Waraxe IT Security Portal  
  Login or Register
::  Home  ::  Search  ::  Your Account  ::  Forums  ::   Waraxe Advisories  ::  Tools  ::
June 14, 2024
Menu
 Home
 Logout
 Discussions
 Forums
 Members List
 IRC chat
 Tools
 Base64 coder
 MD5 hash
 CRC32 checksum
 ROT13 coder
 SHA-1 hash
 URL-decoder
 Sql Char Encoder
 Affiliates
 y3dips ITsec
 Md5 Cracker
 User Manuals
 AlbumNow
 Content
 Content
 Sections
 FAQ
 Top
 Info
 Feedback
 Recommend Us
 Search
 Journal
 Your Account



User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9145

People Online:
Visitors: 482
Members: 0
Total: 482
PacketStorm News
·301 Moved Permanently

read more...
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> PHP script decode requests -> decode request
Post new topic  Reply to topic View previous topic :: View next topic 
decode request
PostPosted: Thu Jul 17, 2008 12:58 pm Reply with quote
ozzy_nutter
Beginner
Beginner
 
Joined: Jul 17, 2008
Posts: 3




Hi there all,

Hope you can help, I am trying to decode the following code:

Code:

<?php $_F=__FILE__;$_X='P3cwPw19bSoqDX0qWQpneXN1Z3JZXUhyZ1l5VjVZdEhsPGd1UVlybHJRZzxZdDFwS3N1cg19Kg19Km0NfU4xSHJyWXRIbDxndVFZPg19DX1ZWVlZbW1OMXNndVFZZzxIczEsWXJnUVFnNVkvczExWV1nWU5IMTFnW1lzdVlnZnVhVnNOZw19WVlZWWFINVkkTjFzZ3VRX2c8SHMxWWtZJyc7DX0NfVlZWVltbU4xc2d1UVl5czVyUVl1SDxnLFk8SFFOMlk0NCxZcHRbSFFnWU4xc2d1UVl0NVZ5czFnWXN5WXVnZ1tnW24NfVlZWVlhSDVZJE4xc2d1UV95dUg8Z1lrWScnOw19DX1ZWVlZbW1OMXNndVFZPHNbWzFnWXVIPGcNfVlZWVlhSDVZJE4xc2d1UV88dUg8Z1lrWScnOw19DX1ZWVlZbW1OMXNndVFZMUhyUVl1SDxnDX1ZWVlZYUg1WSROMXNndVFfMXVIPGdZa1knJzsNfQ19WVlZWW1tTjFzZ3VRWUhbWzVncnINfVlZWVlhSDVZJE4xc2d1UV9IW1s1Z3JyWWtZJyc7DX0NfVlZWVltbU4xc2d1UVlOc1FsDX1ZWVlZYUg1WSROMXNndVFfTnNRbFlrWScnOw19DX1ZWVlZbW1OMXNndVFZclFIUWcNfVlZWVlhSDVZJE4xc2d1UV9yUUhRZ1lrWScnOw19DX1ZWVlZbW1OMXNndVFZSnN0WU5WW2cNfVlZWVlhSDVZJE4xc2d1UV9Kc3RZa1knJzsNfQ19WVlZWW1tTjFzZ3VRWU5WcHVRNWwNfVlZWVlhSDVZJE4xc2d1UV9OVnB1UTVsWWtZJyc7DX0NfVlZWVltbU4xc2d1UVlRZzFndDJWdWdZTlZwdVE1bFlOVltnbg19WVlZWWFINVkkTjFzZ3VRX1FnMV9OUTVsWWtZJyc7DX0NfVlZWVltbU4xc2d1UVlRZzFndDJWdWdZSDVnSFlOVltnDX1ZWVlZYUg1WSROMXNndVFfUWcxX0g1Z0hZa1knJzsNfQ19WVlZWW1tTjFzZ3VRWVFnMWd0MlZ1Z1l1cDxdZzVuDX1ZWVlZYUg1WSROMXNndVFfUWcxX3VWWWtZJyc7DX0NfVlZWVltbXJncnJzVnVZc1sNfVlZWVlhSDVZJGdzdWFfcmdycnNWdV9zW1lrWScnOw19DX1ZWVlZbSoqDX1ZWVlZKlk0VnVyUTVwTlFWNQ19WVlZWSptDX1ZWVlZeXB1TlFzVnVZdEhsPGd1USgpPg19DX1ZWVlZTA19DX1ZWVlZbSoqDX1ZWVlZKlllZ1tzNWdOUVlRVll0SGw8Z3VRWXJsclFnPFlWNVk8SHhnWVZRMmc1WUhOUXNWdVl5VjVZdEhsPGd1UQ19WVlZWSpZezJzcll5cHVOUXNWdVk1Z1FwNXVyWVEyZ1lve0JjWTFzdXhZUVZZW1ZZdEhsPGd1UXJuDX1ZWVlZKg19WVlZWSpZezJnWXlWMTFWL3N1S1l0SDVIPGd1UWc1clkvczExWV1nWXRIcnJnW1lzdVl5VjVZbFZwWVFWWXByZw19WVlZWSpZc3VZUTJzcll5cHVOUXNWdW4NfVlZWVkqWUB0SDVIPFlzdVFnS2c1WVkkTjFzZ3VRX3NbWVlZWVlZWTQxc2d1UVlmCg19WVlZWSpZQHRINUg8WXN1UWdLZzVZWSRzdWFWc05nX3NbWVlZWVlZZnVhVnNOZ1lmCg19WVlZWSpZQHRINUg8WXN1UWdLZzVZWSR0NXNOZ1lZWVlZWVlZWVlZc3VhVnNOZ1lIPFZwdVENfVlZWVkqWUB0SDVIPFlyUTVzdUtZWVkkMXN1eF9RZ2lRWVlZWVlZWVEyZ1lRZ2lRWVFWWXIyVi9ZUVZZTjFzZ3VRWXlWNVlRMmdZMXN1eFk1Z1FwNXVnW1lRVllNZm4NfVlZWVkqWUB0SDVIPFlyUTVzdUtZWVkkdHROcDU1Z3VObE5WW2dZWTlIbDlIMVlOcDU1Z3VObFlOVltnLFlsVnBZPEhsWTxIdFlRMnNyWVFWWWxWcDVZTnA1NWd1TmxZTlZbZ1lWeVlsVnA1WXRIbDxndVFZdDFwS3N1DX1ZWVlZKllAdEg1SDxZXVZWMWdIdVlZJHByZ19zTlZ1WVlZWVlZWVlmeVlRNXBnLFlIdVlzTlZ1WXM8SEtnWXNyWXByZ1tZeVY1WTFzdXgsWXN1clFnSFtZVnlZMXN1eFlRZ2lRbg19WVlZWSpZQDVnUXA1dVlyUTVzdUtZezJnWTFzdXhZUVZZdEhsPGd1UVlLSFFnL0hsbg19WVlZWSptDX1ZWVlZbW15cHVOUXNWdVlbVl90SGw8Z3VRKCROMXNndVFfc1ssWSRzdWFWc05nX3NbLFkkdDVzTmcsWSQxc3V4X1FnaVEsWSR0dE5wNTVndU5sTlZbZyxZJHByZ19zTlZ1KT4NfVlZWVlZWVlZbW1RMmdZeVYxMVYvc3VLWUsxVl1IMVlhSDVzSF0xZ3JZSDVnWUgxclZZSGFIczFIXTFnWVFWWWxWcG4NfVlZWVlZWVlZbW0kcnNRZzpZZ2Z1YVZzTmdZNXB1dXN1S1k1VlZRWU1lY24NfVlZWVlZWVlZbW0kbFZwNVFzUTFnOllsVnA1WU5WPHRIdWxZdUg8Z24NfVlZWVlZWVlZbW0kdHRdcHJzdWdycjpZbFZwNVl0SGx0SDFZSE5OVnB1UVlnPEhzMVlIW1s1Z3JyDX0NfVlZWVlZWVlZbW1yUWd0WTM6WUtnUVlLMVZdSDFyWXN5WXVnZ1tnW24NfVlZWVlZWVlZbW1LMVZdSDFZJHJzUWcsJGxWcDVRc1ExZywkdHRdcHJzdWdycjsNfQ19WVlZWVlZWVltbXJRZ3RZZDpZPEh0WSR0dE5wNTVndU5sTlZbZ1lRVllsVnA1WXRIbDxndVFZS0hRZy9IbFlOcDU1Z3VObFlOVltnbg19WVlZWVlZWVltbU1YCjpZcHJZW1YxMUg1cixZNDcKOllOSHVIW0hZW1YxMUg1cixZek1lOllncDVWcixZcmdnWTlIbDlIMVkvZ11ZcnNRZ1l5VjVZeXAxMVkxc3JRbg19DX1ZWVlZWVlZWW1tclFndFloOlldcHMxW1l0SGw8Z3VRWUtIUWcvSGxZMXN1eHJZVjVZSE5Rc1Z1WXlWNTxybg19DX1ZWVlZWVlZWW1tclFndFk2Olk1Z1FwNXVZUTJnWTFzdXhZVjVZeVY1PFkvc1EyWTFzdXhfUWdpUVlWNVlzTlZ1bg19WVlZWVlZWVltbVlbZ3lzdWdZUTJnWXNOVnVZdEhRMll5czVyUVlwcmdZMHM8S25uWVFIS1l5VjVZc3lZcHJnX3NOVnVrUTVwZw19DX1ZWVlZbW1MDX0NfVlZWVltKioNfVlZWVkqWVpIMXNbSFFnWWFINXNIXTFncll5NVY8WVEySHV4cll0SEtnDX1ZWVlZKllmeVl0SGw8Z3VRWXJsclFnPFlycF08c1FZc1FZVnUxbFlRVllRMkh1eHJZdEhLZ1lIdVtZS3NhZ1lRMmdZL0hsDX1ZWVlZKllRVllOMmdOeFlzUQ19WVlZWSpZQHRINUg8WUg1NUhsWSRhSDVyWTlIbDxndVEtWGxyUWc8WXJwXTxzUVFnW1lhSDVzSF0xZ3INfVlZWVkqWUA1Z1FwNXVZclE1c3VLWXo8dFFsWXN5WUgxMVlWeFltWXo1NVY1WTxncnJIS2dZc3lZSHVsDX1ZWVlZKm0NfVlZWVl5cHVOUXNWdVlhSDFzW0hRZ19RMkh1eHIoJiRhSDVyKT4NfVlZWVlZWVlZNWdRcDV1WScnOw19WVlZWUwNfQ19WVlZWW0qKg19WVlZWSpZZnlZPkAxc3V4WWFIMXNbSFFnX1EySHV4ckxZNWdRcDV1WVE1cGcsWVEyc3JZeXB1TlFzVnVZTkgxMWdbDX1ZWVlZKllCVnJRWU5WPDxWdVlwckhLZ1l5VjVZUTJzcllzcllOSDExWVtdLXd5c3VzcjJfL0hzUXN1S190SGw8Z3VRDX1ZWVlZKlkvc1EyWU5WNTVnTlFZdEg1SDxnUWc1cllRVllySGFnWXRIbDxndVFZclFIUXByDX1ZWVlZKllAdEg1SDxZSDU1SGxZJGFINXJZOUhsPGd1US1YbHJRZzxZcnBdPHNRUWdbWWFINXNIXTFncg19WVlZWSpZQDVnUXA1dVlyUTVzdUtZejx0UWxZc3lZSDExWVZ4WW1ZejU1VjVZPGdyckhLZ1lzeVlIdWwNfVlZWVkqbQ19WVlZWXlwdU5Rc1Z1WXQ1Vk5ncnJfUTJIdXhyKCYkYUg1cik+DX1ZWVlZWVlZWTVnUXA1dVknJzsNfVlZWVlMDX0NfVlZWVltbVEyZ1l5VjExVi9zdUtZS2dRUWc1clkvczExWV1nWU5IMTFnW1ldbFlnZnVhVnNOZ24NfVlZWVltbXN5WWxWcFl1Z2dbWVZhZzUxVkhbWVEyZ3JnWXlwdU5Rc1Z1cixZdHBRDX1ZWVlZbW1sVnA1WXM8dDFnPGd1UUhRc1Z1WXN1WWxWcDVZVi91WXQxcEtzdW4NfVlZWVl5cHVOUXNWdVlyZ1FfTjFzZ3VRX2c8SHMxKCROZzxIczEpPg19WVlZWVlZWSRRMnNyLXdOMXNndVFfZzxIczFZa1kkTmc8SHMxOw19WVlZWUwNfQ19WVlZWXlwdU5Rc1Z1WXJnUV9OMXNndVFfeXVIPGcoJHl1SDxnKT4NfVlZWVlZWVkkUTJzci13TjFzZ3VRX3l1SDxnWWtZJHl1SDxnOw19WVlZWUwNfQ19WVlZWXlwdU5Rc1Z1WXJnUV9OMXNndVFfPHVIPGcoJDx1SDxnKT4NfVlZWVlZWVkkUTJzci13TjFzZ3VRXzx1SDxnWWtZJDx1SDxnOw19WVlZWUwNfQ19WVlZWXlwdU5Rc1Z1WXJnUV9OMXNndVFfMXVIPGcoJDF1SDxnKT4NfVlZWVlZWVkkUTJzci13TjFzZ3VRXzF1SDxnWWtZJDF1SDxnOw19WVlZWUwNfQ19WVlZWXlwdU5Rc1Z1WXJnUV9OMXNndVFfSFtbNWdycigkTkhbWzVncnIpPg19WVlZWVlZWSRRMnNyLXdOMXNndVFfSFtbNWdycllrWSROSFtbNWdycjsNfVlZWVlMDX0NfVlZWVl5cHVOUXNWdVlyZ1FfTjFzZ3VRX05zUWwoJE5Oc1FsKT4NfVlZWVlZWVkkUTJzci13TjFzZ3VRX05zUWxZa1kkTk5zUWw7DX1ZWVlZTA19DX1ZWVlZeXB1TlFzVnVZcmdRX04xc2d1UV9yUUhRZygkTnJRSFFnKT4NfVlZWVlZWVkkUTJzci13TjFzZ3VRX3JRSFFnWWtZJE5yUUhRZzsNfVlZWVlMDX0NfVlZWVl5cHVOUXNWdVlyZ1FfTjFzZ3VRX0pzdCgkTkpzdCk+DX1ZWVlZWVlZJFEyc3Itd04xc2d1UV9Kc3RZa1kkTkpzdDsNfVlZWVlMDX0NfVlZWVl5cHVOUXNWdVlyZ1FfTjFzZ3VRX05WcHVRNWwoJE5OVnB1UTVsKT4NfVlZWVlZWVkkUTJzci13TjFzZ3VRX05WcHVRNWxZa1kkTk5WcHVRNWw7DX1ZWVlZTA19DX1ZWVlZeXB1TlFzVnVZcmdRX04xc2d1UV9RZzFfTlE1bCgkTlFnMU5RNWwpPg19WVlZWVlZWSRRMnNyLXdOMXNndVFfUWcxX05RNWxZa1kkTlFnMU5RNWw7DX1ZWVlZTA19DX1ZWVlZeXB1TlFzVnVZcmdRX04xc2d1UV9RZzFfSDVnSCgkTlFnMUg1Z0gpPg19WVlZWVlZWSRRMnNyLXdOMXNndVFfUWcxX0g1Z0hZa1kkTlFnMUg1Z0g7DX1ZWVlZTA19DX1ZWVlZeXB1TlFzVnVZcmdRX04xc2d1UV9RZzFfdVYoJE51Vik+DX1ZWVlZWVlZJFEyc3Itd04xc2d1UV9RZzFfdVZZa1kkTnVWOw19WVlZWUwNfQ19WVlZWXlwdU5Rc1Z1WXJnUV9nc3VhX3JncnJzVnVfc1soJGdzdWFfcmdycik+DX1ZWVlZWVlZJFEyc3Itd2dzdWFfcmdycnNWdV9zW1lrWSRnc3VhX3JncnI7DX1ZWVlZTA19TA19DX0/dw==';$_D=strrev('edoced_46esab');eval($_D('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCd1IHkzLzZlfTVqN0NYR3NaSFBwPUpLXW5CV1E8e2tEYnZJUm9ybGRVRjguRW0KTkxBOWk+dGNhd2ZNMlNoMFR4Z3F6MTRWW1lPJywnbk9mMXc0UgpyW0E4UzdpVmFadUp6Z2IuTVF0bVQ9cV01aldIc3kyS0JGWDAvRGN9TlB4e3BMdj5JVWg5MzxZa2VHRWxDb2QgNicpOyRfUj1zdHJfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));?>


I got as far as getting the following:

Code:

$_X=base64_decode($_X);$_X=strtr($_X,'u y3/6e}5j7CXGsZHPp=JK]nBWQ<{kDbvIRorldUF8.Em
NLA9i>tcawfM2Sh0Txgqz14V[YO','nOf1w4R
r[A8S7iVaZuJzgb.MQtmT=q]5jWHsy2KBFX0/Dc}NPx{pLv>IUh93<YkeGElCod 6');$_R=str_replace('__FILE__',"'".$_F."'",$_X);eval($_R);$_R=0;$_X=0;


But can't seem to make any sense of the code thats decrypted using the above?

Any help is grately appreciated!
View user's profile Send private message
PostPosted: Thu Jul 17, 2008 3:03 pm Reply with quote
mge
Valuable expert
Valuable expert
 
Joined: Jul 16, 2008
Posts: 142




i got this
Code:
?><?
/**
* Defines base for payment system plugins
*
*/
class payment {

    //client email, setter will be called in eInvoice
    var $client_email = '';

    //client first name, match CC, update client profile if needed.
    var $client_fname = '';

    //client middle name
    var $client_mname = '';

    //client last name
    var $client_lname = '';

    //client address
    var $client_address = '';

    //client city
    var $client_city = '';

    //client state
    var $client_state = '';

    //client zip code
    var $client_zip = '';

    //client country
    var $client_country = '';

    //client telephone country code.
    var $client_tel_ctry = '';

    //client telephone area code
    var $client_tel_area = '';

    //client telephone number.
    var $client_tel_no = '';

    //session id
    var $einv_session_id = '';

    /**
    * Constructor
    */
    function payment(){

    }

    /**
    * Redirect to payment system or make other action for payment
    * this function returns the HtmL link to do payments.
    *
    * the following paramenters will be passed in for you to use
    * in this function.
    * @param integer  $client_id       Client ID
    * @param integer  $invoice_id      Invoice ID
    * @param integer  $price           invoice amount
    * @param string   $link_text       the text to show to client for the link returned to UI.
    * @param string   $ppcurrencycode  PayPal currency code, you may map this to your currency code of your payment plugin
    * @param boolean  $use_icon        If true, an icon image is used for link, instead of link text.
    * @return string the link to payment gateway.
    */
    //function do_payment($client_id, $invoice_id, $price, $link_text, $ppcurrencycode, $use_icon){
        //the following global variables are also available to you.
        //$site: eInvoice running root URL.
        //$yourtitle: your company name.
        //$ppbusiness: your paypal account email address

        //step 1: get globals if needed.
        //global $site,$yourtitle,$ppbusiness;

        //step 2: map $ppcurrencycode to your payment gateway currency code.
        //USD: us dollars, CAD: canada dollars, EUR: euros, see PayPal web site for full list.

        //step 3: build payment gateway links or action forms.

        //step 4: return the link or form with link_text or icon.
        // define the icon path first use <img.. tag for if use_icon=true

    //}

    /**
    * ialidate variables from thanks page
    * If payment system submit it only to thanks page and give the way
    * to check it
    * @param array $vars Payment-System submitted variables
    * @return string Empty if all ok / Error message if any
    */
    function validate_thanks(&$vars){
        return '';
    }

    /**
    * If {@link validate_thanks} return true, this function called
    * most common usage for this is call db->finish_waiting_payment
    * with correct parameters to save payment status
    * @param array $vars Payment-System submitted variables
    * @return string Empty if all ok / Error message if any
    */
    function process_thanks(&$vars){
        return '';
    }

    //the following getters will be called by eInvoice.
    //if you need overload these functions, put
    //your implementation in your own plugin.
    function set_client_email($cemail){
       $this->client_email = $cemail;
    }

    function set_client_fname($fname){
       $this->client_fname = $fname;
    }

    function set_client_mname($mname){
       $this->client_mname = $mname;
    }

    function set_client_lname($lname){
       $this->client_lname = $lname;
    }

    function set_client_address($caddress){
       $this->client_address = $caddress;
    }

    function set_client_city($ccity){
       $this->client_city = $ccity;
    }

    function set_client_state($cstate){
       $this->client_state = $cstate;
    }

    function set_client_zip($czip){
       $this->client_zip = $czip;
    }

    function set_client_country($ccountry){
       $this->client_country = $ccountry;
    }

    function set_client_tel_ctry($ctelctry){
       $this->client_tel_ctry = $ctelctry;
    }

    function set_client_tel_area($ctelarea){
       $this->client_tel_area = $ctelarea;
    }

    function set_client_tel_no($cno){
       $this->client_tel_no = $cno;
    }

    function set_einv_session_id($einv_sess){
       $this->einv_session_id = $einv_sess;
    }
}

?>

it is possible that a few letters aren't right (for the commentaries) but I think the code works.

i hope i could be of help Smile
View user's profile Send private message
Thanks!
PostPosted: Thu Jul 17, 2008 3:43 pm Reply with quote
ozzy_nutter
Beginner
Beginner
 
Joined: Jul 17, 2008
Posts: 3




Hey thats great, if you dont mind me asking, how did you manage that?

I tried a few things but I think i just kept encrypting it even more! D'OH!

Much appreciated though.
View user's profile Send private message
PostPosted: Thu Jul 17, 2008 3:58 pm Reply with quote
mge
Valuable expert
Valuable expert
 
Joined: Jul 16, 2008
Posts: 142




eval () is the key Smile
so i didn't let it evaluate the code directly.
the last layer was kind of guessing around a lot as it didn't give me the correct source code right away. some characters were used instead of others (like capital Qs instead of lower-case ts) so I just kept twisting it a little until it made sense Very Happy
View user's profile Send private message
PostPosted: Thu Jul 17, 2008 8:59 pm Reply with quote
ozzy_nutter
Beginner
Beginner
 
Joined: Jul 17, 2008
Posts: 3




Genius! Thanks for the explanation too!
View user's profile Send private message
decode request
  www.waraxe.us Forum Index -> PHP script decode requests
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Post new topic  Reply to topic  




Powered by phpBB 2001-2008 phpBB Group






Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2020 Janek Vind "waraxe"
Page Generation: 0.206 Seconds