homepage Welcome to WebmasterWorld Guest from 54.161.236.92
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
what type of encryption is this
what type of php encryption
dhruva




msg:4259853
 10:22 am on Jan 29, 2011 (gmt 0)

please tell me what type of encryption is this and how to decode it
<?php $OOO000000=urldecode('%66%67%36%73%62%65%68%70%72%61%34%63%6f%5f%74%6e%64');
$OOO0000O0=$OOO000000{4}.$OOO000000{9}.$OOO000000{3}.$OOO000000{5};
$OOO0000O0.=$OOO000000{2}.$OOO000000{10}.$OOO000000{13}.$OOO000000{16};
$OOO0000O0.=$OOO0000O0{3}.$OOO000000{11}.$OOO000000{12}.$OOO0000O0{7}.$OOO000000{5};
$OOO000O00=$OOO000000{0}.$OOO000000{12}.$OOO000000{7}.$OOO000000{5}.$OOO000000{15};
$O0O000O00=$OOO000000{0}.$OOO000000{1}.$OOO000000{5}.$OOO000000{14};$O0O000O0O=$O0O000O00.$OOO000000{11};
$O0O000O00=$O0O000O00.$OOO000000{3};
$O0O00OO00=$OOO000000{0}.$OOO000000{8}.$OOO000000{5}.$OOO000000{9}.$OOO000000{16};
$OOO00000O=$OOO000000{3}.$OOO000000{14}.$OOO000000{8}.$OOO000000{14}.$OOO000000{8};
$OOO0O0O00=__FILE__;$OO00O0000=0x1280;
eval($OOO0000O0('[i]<long string of characters here>[/i]'));return;?>[i]<long string of characters here>[/i]

[edited by: coopster at 2:45 pm (utc) on Jan 31, 2011]
[edit reason] removed eval potential to protect future readers [/edit]

 

Jonesy




msg:4260046
 11:41 pm on Jan 29, 2011 (gmt 0)

"Protection Through Obfuscation" ?

What did you get when you executed all the statements?
I got "fg6sbehpra4co_tnd" for the first statement...
I din'na have the patience to break down the whole thing.

Maybe "Protection Through Frustration" ?

You did notice the oh-so 'clever' use of similar-looking variable names
all beginning with the letter "OH" and followed by various mixes of other
letter "OH"s and numeral "ZEROES" -- did you not?

Would appear you're attempting to hack around in someone else's code --
written by a contractor/consultant?

Jonesy

coopster




msg:4260567
 2:48 pm on Jan 31, 2011 (gmt 0)

Welcome to WebmasterWorld, dhruva.

I removed the potentially malicious strings of data and also broke the string up into chunks to remove the sidescroll on the display.

The code is urlencoded and base64 encoded, loaded with eval() statements, which are used to evaluate PHP code and execute it from a string value. The code itself opens the file that it is in, reads itself, peels itself apart and executes PHP code on the server which it is located.

dhruva




msg:4263267
 3:47 pm on Feb 6, 2011 (gmt 0)

i tried to decode it with urlecncoded but it was failure , some time its work but with error may be its my fault

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved