tmhw
asked on
Can you decode these php files?
Please decode these php files and tell me how you did it.
http://www.mediafire.com/?sharekey=034d150ad20190440de7269564b75e88095dc809818c5b7ea2910e5564f74470
You can upload the decoded files back to http://www.mediafire.com and put the link to the files in your answer.
http://www.mediafire.com/?sharekey=034d150ad20190440de7269564b75e88095dc809818c5b7ea2910e5564f74470
You can upload the decoded files back to http://www.mediafire.com and put the link to the files in your answer.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Well, I'm doing something wrong. Any ideas?
I get unexpected semicolon error.
I get unexpected semicolon error.
The original code...
<?php
$OOO0O0O00=__FILE__;$O00O00O00=__LINE__;$OO00O0000=6924;eval((base64_decode('JE8wMDBPME8wMD1mb3BlbigkT09PME8wTzAwLCdyYicpO3doaWxlKC0tJE8wME8wME8wMClmZ2V0cygkTzAwME8wTzAwLDEwMjQpO2ZnZXRzKCRPMDAwTzBPMDAsNDA5Nik7JE9PMDBPMDBPMD0oYmFzZTY0X2RlY29kZShzdHJ0cihmcmVhZCgkTzAwME8wTzAwLDM3MiksJ2xwZ2VuMjBreVlFS05HUExBYUJiQ2NEZEZmSGhJaUpqTW1Pb1FxUnJTc1R0VXVWdld3WHhaejEzNDU2Nzg5Ky89JywnQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVphYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ejAxMjM0NTY3ODkrLycpKSk7ZXZhbCgkT08wME8wME8wKTs=')));return;?>
Then after decoding the base64 part...
<?php
$OOO0O0O00=__FILE__;$O00O00O00=__LINE__;$OO00O0000=6924;echo(($O000O0O00=fopen($OOO0O0O00,'rb');while(--$O00O00O00)fgets($O000O0O00,1024);fgets($O000O0O00,4096);$OO00O00O0=(base64_decode(strtr(fread($O000O0O00,372),'lpgen20kyYEKNGPLAaBbCcDdFfHhIiJjMmOoQqRrSsTtUuVvWwXxZz13456789+/=','ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/')));eval($OO00O00O0);));return;?>
Then replacing the first 'eval' with 'echo' I have...
<?php
$OOO0O0O00=__FILE__;
$O00O00O00=__LINE__;
$OO00O0000=6924;
echo(($O000O0O00=fopen($OOO0O0O00,'rb');
while(--$O00O00O00)fgets($O000O0O00,1024);
fgets($O000O0O00,4096);
$OO00O00O0=(base64_decode(strtr(fread($O000O0O00,372),'lpgen20kyYEKNGPLAaBbCcDdFfHhIiJjMmOoQqRrSsTtUuVvWwXxZz13456789+/=','ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/')));eval($OO00O00O0);));
?>
But I get an unexpected ';' error on line...
$O000O0O00=fopen($OOO0O0O00,'rb');
https://www.experts-exchange.com/M_5205314.html
@tmhw: Are you the owner of these files? If not, this may be a violation of the terms of service of EE. I will ask a moderator to have a look at this question.
@tmhw: Are you the owner of these files? If not, this may be a violation of the terms of service of EE. I will ask a moderator to have a look at this question.
ASKER
Yes, I purchased them.
could you change this please. Don't change the 1st eval
0123456789+/')));eval($OO00O00O0);));return;?>
into
0123456789+/')));echo($OO00O00O0);));return;?>
ASKER
I still get... Parse error: syntax error, unexpected ';'...
<?php
$OOO0O0O00=__FILE__;$O00O00O00=__LINE__;$OO00O0000=6924;eval(($O000O0O00=fopen($OOO0O0O00,'rb');while(--$O00O00O00)fgets($O000O0O00,1024);fgets($O000O0O00,4096);$OO00O00O0=(base64_decode(strtr(fread($O000O0O00,372),'lpgen20kyYEKNGPLAaBbCcDdFfHhIiJjMmOoQqRrSsTtUuVvWwXxZz13456789+/=','ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/')));echo($OO00O00O0);));return;?>
ASKER
By the way, the text that appears after "?>" is not a "red herring". It is the information that is read by the "fread" statement which gets translated into readable php code. The translated php code contains html and MySQL statements.
yes sure, that is the encoded (not encrypted part of the file)
Sorry, no php expert. Reverting to r/o mode waiting for other responses.
Sorry, no php expert. Reverting to r/o mode waiting for other responses.
ASKER
strtr function was the key. I figured out the rest.
Great. Did These file contain any passwords, or other sensitive Information? If yes we should anonymize / remove them. The core of the question: decode the real content, is no issue, so this question can be kept.
ASKER
Nothing sensitive in these files and I already removed them from mediafire. Thanks again.
Just change the eval to echo and remove the return; from near the end of the line and you'll see what is being hidden instead of executing it.