开发者

Site hacked, who wants to figure out what this encoded string says (ROT13, eval, base64_decode, and gzinflate used)? [closed]

开发者 https://www.devze.com 2023-03-21 07:18 出处:网络
This question is unlikely to help any future visitors; it is only relevant to a small geographic area, a specific moment in time,or an extraordinarily narrow situation that is not generally applic
This question is unlikely to help any future visitors; it is only relevant to a small geographic area, a specific moment in time, or an extraordinarily narrow situation that is not generally applicable to the worldwide audience of the internet. For help making this question more broadly applicable, visit the help center.开发者_JAVA百科 Closed 11 years ago.

In several files, I found injected code in my PHP files. I attempted to Pastebin the code, but Pastebin actually wouldn't accept the code. I tried various Pastebin alternatives as well, none of them would accept the code as-is, not even StackOverflow.

So what I've done is uploaded the to my own personal server and am hosting it from a *.txt file. If someone knows a better way, please let me know. I know it seems fishy (at least, my actions seem fishy even to me) and I apologize for that.

Also, there are three "paragraphs" of code, each paragraph was found on a different page, injected at the top of all 3. The first block of code is rather small, only about 5 or so lines after wordwrap. The other two blocks of code are quite lengthy, and in the 3rd block of code exists a 4th inline encoded string.

The injected code:

http://184.172.138.95/~smgwebd/code.txt


After expanding the first line, I noticed that there is a little file upload form that they put in there, with this Copyright...

Copyright 2011 by kaMtiEz - MagelangCyber Team ! d0nt rem0ve copyright if u real hax0r


Replace the eval command with an echo and look at the resulting string.

Having looked at the first entry it expands to another encoded string. Repeating the process - i.e. taking the resulting string from the first entry and again swapping the eval for echo reveals the code.

0

精彩评论

暂无评论...
验证码 换一张
取 消