I had to install a wordpress theme for a customer. I’m not a web developer by any means, so lucky for me wordpress is pretty straight forward. The theme they wanted to use was “free”, but had a footer with links to the theme’s developer site. Unfortunately the developer’s site was no longer functioning. A brief search for their company yielded similar results – all landing website pages or 404 error sites.<\/p>\n
The terms and conditions for the theme stated that you could remove the footer only if you paid $29.95 to the company. As there was no company to pay, a “gray area” was presented. Should I just remove the footer and be done with my day? The customer requested that I adhere to the terms and conditions but make sure that the links would not go to unknown websites for fear that a malicious link could be used. They also requested that an RSS feed link be removed from the footer.<\/p>\n
I go to edit the footer and notice the following PHP code: Scripting to the rescue!<\/p>\n Easiest way is to have a linux server laying around. I have a fully patched 10.04LTS Ubuntu server just for this purpose (VMWare Server).<\/p>\n Make the following PHP file:<\/p>\n \n Then follow the directions in the script. Or, if you’re like me, just create the following: I had to install a wordpress theme for a customer. I’m not a web developer by any means, so lucky for me wordpress is pretty straight forward. The theme they wanted to use was “free”, but had a footer with links to the theme’s developer site. Unfortunately the developer’s site was no longer functioning. A … Continue reading Decode eval gzinflate base64_decode<\/span>
\ngzinflate(base64_decode('bVJRa9swEH4P5D9cTTrZEKdjG3tYbIeydexlfUhgMMYQtnWxRWTJk+RkWcl\/n2S7bUirB+t8p\/u+u+9ulSWM76EUuTFp8FUpizrIphNw52Uk5lI+x89PkkOtcZsGyaqtWyiE+qrjcqpBoY97RTgsSLWGVBY94zh3bvIp5qWQAlluBabDe$<\/code>
\nWell how do I know this obfuscated PHP script isn’t going to send customers to malicious sites? I need to see the decoded PHP!<\/p>\n< ? php\n\/*\nTaken from http:\/\/www.php.net\/manual\/de\/function.eval.php#59862\nDirections:\n1. Save this snippet as decrypt.php\n2. Save encoded PHP code in coded.txt\n3. Create a blank file called decoded.txt (from shell do CHMOD 0666 decoded.txt)\n4. Execute this script (visit decrypt.php in a web browser or do php decrypt.php in the shell)\n5. Open decoded.txt, the PHP should be decrypted\n*\/\necho \"\\nDECODE nested eval(gzinflate()) by DEBO Jurgen
\necho \"1. Reading coded.txt\\n\";
\n$fp1 = fopen (\"coded.txt\", \"r\");
\n$contents = fread ($fp1, filesize (\"coded.txt\"));
\nfclose($fp1);
\necho \"2. Decoding\\n\";
\nwhile (preg_match(\"\/eval\\(gzinflate\/\",$contents)) {
\n $contents=preg_replace(\"\/< \\?|\\?>\/\", \"\", $contents); eval(preg_replace(\"\/eval\/\", \"\\$contents=\", $contents)); } echo \"3. Writing decoded.txt\\n\"; $fp2 = fopen(\"decoded.txt\",\"w\"); fwrite($fp2, trim($contents)); fclose($fp2);
\n?><\/code><\/p><\/blockquote>\n
\ncoded.txt (this file will have the ENTIRE PHP portion – everything from “eval(gzinflate” to the last “);”)
\ndecoded.txt (make sure it’s writeable – either 0666 or 0777)
\nRun the script
\nOpen the decoded.txt file<\/p>\n","protected":false},"excerpt":{"rendered":"