 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
Please help me decode this. |
 |
 Posted: Sat Feb 19, 2011 3:55 am |
 |
|
| grinsp00n |
| Beginner |
 |
|
| Joined: Feb 19, 2011 |
| Posts: 1 |
|
|
|
 |
|
 |
|
Please help me decode these file..i've tried everything and i cant do it.. ..i've change the eval to echo but seems i don't know where to go next to view all of the original code.
| Code: | | <?php if (!function_exists("T7FC56270E7A70FA81A5935B72EACBE29")) { function T7FC56270E7A70FA81A5935B72EACBE29($TF186217753C37B9B9F958D906208506E) { $TF186217753C37B9B9F958D906208506E = base64_decode($TF186217753C37B9B9F958D906208506E); $T7FC56270E7A70FA81A5935B72EACBE29 = 0; $T9D5ED678FE57BCCA610140957AFAB571 = 0; $T0D61F8370CAD1D412F80B84D143E1257 = 0; $TF623E75AF30E62BBD73D6DF5B50BB7B5 = (ord($TF186217753C37B9B9F958D906208506E[1]) << 8) + ord($TF186217753C37B9B9F958D906208506E[2]); $T3A3EA00CFC35332CEDF6E5E9A32E94DA = 3; $T800618943025315F869E4E1F09471012 = 0; $TDFCF28D0734569A6A693BC8194DE62BF = 16; $TC1D9F50F86825A1A2302EC2449C17196 = ""; $TDD7536794B63BF90ECCFD37F9B147D7F = strlen($TF186217753C37B9B9F958D906208506E); $TFF44570ACA8241914870AFBC310CDB85 = __FILE__; $TFF44570ACA8241914870AFBC310CDB85 = file_get_contents($TFF44570ACA8241914870AFBC310CDB85); $TA5F3C6A11B03839D46AF9FB43C97C188 = 0; preg_match(base64_decode("LyhwcmludHxzcHJpbnR8ZWNobykv"), $TFF44570ACA8241914870AFBC310CDB85, $TA5F3C6A11B03839D46AF9FB43C97C188); for (;$T3A3EA00CFC35332CEDF6E5E9A32E94DA<$TDD7536794B63BF90ECCFD37F9B147D7F;) { if (count($TA5F3C6A11B03839D46AF9FB43C97C188)) exit; if ($TDFCF28D0734569A6A693BC8194DE62BF == 0) { $TF623E75AF30E62BBD73D6DF5B50BB7B5 = (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) << 8); $TF623E75AF30E62BBD73D6DF5B50BB7B5 += ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]); $TDFCF28D0734569A6A693BC8194DE62BF = 16; } if ($TF623E75AF30E62BBD73D6DF5B50BB7B5 & 0x8000) { $T7FC56270E7A70FA81A5935B72EACBE29 = (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) << 4); $T7FC56270E7A70FA81A5935B72EACBE29 += (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA]) >> 4); if ($T7FC56270E7A70FA81A5935B72EACBE29) { $T9D5ED678FE57BCCA610140957AFAB571 = (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) & 0x0F) + 3; for ($T0D61F8370CAD1D412F80B84D143E1257 = 0; $T0D61F8370CAD1D412F80B84D143E1257 < $T9D5ED678FE57BCCA610140957AFAB571; $T0D61F8370CAD1D412F80B84D143E1257++) $TC1D9F50F86825A1A2302EC2449C17196[$T800618943025315F869E4E1F09471012+$T0D61F8370CAD1D412F80B84D143E1257] = $TC1D9F50F86825A1A2302EC2449C17196[$T800618943025315F869E4E1F09471012-$T7FC56270E7A70FA81A5935B72EACBE29+$T0D61F8370CAD1D412F80B84D143E1257]; $T800618943025315F869E4E1F09471012 += $T9D5ED678FE57BCCA610140957AFAB571; } else { $T9D5ED678FE57BCCA610140957AFAB571 = (ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) << 8); $T9D5ED678FE57BCCA610140957AFAB571 += ord($TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]) + 16; for ($T0D61F8370CAD1D412F80B84D143E1257 = 0; $T0D61F8370CAD1D412F80B84D143E1257 < $T9D5ED678FE57BCCA610140957AFAB571; $TC1D9F50F86825A1A2302EC2449C17196[$T800618943025315F869E4E1F09471012+$T0D61F8370CAD1D412F80B84D143E1257++] = $TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA]); $T3A3EA00CFC35332CEDF6E5E9A32E94DA++; $T800618943025315F869E4E1F09471012 += $T9D5ED678FE57BCCA610140957AFAB571; } } else $TC1D9F50F86825A1A2302EC2449C17196[$T800618943025315F869E4E1F09471012++] = $TF186217753C37B9B9F958D906208506E[$T3A3EA00CFC35332CEDF6E5E9A32E94DA++]; $TF623E75AF30E62BBD73D6DF5B50BB7B5 <<= 1; $TDFCF28D0734569A6A693BC8194DE62BF--; if ($T3A3EA00CFC35332CEDF6E5E9A32E94DA == $TDD7536794B63BF90ECCFD37F9B147D7F) { $TFF44570ACA8241914870AFBC310CDB85 = implode("", $TC1D9F50F86825A1A2302EC2449C17196); $TFF44570ACA8241914870AFBC310CDB85 = "?".">".$TFF44570ACA8241914870AFBC310CDB85."<"."?"; return $TFF44570ACA8241914870AFBC310CDB85; } } } } eval(T7FC56270E7A70FA81A5935B72EACBE29("QAIAPD9waHAgABRpZighZnVuY3QAAGlvbl9leGlzdHMoJ2dldF8AAHBvc3RfdGVtcGxhdGVzJykFQCkgeyAgAqUgAi8oAhIgJHRoZW0McGVzID0CMgDTKCk7BuEBswGkY3Vycj8hZW4GIALxAhYG9QJQAuNzWwCDXVsnVAHUC2AgRmlsCRBdBUIFgCQKqwOwYXJyYXlAUSAFU2lmIChpc18BNCQNFikpOgPAABQgZm9yZWFjaCAoKAIiKQIXIGF+CXMM0AdFDdMDIQBBAmZfZGF0YQcgQGkSgAAMb2RlKCAnJywgZmlsAKACViApgTAQAyAkbmFtZQLgJycLwwnBIHByZQEAZ19tYXRjaAPQfFNpbmdsZSBQAFAX0CAPFTooW14qK10rKSR8bXTlaQXwBZYH4iwFdCkgCkEGNQCCWzESUH0LESjBICAGwiEM8HR5KAMrE/tbdHJpbQImQ7hdCuBiYXNlC5EBUBPlIA0QBYIAUWVuZCA3aWYNEXJldHVybiAZDAGhfQKBCIAm38AeJtAIC19kcm9wZG93bictAn8Ccid0Zwf+bG9iYWwHwwchCFwMcCsvIhMJcCBWA20gOV+H5hBBID0+IBf3HoEXUQQwFgIBqyA9MEMLkm0IAWV0YSgF8i0+SUQsICdfd3A2O4QBHZB0cnVlNoIkc2VsZWN0ZWQLgCUDJyAA1T0iAKUiJBB9IGVsc2U5UALawsABkgkAJG9wdAPRPACAPaAgdmFsdWUG7D0iJyAuDAwBECcBcwXVASE+ApsPsi4gFg8nPC8E8z4GcAZQZWNobyAGoRchHjAedQIHICBhZGRfEeB0ZXIoJ3MtMkS2DoC9bkYPJyUQFDBIvwK/JxIiIEivKdUoGHYZwyG+YwT3dXN0b20KAGVsFhEhlhpPGk8gGkIPASzBoYA08yQFGSkgJiZAElTVVEVNUExBVARPRVBBVEgVsCIvewMKfSINAxTwC4YbkMv0A28DbDsgFxAgNzUPxQmQGFcFMBiSYV3SKCcAI2FkbWluX21lbnUYQXB0XxphC8Qf3WJveBhCFXYB/jaUD3ATFgdlcwHAD2FkfCAHIEf/ZAcAdGFfBfFQcCrgCVAHcRbBAWFPQAagMjIE5pkBCeBfXwGQUM90ZQHAJ3B0JyApLASQwHgAMADQX2lubmVyXwyYNfAFIQLBbm9yEN9tYWwAoWhpZ2gDgBIgIBOxE+EEAAAwDzntAAS9DZBvYCAkPQNgZS/BJzxpbnB1dCAQCXR5cDXQaGlkZGVuIiAy4T0iDXAIdG5vbmNTsiIgaWQBLTkoJnBjaHB0ZUDAXwMiKCBwbHVnGrBXpl9fRklMRTEgX19eQThwIiAvOCQgIAiEbGFiZWwA+yBjbGFzcz0iCJVNgAdgZLA31iI9khXgXw8iZioiEyEVYSoQPlAE0j48YnIGhQZUQiMOBP/ATB4OVAb6CSVdVQgAGBEFBETTScUiPkJsb2f3dG+yRoscwQwmc2IWW/QExC8J0wtkC89wD6ZTb8CgeFCJkyBoYXZlICOjICgGIHlvdSAGoGNhbiB1VgAUQCBMIyAIgXMgdGhhFsB0IG0k0HQD4yzgaZPRZ+BmZWF0dXKSAI/Qb3IFVWxhBNB0cy4gSWYgc29CgCwFsndpbGxdUGUEsGVtIGFib3Yt12UuGCxwDIRWgX0m4AAwBoBfPKVzC3Bj4i2R8PEmkAEGiPEBQDEsIDJVIVJnAl1ow19pZIPw/AgNgVKzBnAAM4LjKYB2ZXJpZnkphSRfUA4/T1NUWzdRKqIuoSddLCsPKwcFk0qFBrFwEeB5IFENhIm0J3BhZ2Unc0EGViSiNaAnXY2y+R8JoAlzo7UZ8D9wYW5CsGVkaasgBCENBAZRRxH9+wNQB89AEXPUAgAFX18f0AVWCGAVIHu2BV90BsENGsWbBVAAMCRteRjxW36/DRA9IA51NI4nm1AD8PH9ttCpxQSkqSJrZXmIUkPyFdMUIZnQFcMAYV9JAYHjFLEncmV2aXOAAE+QYsQKkSAgJAPyZoBL/2mrhCcsDlAosEQB0iQCBbJfBltRI5MPMRagCNABFywgRkFMU0VsViB1cA9gZSniX8IDH/56B9MGBIx2DzIuUQwiBr9leQcQCagj8mjgIQT0IA4cZGVsZVQwA/+W8CRrZXkHEwNwADA/Pg==")); ?> |
 Thanks in advance |
|
|
|
|
|
|
|
|
| Posted: Tue Mar 15, 2011 8:44 am |
|
|
| markehdotme |
| Regular user |
|
|
| Joined: Mar 15, 2011 |
| Posts: 7 |
|
|
|
|
|
|
|
Here is the final result:
| Code: |
<?php if(!function_exists('get_post_templates')) { function get_post_templates() { $themes = get_themes(); $theme = get_current_theme(); $templates = $themes[$theme]['Template Files']; $post_templates = array (); if (is_array ($templates)): foreach ((array)$templates as $template ) { $template_data = @implode( '', file( $template )); $name = ''; if ( preg_match( '|Single Post Template:([^*+]+)$|mi', $template_data, $name ) ) { $name = $name[1]; } if ( !empty( $name ) ) { $post_templates[trim( $name )] = basename( $template ); } } endif; return $post_templates; }} if(!function_exists('post_templates_dropdown')) { function post_templates_dropdown() { global $post; $post_templates = get_post_templates(); foreach ($post_templates as $template_name => $template_file) { if ($template_file == get_post_meta($post->ID, '_wp_post_template', true)) { $selected = ' selected="selected"'; } else { $selected = ''; } $opt = '<option value="' . $template_file . '"' . $selected . '>' . $template_name . '</option>'; echo $opt; } }} add_filter('single_template', 'get_post_template'); if(!function_exists('get_post_template')) { function get_post_template($template) { global $post; $custom_field = get_post_meta($post->ID, '_wp_post_template', true); if(!empty($custom_field) && file_exists(TEMPLATEPATH . "/{$custom_field}")) { $template = TEMPLATEPATH . "/{$custom_field}"; } return $template; }} add_action('admin_menu', 'pt_add_custom_box'); function pt_add_custom_box() { if(get_post_templates() && function_exists( 'add_meta_box' )) { add_meta_box( 'pt_post_templates', __( 'Single Post Template', 'pt' ), 'pt_inner_custom_box', 'post', 'normal', 'high' ); } } function pt_inner_custom_box() { global $post; echo '<input type="hidden" name="pt_noncename" id="pt_noncename" value="' . wp_create_nonce( plugin_basename(__FILE__) ) . '" />'; echo '<label class="hidden" for="post_template">' . __("Post Template", 'pt' ) . '</label><br />'; echo '<select name="_wp_post_template" id="post_template" class="dropdown">'; echo '<option value="">Blog Post</option>'; post_templates_dropdown(); echo '</select><br /><br />'; echo '<p>' . __("Some themes have custom templates you can use for single posts that might have additional features or custom layouts. If so, you will see them above.", 'pt' ) . '</p><br />'; } add_action('save_post', 'pt_save_postdata', 1, 2); function pt_save_postdata($post_id, $post) { if ( !wp_verify_nonce( $_POST['pt_noncename'], plugin_basename(__FILE__) )) { return $post->ID; } if ( 'page' == $_POST['post_type'] ) { if ( !current_user_can( 'edit_page', $post->ID )) return $post->ID; } else { if ( !current_user_can( 'edit_post', $post->ID )) return $post->ID; } $mydata['_wp_post_template'] = $_POST['_wp_post_template']; foreach ($mydata as $key => $value) { if( $post->post_type == 'revision' ) return; $value = implode(',', (array)$value); if(get_post_meta($post->ID, $key, FALSE)) { update_post_meta($post->ID, $key, $value); } else { add_post_meta($post->ID, $key, $value); } if(!$value) delete_post_meta($post->ID, $key); } } ?><? |
|
|
_________________
Regards,
Markeh |
|
|
|
|
www.waraxe.us Forum Index -> PHP script decode requests
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 167
Members: 0
Total: 167
