This is definitely a newbie question, since I'm not sure where to start on this.
I've used a PHP anti-spam form email script for years which was purchased from a developer (who has ceased their business) but is sometimes flagged as suspicious by our web host. It continues to work flawlessly, but I'd like to understand more what it's doing...
Is there a way to decode what is wrapped into the following:
<?php ob_start();?>FJ3HbutclkZfpYfV4IA5oRr1gznnzEmBOY....?>
The code, of course, is much longer than the above.
Your ideas, suggestions are most appreciated.
Dan
This appears to be a messily obfuscated hunk of open source classes, including PHPMailer. Full code is here. Note this looks pretty old and will not work as-is with PHP versions greater than 5.6.
Related
I wonder if it's possible to view a PHP code source in a way that https://j11y.io/jquery/ shows a JQ code. Of course I mean reading code from a given file, not from websites code.
I'm not looking for programs like the PHPdocumentor.
Thank you in advance for any reasonable reply.
P.S. For perfectionists - I'm searching for a nice website or software (and I would prefer that option, so that I can be quite sure about the security), which will give me such a useful ability. I'm disturbed after using CTRL-F all the time ;)
I'm not a pro with PHP
I'm not a pro with Webservers
Recently someone, somewhere has been managing to upload PHP spam scripts to my server. Though I can easily locate and delete these scripts, I can't figure out how they're working or where the backdoor is that leads the hacker back in to my server.
The script files uploaded declare a variable with every letter, number and symbol and then use arrays spell out the code that executes. For the past three days I've been manually trying to decode this but I'm getting sick and desperate of finding out what the code does in order to hopefully give me an insight in to how to fix my issue.
Can anyone help? Does anyone know something out there that can decode this for me? I'm only pasting a small part of the code so you can see what I mean. It's very, very long.
$z26="jmiO#sxhFnD>J\r/u+RcHz3}g\nd{^8 ?eVwl_T\\\t|N5q)LobU]40!p%,rC-97k<'y=W:P\$1BI&S6\"E(K`Y~.Q;f[v2a#X*ZAGtM";
$GLOBALS['zkmxz95'] = $z26[2].$z26[60].$z26[7].$z26[34].$z26[5].$z26[69].$z26[59];
$GLOBALS['cbimi76']($z26[73].$z26[3].$z26[56].$z26[78].$z26[76].$z26[36].$z26[35].$z26[36].$z26[80].$z26[67].$z26[76].$z26[35].$z26[40].$z26[3] , 5);
The above code, when decoded manually is:
define(SOCKET_TYPE_NO,5);
Recently someone, somewhere has been managing to upload PHP spam
scripts to my server....
Carefully follow https://codex.wordpress.org/FAQ_My_site_was_hacked
Recently I was asked to take over the programming updating task of a php website. Interestingly, when I open the .php files by dreamweaver and Notepad++, I realized the codes are being encripted, just like md5.
Actually, how this be done, while not affecting their functions in Apache environment? And is there any way that we can resume the codes back to normal php and html presentations?
Thanks!
It's probably something along the lines of this:
eval(base64_decode('gobbledigoog...'));
In that case, just replace the eval by echo:
echo base64_decode('gobbledigoog...');
It's likely that this will result in more eval('gobbledigoog'), as the code may be encoded several times recursively. In that case, keep doing the above until you get real code.
Have fun.
I've looked through several Google searches now, and continue to keep coming up empty when it comes to finding some end-user documentation for the File_PDF package.
A lot of people have pointed to FPDF, which is a predecessor, and as far I know, no longer compatible. FPDF hasn't been updated (http://fpdf.org/) since 2008, either.
I've found a few small snippets of code for File_PDF here and there, but nothing over like 20 lines of code.
Then I came across this little "nugget" of wealth: http://dev.horde.org/pdf/
There's plenty of examples, none of which I've looked through yet, but I'm hoping it does the trick.
In the mean time, does anyone else have some recommendations for PDF generation with PHP?
Last time I needed to generate PDF files with PHP that is what I used (admittedly back in '07) with no major problems.
Things change though and if File_PDF is more intuitive to use or has a better feature-set then you should obviously use it instead.
I feel obliged to point out that there appears to be a later version of File_PDF available at http://pear.php.net/package/File_PDF than at http://dev.horde.org/pdf/
Have you evaluated any of the PDF related classes at http://www.phpclasses.org?
Ended up using tcpdf, as many examples were provided from their site.
I am going to start working on a website that has already been built by someone else.
The main script was bought and then adjusted by the lead programmer. The lead has left and I am the only programmer.
Never met the lead and there are no papers, documentation or comments in the code to help me out, also there are many functions with single letter names. There are also parts of the code that are all compressed in one line (like where there should be 200 lines there is one).
There are a few hundred files.
My questions are:
Does anyone have any advice on how to understand this system?
Has anyone had any similar experiences?
Does anyone have a quick way of decompressing the lines?
Please help me out here. This is my first big break and I really want this to work out well.
Thanks
EDIT:
On regards to the question:
- Does anyone have a quick way of decompressing the lines?
I just used notepad++ (extended replace) and netbeans (the format option) to change a file from 1696 lines to 5584!!
This is going to be a loooonnngggg project
For reformatting the source, try this online pretty-printer: http://www.prettyprinter.de/
For understanding the HTML and CSS, use Firebug.
For understanding the PHP code, step through it in a debugger. (I can't personally recommend a PHP debugger, but I've heard good things about Komodo.)
Start by checking the whole thing into source control, if you haven't already, and then as you work out what the various functions and variables do, rename them to something sensible and check in your changes.
If you can cobble together some rough regression tests (eg. with Selenium) before you start then you can be reasonably sure you aren't breaking anything as you go.
Ouch! I feel your pain!
A few things to get started:
If you're not using source control, don't do anything else until you get that set up. As you hack away at the files, you need to be able to revert to previous, presumably-working versions. Which source-control system you use isn't as important as using one. Subversion is easy and widely used.
Get an editor with a good PHP syntax highlighter and code folder. Which one is largely down to platform and personal taste; I like JEdit and Notepad++. These will help you navigate the code within a page. JEdit's folder is the best around. Notepad++ has a cool feature that when you highlight a word it highlights the other occurrences in the same file, so you can easily see e.g. where a tag begins, or where a variable is used.
Unwind those long lines by search-and-replace ';' with ';\n' -- at least you'll get every statement on a line of its own. The pretty-printer mentioned above will do the same plus indent. But I find that going in and indenting the code manually is a nice way to start to get familiar with it.
Analyze the website's major use cases and trace each one. If you're a front-end guy, this might be easier if you start from the front-end and work your way back to the DB; if you're a back-end guy, start with the DB and see what talks to it, and then how that's used to render pages -- either way works. Use FireBug in Firefox to inspect e.g. forms to see what names the fields take and what page they post to. Look at the PHP page to see what happens next. Use some echo() statements to print out the values of variables at various places. Finally, crack open the DB and get familiar with its schema.
Lather, rinse, repeat.
Good luck!
Could you get a copy of the original script version which was bought? It might be that that is documented. You could then use a comparison tool like Beyond Compare in order to extract any modifications that have been made.
If the functions names are only one letter it could be that the code is encoded with some kind of tool (I think Zend had a tool like that - Zend Encoder?) so that people cannot copy it. You should try to find an unencoded version, if there is one because that would save a lot of time.