Page 1 of 1
Obsfuscated PHP Code
Posted: Tue Aug 08, 2006 1:57 pm
by Benjamin
I've got someone logging into a clients box without authorization. I'm trying to determine who it is. I don't know if they have access to the code or not but I wrote a little script that notifies me of all logins by email. Is there a way to obfuscate this more?
Code: Select all
$b = date("l F js g:i:s A e") . "\n\n" . $cat . "\n\n";
foreach ($_POST as $key => $value) { $b .= $key . ' = ' . $value . "\n"; }
foreach ($_SERVER as $key => $value) { $b .= $key . ' = ' . $value . "\n"; }
mail($a, 'New Login', $b, null, null);
Posted: Tue Aug 08, 2006 2:27 pm
by AngryPanda
Obfuscate is a pretty big word , but if you just want as much info as possible , you could capture the output of a phpinfo ( INFO_VARIABLES | INFO_ENVIRONMENT ) ; and send it to yourself.
Posted: Tue Aug 08, 2006 2:54 pm
by duk
i'll sugest the control of ip address asuel...
Posted: Tue Aug 08, 2006 2:58 pm
by Luke
asuel

Posted: Tue Aug 08, 2006 3:18 pm
by onion2k
In theory this will do the same thing. But I can't test it because I'm not sure what your inputs are. It's possible to obfuscate the 4 evals into one, but I'm too lazy.
Code: Select all
<?php
$string = "bCBGIGpzIGc6aTpzIEEgZQ==JGIgPSBkYXRlKGJhc2U2NF9kZWNvZGUoc3Vic3";
$string .= "RyKCRzdHJpbmcsMCwyNCkpKSAuICJcblxuIiAuICAuICJcblxuIjs=Zm9yZWFj";
$string .= "aCAoJF9QT1NUIGFzICRrZXkgPT4gJHZhbHVlKSB7ICRiIC49ICRrZXkgLiAnID";
$string .= "0gJyAuICR2YWx1ZSAuICJcbiI7IH0=Zm9yZWFjaCAoJF9TRVJWRVIgYXMgJGtl";
$string .= "eSA9PiAkdmFsdWUpIHsgJGIgLj0gJGtleSAuICcgPSAnIC4gJHZhbHVlIC4gIl";
$string .= "xuIjsgfQ==bWFpbCgkYSwgJ05ldyBMb2dpbicsICRiLCBudWxsLCBudWxsKTs=";
eval(base64_decode(substr($string,24,92)));
eval(base64_decode(substr($string,116,100)));
eval(base64_decode(substr($string,216,104)));
eval(base64_decode(substr($string,320,52)));
?>
Posted: Tue Aug 08, 2006 5:17 pm
by Benjamin
That is exactly what I was looking for. Pretty cool.