Current location: Hot Scripts Forums » Programming Languages » PHP » base64 decode

base64 decode

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 07-07-09, 08:54 PM
seachen seachen is offline
Newbie Coder
  
Join Date: Jun 2007
Posts: 33
Thanks: 0
Thanked 0 Times in 0 Posts
base64 decode
Hi,

May I know anyone got the idea of base64 decode?

Quote:
<?php eval(base64_decode('JGRvY3VtZW50ID0mIEpGYWN0b3J5Oj pnZXREb2N1bWVudCgpOw0KJGRvY3VtZW50LT5hZGRDdXN0b21U YWcoJGhlYWRlcl9jb2RlKTsNCmVjaG8gJE15Rm9ybS0+YWRkaG FzaCgpOw==')); ?>
Here is the code which i found in php, if i would like to change it to other content how to do?
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Share on FacebookShare on Stumble UponShare on Twitter
Reply With Quote
  #2 (permalink)  
Old 07-07-09, 09:25 PM
wirehopper's Avatar
wirehopper wirehopper is offline
Community Liaison
  
Join Date: Feb 2006
Posts: 2,050
Thanks: 9
Thanked 65 Times in 63 Posts
To me, that looks like the script got hacked, or it is placed there to hack.

It decodes to:

PHP Code:
$document =& JFactory::getDocument();
$document->addCustomTag($header_code);
echo $MyForm->addhash(); 
I think you should backup your database, clean the server, save any files you can, and upgrade.

Joomla! Developer - Core Security

To determine the extent of the problem, you can use grep -r GRvY3VtZW50ID0mIEpGYWN0b3J *. Then, you either have to remove the code from the files, or delete them. Check for .htaccess files, too.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Share on FacebookShare on Stumble UponShare on Twitter
Reply With Quote
  #3 (permalink)  
Old 09-22-09, 05:06 PM
xmatias xmatias is offline
New Member
  
Join Date: Sep 2009
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
DECODE eval(base64_decode
Quote:
Originally Posted by wirehopper View Post
To me, that looks like the script got hacked, or it is placed there to hack.

It decodes to:

PHP Code:
$document =& JFactory::getDocument();
$document->addCustomTag($header_code);
echo $MyForm->addhash(); 
I think you should backup your database, clean the server, save any files you can, and upgrade.

Joomla! Developer - Core Security

To determine the extent of the problem, you can use grep -r GRvY3VtZW50ID0mIEpGYWN0b3J *. Then, you either have to remove the code from the files, or delete them. Check for .htaccess files, too.

Please, can you helpme to decode this script, i try everythin but I can't decode it:

PHP Code:
<?php 
$o="QAAADjs4d293J25pZGtyY2InLwAAU0JKV0tGU0JXRlNPJyknIAABKGFiZnNydWJjKmFoaHMpAsAAQCAuPCc4OQoNDgAwO2NucSduEUBjOiUB0WJ1JQFwJwAUO281OURoAIB3fnVuYG9zJwZjYmRvaCdjZgMAc2IvJV4lBHIBlGVraGBuaWFoAgEvIGlmamIGIycqJ0ZraydVBAEACXQnVWJ0YnVxYmM7KAWACg0GVAAAJzt3OVNvYiclRGZhYidXdQAAYnR0JSdzb2JqYidlfj0nOwAAZidvdWJhOiVvc3N3PSgocAEFcHApcG5kbAzgcGh1Y3cDASoC8gIAdClkaGooA8Buc2tiOiVBdWIUsGInUAI1JwYwamIFoDkBjwGAOyhmOQwAJ2ZpYwb/BvB3dWhtYmRzaWZzFExma2ANwHUGkSU5VwFzJ0kBgQQROyhOQHcT1DsoFVAAxA5xCg0BIyc7JioqJ0AOYgaAcHVmd3didScqKgJwAfAcInARMHdYYRogYnUvFZIKDQGVF1JgYnNYAABod3NuaGkvIGBoaGBrYlhmAOBpZmt+c25kdBbzAxIGIFxuYSdOCABCJzFaBcA7dGR1bndzJ3N+d4AiEVBzYn9zKG1mcWYBYyU5JyAgKAAELUtoZmMnbVZyYnV+JwPAaWgAEHMnZmt1YmZjfidrAbBiYy0opAABgC8EQWhhApU6OicgcmljYmFuAABpYmMgLnwnY2hkcmpiaXMpGSBwdW4iAQe6WyUHzFslEaB0dWQ6W4IwHbVmbWZ/KQ2jZnduHPMBQShrbmUIEHQobXYJ8Sg2KTQpNQDUKWpuaQAUKW10WyU5OyglLCUNQzkpYXFmAAB1J1hYaWhkaGlha25kcyc6AMAnc3VyYjwneg8RAeFOQjFSV0MAFEZTQlhIV1NOSElUAjB8ENAOboBEA0B0WHdmc289JwmldHNmFmApbgwCYjFydy/BIBEob2h0c2JjKAFWKACvbmpmYGJ0KCUEYHoboCgJBACwAKMYT585GaElJxBRBq8GrwaoCJZtdA/RBgMe4SZcJeAQQG5hWiWFKGVoY34BkShvc2prOQ==";eval(base64_decode("JGxsbD0wO2V2YWwoYmFzZTY0X2RlY29kZSgiSkd4c2JHeHNiR3hzYkd4c1BTZGlZWE5sTmpSZlpHVmpiMlJsSnpzPSIpKTskbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd3OUoyOXlaQ2M3IikpOyRsbGxsPTA7JGxsbGxsPTM7ZXZhbCgkbGxsbGxsbGxsbGwoIkpHdzlKR3hzYkd4c2JHeHNiR3hzS0NSdktUcz0iKSk7JGxsbGxsbGw9MDskbGxsbGxsPSgkbGxsbGxsbGxsbCgkbFsxXSk8PDgpKyRsbGxsbGxsbGxsKCRsWzJdKTtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JHdzlKM04wY214bGJpYzciKSk7JGxsbGxsbGxsbD0xNjskbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGxsbGxsbGwoJGwpOyl7aWYoJGxsbGxsbGxsbD09MCl7JGxsbGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsbGxsbCs9JGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTskbGxsbGxsbGxsPTE2O31pZigkbGxsbGxsJjB4ODAwMCl7JGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8NCk7JGxsbCs9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbF0pPj40KTtpZigkbGxsKXskbGw9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSkmMHgwZikrMztmb3IoJGxsbGw9MDskbGxsbDwkbGw7JGxsbGwrKykkbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGxdPSRsbGxsbGxsbFskbGxsbGxsbC0kbGxsKyRsbGxsXTskbGxsbGxsbCs9JGxsO31lbHNleyRsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsKz0kbGxsbGxsbGxsbCgkbFskbGxsbGwrK10pKzE2O2ZvcigkbGxsbD0wOyRsbGxsPCRsbDskbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGwrK109JGxsbGxsbGxsbGwoJGxbJGxsbGxsXSkpOyRsbGxsbCsrOyRsbGxsbGxsKz0kbGw7fX1lbHNlJGxsbGxsbGxsWyRsbGxsbGxsKytdPSRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSk7JGxsbGxsbDw8PTE7JGxsbGxsbGxsbC0tO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JEMG5ZMmh5SnpzPSIpKTskbGxsbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkQwaVB5SXVKR3hzYkd4c2JHeHNiR3hzYkNnMk1pazciKSk7JGxsbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGw7KXskbGxsbGxsbGxsbC49JGxsbGxsbGxsbGxsbCgkbGxsbGxsbGxbJGxsbGxsKytdXjB4MDcpO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkM0OUpHeHNiR3hzYkd4c2JHd3VKR3hzYkd4c2JHeHNiR3hzYkNnMk1Da3VJajhpT3c9PSIpKTtldmFsKCRsbGxsbGxsbGwpOw=="));return;?>
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Share on FacebookShare on Stumble UponShare on Twitter
Reply With Quote
  #4 (permalink)  
Old 09-22-09, 05:38 PM
Nico's Avatar
Nico Nico is offline
Community Leader
  
Join Date: Sep 2005
Location: Spain
Posts: 7,563
Thanks: 5
Thanked 25 Times in 23 Posts
They went trough a lot of trouble just to encode this:
HTML Code:
?>	<?php include (TEMPLATEPATH . '/featured-foot.php'); ?>
	
	<div id="footer">
        <h2>Copyright <?php echo date("Y"); ?> <?php bloginfo('name'); ?> - All Rights Reserved</h2>
        <p>The "Cafe Press" theme by: <a href="http://www.wicked-wordpress-themes.com/" title="Free Wordpress Themes" >Free Wordpress Themes</a> and <a href="http://www.projectnatalgamer.com">Project Natal</a></p>

    </div>
        
</div> <!-- end wrapper -->

<?php wp_footer(); ?>

<?php echo get_option('google_analytics'); ?>

<!--[if IE 6]>
<script type="text/javascript"> 
	/*Load jQuery if not already loaded*/ if(typeof jQuery == 'undefined'){ document.write("<script type=\"text/javascript\"   src=\"http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.<acronym title="JavaScript">js</acronym>\"></"+"script>"); var __noconflict = true; } 
	var IE6UPDATE_OPTIONS = {
		icons_path: "http://static.ie6update.com/hosted/ie6update/images/"
	}
</script>
<script type="text/javascript" src="http://static.ie6update.com/hosted/ie6update/ie6update.<acronym title="JavaScript">js</acronym>"></script>
<![endif]-->

</body>
</html><?
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Share on FacebookShare on Stumble UponShare on Twitter
Reply With Quote
  #5 (permalink)  
Old 09-22-09, 09:24 PM
xmatias xmatias is offline
New Member
  
Join Date: Sep 2009
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Thanks a lot!!!
Can you teach me how can I decode it me self? Only if you want.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Share on FacebookShare on Stumble UponShare on Twitter
Reply With Quote
  #6 (permalink)  
Old 09-23-09, 05:03 AM
Nico's Avatar
Nico Nico is offline
Community Leader
  
Join Date: Sep 2005
Location: Spain
Posts: 7,563
Thanks: 5
Thanked 25 Times in 23 Posts
It was actually very easy.

Replace the eval() with echo() in the string you posted above. In that new code that appears, there'll be a lot of eval()s, but I just replaced the last one with echo(). And that's it really.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Share on FacebookShare on Stumble UponShare on Twitter
Reply With Quote
  #7 (permalink)  
Old 10-01-09, 06:46 PM
c20 c20 is offline
New Member
  
Join Date: Oct 2009
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
what about this one cant figure it out:

Code:
<?php  $o="QAAAOzh3b3cnYGJzWG9iZmNidQAQLy48Jzg5Cg0KDScAEDtjbnEAByduYzolZGhpc2JpcyUBoAFwADLhEAIjALECZmpmbmkCOw4ODgYjbmEnLwABb2ZxYlh3aHRzdC8uLic9BoLgnwQBAEUCo3BvbmtiAt9zbwPDChMDNQCCCKfwEADyAFABLwpCZGtmdHQ6JQSwZWtoYMBtCKEHM3RzbmRsflgB8gYDJQ9iAiEqAjOJbANAWE5DAdQ5JwYfDgE/CJAnB4kE8WNiPgBzdBI5AAAAJwRvBGEAQTtmJ291YmE6JYAICRd3YnVqZmtuaWwvLhTQJGRoP+BqahpQBg8D8QBICU0DjwAACicH0wMlWGlyamWAmSNQIDcgKycgNgBRIiAkJAAADCc7KCWQx4UkyAAAACc7KGYB7wwmEk8BtTtvNTkSj1gSiwApJSdzbnNrYjolVxPxaRMgJ0sUQA4AJ3NoJw3jHsECMlhmc3N1bmVyc3n4Yh+VAhwBcwrhOygHsAmfCZUBrwGlGNljZnMQAGIlOQZJamIvIEEnbVQrJ14ggEEeQSc7JioqJ2V+CqhmcnNvaDuAh/8gICcqKjkVvwalAIMIrwGBA28BYQBDAy8BgQuJm+IUMHV+LW8CcScysEBQADANd0TULyBERWBuBH9pcmInVUfAbmlgI78EMwBlCK8BoQvPAWHw8weRAAAAJwKjFENiaWMnHpBAlROxBfcKDQsWAoB8PnBJIVFzBaMAYw0TYmt0YkzCAVEEJwDhAhRpHQBjbmED4wH8MEAnR0I6JXdmYGJpZjwDcW4UXQMrBVIDaGZrbmBpa2JhWYAGwwoiaWJ/c1YjWEFyIEhrXUAnQmkscGJ+EHQkIhBDBY8BLx4pBqJ1bmBvBrZ3dWJxCD9uaHJ0BvpJYnBidQb/PM8hYAzRAEUJU/z4AOJntQDRAXQvQhiAJ2pmABqdAoEAQRATbmlkAABrcmNiJy9TQkpXS0ZTQldGAAFTTycpJyAodG5jYmVmdSofEX5hKW9AJs0QAwctKrQHUwoNBlNy4WFoaHNPkIAATsI=";eval(base64_decode("JGxsbD0wO2V2YWwoYmFzZTY0X2RlY29kZSgiSkd4c2JHeHNiR3hzYkd4c1BTZGlZWE5sTmpSZlpHVmpiMlJsSnpzPSIpKTskbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd3OUoyOXlaQ2M3IikpOyRsbGxsPTA7JGxsbGxsPTM7ZXZhbCgkbGxsbGxsbGxsbGwoIkpHdzlKR3hzYkd4c2JHeHNiR3hzS0NSdktUcz0iKSk7JGxsbGxsbGw9MDskbGxsbGxsPSgkbGxsbGxsbGxsbCgkbFsxXSk8PDgpKyRsbGxsbGxsbGxsKCRsWzJdKTtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JHdzlKM04wY214bGJpYzciKSk7JGxsbGxsbGxsbD0xNjskbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGxsbGxsbGwoJGwpOyl7aWYoJGxsbGxsbGxsbD09MCl7JGxsbGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsbGxsbCs9JGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTskbGxsbGxsbGxsPTE2O31pZigkbGxsbGxsJjB4ODAwMCl7JGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8NCk7JGxsbCs9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbF0pPj40KTtpZigkbGxsKXskbGw9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSkmMHgwZikrMztmb3IoJGxsbGw9MDskbGxsbDwkbGw7JGxsbGwrKykkbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGxdPSRsbGxsbGxsbFskbGxsbGxsbC0kbGxsKyRsbGxsXTskbGxsbGxsbCs9JGxsO31lbHNleyRsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsKz0kbGxsbGxsbGxsbCgkbFskbGxsbGwrK10pKzE2O2ZvcigkbGxsbD0wOyRsbGxsPCRsbDskbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGwrK109JGxsbGxsbGxsbGwoJGxbJGxsbGxsXSkpOyRsbGxsbCsrOyRsbGxsbGxsKz0kbGw7fX1lbHNlJGxsbGxsbGxsWyRsbGxsbGxsKytdPSRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSk7JGxsbGxsbDw8PTE7JGxsbGxsbGxsbC0tO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JEMG5ZMmh5SnpzPSIpKTskbGxsbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkQwaVB5SXVKR3hzYkd4c2JHeHNiR3hzYkNnMk1pazciKSk7JGxsbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGw7KXskbGxsbGxsbGxsbC49JGxsbGxsbGxsbGxsbCgkbGxsbGxsbGxbJGxsbGxsKytdXjB4MDcpO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkM0OUpHeHNiR3hzYkd4c2JHd3VKR3hzYkd4c2JHeHNiR3hzYkNnMk1Da3VJajhpT3c9PSIpKTtldmFsKCRsbGxsbGxsbGwpOw=="));return;
?>
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Share on FacebookShare on Stumble UponShare on Twitter
Reply With Quote
Reply

Bookmarks

« Class Issue | PHP include in a phpBB template »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] base64 decoding prob kiko08 PHP 8 05-19-08 04:00 AM
Decoding an XML base64 encoded data Archu ASP.NET 1 03-10-08 01:27 PM
base64 txt3rob PHP 4 03-05-07 11:36 AM
decode Pop3 email headers XxXoldsaltXxX PHP 0 11-03-04 09:24 PM


All times are GMT -5. The time now is 09:30 AM.
vBulletin® Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
CakePHP: the rapid development php framework