PHP Shadow released!

PHP Shadow obsfiacates a php script for you making it harder to detect on a system. One possible use would be to hide a php shell from IDS/IPS and other systems as well. So how does it work? Well you start with some php code like so:


function go()
{
$txt="hello world";
echo $txt;
}
go();

Then you submit it to PHP Shadow and you should get this back:

< ? eval(str_rot13(base64_decode('c2hhcGd2YmEgazM0cTFzOTFzbzJyNTE0bzg1NzZzbm8xbjc1bjg5bjZvKCl7JGtwNzgyNHMzcTRxNXM3bzJzMjJxMDM0NzU4cDFyOTQ1ND0idXJ5eWIgamJleXEiO3JwdWIgJGtwNzgyNHMzcTRxNXM3bzJzMjJxMDM0NzU4cDFyOTQ1NDt9azM0cTFzOTFzbzJyNTE0bzg1NzZzbm8xbjc1bjg5bjZvKCk7IHJwdWIgIjxwcmFncmU+PG92dD5HdXZmIGZwZXZjZyBqbmYgcmFwYnFycSBvbCA8biB1ZXJzPVwidWdnY2Y6Ly9xcDQxNC5iZXRcIj5xcDQxNDwvbj5mIENVQyBGdW5xYmo8L292dD48L3ByYWdyZT4iOw=='))); ? >

Now paste that code into a blank php file and it will run as normal. So we can see that PHP Shadow base64 encodes and rot13s your code and adds another layer of protection that cant be seen until you decode it. So here is what our code looks like after we rot13 and base64 decode it:


function x34d1f91fb2e514b8576fab1a75a89a6b(){$xc7824f3d4d5f7b2f22d034758c1e9454="hello world";echo $xc7824f3d4d5f7b2f22d034758c1e9454;}x34d1f91fb2e514b8576fab1a75a89a6b(); echo "< center >< big >This script was encoded by < a href=\"https://dc414.org\" >dc414< /a >s PHP Shadow< /big >< /center >";

We see that all vars and functions are MD5 hashed to make it harder to follow and see whats going on. The code in italics is added by PHP Shadow to help spread the word 🙂 Thats all i got, enjoy.

This entry was posted in security, software. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *