如何转换 Base64 字符串？

发布于 2024-10-09 12:06:21 字数 1234 浏览 1 评论 0原文

我正在使用下载的 PHP 模板，当我熟练地操作它时，我意识到它的一部分已经以似乎是 base64 的方式加密了。

我尝试了一些在线转换，但运气不佳。

我有这段代码，后面是标签：

<?$OOO0O0O00=__FILE__;$O00O00O00=__LINE__;$OO00O0000=3804;eval((base64_decode('JE8wMDBPME8wMD1mb3BlbigkT09PME8wTzAwLCdyYicpO3doaWxlKC0tJE8wME8wME8wMClmZ2V0cygkTzAwME8wTzAwLDEwMjQpO2ZnZXRzKCRPMDAwTzBPMDAsNDA5Nik7JE9PMDBPMDBPMD0oYmFzZTY0X2RlY29kZShzdHJ0cihmcmVhZCgkTzAwME8wTzAwLDM3MiksJzNzYWZaakc1NEhGcU1kTEFPZzl3Ykl6UFIvcGxLOCs3ZVVjeFFCV21ZMXVTNk5Ycmh2RENudDBFMlRvSmtWaXk9JywnQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVphYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ejAxMjM0NTY3ODkrLycpKSk7ZXZhbCgkT08wME8wME8wKTs=')));return;?>

我能够将其解码为：

$O000O0O00=fopen($OOO0O0O00,'rb');while(--$O00O00O00)fgets($O000O0O00,1024);fgets($O000O0O00,4096);$OO00O00O0=(base64_decode(strtr(fread($O000O0O00,372),'3safZjG54HFqMdLAOg9wbIzPR/plK8+7eUcxQBWmY1uS6NXrhvDCnt0E2ToJkViy=','ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/')));eval($OO00O00O0);

但是，在下面我有以下代码：

http: //pastebin.com/Z2uMwS9C

我不知道如何转换它。有什么想法吗？我觉得代码段太长了 - 我尝试用Notepad++转换它，它基本上说它太长了。

谢谢。

原文

I was using a downloaded PHP template, and when I was well into manipulating it, I realize part of it had been encrypted in what appears to be base64.

I tried a few online converts, with little luck.

I have this bit of code, followed by a ton of random characters outside the <? ?> tags:

<?$OOO0O0O00=__FILE__;$O00O00O00=__LINE__;$OO00O0000=3804;eval((base64_decode('JE8wMDBPME8wMD1mb3BlbigkT09PME8wTzAwLCdyYicpO3doaWxlKC0tJE8wME8wME8wMClmZ2V0cygkTzAwME8wTzAwLDEwMjQpO2ZnZXRzKCRPMDAwTzBPMDAsNDA5Nik7JE9PMDBPMDBPMD0oYmFzZTY0X2RlY29kZShzdHJ0cihmcmVhZCgkTzAwME8wTzAwLDM3MiksJzNzYWZaakc1NEhGcU1kTEFPZzl3Ykl6UFIvcGxLOCs3ZVVjeFFCV21ZMXVTNk5Ycmh2RENudDBFMlRvSmtWaXk9JywnQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVphYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ejAxMjM0NTY3ODkrLycpKSk7ZXZhbCgkT08wME8wME8wKTs=')));return;?>

I was able to decode it into this:

$O000O0O00=fopen($OOO0O0O00,'rb');while(--$O00O00O00)fgets($O000O0O00,1024);fgets($O000O0O00,4096);$OO00O00O0=(base64_decode(strtr(fread($O000O0O00,372),'3safZjG54HFqMdLAOg9wbIzPR/plK8+7eUcxQBWmY1uS6NXrhvDCnt0E2ToJkViy=','ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/')));eval($OO00O00O0);

However, below that I have this code:

http://pastebin.com/Z2uMwS9C

I have no clue how to convert it. Any ideas? I think the segments of code are too long - I tried to use Notepad++ to convert it, and it basically said it was too long.

Thanks.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

美人如玉 2024-10-16 12:06:21

这是我到目前为止所拥有的解压缩版本：

<?php
/* In the original file, this is __FILE__
   and __LINE__. I've hardcoded them in this
   script so that we can refer to the original
   file when actually running what follows. */
$this_file = 'original_file.php';
$this_line = 1; // originally __LINE__

/* Prepare the original script to be read */
$this_file_handle = fopen($this_file, 'rb');

/* Move the file cursor past the block of PHP */
while(--$this_line) {
  fgets($this_file_handle,1024);
}

/* Move the file cursor just a wee bit more,
   presumably to where the other data starts. */
fgets($this_file_handle,4096);

/* Read in the remaining data, run it through
   a character replacing function
   (3 --> A, s --> B, etc.), and base64-decode
   the result. */
$probably_malicious_code = (
  base64_decode(
    strtr(
      fread($this_file_handle,372),
      '3safZjG54HFqMdLAOg9wbIzPR/plK8+7eUcxQBWmY1uS6NXrhvDCnt0E2ToJkViy=',
      'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
    )
  )
);

/* Run the probably-evil code. */
eval($probably_malicious_code);

如果我们在最后一行使用 echo 而不是 eval，我们会得到第三级混淆。

INCEPTIO N

这是一个与第 3 级发生的情况等效的脚本：

<?php
/* Pulled in from level 1: */
$this_file = 'original_magic.php'; // originally __FILE__, refers to original file
$this_line = 1; // originally __LINE__
$level_three_read_amount = 3804;

/* Pulled in from level 2: */
$this_file_handle = fopen($this_file, 'rb');

while(--$this_line) {
  fgets($this_file_handle,1024);
}

fgets($this_file_handle,4096);

/* Level 3 decoding: */
$level_three_code = ereg_replace(
  '__FILE__',
  "'".$this_file."'", //
  base64_decode(
    strtr(
      fread($this_file_handle, $level_three_read_amount),
      '3safZjG54HFqMdLAOg9wbIzPR/plK8+7eUcxQBWmY1uS6NXrhvDCnt0E2ToJkViy=',
      'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
    )
  )
);

fclose($this_file_handle);
eval($level_three_code);

这次回显而不是评估最后一行会产生接近我们最终效果的东西：

global $traction; ;echo '   </div><!--end main-->
    <div id="main-bottom"></div>
</div><!--end wrapper-->
<div id="footer">
    <div class="wrapper clear">
        <div id="footer-about" class="footer-column">
            '; if ($traction->footerAboutState() == 'true') : ;echo '               <ul>
                    '; if ( !function_exists('dynamic_sidebar')|| !dynamic_sidebar('footer_sidebar_3') ) : ;echo '              <li class="widget widget_categories">
                            <h2 class="widgettitle">'; _e('Categories'); ;echo '</h2>
                            <ul>
                                '; wp_list_cats('sort_column=name&hierarchical=0'); ;echo '                 </ul>
                        </li>
                    '; endif; ;echo '           </ul>
            '; else : ;echo '               <h2>'; _e( 'About', 'traction' ); ;echo '</h2>
                '; if ($traction->footerAbout() != '' ) : ;echo '                   '; echo $traction->footerAbout(); ;echo '               '; else : ;echo '               <p>'; _e("Did you know you can write your own about section just like this one? It's really easy. Head into the the <em>Traction Options</em> menu and check out the footer section. Type some stuff in the box, click save, and your new about section shows up in the footer.", "traction"); ;echo '</p>
                '; endif; ;echo '           '; endif; ;echo '       </div>
        <div id="footer-middle" class="footer-column">
            '; if ( is_active_sidebar( 'footer_sidebar' ) ) echo "<ul>" ;echo '             '; if ( !function_exists( 'dynamic_sidebar' ) || !dynamic_sidebar( 'footer_sidebar' ) ) : ;echo '           <ul>
                        <li class="widget">
                            <h2 class="widgettitle">'; _e( 'Pages' ); ;echo '</h2>
                            <ul>
                                '; wp_list_pages( 'depth=0&title_li=' ); ;echo '                        </ul>
                        </li>
                    </ul>
                '; endif; ;echo '           '; if ( is_active_sidebar( 'footer_sidebar' ) ) echo "</ul>" ;echo '        </div>
        <div id="footer-search" class="footer-column">
            '; if ( is_active_sidebar( 'footer_sidebar_2' ) ) echo "<ul>" ;echo '               '; if ( !function_exists( 'dynamic_sidebar' ) || !dynamic_sidebar( 'footer_sidebar_2' ) ) : ;echo '         <h2>'; _e( 'Search', 'traction' ); ;echo '</h2>
                    '; if (is_file(STYLESHEETPATH . '/searchform.php' )) include (STYLESHEETPATH . '/searchform.php' ); else include(TEMPLATEPATH . '/searchform.php' ); ;echo '                '; endif; ;echo '           '; if ( is_active_sidebar( 'footer_sidebar_2' ) ) echo "</ul>" ;echo '      </div>
    </div><!--end wrapper-->
</div><!--end footer-->
<div id="copyright" class="wrapper">
    <p class="credit">Powered by <a href="http://www.free-premium-wordpress-themes.com" rel="dofollow">Free Premium Wordpress Themes</a> and <a href="http://thethemefoundry.com">The Theme Foundry</a></p>
    <p>Copyright © '; echo date

由于某种原因有点被切断，但它看起来这个想法只是包含版权，同时让你很难找到它。这是一件粗略的事情；删除此代码。

Here's my decompressed version of what we have so far:

<?php
/* In the original file, this is __FILE__
   and __LINE__. I've hardcoded them in this
   script so that we can refer to the original
   file when actually running what follows. */
$this_file = 'original_file.php';
$this_line = 1; // originally __LINE__

/* Prepare the original script to be read */
$this_file_handle = fopen($this_file, 'rb');

/* Move the file cursor past the block of PHP */
while(--$this_line) {
  fgets($this_file_handle,1024);
}

/* Move the file cursor just a wee bit more,
   presumably to where the other data starts. */
fgets($this_file_handle,4096);

/* Read in the remaining data, run it through
   a character replacing function
   (3 --> A, s --> B, etc.), and base64-decode
   the result. */
$probably_malicious_code = (
  base64_decode(
    strtr(
      fread($this_file_handle,372),
      '3safZjG54HFqMdLAOg9wbIzPR/plK8+7eUcxQBWmY1uS6NXrhvDCnt0E2ToJkViy=',
      'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
    )
  )
);

/* Run the probably-evil code. */
eval($probably_malicious_code);

If we use echo instead of eval at the last line, we get this, a third level of obfuscation.

I N C E P T I O N

Here's a script that's equivalent to what's going on at Level 3:

<?php
/* Pulled in from level 1: */
$this_file = 'original_magic.php'; // originally __FILE__, refers to original file
$this_line = 1; // originally __LINE__
$level_three_read_amount = 3804;

/* Pulled in from level 2: */
$this_file_handle = fopen($this_file, 'rb');

while(--$this_line) {
  fgets($this_file_handle,1024);
}

fgets($this_file_handle,4096);

/* Level 3 decoding: */
$level_three_code = ereg_replace(
  '__FILE__',
  "'".$this_file."'", //
  base64_decode(
    strtr(
      fread($this_file_handle, $level_three_read_amount),
      '3safZjG54HFqMdLAOg9wbIzPR/plK8+7eUcxQBWmY1uS6NXrhvDCnt0E2ToJkViy=',
      'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
    )
  )
);

fclose($this_file_handle);
eval($level_three_code);

Echoing instead of evaluating the last line this time produces something close to our final effect:

global $traction; ;echo '   </div><!--end main-->
    <div id="main-bottom"></div>
</div><!--end wrapper-->
<div id="footer">
    <div class="wrapper clear">
        <div id="footer-about" class="footer-column">
            '; if ($traction->footerAboutState() == 'true') : ;echo '               <ul>
                    '; if ( !function_exists('dynamic_sidebar')|| !dynamic_sidebar('footer_sidebar_3') ) : ;echo '              <li class="widget widget_categories">
                            <h2 class="widgettitle">'; _e('Categories'); ;echo '</h2>
                            <ul>
                                '; wp_list_cats('sort_column=name&hierarchical=0'); ;echo '                 </ul>
                        </li>
                    '; endif; ;echo '           </ul>
            '; else : ;echo '               <h2>'; _e( 'About', 'traction' ); ;echo '</h2>
                '; if ($traction->footerAbout() != '' ) : ;echo '                   '; echo $traction->footerAbout(); ;echo '               '; else : ;echo '               <p>'; _e("Did you know you can write your own about section just like this one? It's really easy. Head into the the <em>Traction Options</em> menu and check out the footer section. Type some stuff in the box, click save, and your new about section shows up in the footer.", "traction"); ;echo '</p>
                '; endif; ;echo '           '; endif; ;echo '       </div>
        <div id="footer-middle" class="footer-column">
            '; if ( is_active_sidebar( 'footer_sidebar' ) ) echo "<ul>" ;echo '             '; if ( !function_exists( 'dynamic_sidebar' ) || !dynamic_sidebar( 'footer_sidebar' ) ) : ;echo '           <ul>
                        <li class="widget">
                            <h2 class="widgettitle">'; _e( 'Pages' ); ;echo '</h2>
                            <ul>
                                '; wp_list_pages( 'depth=0&title_li=' ); ;echo '                        </ul>
                        </li>
                    </ul>
                '; endif; ;echo '           '; if ( is_active_sidebar( 'footer_sidebar' ) ) echo "</ul>" ;echo '        </div>
        <div id="footer-search" class="footer-column">
            '; if ( is_active_sidebar( 'footer_sidebar_2' ) ) echo "<ul>" ;echo '               '; if ( !function_exists( 'dynamic_sidebar' ) || !dynamic_sidebar( 'footer_sidebar_2' ) ) : ;echo '         <h2>'; _e( 'Search', 'traction' ); ;echo '</h2>
                    '; if (is_file(STYLESHEETPATH . '/searchform.php' )) include (STYLESHEETPATH . '/searchform.php' ); else include(TEMPLATEPATH . '/searchform.php' ); ;echo '                '; endif; ;echo '           '; if ( is_active_sidebar( 'footer_sidebar_2' ) ) echo "</ul>" ;echo '      </div>
    </div><!--end wrapper-->
</div><!--end footer-->
<div id="copyright" class="wrapper">
    <p class="credit">Powered by <a href="http://www.free-premium-wordpress-themes.com" rel="dofollow">Free Premium Wordpress Themes</a> and <a href="http://thethemefoundry.com">The Theme Foundry</a></p>
    <p>Copyright © '; echo date

It's a bit cut off for some reason, but it looks like the idea is just to include copyright while making it ridiculously difficult for you to find it. This is sketchy business; remove this code.

回复收藏 0 原文

~没有更多了~