 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| |
|
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9145
 People Online:
 Visitors: 461
 Members: 0
 Total: 461
|
|
|
|
|
|
PacketStorm News |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
PLEASE DECODE THIS!!! |
|
 Posted: Wed Apr 07, 2010 8:47 pm |
 |
|
| milenovanta |
| Regular user |
 |
| |
| Joined: Apr 07, 2010 |
| Posts: 5 |
|
|
|
 |
|
 |
|
Can someone decode this, please?
| Code: | | <?php /* This file is protected by copyright law and provided under license. Reverse engineering of this file is strictly prohibited. The commercial version is not encoded. */$OOO000000=urldecode('%66%67%36%73%62%65%68%70%72%61%34%63%6f%5f%74%6e%64');$OOO0000O0=$OOO000000{4}.$OOO000000{9}.$OOO000000{3}.$OOO000000{5};$OOO0000O0.=$OOO000000{2}.$OOO000000{10}.$OOO000000{13}.$OOO000000{16};$OOO0000O0.=$OOO0000O0{3}.$OOO000000{11}.$OOO000000{12}.$OOO0000O0{7}.$OOO000000{5};$OOO000O00=$OOO000000{0}.$OOO000000{12}.$OOO000000{7}.$OOO000000{5}.$OOO000000{15};$O0O000O00=$OOO000000{0}.$OOO000000{1}.$OOO000000{5}.$OOO000000{14};$O0O000O0O=$O0O000O00.$OOO000000{11};$O0O000O00=$O0O000O00.$OOO000000{3};$O0O00OO00=$OOO000000{0}.$OOO000000{8}.$OOO000000{5}.$OOO000000{9}.$OOO000000{16};$OOO00000O=$OOO000000{3}.$OOO000000{14}.$OOO000000{8}.$OOO000000{14}.$OOO000000{8};$OOO0O0O00=__FILE__;$OO00O0000=0x264;eval($OOO0000O0('JE8wMDBPME8wMD0kT09PMDAwTzAwKCRPT08wTzBPMDAsJ3JiJyk7JE8wTzAwT08wMCgkTzAwME8wTzAwLDB4NTI3KTskT08wME8wME8wPSRPT08wMDAwTzAoJE9PTzAwMDAwTygkTzBPMDBPTzAwKCRPMDAwTzBPMDAsMHgxN2MpLCdFbnRlcnlvdXdraFJIWUtOV09VVEFhQmJDY0RkRmZHZ0lpSmpMbE1tUHBRcVNzVnZYeFp6MDEyMzQ1Njc4OSsvPScsJ0FCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXowMTIzNDU2Nzg5Ky8nKSk7ZXZhbCgkT08wME8wME8wKTs='));return;?>B^QYIJH@sxkr9NHenNHenNHe1zfukgFMaXdoyjcUImb19oUAxyb18mRtwmwJ4LT09NHr8XTzEXRJwmwJXLT09NHeEXHr8XhtONT08XHeEXHr8Pkr8XTzEXT08XHtILTzEXHr8XTzEXRtONTzEXTzEXHeEpRtfydmOlFmlvfbfqDykwBAsKa09aaryiWMkeC0OLOMcuc0lpUMpHdr1sAunOFaYzamcCGyp6HerZHzW1YjF4KUSvNUFSk0ytW0OyOLfwUApRTr1KT1nOAlYAaacbBylDCBkjcoaMc2ipDMsSdB5vFuyZF3O1fmf4GbPXHTwzYeA2YzI5hZ8mhULpK2cjdo9zcUILTzEXHr8XTzEXhTslfMyShtONTzEXTzEXTzEpKX==tMOlcMlVcBWPk19hOaiyWZFpwo9ZwoOpcUImAMazfukpC3OlctniC2YlF3HmhTShFMaxfBlZca9vdMYlwtihAryAUy9eT01WT05yTlWVOyHVk2YvdmOZd2xScbwVFoiXkZL7tMlMhtOjd250FM9SdoaZwe0IUlklFbalF3W6KMflfyfvFMWPk2YvdmOZd2xScbwmhULIGXPLFoy0DtE9wrpWWaOwb0YNTanNTLaKat5rAZ4mC29VfukvdoxlFmHmRLOTRJOjd250FM9SdoaZRJFVFoiXkzShDBCIhocpdoagcbipF3OzhtOXCbOPhULIGXpZcby1Dbklb29VC2AIkunifoI7tm1lduYlwuShkoYvdmOZd2xScbwINUEmkzShgWp9tJOjdoyzF25idBAkNUEmOMxpFunpdMftd29qW29VfukvdoxlFJFVfBYMDbkzftILC29VfukvdoxlFJL7tJOjd250FM9SdoaZwe0IdMa3wtOjdoyzF25idBAPwtL7tJOjd250FM9SdoaZRT5lGoajfbOlhrpUcby1cbY0KjpmcbOedBWPk3OiF2SmhUL7tJOjd250FM9SdoaZRT5ZcBOpFMajftIpKX==}\h{KqpPHGAc@PUTbL@z |
Thank you very much. |
|
|
|
|
|
|
mediafire upload of the php |
|
| Posted: Wed Apr 07, 2010 8:52 pm |
|
|
| milenovanta |
| Regular user |
|
| |
| Joined: Apr 07, 2010 |
| Posts: 5 |
|
|
|
|
|
|
|
|
|
|
|
| Posted: Wed Apr 07, 2010 9:49 pm |
|
|
| vince213333 |
| Advanced user |
 |
| |
| Joined: Aug 03, 2009 |
| Posts: 737 |
| Location: Belgium |
|
|
|
|
|
|
I tried doing it manually and my outcome was this:
| Code: | defined('_JEXEC') or die('Restricted access');
require_once (JPATH_COMPONENT.DS.'controller.php');
if($controller = JRequest::getWord('controller')) {
$path = JPATH_COMPONENT.DS.'controllers'.DS.$controller.'.php';
if (file_exists($path)) {
require_once $path;
}else {
$controller = '';
}
}
$classname = 'FlippingBookController'.ucfirst($controller);
$controller = new $classname( );
$controller->execute(JRequest::getCmd('task'));
$controller->redirect(); |
But honnnestly, i'm not sure if it's correct or just a piece  |
|
|
|
|
|
|
|
|
| Posted: Wed Apr 07, 2010 10:26 pm |
|
|
| Cyko |
| Moderator |
|
| |
| Joined: Jul 21, 2009 |
| Posts: 375 |
|
|
|
|
|
|
|
@vince
Good job.
Heres the output according to my decoder/
| Code: | <?php
defined('_JEXEC') or die('Restricted access');
require_once (JPATH_COMPONENT.DS.'controller.php');
if($controller = JRequest::getWord('controller')) {
$path = JPATH_COMPONENT.DS.'controllers'.DS.$controller.'.php';
if (file_exists($path)) {
require_once $path;
}
else {
$controller = '';
}
}
$classname = 'FlippingBookController'.ucfirst($controller);
$controller = new $classname( );
$controller->execute(JRequest::getCmd('task'));
$controller->redirect();
?> |
|
|
|
|
|
| Posted: Wed Apr 07, 2010 11:49 pm |
|
|
| vince213333 |
| Advanced user |
|
| |
| Joined: Aug 03, 2009 |
| Posts: 737 |
| Location: Belgium |
|
|
|
|
|
|
Seems pretty accurate ^^
Took me a while to realize that the text in the file were actually 2 base64 encoded strings concatinated lol |
|
|
|
|
| Posted: Thu Apr 08, 2010 12:17 am |
|
|
| Cyko |
| Moderator |
|
| |
| Joined: Jul 21, 2009 |
| Posts: 375 |
|
|
|
|
|
|
|
| vince213333 wrote: | Seems pretty accurate ^^
Took me a while to realize that the text in the file were actually 2 base64 encoded strings concatinated lol |
Yep
eval($OOO0000O0('string...
You should haved echo'd $OOO0000O0 to see what function is being called. |
|
|
|
|
| Posted: Thu Apr 08, 2010 11:10 am |
|
|
| vince213333 |
| Advanced user |
|
| |
| Joined: Aug 03, 2009 |
| Posts: 737 |
| Location: Belgium |
|
|
|
|
|
|
I know, I always do that. But the problem is that once you modify the file, the fread/fopen/... doesn't have the right offset anymore from where to start reading the characters  |
|
|
|
|
|
Software |
|
| Posted: Thu Apr 08, 2010 11:20 am |
|
|
| milenovanta |
| Regular user |
|
| |
| Joined: Apr 07, 2010 |
| Posts: 5 |
|
|
|
|
|
|
|
I have some other files like this to decode... Can you share me on mediafire softwares used to decode php, please? Is easy to decode php or is it a long process? Thank you so much.
Bye. |
|
|
|
|
| Posted: Thu Apr 08, 2010 11:42 am |
|
|
| vince213333 |
| Advanced user |
|
| |
| Joined: Aug 03, 2009 |
| Posts: 737 |
| Location: Belgium |
|
|
|
|
|
|
I do it manually, takes around 2 minutes.
Cyko has some tools to do the job though ^^ |
|
|
|
|
|
How to do? |
|
| Posted: Thu Apr 08, 2010 12:04 pm |
|
|
| milenovanta |
| Regular user |
|
| |
| Joined: Apr 07, 2010 |
| Posts: 5 |
|
|
|
|
|
|
|
| How I can decode php files "manually"? Can you teach me that, please? |
|
|
|
|
| Posted: Thu Apr 08, 2010 1:05 pm |
|
|
| vince213333 |
| Advanced user |
|
| |
| Joined: Aug 03, 2009 |
| Posts: 737 |
| Location: Belgium |
|
|
|
|
|
|
| Some knowledge of PHP will do, and offcourse a local server to run php |
|
|
|
|
|
another file |
|
| Posted: Thu Apr 08, 2010 1:27 pm |
|
|
| milenovanta |
| Regular user |
|
| |
| Joined: Apr 07, 2010 |
| Posts: 5 |
|
|
|
|
|
|
|
|
|
|
|
|
Re: another file |
|
| Posted: Thu Apr 08, 2010 2:39 pm |
|
|
| Cyko |
| Moderator |
|
| |
| Joined: Jul 21, 2009 |
| Posts: 375 |
|
|
|
|
|
|
|
| Code: | <?php
/**********************************************
* FlippingBook Joomla! Component.
* © Mediaparts Interactive. All rights reserved.
* Released under Commercial License.
* www.page-flip-tools.com
**********************************************/
defined('_JEXEC') or die( 'Restricted access' );
jimport('joomla.application.component.controller');
class FlippingBookController extends JController {
function display() {
if ( ! JRequest::getCmd( 'view' ) ) {
JRequest::setVar('view', 'categories' );
}
if (JRequest::getCmd('view') == 'category') {
$model =& $this->getModel('category');
}
if (JRequest::getCmd('view') == 'book') {
$model =& $this->getModel('book');
}
parent::display();
}
}
?> |
|
|
|
|
|
|
www.waraxe.us Forum Index -> PHP script decode requests
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
