Today, I want to find a PHP Trojan to manage my own space, but I don't have it at hand. I had to find a PHP Trojan on the Internet. I found a new version of the black/white network is called "Kill PHP Trojan, so I downloaded it and killed my avast --! Okay.
So turn off anti-virus and download it again. Okay, this is an episode! ,
Download the PHP source file just below here </P> <p> http://down.qiannao.com/space/file/strivescript/share/2011/2/7/-514d-6740php-5927-9a6c_-521d-4e0b-8f7d-7248.rar/.page
Then, move things to the PHP environment in the Virtual Machine and open it. There is encryption. The function used is:
First use this function base64_decode () and then use this function gzuncompress () for encryption. The good thing is that the ciphertext is one piece, and then cut all the parts.
Re-write a PHP file:
<? Php <br/> print_r (gzunconpress (base64_decode (ciphertext segment); <br/>?>
This is simple,Source codeAll in one view !!!!
View SourceCodeAfter
CTRL + F find this http ://
Check the source code and find that there is another encryption point:
The above method is used to find a backdoor.
<SCRIPT src = 'webshell address'> </SCRIPT>
Then delete the code.
OK. Run it and you will find that no mix. dll can be released.
It's rare to download the decrypted source code here.
Http://down.qiannao.com/space/file/strivescript/share/2011/2/7/-9700-8981-91ca-653edll-7684php-9a6c.zip/.page <br/>
You can also use this online storage and share it with us:
Http://upload.qiannao.com/tomos/ui/qnupload.jsp? Id = strivescript