2012-04-01, 02:52:21
mvlcek Wrote:They upload a (buggy or hampered with) script, which, when called with a php script (cok.php) as a parameter executes the returned faux gif, which in reality is a php script that contains all code as a base64 encoded slightly obscured zipped string which is eval'ed and creates - among other actions I did not analyze - C files from base64 encoded strings, ..., and returns a HTML page with lots of security relevant information.
Right used that tidbit to wind them up more, seems they just dont want investigate it properly?
I do appreciate all your help donation en route next week. I will keep you posted mostly because I find it all hilarious.
djr.heliohost.org/me