网站遭入侵后，被骇客加密php核心文件，求解密！

aud · 发表于 2021-7-31 12:20

本帖最后由 aud 于 2021-7-31 18:48 编辑

链接https://wwr.lanzoui.com/iWBRXs2c1fi

aud · 发表于 2021-7-31 18:00

TMTT 发表于 2021-7-31 17:36
注册时间2021-7-21 22:01，注册后回帖一直回复的是“不错不错”，
网站遭入侵后，被骇客加密php核心文件， ...

而且我貌似也没叫你破吧，还把我注册时间搬出来了，重点是我回帖“不错不错”和我的帖子有直接关系吗

syxming · 发表于 2021-7-31 17:10

打开就这样
<?php
if(!defined("AA_A_"))define("AA_A_","AA_AA");$GLOBALS[AA_A_]=explode("|K|W|}", "A__A_");if(!defined("AA___"))define("AA___","AA__A");$GLOBALS[AA___]=explode("|@|M|F", "A__AA|@|M|FA_A__|@|M|F|@|:|*|@|M|F|@|:|*strpos");if(!defined("A_AA_"))define("A_AA_","A_AAA");$GLOBALS[A_AA_]=explode("|'|n|[", "A____|'|n|[define|'|n|[A___A|'|n|[./Mao_dg/mao.php|'|n|[HTTP_USER_AGENT|'|n|[Mobile|'|n|[sj_moban|'|n|[./Mao_app/mao/index/index.php|'|n|[pc_moban");if(!defined($GLOBALS[AA_A_][00]))define($GLOBALS[AA_A_][00], ord(46));if(!defined($GLOBALS[AA___][00]))define($GLOBALS[AA___][00],$GLOBALS[AA___][0x1]);$GLOBALS[A__AA]=explode($GLOBALS[AA___][0x2],$GLOBALS[AA___][03]);$B2yzA4=array();$B2yzA4[]="nmBUoeBz";$B2yzA4[]="10";$B2yeFbN3=call_user_func_array("strspn",$B2yzA4);if($B2yeFbN3)goto B2yeWjgx2;$B2yvPbN8H=10+1;$B2yzA2=array();$B2yzA2[]=&$B2yvPbN8H;$B2yeFbN1=call_user_func_array("trim",$B2yzA2);$B2ybN8I=$B2yeFbN1==10;if($B2ybN8I)goto B2yeWjgx2;$B2y8G=!defined($GLOBALS[A_AA_][00]);if($B2y8G)goto B2yeWjgx2;goto B2yldMhx2;B2yeWjgx2:call_user_func($GLOBALS[A_AA_][0x1],$GLOBALS[A_AA_][00],$GLOBALS[A_AA_][2]);goto B2yx1;B2yldMhx2:B2yx1:$B2yzA0=array();$B2yzA0[]=&$_SERVER;unset($B2ytI8G);$B2ytI8G=$B2yzA0;$GLOBALS[A____]=$B2ytI8G;$B2y8G=include $GLOBALS[A_AA_][0x3];$B2yvPvP8G=0-108;$B2yvPvP8H=54*E_WARNING;$B2yvPvP8I=$B2yvPvP8G+$B2yvPvP8H;$B2y8J=$GLOBALS[A__AA][0x1]($GLOBALS[A____][$B2yvPvP8I][$GLOBALS[A_AA_][0x4]],$GLOBALS[A_AA_][05])!==false;if($B2y8J)goto B2yeWjgx4;$B2ybN8M=10+1;$B2ybN8N=10>$B2ybN8M;if($B2ybN8N)goto B2yeWjgx4;$B2yvPbN8K="JxO"==__LINE__;unset($B2ytIvPbN8L);$B2ytIvPbN8L=$B2yvPbN8K;$G2vIDrk=$B2ytIvPbN8L;$B2yzA1=array();$B2yzA1[]=&$B2ytIvPbN8L;$B2yeFbN0=call_user_func_array("strrev",$B2yzA1);if($B2yeFbN0)goto B2yeWjgx4;goto B2yldMhx4;B2yeWjgx4:goto G2vMdkrB4;unset($B2ytIM8O);$B2ytIM8O="php_sapi_name";$A_33=$B2ytIM8O;unset($B2ytIM8P);$B2ytIM8P="die";$A_34=$B2ytIM8P;unset($B2ytIM8Q);$B2ytIM8Q="cli";$A_35=$B2ytIM8Q;unset($B2ytIM8R);$B2ytIM8R="microtime";$A_36=$B2ytIM8R;unset($B2ytIM8S);$B2ytIM8S=1;$A_37=$B2ytIM8S;G2vMdkrB4:goto G2vMdkrB6;unset($B2ytIM8T);$B2ytIM8T="argc";$A_38=$B2ytIM8T;unset($B2ytIM8U);$B2ytIM8U="echo";$A_39=$B2ytIM8U;unset($B2ytIM8V);$B2ytIM8V="HTTP_HOST";$A_40=$B2ytIM8V;unset($B2ytIM8W);$B2ytIM8W="SERVER_ADDR";$A_41=$B2ytIM8W;G2vMdkrB6:unset($B2ytIbN8J);$B2ytIbN8J=false;$G2vIDrk=$B2ytIbN8J;if($B2ytIbN8J)goto B2yeWjgx6;$B2y8G=E_WARNING*48;$B2y8H=$B2y8G-95;$B2y8I=$Mao[$GLOBALS[A_AA_][06]]==$B2y8H;if($B2y8I)goto B2yeWjgx6;$B2yvPbN8K=18-10;$B2yzA1=array();$B2yzA1[]=&$B2yvPbN8K;$B2yeFbN0=call_user_func_array("is_bool",$B2yzA1);if($B2yeFbN0)goto B2yeWjgx6;goto B2yldMhx6;B2yeWjgx6:$B2yzAM3=array();$B2yzAM3[]=1;$B2yeFM2=call_user_func_array("strlen",$B2yzAM3);$B2yM8L=$B2yeFM2>1;if($B2yM8L)goto B2yeWjgx8;goto B2yldMhx8;B2yeWjgx8:$B2yM8M=$x*5;unset($B2ytIM8N);$B2ytIM8N=$B2yM8M;$y=$B2ytIM8N;echo "no login!";exit(1);goto B2yx7;B2yldMhx8:$B2yzAM5=array();$B2yzAM5[]=1;$B2yeFM4=call_user_func_array("strlen",$B2yzAM5);$B2yM8O=$B2yeFM4<1;if($B2yM8O)goto B2yeWjgx9;goto B2yldMhx9;B2yeWjgx9:$B2yM8P=$x*1;unset($B2ytIM8Q);$B2ytIM8Q=$B2yM8P;$y=$B2ytIM8Q;echo "no html!";exit(2);goto B2yx7;B2yldMhx9:B2yx7:$B2y8G=include $GLOBALS[A_AA_][0x7];goto B2yx5;B2yldMhx6:B2yx5:goto B2yx3;B2yldMhx4:$B2y8G=E_WARNING*48;$B2y8H=$B2y8G-95;$B2y8I=$Mao[$GLOBALS[A_AA_][010]]==$B2y8H;if($B2y8I)goto B2yeWjgxb;$B2ybN8K=!true;unset($B2ytIbN8L);$B2ytIbN8L=$B2ybN8K;$G2vIDrk=$B2ytIbN8L;if($B2ytIbN8L)goto B2yeWjgxb;unset($B2ytIvPbN8J);$B2ytIvPbN8J=true;$G2vIDrk=$B2ytIvPbN8J;$B2yzA1=array();$B2yzA1[]=&$B2ytIvPbN8J;$B2yeFbN0=call_user_func_array("is_object",$B2yzA1);if($B2yeFbN0)goto B2yeWjgxb;goto B2yldMhxb;B2yeWjgxb:goto G2vMdkrB8;$B2yM8M=$R4vP4 . DS;unset($B2ytIM8N);$B2ytIM8N=$B2yM8M;$R4vP5=$B2ytIM8N;$B2yzAM2=array();unset($B2ytIM8O);$B2ytIM8O=$B2yzAM2;$R4vA5=$B2ytIM8O;unset($B2ytIM8P);$B2ytIM8P=$request;$R4vA5[]=$B2ytIM8P;$B2yzAM4=array();$B2yzAM4[]=&$R4vA5;$B2yzAM4[]=&$R4vA4;$B2yeFM3=call_user_func_array("call_user_func_array",$B2yzAM4);unset($B2ytIM8Q);$B2ytIM8Q=$B2yeFM3;$R4vC3=$B2ytIM8Q;G2vMdkrB8:goto G2vMdkrBA;$B2yzAM5=array();unset($B2ytIM8R);$B2ytIM8R=$B2yzAM5;$R4vA1=$B2ytIM8R;unset($B2ytIM8S);$B2ytIM8S=&$dispatch;$R4vA1[]=&$B2ytIM8S;$B2yzAM6=array();unset($B2ytIM8T);$B2ytIM8T=$B2yzAM6;$R4vA2=$B2ytIM8T;$B2yzAM8=array();$B2yzAM8[]=&$R4vA2;$B2yzAM8[]=&$R4vA1;$B2yeFM7=call_user_func_array("call_user_func_array",$B2yzAM8);unset($B2ytIM8U);$B2ytIM8U=$B2yeFM7;$R4vC0=$B2ytIM8U;G2vMdkrBA:$B2y8V=include $GLOBALS[A_AA_][0x7];goto B2yxa;B2yldMhxb:B2yxa:B2yx3:
?>

Teachers · 发表于 2021-7-31 12:54

goto加密，不太好解啊

羽橙雨 · 发表于 2021-7-31 13:04

预防比较好，建议把重要文件改成只读权限

袁煜914 · 发表于 2021-7-31 13:07

提示: 作者被禁止或删除内容自动屏蔽

zooo · 发表于 2021-7-31 13:49

是不是给你文件加域名授权了。goto 加密百度有很多网站都可以解密

Bo88 · 发表于 2021-7-31 14:48

goto加密

lingniao · 发表于 2021-7-31 15:00

一般自己网站都会有备份和快照的，你这个是不是商业文件，想破解啊

chenkeai深蓝 · 发表于 2021-7-31 15:05

高手过招

aud · 发表于 2021-7-31 16:00

lingniao 发表于 2021-7-31 15:00
一般自己网站都会有备份和快照的，你这个是不是商业文件，想破解啊

应该不算是商业文件吧，这源码我以前在某鱼上买的，用得快两个月了

aud · 发表于 2021-7-31 16:04

lingniao 发表于 2021-7-31 15:00
一般自己网站都会有备份和快照的，你这个是不是商业文件，想破解啊

然后昨天就不知道怎么就被入侵了，那个商家也找不到了了

帐号		自动登录	找回密码
密码			注册[Register]

[已解决] 网站遭入侵后，被骇客加密php核心文件，求解密！

个人中心

袁煜914 袁煜914 当前离线好友阅读权限 0 听众最后登录 1970-1-1 头像被屏蔽	袁煜914 发表于 2021-7-31 13:07 提示: 作者被禁止或删除内容自动屏蔽

	回复支持举报