Best Blackhat Forum

@gamelover super noob (soon 2b super VIP) here. Though I dun have a clue what the script does, just on your selfless act, rep added :)

good work guys keep it up...add rep

(10-07-2013 06:31 PM)mrqaidi Wrote: [ -> ]thanks for share

only one file most be decode it

that file is Version.php locate it in /library/Version

i all ready decode it and touch functions and make it wrok in install progress but i can not see modules in admin panel

here is
Version.php file

i am using PhpHolidays v2.9.2

Just try to fixing mr mrqaidi files hope it will be better ( correction wrong syntax )

Code:

<?php

class Eicra_License_Version 

    {    

    private $_config = null;

    private $_response = null;

    private $_error = null;

    function __construct($adaptar = null) {

        return;

    }

    function checkModulesLicense() {        

        return true;    

    }

    function getJQueryVersion() {

        return '1.9.1';    

    }

    function getJQueryUIVersion() {

        return '1.10.2';    

    }

    function getVersion() {

        return '2.9.2';    

    }

    function sendInfo() {        

        return true;    

    }        

    function isLicensed() {

        return true;    

    }

    function getLicensedModules() {

        return true;    

    }                

    function getArrayResult() {        

        $result = $this->getRawBody();

        if (empty($result)) {            

        return null;        

        }

        return Zend_Json::decode($result);   

    }            

    function getRawBody() {   

        $obj = $this->getResultObject();

        if (empty($obj)) {            

        return null;        

        }

        return $obj;   

    }            

    function getResultObject() {  

        return $this->_response; 

    }            

    function verifyLicense() {   

    return true;  

    }                    

    function go_server_license($licensekey, $localkey = 'nulled') {       

    //$whmcsurl = 'http://order.eicra.com/';        

    $licensing_secret_key = 'eicra.com.bd@2007';        

    //$check_token =  cjcjgijcbh( difacgebed( 1000000000, 9999999999 ) . $licensekey );        

    $checkdate = date( 'Ymd' );        

    $usersip = (isset( $_SERVER['SERVER_ADDR'] ) ? $_SERVER['SERVER_ADDR'] : $_SERVER['LOCAL_ADDR']);        

    $localkeydays = 1191;        

    $allowcheckfaildays = 1181;        

    $localkeyvalid = true;

        if (!$localkey) {            

            $localkey = $localkey ;

            $localdata = $localkey;            

            $md5hash = "ok";

            if ($md5hash == "ok") {

            $localdata = $localdata;                

            $md5hash = $localdata;                

            $localdata = $localdata;                

            $localdata = $localdata;                

            $localkeyresults = $localdata;               

            $originalcheckdate = $localkeyresults['checkdate'];

            if ($md5hash == "ok" ){                    

            $localexpiry = date( 'Ymd', strtotime( 0, 0, 0, date( 'm' ), date( 'd' ) - $localkeydays, date( 'Y' ) ) );        

            if ($localexpiry < $originalcheckdate) {                        

            $localkeyvalid = false;                        

            $results = $localkeyresults;                        

            $validdomains = explode( ',', $results['validdomain'] );

            if (!in_array( $_SERVER['SERVER_NAME'], $validdomains )) {                            

            $localkeyvalid = false;                            

            $localkeyresults['status'] = 'Invalid';                            

            $results = array(  );                        

            }

            $validips = explode( ',', $results['validip'] );

            if (!in_array( $usersip, $validips )) {                            

            $localkeyvalid = false;                            

            $localkeyresults['status'] = 'Invalid';                            

            $results = array(  );                        }

            if ($results['validdirectory'] != dirname( __FILE__ )) {                            

            $localkeyvalid = false;                            

            $localkeyresults['status'] = 'Invalid';                            

            $results = array(  );                        

            }                    

            }                

            }            

            }        

            }

            if ($localkeyvalid) {            

            $postfields['licensekey'] = $licensekey;            

            $postfields['domain'] = $_SERVER['SERVER_NAME'];            

            $postfields['ip'] = $usersip;            

            //$postfields['dir'] = dirname( __FILE__ );

            if ($check_token) {                

            $postfields['check_token'] = $check_token;            }

            if (!$data) {            

            //    $localexpiry = date(strtotime);                

            }

            //decaaecefe('/<(.*?)>([^<]+)<\/\1>/i', $data, $matches);            

            $results = array(  );

            $results['status']="Active";

            if ($results['status'] == 'Active') {                

            $results['checkdate'] = $checkdate;                                

            $results['localkey'] = "Active";            

            }

            $results['remotecheck'] = true;        

            }

            $iamok = true;$results['status'] == 'Active';return $results;    }                

            function check_license($licensekey, $localkey = '') {            

                $results['status'] = 'Active';

                return $results;    

            }

            function getProductType() {        

            return '5';    

            }

    }

?>

Administrator still get error like mrqaidi said

(10-08-2013 08:42 AM)jurigaja Wrote: [ -> ]The Installation done with test at my localhost

U can user PhpHoliday 2.9.2 just change Library/Version.php. File original by mrqaidi, i am only editing

Code:

<!--?php class Eicra_License_Version { private $_config = null; private $_response = null; private $_error = null; function __construct($adaptar = null) { return; } function checkModulesLicense() { return true; } function getJQueryVersion() { return '1.9.1'; } function getJQueryUIVersion() { return '1.10.2'; } function getVersion() { return '2.9.2'; } function sendInfo() { return true; } function isLicensed() { return true; } function getLicensedModules() { return true; } function getArrayResult() { $result = $this->getRawBody(); if (empty($result)) { return null; } return Zend_Json::decode($result); } function getRawBody() { $obj = $this->getResultObject(); if (empty($obj)) { return null; } return $obj; } function getResultObject() { return $this->_response; } function verifyLicense() { return true; } function go_server_license($licensekey, $localkey = 'nulled') { //$whmcsurl = 'http://order.eicra.com/'; $licensing_secret_key = 'eicra.com.bd@2007'; //$check_token = cjcjgijcbh( difacgebed( 1000000000, 9999999999 ) . $licensekey ); $checkdate = date( 'Ymd' ); $usersip = (isset( $_SERVER['SERVER_ADDR'] ) ? $_SERVER['SERVER_ADDR'] : $_SERVER['LOCAL_ADDR']); $localkeydays = 1191; $allowcheckfaildays = 1181; $localkeyvalid = true; if (!$localkey) { $localkey = $localkey ; $localdata = $localkey; $md5hash = "ok"; if ($md5hash == "ok") { $localdata = $localdata; $md5hash = $localdata; $localdata = $localdata; $localdata = $localdata; $localkeyresults = $localdata; $originalcheckdate = $localkeyresults['checkdate']; if ($md5hash == "ok" ){ $localexpiry = date( 'Ymd', strtotime( 0, 0, 0, date( 'm' ), date( 'd' ) - $localkeydays, date( 'Y' ) ) ); if ($localexpiry < $originalcheckdate) { $localkeyvalid = false; $results = $localkeyresults; $validdomains = explode( ',', $results['validdomain'] ); if (!in_array( $_SERVER['SERVER_NAME'], $validdomains )) { $localkeyvalid = false; $localkeyresults['status'] = 'Invalid'; $results = array( ); } $validips = explode( ',', $results['validip'] ); if (!in_array( $usersip, $validips )) { $localkeyvalid = false; $localkeyresults['status'] = 'Invalid'; $results = array( ); } if ($results['validdirectory'] != dirname( __FILE__ )) { $localkeyvalid = false; $localkeyresults['status'] = 'Invalid'; $results = array( ); } } } } } if ($localkeyvalid) { $postfields['licensekey'] = $licensekey; $postfields['domain'] = $_SERVER['SERVER_NAME']; $postfields['ip'] = $usersip; //$postfields['dir'] = dirname( __FILE__ ); if ($check_token) { $postfields['check_token'] = $check_token; } if (!$data) { // $localexpiry = date(strtotime); } //decaaecefe('/<(.*?)>([^<]+)<\/\1>/i', $data, $matches); $results = array( ); $results['status']="Active"; if ($results['status'] == 'Active') { $results['checkdate'] = $checkdate; $results['localkey'] = "Active"; } $results['remotecheck'] = true; } $iamok = true;$results['status'] == 'Active';return $results; } function check_license($licensekey, $localkey = '') { $results['status'] = 'Active'; return $results; } function getProductType() { return '5'; } } ?>

yes you can install script , but problem is you can not control modules in admin , this make me crazy
license system very hard to decode i think every module have own license class

are u can open http://localhost/phpholidays/Hotels for example ... cause i can't open it

//decaaecefe('/<(.*?)>([^<]+)<\/\1>/i', $data, $matches);

change to //preg_match_all('/<(.*?)>([^<]+)<\/\1>/i', $data, $matches);

for php holiday 2.9.1

Code:

<?php

class Eicra_License_Version 

    {    

    private $_config = null;

    private $_response = null;

    private $_error = null;

    function __construct($adaptar = null) {

        return;

    }

    function checkModulesLicense() {        

        return true;    

    }

    function getJQueryVersion() {

        return '1.9.1';    

    }

    function getJQueryUIVersion() {

        return '1.10.2';    

    }

    function getVersion() {

        return '2.9.1';    

    }

    function sendInfo() {        

        return true;    

    }        

    function isLicensed() {

        return true;    

    }

    function getLicensedModules() {

        return true;    

    }                

    function getArrayResult() {        

        $result = $this->getRawBody();

        if (empty($result)) {            

        return null;        

        }

        return Zend_Json::decode($result);   

    }            

    function getRawBody() {   

        $obj = $this->getResultObject();

        if (empty($obj)) {            

        return null;        

        }

        return $obj;   

    }            

    function getResultObject() {  

        return $this->_response; 

    }            

    function verifyLicense() {   

    return true;  

    }                    

    function go_server_license($licensekey, $localkey = 'nulled') {       

    //$whmcsurl = 'http://order.eicra.com/';        

    $licensing_secret_key = 'eicra.com.bd@2007';        

    //$check_token =  cjcjgijcbh( difacgebed( 1000000000, 9999999999 ) . $licensekey );        

    $checkdate = date( 'Ymd' );        

    $usersip = (isset( $_SERVER['SERVER_ADDR'] ) ? $_SERVER['SERVER_ADDR'] : $_SERVER['LOCAL_ADDR']);        

    $localkeydays = 1191;        

    $allowcheckfaildays = 1181;        

    $localkeyvalid = true;

        if (!$localkey) {            

            $localkey = $localkey ;

            $localdata = $localkey;            

            $md5hash = "ok";

            if ($md5hash == "ok") {

            $localdata = $localdata;                

            $md5hash = $localdata;                

            $localdata = $localdata;                

            $localdata = $localdata;                

            $localkeyresults = $localdata;               

            $originalcheckdate = $localkeyresults['checkdate'];

            if ($md5hash == "ok" ){                    

            $localexpiry = date( 'Ymd', strtotime( 0, 0, 0, date( 'm' ), date( 'd' ) - $localkeydays, date( 'Y' ) ) );        

            if ($localexpiry < $originalcheckdate) {                        

            $localkeyvalid = false;                        

            $results = $localkeyresults;                        

            $validdomains = explode( ',', $results['validdomain'] );

            if (!in_array( $_SERVER['SERVER_NAME'], $validdomains )) {                            

            $localkeyvalid = false;                            

            $localkeyresults['status'] = 'Invalid';                            

            $results = array(  );                        

            }

            $validips = explode( ',', $results['validip'] );

            if (!in_array( $usersip, $validips )) {                            

            $localkeyvalid = false;                            

            $localkeyresults['status'] = 'Invalid';                            

            $results = array(  );                        }

            if ($results['validdirectory'] != dirname( __FILE__ )) {                            

            $localkeyvalid = false;                            

            $localkeyresults['status'] = 'Invalid';                            

            $results = array(  );                        

            }                    

            }                

            }            

            }        

            }

            if ($localkeyvalid) {            

            $postfields['licensekey'] = $licensekey;            

            $postfields['domain'] = $_SERVER['SERVER_NAME'];            

            $postfields['ip'] = $usersip;            

            //$postfields['dir'] = dirname( __FILE__ );

            if ($check_token) {                

            $postfields['check_token'] = $check_token;            }

            if (!$data) {            

            //    $localexpiry = date(strtotime);                

            }

            //preg_match_all('/<(.*?)>([^<]+)<\/\1>/i', $data, $matches);            

            $results = array(  );

            $results['status']="Active";

            if ($results['status'] == 'Active') {                

            $results['checkdate'] = $checkdate;                                

            $results['localkey'] = "Active";            

            }

            $results['remotecheck'] = true;        

            }

            $iamok = true;$results['status'] == 'Active';return $results;    }                

            function check_license($licensekey, $localkey = '') {            

                $results['status'] = 'Active';

                return $results;    

            }

            function getProductType() {        

            return '5';    

            }

    }

?>

(10-08-2013 09:57 AM)jurigaja Wrote: [ -> ]are u can open http://localhost/phpholidays/Hotels for example ... cause i can't open it

//decaaecefe('/<(.*?)>([^<]+)<\/\1>/i', $data, $matches);

change to //preg_match_all('/<(.*?)>([^<]+)<\/\1>/i', $data, $matches);

for php holiday 2.9.1

Code:

<!--?php class Eicra_License_Version { private $_config = null; private $_response = null; private $_error = null; function __construct($adaptar = null) { return; } function checkModulesLicense() { return true; } function getJQueryVersion() { return '1.9.1'; } function getJQueryUIVersion() { return '1.10.2'; } function getVersion() { return '2.9.1'; } function sendInfo() { return true; } function isLicensed() { return true; } function getLicensedModules() { return true; } function getArrayResult() { $result = $this->getRawBody(); if (empty($result)) { return null; } return Zend_Json::decode($result); } function getRawBody() { $obj = $this->getResultObject(); if (empty($obj)) { return null; } return $obj; } function getResultObject() { return $this->_response; } function verifyLicense() { return true; } function go_server_license($licensekey, $localkey = 'nulled') { //$whmcsurl = 'http://order.eicra.com/'; $licensing_secret_key = 'eicra.com.bd@2007'; //$check_token = cjcjgijcbh( difacgebed( 1000000000, 9999999999 ) . $licensekey ); $checkdate = date( 'Ymd' ); $usersip = (isset( $_SERVER['SERVER_ADDR'] ) ? $_SERVER['SERVER_ADDR'] : $_SERVER['LOCAL_ADDR']); $localkeydays = 1191; $allowcheckfaildays = 1181; $localkeyvalid = true; if (!$localkey) { $localkey = $localkey ; $localdata = $localkey; $md5hash = "ok"; if ($md5hash == "ok") { $localdata = $localdata; $md5hash = $localdata; $localdata = $localdata; $localdata = $localdata; $localkeyresults = $localdata; $originalcheckdate = $localkeyresults['checkdate']; if ($md5hash == "ok" ){ $localexpiry = date( 'Ymd', strtotime( 0, 0, 0, date( 'm' ), date( 'd' ) - $localkeydays, date( 'Y' ) ) ); if ($localexpiry < $originalcheckdate) { $localkeyvalid = false; $results = $localkeyresults; $validdomains = explode( ',', $results['validdomain'] ); if (!in_array( $_SERVER['SERVER_NAME'], $validdomains )) { $localkeyvalid = false; $localkeyresults['status'] = 'Invalid'; $results = array( ); } $validips = explode( ',', $results['validip'] ); if (!in_array( $usersip, $validips )) { $localkeyvalid = false; $localkeyresults['status'] = 'Invalid'; $results = array( ); } if ($results['validdirectory'] != dirname( __FILE__ )) { $localkeyvalid = false; $localkeyresults['status'] = 'Invalid'; $results = array( ); } } } } } if ($localkeyvalid) { $postfields['licensekey'] = $licensekey; $postfields['domain'] = $_SERVER['SERVER_NAME']; $postfields['ip'] = $usersip; //$postfields['dir'] = dirname( __FILE__ ); if ($check_token) { $postfields['check_token'] = $check_token; } if (!$data) { // $localexpiry = date(strtotime); } //preg_match_all('/<(.*?)>([^<]+)<\/\1>/i', $data, $matches); $results = array( ); $results['status']="Active"; if ($results['status'] == 'Active') { $results['checkdate'] = $checkdate; $results['localkey'] = "Active"; } $results['remotecheck'] = true; } $iamok = true;$results['status'] == 'Active';return $results; } function check_license($licensekey, $localkey = '') { $results['status'] = 'Active'; return $results; } function getProductType() { return '5'; } } ?>

hi i disconected this line
//decaaecefe('/<(.*?)>([^<]+)<\/\1>/i', $data, $matches);

problem not with this line
here is online demo
http://phphol.qaidi.info/

you need .htaccess some public version not include it or you can find it in Website folder
or get it here

PHP Code:

############################################# SERVER WISE SETTINGS############################################## uncomment these lines for CGI mode## make sure to specify the correct cgi php binary file name## it might be /cgi-bin/php-cgi
#    Action php5-cgi /cgi-bin/php5-cgi#    AddHandler php5-cgi .php
############################################## GoDaddy specific options
#   Options -MultiViews
## you might also need to add this line to php.ini
##  cgi.fix_pathinfo = 1##  RewriteBase /##  AddHandler x-httpd-php5 .php## if it still doesn't work, rename php.ini to php5.ini
############################################## this line is specific for 1and1 hosting
    #AddType x-mapp-php5 .php    #AddHandler x-mapp-php5 .php

############################################# CUSTOM SEO FRIENDLY URL REWRITING############################################

<IfModule mod_rewrite.c>RewriteEngine OnRewriteCond %{REQUEST_FILENAME} -s [OR]RewriteCond %{REQUEST_FILENAME} -l [OR]RewriteCond %{REQUEST_FILENAME} -dRewriteRule ^.*$ - [NC,L]RewriteRule ^.*$ index.php [NC,L]
</IfModule>
############################################## default index file
    DirectoryIndex index.php
############################################## The code below should help against Local and Remote File Inclusion attacks.

RewriteCond %{REQUEST_METHOD} GETRewriteCond %{QUERY_STRING} (.*)(http|https|ftp):\/\/(.*)RewriteCond %{QUERY_STRING} ^.*=(ht|f)tp\://.*$ [NC]RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC]RewriteRule .* - [F]RewriteRule ^(.*)$ index.php [F,L]
############################################## use URL encoding in the http:// part
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]

############################################## Adding the following directive should give you an additional layer of security ## against this type of attacks using the proc/self/environ method.
 RewriteCond %{QUERY_STRING} proc\/self\/environ [NC,OR] 

############################################ disable user agent verification to not break multiple image upload
    #php_flag suhosin.session.cryptua off    
############################################# PASS THE DEFAULT CHARACTER SET############################################
AddDefaultCharset utf-8
############################################# DISABLE THE SERVER SIGNATURE############################################
ServerSignature Off
############################################# SECURE HTACCESS FILE############################################
<Files .htaccess> order allow,deny deny from all</Files>
################################# UPDATING TEMPLATES, JAVASCRIPT OR CSS FILE WITHOUT HITTING MOD_SECURITY.# THIS SETTING MOSTLY HANDY WHEN YOU ARE MODIFYING TEMPLATES FROM ADMIN AREA.################################
<IfModule mod_security.c>SecFilterEngine OffSecFilterScanPOST Off</IfModule>
################################# Disable directory browsing################################


################################# PROTECT .htaccess and .htpasswd FILES################################
<FilesMatch "^\.ht">  Order allow,deny  Deny from all  Satisfy all</FilesMatch>
################################# PREVENT FILE VIEWING WITH HTACCESS################################


################################# PPROTECT CONFIG.* FILES################################
<FilesMatch "^(.*)\.(inc|txt|dat|shtml|exe|dll|pl|cgi|jsp|asp|aspx|ini|sh|zip)$">  AddDefaultCharset UTF-8  Order deny,allow  Deny from all</FilesMatch>

############################################# DISABLING EXECUTING OF FOLLOWING FILES.############################################

############################################## workaround for HTTP authorization## in CGI environment
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]    <IfModule mod_expires.c>
############################################## Add default Expires header## http://developer.yahoo.com/performance/rules.html#expires
    ExpiresDefault "access plus 1 year"
</IfModule>

############################################## If running in cluster environment, uncomment this## http://developer.yahoo.com/performance/rules.html#etags
    #FileETag none 

I think still can find how to solving but step by step not fast mode since not want to share the nulled version. I will help u mrqaidi, we learn together with other forum ppl

(10-08-2013 10:05 AM)jurigaja Wrote: [ -> ]I think still can find how to solving but step by step not fast mode since not want to share the nulled version. I will help u mrqaidi, we learn together with other forum ppl

yes we will decode this big script also i have all Eicra Soft versions , when we stop license , then we can use all version for free

Angry

Wow are u buy that license from Eicra ? That expensive

senoob

jaliee85

jurigaja

jurigaja

mrqaidi

jurigaja

mrqaidi

jurigaja

mrqaidi

jurigaja