Lampwrights Forum

Lampwrights Forum (http://www.lampwrights.com/index.php)
-   A Secure Web (http://www.lampwrights.com/forumdisplay.php?f=8)
-   -   Finding Base64 Encoded Exploits (http://www.lampwrights.com/showthread.php?t=28)

Jeff 09-09-2010 06:39 AM

Finding Base64 Encoded Exploits
 
When a PHP application is hacked and serving content that you cannot seem to find, chances are it is encoded in base64 and somewhere being decoded and displayed. Hackers will obfuscate this code making it hard to find. One way to find this code is to disable the base64_decode function in your php.ini file:

Code:

disable_function = "base64_decode"
Restart Apache and watch your error log to see where error messages pop up and this may allow you to see where the code is executing. Knowing where it executes is a great leap into finding HOW it is executing.

If none of your applications use base64_decode, then feel free to leave it disabled in php.ini. It will save you a lot of headaches in the future anyway.

kajara23 12-09-2010 05:58 AM

With “hacking” being a household word for anyone using computers, this is a fantastic method to find the encoded base64 which the hackers would have hidden somewhere when they did the mischief and if none of your applications use the base_64 decode the be smart and leave it disabled in php.ini as it'll save you a lot of trouble later!!

gfjdrhdnc 01-23-2024 11:34 AM

Flipnote Studio DSi private key, in .pem format:

Code:

-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDCPLwTL6oSflv+gjywi/sM0TUB90xqOvuCpjduETjPoN2FwMeb
xNjdKIqHUyDu4AvrQ6BDJc6gKUbZ1E27BGZoCPH49zQRb+zAM6M9EjHwQ6BABr0u
2TcF7xGg2uQ9MBWz9AfbVQ91NjfrNWo0f7UPmffv1VvixmTk1BCtavZxBwIDAQAB
AoGAJqdTfjX0EG4Y/JMKZM/Wi/xuIhAGovVN6/gL+9lthtQqgV2V24fW6FwTBU8j
tKXdeVoh4Hr7nZ/ZO6wmM9tyTVSHo37XdF/1bsPM7iu/0M8A6+jJr94l6PYpCP5y
apPEj2RR154gTaVK7/J/OePZy6tRlgcI1awsqgCDcvweEsECQQD4KnxSdyJD0Oqa
xaIIhLkLZEuvkBmrLG+YQUezVOB60MjMC1DyIiZzc5otkQZ0RiopRm/57a6pXA58
1xSN9JiRAkEAyF5uvKCbA9+PORUn668W0N+uRWZ2+WaqC46HkUDnrVEa4FsnLsFD
0NlVmH2BXifPUPLMR6WzP+OJ9hKfve78FwJAQQJgLvomb716t7CuEa0zDFjpusP0
9XJeiXQQZFoHtCSddVZBjiyEBhpyeR1Uo4D96nIZQ0+QQa1r3ig5qjY5AQJAWvZD
324p8YA0TP3FucEq4ngpbWgu6tooqEZ0VQTaKFyBjwjSqO8kElQX/7o6WLxJ6b3P
71bSIVby8rtRubAc0QJBAJ1zhk7/d6PA4+J9aQ+jBi/OW+ljiD8yjatLq+4fqRfx
YsFzLqmzjxfiiX+6BzuHHcWJzBUmIcPyu+Y2N0BdT7M=
-----END RSA PRIVATE KEY-----

This is the Flipnote Studio DSi signing key in pem format

LoupJew 01-29-2024 05:31 PM

Have you encountered situations where disabling the base64_decode function in php.ini helped in identifying and mitigating encoded base64 exploits effectively?

Bajadem 02-02-2024 01:53 PM

Have you ever faced scenarios where disabling the base64_decode function in php.ini proved helpful in pinpointing and mitigating encoded base64 exploits effectively?

ericmann 02-28-2024 07:11 AM

Finding Base64 Encoded Exploits
 
You can disable the base64_decode function in the php.ini file can indeed provide valuable insights into identifying potential security breaches within a PHP application. But be careful, that should not be utilized by any of your applications. I think it is a proactive step towards enhancing security.


All times are GMT -4. The time now is 08:34 PM.

Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2024, vBulletin Solutions, Inc.