ANTICHAT — форум по информационной безопасности, OSINT и технологиям
ANTICHAT — русскоязычное сообщество по безопасности, OSINT и программированию.
Форум ранее работал на доменах antichat.ru, antichat.com и antichat.club,
и теперь снова доступен на новом адресе —
forum.antichat.xyz.
Форум восстановлен и продолжает развитие: доступны архивные темы, добавляются новые обсуждения и материалы.
⚠️ Старые аккаунты восстановить невозможно — необходимо зарегистрироваться заново.
22.04.2010, 17:45
|
|
Участник форума
Регистрация: 21.09.2008
Сообщений: 148
Провел на форуме:
678893
Репутация:
102
|
|
ну выше же писали что и как =\
тут обфускация в несколько итераций, всё просто и тупо, меняем eval на echo, получаем
PHP код:
$O000O0O00=fopen($OOO0O0O00,'rb');while(--$O00O00O00)fgets($O000O0O00,1024);fgets($O000O0O00,4096);$OO00O00O0=gzuncompress(base64_decode(strtr(fread($O000O0O00,688),'Z0yx4m1Oa9iIMAwDYez+QLtkXNgE6h8UVsbnBJ5/cuHrPplKoSqWdFf7C2vjG3TR=','ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/')));eval($OO00O00O0);
теперь, стираем всё что было в echo(...); пишем то что вышло, и опять же eval меняем на echo получаем такой скрипт:
PHP код:
<?php // This file is protected by copyright law and provided under license. Reverse engineering of this file is strictly prohibited.
$OOO0O0O00=__FILE__;$O00O00O00=__LINE__;$OO00O0000=2760;$O000O0O00=fopen($OOO0O0O00,'rb');while(--$O00O00O00)fgets($O000O0O00,1024);fgets($O000O0O00,4096);$OO00O00O0=gzuncompress(base64_decode(strtr(fread($O000O0O00,688),'Z0yx4m1Oa9iIMAwDYez+QLtkXNgE6h8UVsbnBJ5/cuHrPplKoSqWdFf7C2vjG3TR=','ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/')));echo($OO00O00O0);return;?>
8AHAQLp+fBZQRbProjVENNicbmr4x5cYJ9lZ8wFBY/ayHq49lSpZSuRkOG9x5+unP80xkf5opDtsM7Lf3T16Rz2/KBApP5YOrb5c2TrYuFSoVulxPwwFUYg6Xd5qi006go4HNGpcCAZ1g/ptCZybOxOc09z0sXzOtwZbdYHE71+QmWaHwf0oY0oZjgNepH9JQu1t4DCOe8/F8rIUG5QksAaf7M0omOZL0rXGA2sReUE8xhFLd/pXzJiE44a20d1bfLHprm8FzJfrvDLdukHAmdQSkhxo9dJgkbNIoi09yzN4kr5euXT1ifbxbslN0eiwRL3y8/nCCj6ZklAkLrNQrE7D2ATGe8gUsTDS6ag8O/TMSJGUNfVq/OvUD43U9PDSEDYq/g4K+TmjRnXgx3myA2YABCbtzHrv8JAW82f0jSs5Hinr5LS8d7Q6bTyaOM9ivKqc6Jn17HvhAMIA98iv0gN/Z81yyQNP0cNmcbOTmqKffdhLuebTQlRjGUNgqhbslQivh7V9V3k+KIbjixgFe1KjrMCEjKjSu5a1tLEf/ewKfn57MKEtokr735bnLB/s14jKOSSH5gAPjKVBkqbtqH8LglfPU/2S8tQd+ZKPNcK87nJpFRMjnalVfTKUx3zF3X7CN59r8fhLoUDPBrEu80W8xycJctPC21GPQKa/ana1yZ==8AHhtJpKF4XXUhvLTZTxm+Q9yrPBegbyurzy694VYZ/bVL+tS92htRmJN6TqsiuRrluxkvHHQ/TZ5qEAZP/5ebPsBwV7CRklnwTWio+y6Tg6M2R/T/BlAAlk5HlWR9cDO3F1fs7EazmvfUHqpgqsnsTVf2nb07gOcxtKg7P4kQNEwTbusjh9PSGCg0LNJDglp3KlnlhKfjVL3ppAC5IEZg+hxExr4UupJWFc1EjEROAd6/vanBhj8RP/RjohcPDe7K5jWo/9Xx0chLoO2muYr+FnYRapTSfv+VXs8BsM1vwjVhRKAzRDG5lwWNcwl8o0XqlZ9PR1hMKKjYefFv9coLs4iF8lkmfyKjjiAWpEMOv9ncCTKBmKe7KcaDcoRI0RsiIhP3O9vhKsCeZh/dzjd8moeljU+dgjTqUZ80zsKRXDePUevhOc3wo+H0F1e7lnATb2NLwyAVsfNCWYO31EPWOhej1kx0nSNYr4riUMvD3zTdI+jHymbGVBO8Vu9JuZGj8RfRnloUdjgfKrhTTKrGfnS6QIWXNu4qn+j5mnfRgvymAi70v3HiOm1S8gM656RK7gBfhr+WUYbRJTzZIhoH4FRoAgkQtgs5ZBmY4lrHa2v4lvCdAK2Y3ImA4WHaBG/GIVjOl5g10sWbklmKygtTnmMsh8k5+yoaHxZwGZ/oSNY/MhAp2KTLjOjcapE0VBxOtxRFR/Nt0o6eO3yajVWSox3yVSCWaXR+zok8ZACh38va078ZcqTlAOK9dq//mSoWJ4m/thP46M1Wl1sYDwacwtdArvsKjBfgwApg6SyqAbetZXSJ1F5qJt6yae2I5XZKahQ9PyoItxoZTtHdFa6MmO5bEDbc+9luOiL3zPr0eXtgJsNzQRMIsDUYA+7UAA4pahs3+cITBHXuU9c6KpAtJ6KnP1agGMufRtGytZ0Q6qeNCkZL4Yavh/XeFBR8dvodJZb21ezkixaB0qwB26DDZxPvC9sPFX10MQ1fyZR4y4M9RrfRsHpkvymAzmq//gzkmwo2Mbj1Wn8ZglEf0g9G8iems5gVHPPpUxXgncnJQuMn85HR+16mktIxTBbpNXJz9rXjuigoSkO+LHiQ8AtPLeC7YFcBgpVb4UIjioPvMHqvsQ9Etzul5imJM9JW6AS0b+wZzgc5Nwr9zFJvaPMzVbbqfit2+gmpDj5JIi4cPbPpVbnWYPZarKJ3Qc8IFnPHH7qfxmpJjgNMx55RHf9ntqpBzq4JP+tw5avx5XouO+2gfcjQvHJktX9bFSiQmIZBbydDX3ANhbuNooqueJBezYSeg7X9B/bVvmwJ5xM519DomXEZTE9p3QFFPF6buJxgXczSqiqaihc83eCn4gj8lEnTG37KYfD8f1tAiycB7SjDeb7llC51G4Qn3ZcsX6o8sIjabp5lZkcLbjQQlnZqMjH3ZcBsnxmYe6RyHdkSANc20Rbrv4JHTPkmLeqsoMQYAdAnt5JxC6ZlJ57Yb99WqV/OaiSWomKKes+kYuO3s59mduaLFeaUkvjbzQpUrUmiRqfsWOOGyIvUEsgZkshMhqezu28Zt2dDaO8pnU5KXzFyb+qT0LpUV+WuZMpQguLsHK1Bct4s6ZC3UtiafnymXYP5q+vD7Z5UzMeH1MZmQYG1oxvo4N0IxR/XcQhnoNreaSwAbWw9wlOTSQhCXdk4O93Zh8718+3s+O+MaH+8NT7dKC1CfztkqMQTZ8fygFHAL7pfHGhZ5PKJncPBjSTdnnNFVdTysCEUUB5g2GdZsoNgB039jZS6mf+zderSE9Oi5qhkhtuhs5gZz48xy0+EuU8EMBRaSHPw3qSRlnt5c+KMHo9e76hfb5UXLxAoTKMKOFt+ihTH/TfysN6ftGPuNO0BugZJvuD3uw85QHvXdqtIJRG4UQ2SGAq33kIJ2NIWBZ+9U46ndNrq+kP7xF09RZL95/88xB0zkENW4hrIymJ0ijlNoGKvKZwABnv6IsHOuOugPUnknhfw+dBmzl9i9LJNn0fBayt44/CaB56XpY9yabQoaL1boKBWrP+6UxsOTMHlf6IRysIB2QS8N+XxkRqg68o7U4VdTnE4PcC0k7/HS5noevCZTH3oMNRZSbCJ6o9aWmWa6osz4uUG5znPnb2qqLgzM/wX7Bojq6/FE/+lttMTezhJ5hDuQkWK9IH84NYWDwvSN4sHhfFN/mF1qt8NHhLthwuFLe5JSwrM2Vk6va2rVkBvIHROaTMdPKun+LfLDNqyq3J90MGhUEArwJX2KPPxQ7RkHWV1H92wpQVR7zqRKBZfu29IIUIalusZTVyH+GcTeCoF+Zqz4iJwoALAnM8d/JIHJLzPV0mgRB2n8g8a/moqvjegyFfceUtflE5wafu7N3PTRo6HZ6+dgp/pkn3U/hadXZJ+pTn7n9/eLtXYJuZqf2oADcGieIQrv49/NCvrKeMeoR/0+Ox73ySam/KxcSI03uKTfnGj7c78nd4WHanc8/dhB/3x2vGvvmUK2C8sEpUnrEnvTLcE7evh/STkO4rc6S0yupxIuqjhcF7Ha18YLn6bOtnqDd/0JRCOU2mzN1c9pEDmtv900yX7G3wAoRfV83pvD7ojRD+vIRsu3ehDIK6x8fMArL9/JTbfy+0wqzFYwf/M9Q6WFfgy+kchs3MTVEErI7EqmA0KZWgKi214uKVuULT11frL3VVC5PPpr9KzdsK1jatH6eJK/LcmBw35a9BFdqsykwPoJPWi6J2pEBat8xQDdDDB4HPY==
запускаем, видим
PHP код:
if(!function_exists('gzuncompress'))die('The PHP zlib module is required to run this script. Please see <A HREF="http://www.php.net/manual/en/ref.zlib.php">http://www.php.net/manual/en/ref.zlib.php</A>');if(((isset($HTTP_SERVER_VARS['SERVER_NAME']))&&(!eregi('((.*\.)?antibit\.ru)',$HTTP_SERVER_VARS['SERVER_NAME'])))||((isset($_SERVER['HTTP_HOST']))&&(!eregi('((.*\.)?antibit\.ru)',$_SERVER['HTTP_HOST']))))die('������ �������� ���������������� ��� ������ antibit.ru');$OO00O00O0=ereg_replace('__FILE__',"'".$OOO0O0O00."'",gzuncompress(base64_decode(strtr(fread($O000O0O00,$OO00O0000),'Z0yx4m1Oa9iIMAwDYez+QLtkXNgE6h8UVsbnBJ5/cuHrPplKoSqWdFf7C2vjG3TR=','ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'))));fclose($O000O0O00);eval($OO00O00O0);
тут уже 2 варианта, как видно в начале скрипта проверяется HTTP_HOST, если скрипт расположен не на antibit.ru то die; по этому меняем на свой хост и всё =) но естественно лучше закончить начатое, повторяем всё заново, не забывая вместо eval писать echo
Конечный результат:
PHP код:
<?php
/*
=====================================================
MOD "Files v.3.1" for DataLife Engine - by Snake
url = http://mynokia.su/
email - igramnet@gmail.com
Форум поддержки модуля http://www.fmlife.net/
=====================================================
DataLife Engine - by SoftNews Media Group
-----------------------------------------------------
http://dle-news.ru/
-----------------------------------------------------
Copyright (c) 2004,2008 SoftNews Media Group
=====================================================
Данный код защищен авторскими правами
=====================================================
Проверен на безопасность командой White Team
-----------------------------------------------------
Сайт команды http://www.white-team.net
=====================================================
*/
if (! defined ( 'DATALIFEENGINE' ))
die ( "Hacking attempt!" );
if ($_REQUEST ['user_hash'] == "" or $_REQUEST ['user_hash'] != $dle_login_hash)
die ( "Hacking attempt! User not found" );
if (($member_db [1] == 1) or in_array ( $member_db [1], $filesConfig ['access_config_files'] )) {
$accepted_files = trim ( stripslashes ( $_POST ['accepted_files'] ) );
$accepted_files = htmlspecialchars ( $accepted_files, ENT_QUOTES );
$file_copyr = trim ( stripslashes ( $_POST ['file_copyr'] ) );
$file_copyr = htmlspecialchars ( $file_copyr, ENT_QUOTES );
$title_mirror1 = trim ( stripslashes ( $_POST ['title_mirror1'] ) );
$title_mirror1 = htmlspecialchars ( $title_mirror1, ENT_QUOTES );
$title_mirror2 = trim ( stripslashes ( $_POST ['title_mirror2'] ) );
$title_mirror2 = htmlspecialchars ( $title_mirror2, ENT_QUOTES );
$autocat_nodestyle = trim ( stripslashes ( $_POST ['autocat_nodestyle'] ) );
$autocat_nodestyle = htmlspecialchars ( $autocat_nodestyle, ENT_QUOTES );
$cat_exclude = trim ( stripslashes ( $_POST ['cat_exclude'] ) );
$cat_exclude = htmlspecialchars ( $cat_exclude, ENT_QUOTES );
$alpha_stroks = trim ( stripslashes ( $_POST ['alpha_stroks'] ) );
$alpha_stroks = htmlspecialchars ( $alpha_stroks, ENT_QUOTES );
$alpha_word = trim ( stripslashes ( $_POST ['alpha_word'] ) );
$alpha_word = htmlspecialchars ( $alpha_word, ENT_QUOTES );
$site_ka4 = trim ( stripslashes ( $_POST ['site_ka4'] ) );
$site_ka4 = htmlspecialchars ( $site_ka4, ENT_QUOTES );
$site_ka4alka_login = trim ( stripslashes ( $_POST ['site_ka4alka_login'] ) );
$site_ka4alka_login = htmlspecialchars ( $site_ka4alka_login, ENT_QUOTES );
$site_ka4alka_pass = trim ( stripslashes ( $_POST ['site_ka4alka_pass'] ) );
$site_ka4alka_pass = htmlspecialchars ( $site_ka4alka_pass, ENT_QUOTES );
$site_ka4alka_host = trim ( stripslashes ( $_POST ['site_ka4alka_host'] ) );
$site_ka4alka_host = htmlspecialchars ( $site_ka4alka_host, ENT_QUOTES );
$site_ka4alka_path = trim ( stripslashes ( $_POST ['site_ka4alka_path'] ) );
$site_ka4alka_path = htmlspecialchars ( $site_ka4alka_path, ENT_QUOTES );
$access_edit_files = trim ( stripslashes ( $_POST ['access_edit_files'] ) );
$access_edit_files = htmlspecialchars ( $access_edit_files, ENT_QUOTES );
$access_delete_files = trim ( stripslashes ( $_POST ['access_delete_files'] ) );
$access_delete_files = htmlspecialchars ( $access_delete_files, ENT_QUOTES );
$access_config_files = trim ( stripslashes ( $_POST ['access_config_files'] ) );
$access_config_files = htmlspecialchars ( $access_config_files, ENT_QUOTES );
$access_edit_cats = trim ( stripslashes ( $_POST ['access_edit_cats'] ) );
$access_edit_cats = htmlspecialchars ( $access_edit_cats, ENT_QUOTES );
$access_view_logs = trim ( stripslashes ( $_POST ['access_view_logs'] ) );
$access_view_logs = htmlspecialchars ( $access_view_logs, ENT_QUOTES );
$access_platform_edit = trim ( stripslashes ( $_POST ['access_platform_edit'] ) );
$access_platform_edit = htmlspecialchars ( $access_platform_edit, ENT_QUOTES );
$access_version_edit = trim ( stripslashes ( $_POST ['access_version_edit'] ) );
$access_version_edit = htmlspecialchars ( $access_version_edit, ENT_QUOTES );
$access_broken_edit = trim ( stripslashes ( $_POST ['access_broken_edit'] ) );
$access_broken_edit = htmlspecialchars ( $access_broken_edit, ENT_QUOTES );
$access_addfile_host = trim ( stripslashes ( $_POST ['access_addfile_host'] ) );
$access_addfile_host = htmlspecialchars ( $access_addfile_host, ENT_QUOTES );
$content = "<?PHP\n\n";
$content .= "\$filesConfig['nfmain'] = " . intval ( $_POST ['nfmain'] ) . ";\n\n";
$content .= "\$filesConfig['fcat'] = " . intval ( $_POST ['fcat'] ) . ";\n\n";
$content .= "\$filesConfig['maxsize'] = " . intval ( $_POST ['maxsize'] * 1024 ) . ";\n\n";
$content .= "\$filesConfig['accepted_files'] = \"" . $accepted_files . "\";\n\n";
$content .= "\$filesConfig['file_copyr'] = \"" . $file_copyr . "\";\n\n";
$content .= "\$filesConfig['title_mirror1'] = \"" . $title_mirror1 . "\";\n\n";
$content .= "\$filesConfig['title_mirror2'] = \"" . $title_mirror2 . "\";\n\n";
$content .= "\$filesConfig['numfiles'] = " . intval ( $_POST ['numfiles'] ) . ";\n\n";
$content .= "\$filesConfig['allowed_guest_com'] = " . intval ( $_POST ['allowed_guest_com'] ) . ";\n\n";
$content .= "\$filesConfig['show_sub_files'] = " . intval ( $_POST ['show_sub_files'] ) . ";\n\n";
$content .= "\$filesConfig['show_files_sub_cat'] = " . intval ( $_POST ['show_files_sub_cat'] ) . ";\n\n";
$content .= "\$filesConfig['allow_comments'] = " . intval ( $_POST ['allow_comments'] ) . ";\n\n";
$content .= "\$filesConfig['hide_url'] = " . intval ( $_POST ['hide_url'] ) . ";\n\n";
$content .= "\$filesConfig['nica_rewrite'] = " . intval ( $_POST ['nica_rewrite'] ) . ";\n\n";
$content .= "\$filesConfig['auto_category'] = " . intval ( $_POST ['auto_category'] ) . ";\n\n";
$content .= "\$filesConfig['down_guest'] = " . intval ( $_POST ['down_guest'] ) . ";\n\n";
$content .= "\$filesConfig['fcount'] = " . intval ( $_POST ['fcount'] ) . ";\n\n";
$content .= "\$filesConfig['widththumb'] = " . intval ( $_POST ['widththumb'] ) . ";\n\n";
$content .= "\$filesConfig['maxsize_thumb'] = " . intval ( $_POST ['maxsize_thumb'] * 1024 ) . ";\n\n";
$content .= "\$filesConfig['allow_zipfiles'] = " . intval ( $_POST ['allow_zipfiles'] ) . ";\n\n";
$content .= "\$filesConfig['allow_watermark'] = " . intval ( $_POST ['allow_watermark'] ) . ";\n\n";
$content .= "\$filesConfig['max_watermark'] = " . intval ( $_POST ['max_watermark'] ) . ";\n\n";
$content .= "\$filesConfig['allow_screenshot'] = " . intval ( $_POST ['allow_screenshot'] ) . ";\n\n";
$content .= "\$filesConfig['allow_screen_admin'] = " . intval ( $_POST ['allow_screen_admin'] ) . ";\n\n";
$content .= "\$filesConfig['default_screenshot'] = " . intval ( $_POST ['default_screenshot'] ) . ";\n\n";
$content .= "\$filesConfig['numbertopfiles'] = " . intval ( $_POST ['numbertopfiles'] ) . ";\n\n";
$content .= "\$filesConfig['numbernewfiles'] = " . intval ( $_POST ['numbernewfiles'] ) . ";\n\n";
$content .= "\$filesConfig['mail_comments'] = " . intval ( $_POST ['mail_comments'] ) . ";\n\n";
$content .= "\$filesConfig['allow_filestoemail'] = " . intval ( $_POST ['allow_filestoemail'] ) . ";\n\n";
$content .= "\$filesConfig['allow_addfile_url'] = " . intval ( $_POST ['allow_addfile_url'] ) . ";\n\n";
$content .= "\$filesConfig['alpha'] = " . intval ( $_POST ['alpha'] ) . ";\n\n";
$content .= "\$filesConfig['alpha_stroks'] = \"" . $alpha_stroks . "\";\n\n";
$content .= "\$filesConfig['alpha_word'] = \"" . $alpha_word . "\";\n\n";
$content .= "\$filesConfig['show_file_main'] = " . intval ( $_POST ['show_file_main'] ) . ";\n\n";
$content .= "\$filesConfig['show_alpha_cat'] = " . intval ( $_POST ['show_alpha_cat'] ) . ";\n\n";
$content .= "\$filesConfig['show_main_cat'] = " . intval ( $_POST ['show_main_cat'] ) . ";\n\n";
$content .= "\$filesConfig['rss_count'] = " . intval ( $_POST ['rss_count'] ) . ";\n\n";
$content .= "\$filesConfig['view'] = " . $_POST ['view'] . ";\n\n";
$content .= "\$filesConfig['thumbs_files'] = " . intval ( $_POST ['thumbs_files'] ) . ";\n\n";
$content .= "\$filesConfig['autocat_cols'] = " . intval ( $_POST ['autocat_cols'] ) . ";\n\n";
$content .= "\$filesConfig['autocat_per_row'] = " . intval ( $_POST ['autocat_per_row'] ) . ";\n\n";
$content .= "\$filesConfig['autocat_nodestyle'] = \"" . $autocat_nodestyle . "\";\n\n";
$content .= "\$filesConfig['cat_exclude'] = \"" . $cat_exclude . "\";\n\n";
$content .= "\$filesConfig['access_edit_files'] = \"" . $access_edit_files . "\";\n\n";
$content .= "\$filesConfig['access_delete_files'] = \"" . $access_delete_files . "\";\n\n";
$content .= "\$filesConfig['access_config_files'] = \"" . $access_config_files . "\";\n\n";
$content .= "\$filesConfig['access_edit_cats'] = \"" . $access_edit_cats . "\";\n\n";
$content .= "\$filesConfig['access_view_logs'] = \"" . $access_view_logs . "\";\n\n";
$content .= "\$filesConfig['access_platform_edit'] = \"" . $access_platform_edit . "\";\n\n";
$content .= "\$filesConfig['access_version_edit'] = \"" . $access_version_edit . "\";\n\n";
$content .= "\$filesConfig['access_broken_edit'] = \"" . $access_broken_edit . "\";\n\n";
$content .= "\$filesConfig['access_addfile_host'] = \"" . $access_addfile_host . "\";\n\n";
$content .= "\$filesConfig['allow_show_keywords'] = \"" . $allow_show_keywords . "\";\n\n";
$content .= "\$site_ka4 = \"" . $site_ka4 . "\";\n\n";
$content .= "\$site_ka4alka_login = \"" . $site_ka4alka_login . "\";\n\n";
$content .= "\$site_ka4alka_pass = \"" . $site_ka4alka_pass . "\";\n\n";
$content .= "\$site_ka4alka_host = \"" . $site_ka4alka_host . "\";\n\n";
$content .= "\$site_ka4alka_path = \"" . $site_ka4alka_path . "\";\n\n";
$content .= "?>";
$filename = "./engine/data/" . $modulname . "_config.php";
if ($file = fopen ( $filename, "w" )) {
fwrite ( $file, $content );
fclose ( $file );
} else {
echo "Не удалось записать файл. Выставьте права достпупа на файл " . $modulname . "_config.php 0666";
exit ();
}
WriteLog ( $modul_dbtitle, $modulname, "Изменена кофигурация архива файлов" );
header ( "Location: " . $config ['http_home_url'] . "" . $config ['admin_path'] . "?mod=admin_" . $modulname . "&action=conf" );
} else {
msg ( "error", $lang ['addnews_denied'], $lang ['db_denied'] );
}
?>
Последний раз редактировалось Failure; 22.04.2010 в 18:45..
|
|
|
|
|
Здесь присутствуют: 1 (пользователей: 0 , гостей: 1)
|
|
|
|
Похожие темы
Древовидный вид