Well i got a php code encrypted, i thought it could be zend guard encrypt but it is not.
I post it in this link: http://pastebin.com/NxqmC4ku
I don't know if it possible to know.
Thanks.
Asked
Active
Viewed 72 times
-2
-
I dont know which engine this this, but I have already decoded it 80% , it tries to find if file that is run on has domains such `motorsautoshow gcarro` and similar and there is a spanish comment Este script est� bloqueado para outros dom�nios.Contacte XXX At scriptsite. site – BojanT Sep 30 '14 at 17:56
-
@BojanT could u tell me ? – StackAwalke Sep 30 '14 at 18:20
-
It is just a PHP that is scrambled, var dump each segment of code command by command, and don't let eval command to execute , replace variables and array keys such as `O0O000O00` to something meaningful and after few minutes you have pretty good idea whats going on. – BojanT Sep 30 '14 at 18:23
1 Answers
1
Oh dear, looks like your server got hacked. The code will decode and execute itself when run, it's obfuscated to obscure its function.
It's self-decoding. You can see the eval() in there. If you change it to a print() then it will display the code that it's trying to execute. This is nested several deeps, so each time you will need to change an eval() to a print() to see what's going on. Be very careful when doing this, every time you see a construct like $a($b) then it's doing a function call, so you'll need to stop it from doing the function call and just print out $a and $b.
Zebra North
- 11,412
- 7
- 37
- 49