tag:blogger.com,1999:blog-7564576430043279231.post8121940402739223790..comments2023-09-26T15:55:13.314+03:00Comments on 0entropy: Fast and simple backdoor analysisNicolas Krassashttp://www.blogger.com/profile/06456274925706708465noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-7564576430043279231.post-54940681015746655872011-10-04T21:51:18.913+03:002011-10-04T21:51:18.913+03:00You can always use transformtool, http://transform...You can always use transformtool, http://transformtool.codeplex.com/ quite useful with many transformation available.Nicolas Krassashttps://www.blogger.com/profile/06456274925706708465noreply@blogger.comtag:blogger.com,1999:blog-7564576430043279231.post-16838892112499893762011-10-04T21:41:15.247+03:002011-10-04T21:41:15.247+03:00I am Still Unsure, Which online tool do you use to...I am Still Unsure, Which online tool do you use to get normal script behind :=<br />eval(gzinflate(base64_decode('some_code_here'));<br /><br />Thanks<br />And Yes, Nice Analysis :)LifePainhttps://www.blogger.com/profile/12875776974826678107noreply@blogger.comtag:blogger.com,1999:blog-7564576430043279231.post-28688861821213630862011-07-15T07:58:36.870+03:002011-07-15T07:58:36.870+03:00Thanks !
I believe it depends on the setup, als...Thanks ! <br /> I believe it depends on the setup, also kanoodle_settings.php used to be included on some installation so depends on the setup and where actually the user is going to upload the initial file.Nicolas Krassashttps://www.blogger.com/profile/06456274925706708465noreply@blogger.comtag:blogger.com,1999:blog-7564576430043279231.post-41708226438121215862011-07-15T00:27:50.749+03:002011-07-15T00:27:50.749+03:00Nice analysis post!
But i don't think the atta...Nice analysis post!<br />But i don't think the attackers can go back to the backdoor, because its not placed in the public_html directory.attack3rhttps://www.blogger.com/profile/11961964971134080558noreply@blogger.com