A WordPress site of a client was recently hacked due to a theme vulnerability and I am now in the process of cleaning up and fortifying. I found guncompress(base64_decoded code. When I decoded it I had more base64 in an array:
$GLOBALS['_1780441916_']=Array(base64_decode('' .'ZXJ' .'yb3Jfc' .'mVwb3J' .'0a' .'W5'.'n'),base64_decode('Y3VybF9pb' .'ml0'),base64_decode('c
How can I decode base64 in an array on my localhost?
Try to using evalhook.so.
You need:
PHP >= 5.2
php5-devel
PHP Zend Optimizer
download source from http://php-security.org/downloads/evalhook-0.1.tar.gz
then unpack and install it
tar xvfz evalhook-0.1.tar.gz
cd evalhook
phpize
./configure
make
sudo make install
and you can use it from console.
php -d extension=evalhook.so encoded_script.php
where encoded_script.php is your encoded script.
every time it ask you
Do you want to allow execution? [y/N]
Type Y if your code after execution have some "base64_decode" in it.
Then when you get something like that
$GLOBALS['_889997777_'] = Array(
...
$GLOBALS['_224568216_'][21]('Xr' . 'x8f7g=')
);
Just run after that var_export($GLOBALS['_889997777_']);die; and you get all functions name, than you can replace it. Here is link that can automate it http://pastebin.com/kBj4iqWh
Related
I have a simple php script set up, through which I put information into an MySQL database by the following URL query:
https://www.thesite.com/addinformation.php?WHERE_TO_LABEL_IT_AS&WHAT_TEXT_TO_ADD"
I call it from bash by simply using wget
wget --no-check-certificate --user=username --password='password' --delete-after https://www.thesite.com/addinformation.php?$LABELVARIABLE&$STRINGVARIABLE"
It works for my needs, but I would now like to use a similar way to add large chunks of text into the database. Perhaps even whole text files. What method would you recommend I read up on to do this?
You could save your content to a file, and post it using either wget or curl.
$ wget --post-file=<file path>
or
$ curl --data-binary #<file path>
I want to stream .amr audio files on my server. After spending a couple hours of research, it's clear to me that this is not feasible under the current state of html5 audio. Following this disappointing finding, I spent several additional hours looking for a simple way to convert .amr files to .ogg, with similarly disappointing results.
I'm shocked that after well over 10 years of use, there is no simple way to play/convert files encoded under this standard, but can someone please help me to find a usable solution? The closest viable options seem to be sox and ffmpeg. I'm ideally looking for a concise set of instructions for converting .amr to .ogg directly from php but using the command line would be fine.
I am about to dig into the specifics of using these two libraries but figured that I would post here in hopes that some kind soul might help enlighten others that are under time constraints and so do not wish to spend an afternoon untangling the use-case specifics of what should be a straightforward task. If someone else does not post, I will answer the question myself.
Here are some of the other 'answers' that I've found which led me to post here:
Converting 3gp (amr) to mp3 using ffmpeg api calls
https://stackoverflow.com/q/4899195/418584
Advice - How To Start Converting Video / Audio
Ffmpeg not converting properly to ogg
ffmpeg/PHP - Problems converting any video format to ogg - Choppy Video / No Audio - win64 (Poster actually seems to answer question themselves, and I'm about to pursue this route first, but no other answers and the fact that it's not specific to my question led me to post this anyway)
If you are about to mark this as 'off-topic' or close the question for some other reason, please consider the following:
A search on https://superuser.com/search?q=convert+.amr+to+.ogg, which is stated in at least one of the above links as the appropriate forum for the question, (as of today) results in 4 posts, none of which even remotely address this question.
The SO Posting Guidelines seem to me to be completely in alignment with this kind of question. I'm baffled as to why someone would close the questions that came up in my search. I'm a very experienced developer, asking a question directly related to development work that I'm doing, and have been blocked by an issue that I would like to provide a solution for to aid in other developers being held up by similar issues.
The fact that nothing came up in my search to save me from doing hours of research leads me to see this as a worthy question for SO. Please help restore my sentiment for this site which is a valuable resource but has left me cold due to so many of these kinds of senseless and seemingly indiscriminate post closings.
Thanks...
If you're in an environment where the tools are already installed, converting the file is actually a very simple procedure. For ffmpeg and sox, the commands in their most basic forms are just:
ffmpeg -i ./file.amr ./file.ogg
or
sox ./file.amr ./file.ogg
So if we upload a file with an input name of 'audio', from PHP this would look something like:
<?php
if (isset($_FILES['audio']) && is_file($TmpFile=$_FILES['audio']['tmp_name'])) {
// I name uploaded files as curr ms timestamp and track file data via db.
$NewFile = './uploads/'.round(microtime(true)*1000).'.ogg';
shell_exec("ffmpeg -i {$TmpFile} -acodec libvorbis ".$NewFile);
// You'll want to add other file data to the database here...
} else {
// Deal with bad file uploads...
}
?>
Unfortunately, my server environment doesn't have these tools installed, so I have to compile them manually. For my case specifically, I'm using a virtual shared host so I don't have universal access privileges on the system. Keep in mind that this is reflected in some of the code I'm using to install the various ffmpeg components.
cd ~/
curl -O http://ffmpeg.org/releases/ffmpeg-2.0.tar.gz
tar -xzvf ffmpeg-2.0.tar.gz
mv -fv ./ffmpeg-2.0 ./ffmpeg
rm -v ./ffmpeg-2.0.tar.gz
cd ~/ffmpeg
curl -O http://downloads.xiph.org/releases/ogg/libogg-1.3.1.tar.gz
tar -xzvf libogg-1.3.1.tar.gz
rm -v libogg-1.3.1.tar.gz
cd libogg-1.3.1
./configure --prefix="$HOME/ffmpeg" --disable-shared
make
make install
make distclean
cd ~/ffmpeg/
curl -O http://downloads.xiph.org/releases/vorbis/libvorbis-1.3.3.tar.gz
tar -xzvf libvorbis-1.3.3.tar.gz
rm -v libvorbis-1.3.3.tar.gz
cd libvorbis-1.3.3
./configure --prefix="$HOME/ffmpeg" --with-ogg="$HOME/ffmpeg" --disable-shared
make
make install
make distclean
cd ~/ffmpeg/
curl -O -L http://sourceforge.net/projects/opencore-amr/files/opencore-amr/opencore-amr-0.1.3.tar.gz
tar -xzvf opencore-amr-0.1.3.tar.gz
rm -v opencore-amr-0.1.3.tar.gz
cd opencore-amr-0.1.3
./configure --prefix="$HOME/ffmpeg" --disable-shared --bindir="$HOME/bin"
make
make install
make distclean
cd ~/ffmpeg/
curl -O http://www.tortall.net/projects/yasm/releases/yasm-1.2.0.tar.gz
tar -xzvf yasm-1.2.0.tar.gz
rm -v yasm-1.2.0.tar.gz
cd yasm-1.2.0
./configure --prefix="$HOME/ffmpeg" --bindir="$HOME/bin"
make
make install
make distclean
cd ~/ffmpeg/
mkdir ~/ffmpeg/tmp
chmod 777 ~/ffmpeg/tmp
export TMPDIR="$HOME/ffmpeg/tmp"
export PKG_CONFIG_PATH="$HOME/ffmpeg/lib/pkgconfig"
./configure --prefix="$HOME/ffmpeg" --extra-cflags="-I$HOME/ffmpeg/include" --extra-ldflags="-L$HOME/ffmpeg/lib" --bindir="$HOME/bin" --extra-libs="-ldl" --enable-gpl --enable-nonfree --enable-version3 --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libvorbis
make
make install
make distclean
rm -rfv $TMPDIR
export TMPDIR=""
export PKG_CONFIG_PATH=""
You could just copy and paste the above bash commands into a shell, or you could put them into an executable script, and it should take care of everything. You'll probably want to check for the newest versions of each component and update the code accordingly. You may also want to add other libraries if you're working with different file formats as well, but this boiled down to what I needed specifically.
You could also use:
git clone git://source.ffmpeg.org/ffmpeg.git ffmpeg
and eliminate the first block of code in the installation script if you have git installed, or if you have neither git nor curl you could just download each and upload to your server or use fget or something similar.
In all, this amounted to several hours of hunting down files, tracing compilation errors, tracking down the correct options for my scenario, and other aspects of this kind of tedium that makes up the worst of exactly what I like least about development work. I hope that this post might save others from this kind of unnecessary pain and suffering :-)
I'm trying to read the information on an RPM file through PHP. I know there is a PECL extension, but that would involve recompiling PHP on a server where I don't have that ability. So I'm looking for some way to read the tags off the RPM files. Any suggestions?
You can write a PHP script to execute bash command,
a simple example can be like:
$info = exec("rpm -qi {$RPM_PACKAGE_FILE}");
further study - http://www.rpm.org/max-rpm/ch-rpm-query.html
I am using PHP on Windows machin. I also use Dev C++. I can perfectly compile .cpp file on CMD using this command:
g++ hello.cpp -O3 -o hello.exe
Now what I am trying to do is running the same command using php system() function, so it looks like this:
system("g++ c:\wamp\www\grader\hello.cpp -O3 -o C:\wamp\www\grader\hello.exe");
but it doesn't compile. I am lost, please tell me what am I missing?
I also looked up at this question and thats exactly what I need, but I couldnt find a usefull solution for my case there:
Php script to compile c++ file and run the executable file with input file
Use the PHP exec command.
echo exec('g++ hello.cpp -O3 -o hello.exe');
should work.
There's a whole family of different exec & system commands in PHP, see here:
http://www.php.net/manual/en/ref.exec.php
If you want the output into a variable, then use :
$variable = exec('g++ hello.cpp -O3 -o hello.exe');
If that doesn't work, then make sure that g++ is available in your path, and that your logged in with sufficient enough privliges to allow it to execute.
You may find also that it's failing beacuse PHP is essentially being executed by your web server (Unless your also running PHP from the cmd prompt) , and the web server user ID may not have write access to the folder where G++ is trying to create the output file.
Temporarily granting write access to 'Everybody' on the output folder will verify if that is the case.
Two things:
You are using double quotes and are not escaping the \ inside the path.
You are not using a full path to g++.
The first one is important as \ followed by something has a special meaning in such a string (you might know \n as new line), the second one is relevant since the PHP environment might have a different search path.
A solution might be
system("c:\\path\\to\\g++ c:\\wamp\\www\\grader\\hello.cpp -O3 -o C:\\wamp\\www\\grader\\hello.exe");
Alternatively you can use single quotes, intead of double quotes, they use diffeent,less strict escaping rules
system('c:\path\to\g++ c:\wamp\www\grader\hello.cpp -O3 -o C:\wamp\www\grader\hello.exe');
or use / instead of \, which is supported by windows, too.
system("c:/path/to/g++ c:/wamp/www/grader/hello.cpp -O3 -o C:/wamp/www/grader/hello.exe");
What you do is your choice, while many might consider the first one as ugly, and the last one as bad style on Windows ;-)
Thanks to everyone. I tried to run the codes given in above posts and it worked like a charm.
I ran the following code using my browser
$var = exec("g++ C:/wamp/www/cpp/hello.cpp -O3 -o C:/wamp/www/cpp/hello.exe");
echo $var;
The exe file is created. I am able to see the result when i run the exe file but the problem is when i run the above code in the browser, the result is not displayed on the webpage. I gave full access permission to all users but still give does not show the result on the webpage.
I really need help on this since i am doing a project on simulated annealing where i want to get the result from compiled c++ program and display it in the webpage with some jquery highcharts.
Thanks again to all, it has helped me alot and i have learnt alot as well.
I want to know how this FFMPEG to integrate in php. I want to encode video. I got this link earlier to refer
http://youtubeclone.wordpress.com/2007/05/26/how-to-convertencode-files-to-flv-using-ffmpeg-php/
but dont know where to point this
$ffmpegPath = "/path/to/ffmpeg";
$flvtool2Path = "/path/to/flvtool2";
here we have to give the path "/path/to/ffmpeg", "/path/to/flvtool2". I am little bit confused what to do or how to integrate ffmpeg, flvtool2 in php
exec("ffmpeg -i /tmp/orig.mov /tmp/output.mp4");
You don't need those $ffmpegPath variables on a properly configured system. Rather than employing pseudo security, you should escape input and output filenames using escapeshellarg().
Conversion options are available in the ffmpeg manual or man page. Google will know more about your flvtool2.