问题
Well, not my server. My friend found it and sent it to me, trying to make sense of it. What it appears to be is a PHP IRC bot, but I have no idea how to decode it and make any sense of it.
Here is the code:
<?eval(gzinflate(base64_decode('some base 64 code here')))?>
So I decoded the base64, and it output a ton of strange characters, I'm guessing either encrypted or a different file type, like when you change a .jpg to a .txt and open it.
But I have no idea how to decode this and determine its source. Any help?
回答1:
This should be safe, but still show you the code:
<pre>
<?echo(gzinflate(base64_decode('some base 64 code here')))?>
</pre>
That is, echo instead of eval.
If you'd rather do it in the shell, try gunzip after base64 decoding.
回答2:
What you'll probably find is that the eval produces another cycle to eval. This may go on until finally the real code gets executed.
I would decode it step by step on a network disconnected machine which afterwards I would format.
来源:https://stackoverflow.com/questions/2722973/how-can-i-gzinflate-and-save-the-inflated-data-without-running-it-found-what-i