GarryOne Posted March 1, 2016 Report Posted March 1, 2016 File 1: http://pastebin.com/vwGQ4ssg File 2: http://pastebin.com/gyZiwy9N File 3: http://pastebin.com/7Qc9X0Ry File 4: http://www111.zippyshare.com/v/k9wRJtDr/file.html Primele 3 sunt obfuscated. Ultimul, este cel mai ciudat. Cand deschideam sursa, cu un editor, imi apareau doar whitespaces, dar cand accesam fisierul in browser, aparea un input de login, care, cel mai probabil, odata completat, era afisat o interfata de web shell. Atunci l-am sters pe loc, de pe server, dar am salvat o copie, insa pe localhost, nu am reusit sa reproduc functionalitatea. De aceea l-am si uploadat pe un file sharing, si nu am pus codul sursa pe pastebin. Eu din pacate nu am atata timp ca sa pierd investigand in detaliu problema, dar sunt curios sa aflu informatii in legatura cu asta. Multumesc. 1 Quote
endemic Posted March 2, 2016 Report Posted March 2, 2016 (edited) Salut, ultimul fisier e gol, golut xxd -p modal.php 3c3f7068700a202020202020202020202020202020202020202020202020 202020202020202020202020202020202020202020202020202020202020 202020202020202020202020202020202020202020202020202020202020 ------------------------------------------------------------ 202020202020202020202020202020202020202020202020202020202020 20202020202020202020203f3e Edited March 2, 2016 by endemic 1 Quote
watsonAI Posted March 2, 2016 Report Posted March 2, 2016 Cel mai probabil in ultimul fisier se inlocuieste ceva, probabil acele spatii, se inlocuiesc cu codul deobfuscat, probabil in memory. 1 Quote
