Jump to content
kNigHt

[PHP] Decode this

Recommended Posts

M-am uitat aseara pe cod...

E un backdoor si nimic mai mult!

Am facut un dump la variabile:

  [fOnyYqpwzsk] => D@
[Zd8_Y] => swro}u
[lX] => ml=
[WKlp] => O 4SK+
[X8] => CLV@;-
[OtA] => 6-%/IY
[Blc] => csse}_gyll
[eI6dnDa] => }vvky_no}~
[HqtJnJ] => gvuute_nuns|oon
[FiFo8Ahhl] => c{gk}u_vungvioo
[xqrzKk] => 5edd955dda36ed6a2a3ac67de0c01d
[wuzqhZOqm9m] => /e
[y9Y] => 1255639
[T1_] => 9
[vYUf] => HTT
[Fy] => P_
[FBM] => A
[JU0_r] => b7
[r6g] => a
[AZWsev] => mh
[j6BbT5ea] => F
[i4148QjXMMi] => bMvF
[hg8l] => HTTP_X_DEVICE_USER_A
[IT] => GEN
[Q4M] => T
[VZjjeswS] => strcmp
[by] => md5
[KJQOFrw] => getenv
[Z82] => preg_replace
[R18uq] => uasort
[sGn_zAlOrfM] => array_fill
[u0sX] => create_function

Apoi ajunge la

if(strcmp(md5(getenv(HTTP_A)),'5edd955dda36ed6a2a3ac67de0c01d'))

Acolo verifica parola care o ia din header-ul "A".

Daca parola e buna se face un preg_replace cu datele de la user folosind -> "/e" (acesta e un backdoor).

Daca nu ai preg_replace, mai incearca un create_function cu datele din "HTTP_X_DEVICE_USER_AGENT".

In principiu si-a lasat 3 metode prin care executa cod php:

preg_replace

uasort -> folosind call_back_function

create_function

Link to comment
Share on other sites

M-am uitat aseara pe cod...

E un backdoor si nimic mai mult!

Am facut un dump la variabile:

  [fOnyYqpwzsk] => D@
[Zd8_Y] => swro}u
[lX] => ml=
[WKlp] => O 4SK+
[X8] => CLV@;-
[OtA] => 6-%/IY
[Blc] => csse}_gyll
[eI6dnDa] => }vvky_no}~
[HqtJnJ] => gvuute_nuns|oon
[FiFo8Ahhl] => c{gk}u_vungvioo
[xqrzKk] => 5edd955dda36ed6a2a3ac67de0c01d
[wuzqhZOqm9m] => /e
[y9Y] => 1255639
[T1_] => 9
[vYUf] => HTT
[Fy] => P_
[FBM] => A
[JU0_r] => b7
[r6g] => a
[AZWsev] => mh
[j6BbT5ea] => F
[i4148QjXMMi] => bMvF
[hg8l] => HTTP_X_DEVICE_USER_A
[IT] => GEN
[Q4M] => T
[VZjjeswS] => strcmp
[by] => md5
[KJQOFrw] => getenv
[Z82] => preg_replace
[R18uq] => uasort
[sGn_zAlOrfM] => array_fill
[u0sX] => create_function

Apoi ajunge la

if(strcmp(md5(getenv(HTTP_A)),'5edd955dda36ed6a2a3ac67de0c01d'))

Acolo verifica parola care o ia din header-ul "A".

Daca parola e buna se face un preg_replace cu datele de la user folosind -> "/e" (acesta e un backdoor).

Daca nu ai preg_replace, mai incearca un create_function cu datele din "HTTP_X_DEVICE_USER_AGENT".

In principiu si-a lasat 3 metode prin care executa cod php:

preg_replace

uasort -> folosind call_back_function

create_function

Nice job, grats :)

E cel mai bine encodat backdoor de care m-am ivit. Ma intreb cum a fost facut, banuiesc ca nu manual.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...