8Z3VRKCROMXNndVFfc1ssWSRzdWFWc05nX3NbLFkkdDVzTmcsWSQxc3V4X1FnaVEsWSR0dE5wNTVndU5sTlZbZyxZJHByZ19zTlZ1KT4NfVlZWVlZWVlZbW1RMmdZeVYxMVYvc3VLWUsxVl1IMVlhSDVzSF0xZ3JZSDVnWUgxclZZSGFIczFIXTFnWVFWWWxWcG4NfVlZWVlZWVlZbW0kcnNRZzpZZ2Z1YVZzTmdZNXB1dXN1S1k1VlZRWU1lY24NfVlZWVlZWVlZbW0kbFZwNVFzUTFnOllsVnA1WU5WPHRIdWxZdUg8Z24NfVlZWVlZWVlZbW0kdHRdcHJzdWdycjpZbFZwNVl0SGx0SDFZSE5OVnB1UVlnPEhzMVlIW1s1Z3JyDX0NfVlZWVlZWVlZbW1yUWd0WTM6WUtnUVlLMVZdSDFyWXN5WXVnZ1tnW24NfVlZWVlZWVlZbW1LMVZdSDFZJHJzUWcsJGxWcDVRc1ExZywkdHRdcHJzdWdycjsNfQ19WVlZWVlZWVltbXJRZ3RZZDpZPEh0WSR0dE5wNTVndU5sTlZbZ1lRVllsVnA1WXRIbDxndVFZS0hRZy9IbFlOcDU1Z3VObFlOVltnbg19WVlZWVlZWVltbU1YCjpZcHJZW1YxMUg1cixZNDcKOllOSHVIW0hZW1YxMUg1cixZek1lOllncDVWcixZcmdnWTlIbDlIMVkvZ11ZcnNRZ1l5VjVZeXAxMVkxc3JRbg19DX1ZWVlZWVlZWW1tclFndFloOlldcHMxW1l0SGw8Z3VRWUtIUWcvSGxZMXN1eHJZVjVZSE5Rc1Z1WXlWNTxybg19DX1ZWVlZWVlZWW1tclFndFk2Olk1Z1FwNXVZUTJnWTFzdXhZVjVZeVY1PFkvc1EyWTFzdXhfUWdpUVlWNVlzTlZ1bg19WVlZWVlZWVltbVlbZ3lzdWdZUTJnWXNOVnVZdEhRMll5czVyUVlwcmdZMHM8S25uWVFIS1l5VjVZc3lZcHJnX3NOVnVrUTVwZw19DX1ZWVlZbW1MDX0NfVlZWVltKioNfVlZWVkqWVpIMXNbSFFnWWFINXNIXTFncll5NVY8WVEySHV4cll0SEtnDX1ZWVlZKllmeVl0SGw8Z3VRWXJsclFnPFlycF08c1FZc1FZVnUxbFlRVllRMkh1eHJZdEhLZ1lIdVtZS3NhZ1lRMmdZL0hsDX1ZWVlZKllRVllOMmdOeFlzUQ19WVlZWSpZQHRINUg8WUg1NUhsWSRhSDVyWTlIbDxndVEtWGxyUWc8WXJwXTxzUVFnW1lhSDVzSF0xZ3INfVlZWVkqWUA1Z1FwNXVZclE1c3VLWXo8dFFsWXN5WUgxMVlWeFltWXo1NVY1WTxncnJIS2dZc3lZSHVsDX1ZWVlZKm0NfVlZWVl5cHVOUXNWdVlhSDFzW0hRZ19RMkh1eHIoJiRhSDVyKT4NfVlZWVlZWVlZNWdRcDV1WScnOw19WVlZWUwNfQ19WVlZWW0qKg19WVlZWSpZZnlZPkAxc3V4WWFIMXNbSFFnX1EySHV4ckxZNWdRcDV1WVE1cGcsWVEyc3JZeXB1TlFzVnVZTkgxMWdbDX1ZWVlZKllCVnJRWU5WPDxWdVlwckhLZ1l5VjVZUTJzcllzcllOSDExWVtdLXd5c3VzcjJfL0hzUXN1S190SGw8Z3VRDX1ZWVlZKlkvc1EyWU5WNTVnTlFZdEg1SDxnUWc1cllRVllySGFnWXRIbDxndVFZclFIUXByDX1ZWVlZKllAdEg1SDxZSDU1SGxZJGFINXJZOUhsPGd1US1YbHJRZzxZcnBdPHNRUWdbWWFINXNIXTFncg19WVlZWSpZQDVnUXA1dVlyUTVzdUtZejx0UWxZc3lZSDExWVZ4WW1ZejU1VjVZPGdyckhLZ1lzeVlIdWwNfVlZWVkqbQ19WVlZWXlwdU5Rc1Z1WXQ1Vk5ncnJfUTJIdXhyKCYkYUg1cik+DX1ZWVlZWVlZWTVnUXA1dVknJzsNfVlZWVlMDX0NfVlZWVltbVEyZ1l5VjExVi9zdUtZS2dRUWc1clkvczExWV1nWU5IMTFnW1ldbFlnZnVhVnNOZ24NfVlZWVltbXN5WWxWcFl1Z2dbWVZhZzUxVkhbWVEyZ3JnWXlwdU5Rc1Z1cixZdHBRDX1ZWVlZbW1sVnA1WXM8dDFnPGd1UUhRc1Z1WXN1WWxWcDVZVi91WXQxcEtzdW4NfVlZWVl5cHVOUXNWdVlyZ1FfTjFzZ3VRX2c8SHMxKCROZzxIczEpPg19WVlZWVlZWSRRMnNyLXdOMXNndVFfZzxIczFZa1kkTmc8SHMxOw19WVlZWUwNfQ19WVlZWXlwdU5Rc1Z1WXJnUV9OMXNndVFfeXVIPGcoJHl1SDxnKT4NfVlZWVlZWVkkUTJzci13TjFzZ3VRX3l1SDxnWWtZJHl1SDxnOw19WVlZWUwNfQ19WVlZWXlwdU5Rc1Z1WXJnUV9OMXNndVFfPHVIPGcoJDx1SDxnKT4NfVlZWVlZWVkkUTJzci13TjFzZ3VRXzx1SDxnWWtZJDx1SDxnOw19WVlZWUwNfQ19WVlZWXlwdU5Rc1Z1WXJnUV9OMXNndVFfMXVIPGcoJDF1SDxnKT4NfVlZWVlZWVkkUTJzci13TjFzZ3VRXzF1SDxnWWtZJDF1SDxnOw19WVlZWUwNfQ19WVlZWXlwdU5Rc1Z1WXJnUV9OMXNndVFfSFtbNWdycigkTkhbWzVncnIpPg19WVlZWVlZWSRRMnNyLXdOMXNndVFfSFtbNWdycllrWSROSFtbNWdycjsNfVlZWVlMDX0NfVlZWVl5cHVOUXNWdVlyZ1FfTjFzZ3VRX05zUWwoJE5Oc1FsKT4NfVlZWVlZWVkkUTJzci13TjFzZ3VRX05zUWxZa1kkTk5zUWw7DX1ZWVlZTA19DX1ZWVlZeXB1TlFzVnVZcmdRX04xc2d1UV9yUUhRZygkTnJRSFFnKT4NfVlZWVlZWVkkUTJzci13TjFzZ3VRX3JRSFFnWWtZJE5yUUhRZzsNfVlZWVlMDX0NfVlZWVl5cHVOUXNWdVlyZ1FfTjFzZ3VRX0pzdCgkTkpzdCk+DX1ZWVlZWVlZJFEyc3Itd04xc2d1UV9Kc3RZa1kkTkpzdDsNfVlZWVlMDX0NfVlZWVl5cHVOUXNWdVlyZ1FfTjFzZ3VRX05WcHVRNWwoJE5OVnB1UTVsKT4NfVlZWVlZWVkkUTJzci13TjFzZ3VRX05WcHVRNWxZa1kkTk5WcHVRNWw7DX1ZWVlZTA19DX1ZWVlZeXB1TlFzVnVZcmdRX04xc2d1UV9RZzFfTlE1bCgkTlFnMU5RNWwpPg19WVlZWVlZWSRRMnNyLXdOMXNndVFfUWcxX05RNWxZa1kkTlFnMU5RNWw7DX1ZWVlZTA19DX1ZWVlZeXB1TlFzVnVZcmdRX04xc2d1UV9RZzFfSDVnSCgkTlFnMUg1Z0gpPg19WVlZWVlZWSRRMnNyLXdOMXNndVFfUWcxX0g1Z0hZa1kkTlFnMUg1Z0g7DX1ZWVlZTA19DX1ZWVlZeXB1TlFzVnVZcmdRX04xc2d1UV9RZzFfdVYoJE51Vik+DX1ZWVlZWVlZJFEyc3Itd04xc2d1UV9RZzFfdVZZa1kkTnVWOw19WVlZWUwNfQ19WVlZWXlwdU5Rc1Z1WXJnUV9nc3VhX3JncnJzVnVfc1soJGdzdWFfcmdycik+DX1ZWVlZWVlZJFEyc3Itd2dzdWFfcmdycnNWdV9zW1lrWSRnc3VhX3JncnI7DX1ZWVlZTA19TA19DX0/dw==';$_D=strrev('edoced_46esab');eval($_D('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCd1IHkzLzZlfTVqN0NYR3NaSFBwPUpLXW5CV1E8e2tEYnZJUm9ybGRVRjguRW0KTkxBOWk+dGNhd2ZNMlNoMFR4Z3F6MTRWW1lPJywnbk9mMXc0UgpyW0E4UzdpVmFadUp6Z2IuTVF0bVQ9cV01aldIc3kyS0JGWDAvRGN9TlB4e3BMdj5JVWg5MzxZa2VHRWxDb2QgNicpOyRfUj1zdHJfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));?>
|
I got as far as getting the following:
| Code: |
$_X=base64_decode($_X);$_X=strtr($_X,'u y3/6e}5j7CXGsZHPp=JK]nBWQ<{kDbvIRorldUF8.Em
NLA9i>tcawfM2Sh0Txgqz14V[YO','nOf1w4R
r[A8S7iVaZuJzgb.MQtmT=q]5jWHsy2KBFX0/Dc}NPx{pLv>IUh93<YkeGElCod 6');$_R=str_replace('__FILE__',"'".$_F."'",$_X);eval($_R);$_R=0;$_X=0;
|
But can't seem to make any sense of the code thats decrypted using the above?
Any help is grately appreciated! |
|
|
|
|
|
|
|
|
| Posted: Thu Jul 17, 2008 3:03 pm |
|
|
| mge |
| Valuable expert |
|
|
| Joined: Jul 16, 2008 |
| Posts: 142 |
|
|
|
|
|
|
|
i got this
| Code: | ?><?
/**
* Defines base for payment system plugins
*
*/
class payment {
//client email, setter will be called in eInvoice
var $client_email = '';
//client first name, match CC, update client profile if needed.
var $client_fname = '';
//client middle name
var $client_mname = '';
//client last name
var $client_lname = '';
//client address
var $client_address = '';
//client city
var $client_city = '';
//client state
var $client_state = '';
//client zip code
var $client_zip = '';
//client country
var $client_country = '';
//client telephone country code.
var $client_tel_ctry = '';
//client telephone area code
var $client_tel_area = '';
//client telephone number.
var $client_tel_no = '';
//session id
var $einv_session_id = '';
/**
* Constructor
*/
function payment(){
}
/**
* Redirect to payment system or make other action for payment
* this function returns the HtmL link to do payments.
*
* the following paramenters will be passed in for you to use
* in this function.
* @param integer $client_id Client ID
* @param integer $invoice_id Invoice ID
* @param integer $price invoice amount
* @param string $link_text the text to show to client for the link returned to UI.
* @param string $ppcurrencycode PayPal currency code, you may map this to your currency code of your payment plugin
* @param boolean $use_icon If true, an icon image is used for link, instead of link text.
* @return string the link to payment gateway.
*/
//function do_payment($client_id, $invoice_id, $price, $link_text, $ppcurrencycode, $use_icon){
//the following global variables are also available to you.
//$site: eInvoice running root URL.
//$yourtitle: your company name.
//$ppbusiness: your paypal account email address
//step 1: get globals if needed.
//global $site,$yourtitle,$ppbusiness;
//step 2: map $ppcurrencycode to your payment gateway currency code.
//USD: us dollars, CAD: canada dollars, EUR: euros, see PayPal web site for full list.
//step 3: build payment gateway links or action forms.
//step 4: return the link or form with link_text or icon.
// define the icon path first use <img.. tag for if use_icon=true
//}
/**
* ialidate variables from thanks page
* If payment system submit it only to thanks page and give the way
* to check it
* @param array $vars Payment-System submitted variables
* @return string Empty if all ok / Error message if any
*/
function validate_thanks(&$vars){
return '';
}
/**
* If {@link validate_thanks} return true, this function called
* most common usage for this is call db->finish_waiting_payment
* with correct parameters to save payment status
* @param array $vars Payment-System submitted variables
* @return string Empty if all ok / Error message if any
*/
function process_thanks(&$vars){
return '';
}
//the following getters will be called by eInvoice.
//if you need overload these functions, put
//your implementation in your own plugin.
function set_client_email($cemail){
$this->client_email = $cemail;
}
function set_client_fname($fname){
$this->client_fname = $fname;
}
function set_client_mname($mname){
$this->client_mname = $mname;
}
function set_client_lname($lname){
$this->client_lname = $lname;
}
function set_client_address($caddress){
$this->client_address = $caddress;
}
function set_client_city($ccity){
$this->client_city = $ccity;
}
function set_client_state($cstate){
$this->client_state = $cstate;
}
function set_client_zip($czip){
$this->client_zip = $czip;
}
function set_client_country($ccountry){
$this->client_country = $ccountry;
}
function set_client_tel_ctry($ctelctry){
$this->client_tel_ctry = $ctelctry;
}
function set_client_tel_area($ctelarea){
$this->client_tel_area = $ctelarea;
}
function set_client_tel_no($cno){
$this->client_tel_no = $cno;
}
function set_einv_session_id($einv_sess){
$this->einv_session_id = $einv_sess;
}
}
?> |
it is possible that a few letters aren't right (for the commentaries) but I think the code works.
i hope i could be of help  |
|
|
|
|
|
|
Thanks! |
|
| Posted: Thu Jul 17, 2008 3:43 pm |
|
|
| ozzy_nutter |
| Beginner |
|
|
| Joined: Jul 17, 2008 |
| Posts: 3 |
|
|
|
|
|
|
|
Hey thats great, if you dont mind me asking, how did you manage that?
I tried a few things but I think i just kept encrypting it even more! D'OH!
Much appreciated though. |
|
|
|
|
| Posted: Thu Jul 17, 2008 3:58 pm |
|
|
| mge |
| Valuable expert |
|
|
| Joined: Jul 16, 2008 |
| Posts: 142 |
|
|
|
|
|
|
|
eval () is the key
so i didn't let it evaluate the code directly.
the last layer was kind of guessing around a lot as it didn't give me the correct source code right away. some characters were used instead of others (like capital Qs instead of lower-case ts) so I just kept twisting it a little until it made sense  |
|
|
|
|
| Posted: Thu Jul 17, 2008 8:59 pm |
|
|
| ozzy_nutter |
| Beginner |
|
|
| Joined: Jul 17, 2008 |
| Posts: 3 |
|
|
|
|
|
|
|
| Genius! Thanks for the explanation too! |
|
|
|
|
www.waraxe.us Forum Index -> PHP script decode requests
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
