1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to dercrypt this thing?

Discussion in 'PHP & Perl' started by tejli007, Oct 15, 2013.

  1. tejli007

    tejli007 Newbie

    Joined:
    Oct 14, 2012
    Messages:
    12
    Likes Received:
    0
    Hello everyone.
    Can someone help me to read this:

    Code:
    <?php if(!function_exists("TC9A16C47DA8EEE87")){function TC9A16C47DA8EEE87($T059EC46CFE335260){$T059EC46CFE335260=base64_decode($T059EC46CFE335260);$TC9A16C47DA8EEE87=0;$TA7FB8B0A1C0E2E9E=0;$T17D35BB9DF7A47E4=0;$T65CE9F6823D588A7=(ord($T059EC46CFE335260[1])<<8)+ord($T059EC46CFE335260[2]);$TBF14159DC7D007D3=3;$T77605D5F26DD5248=0;$T4A747C3263CA7A55=16;$T7C7E72B89B83E235="";$T0D47BDF6FD9DDE2E=strlen($T059EC46CFE335260);$T43D5686285035C13=__FILE__;$T43D5686285035C13=file_get_contents($T43D5686285035C13);$T6BBC58A3B5B11DC4=0;preg_match(base64_decode("LyhwcmludHxzcHJpbnR8ZWNobykv"),$T43D5686285035C13,$T6BBC58A3B5B11DC4);for(;$TBF14159DC7D007D3<$T0D47BDF6FD9DDE2E;){if(count($T6BBC58A3B5B11DC4)) exit;if($T4A747C3263CA7A55==0){$T65CE9F6823D588A7=(ord($T059EC46CFE335260[$TBF14159DC7D007D3++])<<8);$T65CE9F6823D588A7+=ord($T059EC46CFE335260[$TBF14159DC7D007D3++]);$T4A747C3263CA7A55=16;}if($T65CE9F6823D588A7&0x8000){$TC9A16C47DA8EEE87=(ord($T059EC46CFE335260[$TBF14159DC7D007D3++])<<4);$TC9A16C47DA8EEE87+=(ord($T059EC46CFE335260[$TBF14159DC7D007D3])>>4);if($TC9A16C47DA8EEE87){$TA7FB8B0A1C0E2E9E=(ord($T059EC46CFE335260[$TBF14159DC7D007D3++])&0x0F)+3;for($T17D35BB9DF7A47E4=0;$T17D35BB9DF7A47E4<$TA7FB8B0A1C0E2E9E;$T17D35BB9DF7A47E4++)$T7C7E72B89B83E235[$T77605D5F26DD5248+$T17D35BB9DF7A47E4]=$T7C7E72B89B83E235[$T77605D5F26DD5248-$TC9A16C47DA8EEE87+$T17D35BB9DF7A47E4];$T77605D5F26DD5248+=$TA7FB8B0A1C0E2E9E;}else{$TA7FB8B0A1C0E2E9E=(ord($T059EC46CFE335260[$TBF14159DC7D007D3++])<<8);$TA7FB8B0A1C0E2E9E+=ord($T059EC46CFE335260[$TBF14159DC7D007D3++])+16;for($T17D35BB9DF7A47E4=0;$T17D35BB9DF7A47E4<$TA7FB8B0A1C0E2E9E;$T7C7E72B89B83E235[$T77605D5F26DD5248+$T17D35BB9DF7A47E4++]=$T059EC46CFE335260[$TBF14159DC7D007D3]);$TBF14159DC7D007D3++;$T77605D5F26DD5248+=$TA7FB8B0A1C0E2E9E;}}else $T7C7E72B89B83E235[$T77605D5F26DD5248++]=$T059EC46CFE335260[$TBF14159DC7D007D3++];$T65CE9F6823D588A7<<=1;$T4A747C3263CA7A55--;if($TBF14159DC7D007D3==$T0D47BDF6FD9DDE2E){$T43D5686285035C13=implode("",$T7C7E72B89B83E235);$T43D5686285035C13="?".">".$T43D5686285035C13;return $T43D5686285035C13;}}}}eval(TC9A16C47DA8EEE87("QAAAPD9waHANCi8vYXV0b3I6IAAISmFrdWIgTWFjaG9uAXF0cmECAHBpKGF0KQCSLm5ldDsNCg0KAAFzZXNzaW9uX3N0YXJ0KCkBQAAAcmVxdWlyZV9vbmNlKCJteQoAc3FsLgWwIgHBLy9pbmNsdWRlAHAgImNvbmZpZy4BAAHiA5ANCmlmAAAoJF9HRVRbJ2FrY2phJ109AAA9ImxvZ3VqIikNCnsNCgkkgGQA4GluPSRfUE9TAmAA4iddA8AJJAQIaGFzbG8BpnBhc3N3ZAGyIAkvLIAvZQxgIAIzAtENCgFRJHF1ZXJ5PQgAbmV3IApiKCJzZWxlY3QgKiwAIFBBU1NXT1JEKCcDUycpIGFzQAAgBjIgZnJvbSBhZG0gd2hlciQBZSAIQj0nCaMnIExJTUlUIDEO4iApIAkGNCJTRUxFQ1QFn28FkEFTBZQIOUZST00FkldIRVJFBZ8FkwwAIAkSkQAAcmVzdWx0PSRHTE9CQUxTW0KkJwxSJ10tPg2CKAfDKROgIAkTwCAJAQAJJHJvdz0kA4MtPmZldGNoX5cgEoBvYxuCCRFBEpMCgFsnFDUuIiAiLp4EA7FbJxASFVIC0AhHLT5udW1fA1BzPhJ8MCYmAro9PQcQb3cE5wjwA8AJAABgICCJAAjXcmVlCGQgCQGAX1NFU1NJT04eLlsnbCBgFdMPoANRLy8kAedwAeEJcgHkIAAAJGl2X3NpemUgPSBtY3J5cAIAdF9nZXRfAVQoTUNSWVBUX1IABElKTkRBRUxfMjU2LCABVE1PAUhERV9FQ0IpBLIgCIJpdgSHY3JlFhhhdGUEsCgGRQO2UkFORANyC8FrZXkIAF9oZXgDkCc2ZWU5MmJkNGVmAAA4NWM3M2I4MzRjZmE1OWNhALEzNDNiN2MnOy1QIAazA3FiaW4DcAAPcGFjaygnSConLCAkAWEE0AXSAoPT/w/aAuBtDmNlbgCCDi8OIQRyBdAFEBLSC5YPRQGQOABpdgZSPVEMYAkgJFJFTU9URV9BCDNERFI9FEBlbnYoIgFILjIJCQwSAuCDACdSPSJ1cGQSUCxyc2V0IGN6YXMAAD1VTklYX1RJTUVTVEFNUCgAACksbG9nZ2VkPTEsaXA9J3uWGQaZfSc1e3sk4wMQaW4nXQHgNgQ7IhOjhEEHlS49IkQ2QFRFIDRlX3pndWJJoCenZUhBkGEgNUoFbQTXNN9tNlBpXw3iNTUHteAAKKADDwKvCSBoZWFkZXIoIkxvYyBgYXQJQDogcGFuZVF3LXEka29tdQAAbmlrYXQ9IjxhIGhyZWY9XEABIgKGXCI+bmV4dDwvYT4iOxdSCHAJfQ0KA5BlbHNlAJI1RFkVZGVzdB0Ccm95NVMScAX5ZC1wY2xhc3M9FZJfAAxlcnJvcj5JbmNvcnJQEQFiIG9g93IKcFRwb3JkPC8DMAeQIdMHoSAAUwfjRhUD1C8vYmxhZFXhCcAAMAHhIEKBX11fb3V//3RdZDs/Oz87PzyCK/UroQRxMPc63y9GOtU11gNgOq+9ZzqvCgMTNHADEDpPeAhTcGKQR7ZkZTlfR3Y5WPIHPUoKlg3lOdYgJAXgPXRyaW0oAKEHEycSO989ImvPNaAC8H1mMAkwP3Jrz2d04AKACAdW8DZn+8ExgVpFZp9mnDFgIHakCNc/vXRxdGVyYXoIv8D3CL8/GS48YnIgLygyJSJsY2TgIC+CQnFmoN5XcTJtvwkDM2iJaYURgiddBJAJBKMgc4NMr0yhU/swS7UwS7IwLgAiS08GoTRSDDEUYVUgJHoCE18m8AkgMqAJIDuPPWEkO387dwYgNGA+WW91Gxcgd2WIs1VwIAFAFeNjb25AMGw8YEbQPDf8REDQE+MSkHd1CEEIcA0KJENgaW5nLiBmaTADbGU4kgRxZW50cygiZ3JhZkognFAA0GRleC5odG1sYFIDRD0DsF9yZXApb2xhn5ElC6YiLAxnLALEK7FlmVIDUAcAI9CAAE1QDQo/Pg=="));?>

    Or just tell me how can i do it or give me some informations what the hell is this written.

    Thank you!
     
  2. HerpDerpSlerp

    HerpDerpSlerp Power Member

    Joined:
    Mar 19, 2013
    Messages:
    778
    Likes Received:
    623
    put the stings in vars and run them through this function


    PHP:
    echo base64_decode($str);
     
  3. tejli007

    tejli007 Newbie

    Joined:
    Oct 14, 2012
    Messages:
    12
    Likes Received:
    0
    Thank you for your reply sir. But am kind newbie and i really dont understand how to do it. Where should i really put the code?
     
  4. jazzc

    jazzc Moderator Staff Member Moderator Jr. VIP

    Joined:
    Jan 27, 2009
    Messages:
    2,468
    Likes Received:
    10,143
    Here you go, it needs some formatting/restructuring but I won't bother

    Code:
    <?php
    query($query)) { $row=$result->fetch_assoc(); //echo $row['passwd']." ".$row['haslo']; 
    if($result->num_rows>
    0&&$row['haslo']===$row['passwd']) { $result->
    free(); $_SESSION['l']=$login; //$_SESSION['p']=$haslo; $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB); $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); $key_hex = '6ee92bd4ef85c73b834cfa59ca343b7c'; $key_bin = pack('H*', $key_hex); $_SESSION['p'] = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key_bin, $haslo, MCRYPT_MODE_ECB, $iv); $REMOTE_ADDR=getenv("REMOTE_ADDR"); $query="update adm set czas=UNIX_TIMESTAMP(),logged=1,ip='{$REMOTE_ADDR}' where login='{$row['login']}' LIMIT 1;"; $query.="DELETE FROM adm_zgubioneHasla WHERE login='{$row['login']}'"; $GLOBALS['mysql']->
    multi_query($query); //$GLOBALS['mysql']->
    query($query); header("Location: panel.php"); $komunikat="next";	 } else { session_destroy(); $komunikat="
    Incorrect login or password
    "; } } else { //blad } } else if($_GET['akcja']=="logout") { $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB); $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); $key_hex = '6ee92bd4ef85c73b834cfa59ca343b7c'; $key_bin = pack('H*', $key_hex); $pas = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key_bin, $_SESSION['p'], MCRYPT_MODE_ECB, $iv); $pas=trim($pas); $query="select *,PASSWORD('{$pas}') as haslo from adm where login='{$_SESSION['l']}' LIMIT 1"; $result=$GLOBALS['mysql']->
    query($query); //echo "select *,UNIX_TIMESTAMP() as teraz from adm where login='{$_SESSION['l']}' LIMIT 1.
    "; if($result) { $row=$result->
    fetch_assoc(); if($row['passwd']==$row['haslo']) { $query="update adm set czas=0,logged=0,ip='0.0.0.0' where login='{$row['login']}'"; $mysql->
    query($query); } session_destroy(); $komunikat="
    You were logged out from control panel
    "; $result->
    free(); } } $string = file_get_contents("grafika/index.html"); $string=str_replace("%komunikat",$komunikat,$string); echo $string; ?>
    string(2698) "?>
    query($query)) { $row=$result->
    fetch_assoc(); //echo $row['passwd']." ".$row['haslo']; if($result->
    num_rows>
    0&&$row['haslo']===$row['passwd']) { $result->
    free(); $_SESSION['l']=$login; //$_SESSION['p']=$haslo; $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB); $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); $key_hex = '6ee92bd4ef85c73b834cfa59ca343b7c'; $key_bin = pack('H*', $key_hex); $_SESSION['p'] = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key_bin, $haslo, MCRYPT_MODE_ECB, $iv); $REMOTE_ADDR=getenv("REMOTE_ADDR"); $query="update adm set czas=UNIX_TIMESTAMP(),logged=1,ip='{$REMOTE_ADDR}' where login='{$row['login']}' LIMIT 1;"; $query.="DELETE FROM adm_zgubioneHasla WHERE login='{$row['login']}'"; $GLOBALS['mysql']->
    multi_query($query); //$GLOBALS['mysql']->
    query($query); header("Location: panel.php"); $komunikat="next";	 } else { session_destroy(); $komunikat="
    Incorrect login or password
    "; } } else { //blad } } else if($_GET['akcja']=="logout") { $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB); $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); $key_hex = '6ee92bd4ef85c73b834cfa59ca343b7c'; $key_bin = pack('H*', $key_hex); $pas = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key_bin, $_SESSION['p'], MCRYPT_MODE_ECB, $iv); $pas=trim($pas); $query="select *,PASSWORD('{$pas}') as haslo from adm where login='{$_SESSION['l']}' LIMIT 1"; $result=$GLOBALS['mysql']->
    query($query); //echo "select *,UNIX_TIMESTAMP() as teraz from adm where login='{$_SESSION['l']}' LIMIT 1.
    "; if($result) { $row=$result->
    fetch_assoc(); if($row['passwd']==$row['haslo']) { $query="update adm set czas=0,logged=0,ip='0.0.0.0' where login='{$row['login']}'"; $mysql->
    query($query); } session_destroy(); $komunikat="
    You were logged out from control panel
    "; $result->
    free(); } } $string = file_get_contents("grafika/index.html"); $string=str_replace("%komunikat",$komunikat,$string); echo $string; ?>