 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
Decode This Please |
 |
 Posted: Sat Oct 25, 2008 3:39 am |
 |
|
| webmark |
| Beginner |
 |
|
| Joined: Oct 24, 2008 |
| Posts: 2 |
|
|
|
 |
|
 |
|
I would be most grateful if someone could decode this for me and, if possible, perhaps point me to a tool I can use to decode similar pieces of code.
| Code: | <?php $_F=__FILE__;$_X='Pz48P3BocA0KDQpmM25jdDQybiBjM3R0MWcoJDRudDV4dCl7DQokbDFzdD0ndDFnZzVkJzsNCnByNWdfbTF0Y2goIiMoLio/KSIuJGwxc3QuIiNzIiwgJDRudDV4dCwgJHYxbDM1KTsNCnI1dDNybiAkdjFsMzVbNl07fQ0KDQpzNXRfdDRtNV9sNG00dCgwKTsNCg0KJGY0bDUgPSAiaHR0cDovL3d3dy4xbTF6Mm4uYzJtL3Jzcy90MWcvZzJsZi9wMnAzbDFyLz90MWc9Ii4kMW0xejJuNGQ7DQoNCiRucl9uNXdzPWEwOw0KDQokcnNzX2NoMW5uNWwgPSAxcnIxeSgpOw0KJGMzcnI1bnRseV93cjR0NG5nID0gIiI7DQokbTE0biA9ICIiOw0KJDR0NW1fYzIzbnQ1ciA9IDA7DQoNCmYzbmN0NDJuIHN0MXJ0RWw1bTVudCgkcDFyczVyLCAkbjFtNSwgJDF0dHJzKSB7DQogICAJZ2wyYjFsICRyc3NfY2gxbm41bCwgJGMzcnI1bnRseV93cjR0NG5nLCAkbTE0bjsNCiAgIAlzdzR0Y2goJG4xbTUpIHsNCiAgIAkJYzFzNSAiUlNTIjoNCiAgIAkJYzFzNSAiUkRGOlJERiI6DQogICAJCWMxczUgIklURU1TIjoNCiAgIAkJCSRjM3JyNW50bHlfd3I0dDRuZyA9ICIiOw0KICAgCQkJYnI1MWs7DQogICAJCWMxczUgIkNIQU5ORUwiOg0KICAgCQkJJG0xNG4gPSAiQ0hBTk5FTCI7DQogICAJCQlicjUxazsNCiAgIAkJYzFzNSAiSU1BR0UiOg0KICAgCQkJJG0xNG4gPSAiSU1BR0UiOw0KICAgCQkJJHJzc19jaDFubjVsWyJJTUFHRSJdID0gMXJyMXkoKTsNCiAgIAkJCWJyNTFrOw0KICAgCQljMXM1ICJJVEVNIjoNCiAgIAkJCSRtMTRuID0gIklURU1TIjsNCiAgIAkJCWJyNTFrOw0KICAgCQlkNWYxM2x0Og0KICAgCQkJJGMzcnI1bnRseV93cjR0NG5nID0gJG4xbTU7DQogICAJCQlicjUxazsNCiAgIAl9DQp9DQoNCmYzbmN0NDJuIDVuZEVsNW01bnQoJHAxcnM1ciwgJG4xbTUpIHsNCiAgIAlnbDJiMWwgJHJzc19jaDFubjVsLCAkYzNycjVudGx5X3dyNHQ0bmcsICQ0dDVtX2MyM250NXI7DQogICAJJGMzcnI1bnRseV93cjR0NG5nID0gIiI7DQogICAJNGYgKCRuMW01ID09ICJJVEVNIikgew0KICAgCQkkNHQ1bV9jMjNudDVyKys7DQogICAJfQ0KfQ0KDQpmM25jdDQybiBjaDFyMWN0NXJEMXQxKCRwMXJzNXIsICRkMXQxKSB7DQoJZ2wyYjFsICRyc3NfY2gxbm41bCwgJGMzcnI1bnRseV93cjR0NG5nLCAkbTE0biwgJDR0NW1fYzIzbnQ1cjsNCgk0ZiAoJGMzcnI1bnRseV93cjR0NG5nICE9ICIiKSB7DQoJCXN3NHRjaCgkbTE0bikgew0KCQkJYzFzNSAiSVRFTVMiOg0KCQkJCTRmICg0c3M1dCgkcnNzX2NoMW5uNWxbJG0xNG5dWyQ0dDVtX2MyM250NXJdWyRjM3JyNW50bHlfd3I0dDRuZ10pKSB7DQoJCQkJCSRyc3NfY2gxbm41bFskbTE0bl1bJDR0NW1fYzIzbnQ1cl1bJGMzcnI1bnRseV93cjR0NG5nXSAuPSAkZDF0MTsNCgkJCQl9IDVsczUgew0KCQkJCQkvL3ByNG50ICgicnNzX2NoMW5uNWxbJG0xNG5dWyQ0dDVtX2MyM250NXJdWyRjM3JyNW50bHlfd3I0dDRuZ10gPSAkZDF0MTxicj4iKTsNCgkJCQkJJHJzc19jaDFubjVsWyRtMTRuXVskNHQ1bV9jMjNudDVyXVskYzNycjVudGx5X3dyNHQ0bmddID0gJGQxdDE7DQoJCQkJfQ0KCQkJCWJyNTFrOw0KCQl9DQoJfQ0KfQ0KDQokeG1sX3AxcnM1ciA9IHhtbF9wMXJzNXJfY3I1MXQ1KCk7DQp4bWxfczV0XzVsNW01bnRfaDFuZGw1cigkeG1sX3AxcnM1ciwgInN0MXJ0RWw1bTVudCIsICI1bmRFbDVtNW50Iik7DQp4bWxfczV0X2NoMXIxY3Q1cl9kMXQxX2gxbmRsNXIoJHhtbF9wMXJzNXIsICJjaDFyMWN0NXJEMXQxIik7DQoNCiRkMXQxPWMzcmxfc3RyNG5nKCRmNGw1KTsNCnhtbF9wMXJzNSgkeG1sX3AxcnM1ciwkZDF0MSk7DQp4bWxfcDFyczVyX2ZyNTUoJHhtbF9wMXJzNXIpOw0KDQovLyBwM3R0NG5nIDRuIDFycjF5DQokbjV3cz0xcnIxeSgpOw0KNGYgKDRzczV0KCRyc3NfY2gxbm41bFsiSVRFTVMiXSkpIA0Kew0KCTRmIChjMjNudCgkcnNzX2NoMW5uNWxbIklURU1TIl0pID4gMCkgDQoJCWYycigkNCA9IDA7JDQgPCBjMjNudCgkcnNzX2NoMW5uNWxbIklURU1TIl0pOyQ0KyspICRuNXdzW109JHJzc19jaDFubjVsWyJJVEVNUyJdWyQ0XTsNCn0NCiRjPTA7DQpmMnI1MWNoKCRuNXdzIDFzICRrNXk9PiR2MWwpDQp7DQoJNGYoJGM8JG5yX241d3MpDQoJew0KCQk1Y2gyICI8ZDR2IGNsMXNzPVwicHIyZDNjdFwiIDFsNGduPVwibDVmdFwiPiI7DQoJCTVjaDIgJzwxIGhyNWY9IicuJHYxbFsnTElOSyddLiciIHQxcmc1dD1cIl9ibDFua1wiPjxoYT4nLmMzdHQxZygkdjFsWydUSVRMRSddKS4nPC9oYT48LzE+PGJyIC8+Jy4nJy4kdjFsWydERVNDUklQVElPTiddLic8L2Q0dj4nOw0KCX0NCgkkYysrOw0KfQ0KDQoNCmYzbmN0NDJuIGMzcmxfc3RyNG5nICgkM3JsLCQzczVyXzFnNW50PSdNMno0bGwxIHUuMCcpew0KDQogICAgICAgJGNoID0gYzNybF80bjR0KCk7DQoNCiAgICAgICBjM3JsX3M1dDJwdCAoJGNoLCBDVVJMT1BUX1VSTCwgJDNybCk7DQogICAgICAgYzNybF9zNXQycHQgKCRjaCwgQ1VSTE9QVF9VU0VSQUdFTlQsICQzczVyXzFnNW50KTsNCiAgICAgICBjM3JsX3M1dDJwdCAoJGNoLCBDVVJMT1BUX0hFQURFUiwgMCk7DQogICAgICAgYzNybF9zNXQycHQgKCRjaCwgQ1VSTE9QVF9SRVRVUk5UUkFOU0ZFUiwgNik7DQogICAgICAgYzNybF9zNXQycHQgKCRjaCwgQ1VSTE9QVF9GT0xMT1dMT0NBVElPTiwgNik7DQogICAgICAgYzNybF9zNXQycHQgKCRjaCwgQ1VSTE9QVF9USU1FT1VULCA2YTApOw0KICAgICAgICRyNXMzbHQgPSBjM3JsXzV4NWMgKCRjaCk7DQogICAgICAgYzNybF9jbDJzNSgkY2gpOw0KICAgICAgIHI1dDNybiAkcjVzM2x0Ow0KDQp9DQo/Pg==';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));?><br />
|
|
|
|
|
|
|
|
|
|
| Posted: Sat Oct 25, 2008 8:30 am |
|
|
| mge |
| Valuable expert |
|
|
| Joined: Jul 16, 2008 |
| Posts: 142 |
|
|
|
|
|
|
|
| Code: | <?php
function cuttag($intext){
$last='tagged';
preg_match("#(.*?)".$last."#s", $intext, $value);
return $value[1];}
set_time_limit(0);
$file = "http://www.amazon.com/rss/tag/golf/popular/?tag=".$amazonid;
$nr_news=20;
$rss_channel = array();
$currently_writing = "";
$main = "";
$item_counter = 0;
function startElement($parser, $name, $attrs) {
global $rss_channel, $currently_writing, $main;
switch($name) {
case "RSS":
case "RDF:RDF":
case "ITEMS":
$currently_writing = "";
break;
case "CHANNEL":
$main = "CHANNEL";
break;
case "IMAGE":
$main = "IMAGE";
$rss_channel["IMAGE"] = array();
break;
case "ITEM":
$main = "ITEMS";
break;
default:
$currently_writing = $name;
break;
}
}
function endElement($parser, $name) {
global $rss_channel, $currently_writing, $item_counter;
$currently_writing = "";
if ($name == "ITEM") {
$item_counter++;
}
}
function characterData($parser, $data) {
global $rss_channel, $currently_writing, $main, $item_counter;
if ($currently_writing != "") {
switch($main) {
case "ITEMS":
if (isset($rss_channel[$main][$item_counter][$currently_writing])) {
$rss_channel[$main][$item_counter][$currently_writing] .= $data;
} else {
//print ("rss_channel[$main][$item_counter][$currently_writing] = $data<br>");
$rss_channel[$main][$item_counter][$currently_writing] = $data;
}
break;
}
}
}
$xml_parser = xml_parser_create();
xml_set_element_handler($xml_parser, "startElement", "endElement");
xml_set_character_data_handler($xml_parser, "characterData");
$data=curl_string($file);
xml_parse($xml_parser,$data);
xml_parser_free($xml_parser);
// putting in array
$news=array();
if (isset($rss_channel["ITEMS"]))
{
if (count($rss_channel["ITEMS"]) > 0)
for($i = 0;$i < count($rss_channel["ITEMS"]);$i++) $news[]=$rss_channel["ITEMS"][$i];
}
$c=0;
foreach($news as $key=>$val)
{
if($c<$nr_news)
{
echo "<div class=\"product\" align=\"left\">";
echo '<a href="'.$val['LINK'].'" target=\"_blank\"><h2>'.cuttag($val['TITLE']).'</h2></a><br />'.''.$val['DESCRIPTION'].'</div>';
}
$c++;
}
function curl_string ($url,$user_agent='Mozilla 4.0'){
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_USERAGENT, $user_agent);
curl_setopt ($ch, CURLOPT_HEADER, 0);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_TIMEOUT, 120);
$result = curl_exec ($ch);
curl_close($ch);
return $result;
}
?><br /> |
i don't know of any tools that can decode something like this, sorry  |
|
|
|
|
|
|
|
|
| Posted: Sat Oct 25, 2008 10:35 am |
|
|
| webmark |
| Beginner |
|
|
| Joined: Oct 24, 2008 |
| Posts: 2 |
|
|
|
|
|
|
|
|
|
|
|
www.waraxe.us Forum Index -> PHP script decode requests
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 175
Members: 0
Total: 175
