Thread: Got hacked. What now?
View Single Post
  #35  
Old 10-17-2008, 12:26 AM
Quarterbore Quarterbore is offline
 
Join Date: Mar 2005
Location: Valley Forge PA
Posts: 538
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Thanks for the code and for your reference you should never send code like that unmodified. For example, if you get encrypted code like that if you modify the start of the encrypted code so it is changed...

From: eval(base64_decode('

To: eval(baNOCODEse64_decNOTode('

The code can not be executed! You really have to be careful with encrypted code like that as you never know everything it does until it is decrypted. Luckily, there are tools out there that can decript stuff pretty darned easily anymore.

--------------- Added [DATE]1224207351[/DATE] at [TIME]1224207351[/TIME] ---------------

I decripted the code and it was relatively harmless HTML code. There was nothing in there to log passwords as an example.

I am posting the code here just for the record and so you can see it. That nonsense of letters and numbers when decoded is the code that follows!

PHP Code:
echo "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">
<!-- saved from url=(0026)http://woot.king-nerd.com/ -->
<HTML 
dir=rtl><HEAD><TITLE>:.: Hacked By ِAb0-Salem :.:</TITLE>
<SCRIPT language=javascript src=\"index4_files/ads.js\"></SCRIPT>

<META http-equiv=Content-Type content=\"text/html; charset=windows-1256\">
<META http-equiv=Content-Language content=en-us>
<STYLE>TABLE.MsoNormalTable {
    FONT-SIZE: 10pt; FONT-FAMILY: \"Times New Roman\"; mso-style-parent: \"\"
}
.page {
    BACKGROUND: #000000; FONT: bold 12pt arial,verdana,helvetica,sans-serif; COLOR: #acacac
}
.vbmenu_popup {
    BORDER-RIGHT: #21728f 1px solid; BORDER-TOP: #21728f 1px solid; BACKGROUND: #000000; FONT: 8pt ms sans serif,arial; BORDER-LEFT: #21728f 1px solid; COLOR: #acacac; BORDER-BOTTOM: #21728f 1px solid
}
.thead {
    FONT-WEIGHT: normal; FONT-SIZE: 8pt; BACKGROUND: #000000 repeat-x left top; COLOR: #ebebeb; FONT-STYLE: normal; FONT-FAMILY: ms sans serif, arial; FONT-VARIANT: normal
}
TD.thead {
    PADDING-RIGHT: 4px; PADDING-LEFT: 4px; PADDING-BOTTOM: 4px; PADDING-TOP: 4px
}
.tborder {
    BACKGROUND: #000000
}
.alt1 {
    BACKGROUND: none transparent scroll repeat 0% 0%; COLOR: #acacac
}
DIV {
    COLOR: #000
}
DIV {
    FONT-FAMILY: arial,sans-serif
}
DIV.Section1 {
    page: Section1
}
</STYLE>
<BGSOUND src=\"\" loop=infinite>
<META content=\"MSHTML 6.00.2900.3314\" name=GENERATOR></HEAD>
<BODY text=#c0c0c0 vLink=#c0c0c0 aLink=#c0c0c0 link=#c0c0c0 bgColor=#000000>
<P></P>&nbsp;
<SCRIPT language=JavaScript> if (document.all){ Cols=15; Cl=24; Cs=50; Ts=12;  Tc='#008800'; Tc1='red'; MnS=25;  MxS=30;  I=Cs; Sp=new Array();S=new Array();Y=new Array(5,6); C=new Array();M=new Array();B=new Array(); RC=new Array();E=new Array();Tcc=new Array(\"x\",\"h\",\"a\",\"h\",1,\"x\"); document.write(\"<div id='Container' style='position:absolute;top:0;left:-\"+Cs+\"'>\"); document.write(\"<div style='position:relative'>\"); for(i=0; i < Cols; i++){ S[i]=I+=Cs; document.write(\"<div id='A' style='position:absolute;top:0;font-family:Arial;font-size:\" +Ts+\"px;left:\"+S[i]+\";width:\"+Ts+\"px;height:0px;color:\"+Tc+\";visibility:hidden'></div>\"); } document.write(\"</div></div>\"); for(j=0; j < Cols; j++){ RC[j]=1+Math.round(Math.random()*Cl);   Y[j]=0; Sp[j]=Math.round(MnS+Math.random()*MxS);  for(i=0; i < RC[j]; i++){ B[i]=''; C[i]=Math.round(Math.random()*1)+' '; M[j]=B[0]+=C[i]; } } function Cycle(){ Container.style.top=window.document.body.scrollTop; for (i=0; i < Cols; i++){ var r = Math.floor(Math.random()*Tcc.length); E[i] = '<font color='+Tc1+'>'+Tcc[r]+'</font>'; Y[i]+=Sp[i]; if (Y[i] > window.document.body.clientHeight){ for(i2=0; i2 < Cols; i2++){ RC[i2]=1+Math.round(Math.random()*Cl);   for(i3=0; i3 < RC[i2]; i3++){ B[i3]=''; C[i3]=Math.round(Math.random()*1)+' '; C[Math.floor(Math.random()*i2)]=' '+' '; M[i]=B[0]+=C[i3]; Y[i]=-Ts*M[i].length/1; A[i].style.visibility='visible'; } Sp[i]=Math.round(MnS+Math.random()*MxS); } } A[i].style.top=Y[i]; A[i].innerHTML=M[i]+' '+E[i]+' '; } setTimeout('Cycle()',50) } Cycle(); } </SCRIPT>

<SCRIPT language=JavaScript> puchtit=\"] Ab0-Salem [\"; letrero2=\"·.¸¸.·´´¯`··._.··.¸¸.·´´¯`··._.··.¸¸.·´´¯\"; letrero1=\"·.¸¸.·´´¯`··._.··.¸¸.·´´¯`··._.··.¸¸.·´´¯\";;ultimo1=letrero1.length-1; ultimo2=letrero2.length-1; tiempo=setTimeout(\"scroll()\",.1); function scroll() { aux1=letrero1.charAt(ultimo1-1); letrero1=aux1+letrero1.substring(0,ultimo1-1); aux2=letrero2.charAt(0); letrero2=letrero2.substring(1,ultimo2+1)+aux2; window.status=\"(\" + letrero2 + puchtit + letrero1 + \")\"; tiempo=setTimeout(\"scroll()\",.1); return true; } // --> </SCRIPT>
 
<DIV style=\"COLOR: #000; FONT-FAMILY: arial,sans-serif\" align=center><SPAN 
style=\"HEIGHT: 30px\">
<DIV class=Section1>
<DIV 
style=\"WIDTH: 900px; COLOR: rgb(0,0,0); FONT-FAMILY: arial,sans-serif; HEIGHT: 374px\" 
align=center>
<TABLE style=\"WIDTH: 90%\" height=500 cellPadding=0 width=\"90%\" border=0>
  <TBODY>
  <TR>
    <TD 
    style=\"BORDER-RIGHT: red 0.75pt solid; PADDING-RIGHT: 0.75pt; BORDER-TOP: red 0.75pt solid; PADDING-LEFT: 0.75pt; FONT-WEIGHT: normal; FONT-SIZE: 14pt; PADDING-BOTTOM: 0.75pt; BORDER-LEFT: red 0.75pt solid; COLOR: rgb(28,176,129); PADDING-TOP: 0.75pt; BORDER-BOTTOM: red 0.75pt solid; FONT-STYLE: normal; FONT-FAMILY: verdana,geneva,lucida,'lucida grande',arial,helvetica,sans-serif; FONT-VARIANT: normal\"></FONT></B></FONT></FONT>
      <P align=center><SPAN lang=ar-sa><B><FONT face=\"Traditional Arabic\" 
      color=#ffffff size=5></FONT></B></SPAN>&nbsp;</P>
      <P dir=ltr align=center><B><FONT face=Verdana color=#e0e0e0>H0 H0, You G0t 
        Defaced<SPAN lang=en-us> Just Be CoOol And Learn</SPAN> 
      !</FONT></B></P><SPAN>
      <P align=center>&nbsp;</P></SPAN>
      <FONT face=\"Arial Narrow\" size=4>
    <P align=center>
    &nbsp;</P><SPAN>
      <P dir=ltr align=center><B><FONT face=Verdana color=#00ff00 
      size=5>&nbsp;</FONT></B><FONT face=Verdana color=#00ff00 
      size=5>[</FONT><B><FONT face=Verdana color=#00ff00 size=5> W3 Do Wh4t w3 
        s4y</FONT></B><FONT face=Verdana color=#00ff00 size=5> ]<SPAN 
      lang=ar-eg>&nbsp; </SPAN></FONT></P>
      <P dir=ltr align=center>&nbsp;</P>
      <P dir=ltr align=center>&nbsp;</P>
      <P dir=ltr align=center><SPAN style=\"TEXT-TRANSFORM: uppercase\"><FONT 
      face=\"Monotype Corsiva\"><SPAN lang=en-us><FONT color=#ffffff size=6>HaCkEd 
        By ;</FONT></SPAN></FONT></SPAN></P>
      <P dir=ltr align=center>&nbsp;</P>
      <P dir=ltr align=center><B><FONT face=Verdana 
      size=5>&nbsp;</FONT></B><FONT face=Verdana color=#999999 
      size=5>[</FONT><B><FONT face=Verdana color=#e0e0e0 size=5> Ab0-Salem 
      </FONT></B><FONT face=Verdana color=#999999 size=5>]</FONT></P>
      <P dir=ltr style=\"TEXT-ALIGN: center\"><FONT face=\"Courier New\" 
      color=#999999 size=4><B>Wh3r3 is The Security Dude ?</B></FONT></P>
      <P dir=ltr style=\"TEXT-ALIGN: center\"><B><FONT face=\"Courier New\" 
      color=#999999 size=4>&nbsp;Yeah, IT Seems Security Doomed to FAILURE 
      </FONT><FONT face=\"Microsoft Sans Serif\" color=#999999 size=4>(^_*) .. 
      </FONT></B></P>
      <P align=center><B><FONT face=Verdana color=#999999 size=2>Just Secure 
        Your Mind , Then Secure Your Site Dude !</FONT></B></P></SPAN>
      <P align=center><SPAN lang=ar-sa><FONT color=#ff00ff 
      size=4>==--===</FONT><FONT size=4><FONT 
      color=#ffff00>--===--===--=</FONT><FONT 
      color=#ff0000>==--===--===</FONT><FONT color=#ffff00>--===--</FONT><FONT 
      color=#008000>===--===--=</FONT></FONT><FONT color=#ffff00 
      size=4>==</FONT></SPAN></P>
      <P dir=ltr style=\"TEXT-ALIGN: center\"><FONT face=Verdana color=#ffffff>W3 
        M4k3 Th!s ++++en N3t</P>
      <P dir=ltr style=\"TEXT-ALIGN: center\">Try To Play With Us And U Will Know 
        The W3 r Th3 G4m3</FONT></P><SPAN>
      <P align=center><SPAN lang=ar-sa><FONT color=#ff00ff 
      size=4>==--===</FONT><FONT size=4><FONT 
      color=#ffff00>--===--===--=</FONT><FONT 
      color=#ff0000>==--===--===</FONT><FONT color=#ffff00>--===--</FONT><FONT 
      color=#008000>===--===--=</FONT></FONT><FONT color=#ffff00 
      size=4>==</FONT></SPAN></P></SPAN>
      <P align=center>&nbsp;</P><SPAN>
      <P dir=ltr align=center><B><FONT face=Verdana 
      size=5>&nbsp;</FONT></B><FONT face=Verdana color=#ff0000 
      size=5>[</FONT><B><FONT face=Verdana color=#e0e0e0 size=5> 
      Ab0-Salem</FONT></B><FONT face=Verdana color=#ff0000 
      size=5>]</FONT></P></SPAN>
      <P align=center><SPAN><FONT face=Verdana color=#ff0000 size=5><A 
      href=\"\"></A></FONT></SPAN></P>
      <P dir=ltr align=center><FONT face=Verdana color=#ff0000 size=5><A 
      ></A></FONT></P><SPAN>
      <P dir=ltr align=center>&nbsp;</P>
      <P dir=ltr align=center>&nbsp;</P></SPAN>
      <P align=center>&nbsp;</P>
      <P dir=rtl style=\"DIRECTION: rtl; unicode-bidi: embed\" align=center><EMBED 
      name=video pluginspage=http://www.real.com/player/ 
      src=http://www.members.lycos.co.uk/sn1p3r/mu/nana.rm width=165 height=62 
      hidden=true type=audio/x-pn-realaudio-plugin loop=\"true\" autostart=\"true\" 
      nojava=\"true\" controls=\"ControlPanel,StatusBar\" maintainaspect=\"false\"> 
      </P></TR></TBODY></TABLE></DIV></DIV></SPAN></DIV></BODY></HTML>
"
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01203 seconds
  • Memory Usage 1,848KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_php
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete