Category Archives: Miscellaneous

Anything and Everything

Linux, Miscellaneous

Decode eval gzinflate base64_decode

Leave a comment

I had to install a wordpress theme for a customer. I’m not a web developer by any means, so lucky for me wordpress is pretty straight forward. The theme they wanted to use was “free”, but had a footer with links to the theme’s developer site. Unfortunately the developer’s site was no longer functioning. A brief search for their company yielded similar results – all landing website pages or 404 error sites.

The terms and conditions for the theme stated that you could remove the footer only if you paid $29.95 to the company. As there was no company to pay, a “gray area” was presented. Should I just remove the footer and be done with my day? The customer requested that I adhere to the terms and conditions but make sure that the links would not go to unknown websites for fear that a malicious link could be used. They also requested that an RSS feed link be removed from the footer.

I go to edit the footer and notice the following PHP code:
gzinflate(base64_decode('bVJRa9swEH4P5D9cTTrZEKdjG3tYbIeydexlfUhgMMYQtnWxRWTJk+RkWcl/n2S7bUirB+t8p/u+u+9ulSWM76EUuTFp8FUpizrIphNw52Uk5lI+x89PkkOtcZsGyaqtWyiE+qrjcqpBoY97RTgsSLWGVBY94zh3bvIp5qWQAlluBabDe$
Well how do I know this obfuscated PHP script isn’t going to send customers to malicious sites? I need to see the decoded PHP!

Scripting to the rescue!

Easiest way is to have a linux server laying around. I have a fully patched 10.04LTS Ubuntu server just for this purpose (VMWare Server).

Make the following PHP file:

< ? php /* Taken from http://www.php.net/manual/de/function.eval.php#59862 Directions: 1. Save this snippet as decrypt.php 2. Save encoded PHP code in coded.txt 3. Create a blank file called decoded.txt (from shell do CHMOD 0666 decoded.txt) 4. Execute this script (visit decrypt.php in a web browser or do php decrypt.php in the shell) 5. Open decoded.txt, the PHP should be decrypted */ echo "\nDECODE nested eval(gzinflate()) by DEBO Jurgen \n\n";
echo "1. Reading coded.txt\n";
$fp1 = fopen ("coded.txt", "r");
$contents = fread ($fp1, filesize ("coded.txt"));
fclose($fp1);
echo "2. Decoding\n";
while (preg_match("/eval\(gzinflate/",$contents)) {
$contents=preg_replace("/< \?|\?>/", "", $contents); eval(preg_replace("/eval/", "\$contents=", $contents)); } echo "3. Writing decoded.txt\n"; $fp2 = fopen("decoded.txt","w"); fwrite($fp2, trim($contents)); fclose($fp2);
?>

Then follow the directions in the script. Or, if you’re like me, just create the following:
coded.txt (this file will have the ENTIRE PHP portion – everything from “eval(gzinflate” to the last “);”)
decoded.txt (make sure it’s writeable – either 0666 or 0777)
Run the script
Open the decoded.txt file

Miscellaneous, Networking

In-Wall Cable Ratings

Leave a comment

When installing some coaxial (RG6) cable in a home, you really don’t have too many things to worry about. No fire marshal is going to fine you for having the wrong type of cable installed.

At a business, on the other hand, you have quite a few things to worry about:
Is the cable going to be installed in the wall or just be out in the open?
Is it going to be installed in a plenum or a standard ceiling riser?
http://www.bluejeanscable.com/articles/inwallrating.htm – THE place to check all this information out.

I won’t bother copying everything, but here’s the gist of it:
CMP – Rated for all in-wall, in-riser, or in-plenum applications
CMR – Rated for all in-wall, in-riser applications
CM – Rated for all in-wall applications

Why the different ratings? Plenum covered wires don’t give off a toxic smoke when burned. I assume that the in-riser cables take a bit more heat to give off the fumes and that standard CM rated cables don’t really help much against the spread of fire. In all of my residential and most of my commercial jobs I’ve installed CMR cable, and anytime I’ve installed in the plenum I’ve used CMP wire.

Miscellaneous

Happy 4th Anniversary

Leave a comment

Four Long Years.

I look back on some of my early posts and see a completely different style of writing. That added to the fact that most of the “issues” were fairly easy in nature, and you can see how far I’ve come.

I’m glad I could write all this up here. It’s helped me more than a few times. It’s helped others more than a few times. And it’s still free.

Says I’m at Post 488. I’ve gone through 3 style changes (well, the site, so not technically “me”), 2 jobs, and several life-changing events in the past 4 years. Hopefully the next 4 years are just as interesting.

Miscellaneous

Comments

Leave a comment

I’m not a big fan of Captcha use – sometimes it’s just a pain in the buttock. But I am even more of a not-big-fan of SPAM comments. They actually serve no purpose whatsoever. About 70% of the SPAM is for a site that doesn’t exist. 10% is for sites that exist and run just fine. The other 20% is for a site that does exist, but isn’t actually in the comments section – it’s in the SPAM bot’s website. A lot of good those do, right? That means 10% of all those comments (over 400 just this year) actually work. Now it’s obvious that I have been moderating them so no one else can see, but 360 comments this year have been utter BS.

So, starting today, I finally implemented the Captcha service for signing up for new users/making comments on the site. But I also made it so that all new comments are posted without delay (hopefully), so no more moderation (also hopefully).

***EDIT***

I’ve noticed that bots are still getting through. So I made the Captcha difficulty Medium instead of Easy. I have also added XSS JAVA based blocking protocols to the site, so hopefully that curbs the SPAM a little more. I guess I’ll always have to moderate it at least a little.

Microsoft, Miscellaneous

Asus O!Play Audio Is Unsupported

Leave a comment

OK, before I get too far into things, here’s my setup:
4.5TB NAS on Gig Ethernet
Asus O!Play on Gig Ethernet

The NAS is running FreeNAS 0.7 x64 and runs at a balmy 45MB/sec usually. I’d love to upgrade to hardware RAID, but the budget constraints…
The Asus O!Play is model HDP-R1, and it’s been fully updated to the newest firmware (I think 1.22a or something along those lines – if it matters post and I’ll fix it)

I rip all of my DVDs to the NAS for instant retrieval later. I also have a bunch of my music on there also, but that doesn’t matter nearly as much (and the O!Play isn’t very good at music playing anyway). Playing DVD’s as ISOs is a very awesome feature that I use at least once a week at home. But, unfortunately, there isn’t much – if any – upscaling to DVDs on the O!Play. WYSIWYG.

But then I started to rip my Bluray collection. Let me put it this way:
DVD’s ripped: 4GB Average File Size
BD’s ripped: 22GB Average File Size

My 4050GB worth of usable space on the NAS:
DVD’s ripped: 1012.5 total movies
BD’s ripped: 184.1 total movies

You can see my $1200 NAS system will be overrun shortly if I rip too many BDs!

Oh, onto the meat of the problem. I ripped my first two BD’s and attempted to play them on the computer. ISO was not cooperating with WMplayer or VLCplayer. I could, however, select the .m2ts file (DriveLetter:\BDMV\STREAM\sometime.m2ts) and play that using VLC. So I figured I’d try to play it on the O!Play.

Playback of the ISO was simple – just select the movie per usual and it starts playing. But it will not play the true high def audio. 5.1 will play, but not truehd. Unfortunately the first movie only had English in truehd audio format. Booo.

Basically you need to take that fully awesome audio and convert it to 99% fully awesome audio. The way to do this for free:

Download TSMuxer
Unpack TSMuxer
Run tsMuxerGUI.exe
Add the .m2ts file
Under output, click the M2TS muxing radio button
Browse for location and filename to save
Click start muxing

This took roughly 15 minutes on my machine to complete.
I’m going to test either tonight or tomorrow and verify that it works, but the file was slightly smaller so maybe it did.

Miscellaneous

Useful DNS Stuff

1 Comment

DNS is great. Who wants to remember numbers when you can remember something easier?
http://it.thelibrarie.com or http://208.113.245.198? Well technically that’s a bad example as this site is running as an apache virtual host (the header file tells the server which site you’re actually look for). But you get the idea.

So, how many sites are actually on this same IP address? As of this writing: 71. Now that includes www.*.tld and *.tld, so it’s slightly inflated.
How do we know? I use a tool called YouGetSignal (http://www.yougetsignal.com/tools/web-sites-on-web-server/) to look it up. Pretty nice interface.

How about if you just want to see sub domains of a system? I found a decent way (although it doesn’t find all of them) to check:
Download DNSMap (http://code.google.com/p/dnsmap/downloads/list)
wget http://dnsmap.googlecode.com/files/dnsmap-0.30.tar.gz
tar zxvf dnsmap-0.30.tar.gz
cd dnsmap-0.30
make
cp ./dnsmap /usr/local/bin/dnsmap
dnsmap domain.tld -r /var/log/dnsmap_domain.tld_log.txt

localadmin@external:~/dnsmap-0.30$ dnsmap thelibrarie.com
dnsmap 0.30 – DNS Network Mapper by pagvac (gnucitizen.org)

[+] searching (sub)domains for thelibrarie.com using built-in wordlist
[+] using maximum random delay of 10 millisecond(s) between requests

ftp.thelibrarie.com
IP address #1: 208.113.246.229

it.thelibrarie.com
IP address #1: 208.113.245.198

kj.thelibrarie.com
IP address #1: 208.113.246.229

mail.thelibrarie.com
IP address #1: 208.97.132.24

media.thelibrarie.com
IP address #1: 208.113.228.62

news.thelibrarie.com
IP address #1: 208.113.232.193

webmail.thelibrarie.com
IP address #1: 208.97.187.139

www.thelibrarie.com
IP address #1: 208.113.246.229

[+] 11 (sub)domains and 11 IP address(es) found
[+] completion time: 164 second(s)

I cut out a couple even though you can easily see which ones. Just to make it slightly more difficult for bots…