PHP Malware Analysis
indra2.php
md5: acafe5dea61abba2933555051b3f3109
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Input
- _GET (Deobfuscated, Original)
URLs
- https://pentesterlab.com/exercises/php_include_and_post_exploitation/course (Deobfuscated, Original)
Deobfuscated PHP code
<?php
include "../common/header.php";
?>
<!-- from https://pentesterlab.com/exercises/php_include_and_post_exploitation/course -->
<?php
hint("will include the arg specified in the GET parameter \"page\"");
?>
<form action="/LFI-1/index.php" method="GET">
<input type="text" name="page">
</form>
<?php
include $_GET["page"];Execution traces
data/traces/acafe5dea61abba2933555051b3f3109_trace-1676240072.0379.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 20:14:57.935737]
1 0 1 0.000190 393528
1 3 0 0.000256 394864 {main} 1 /var/www/html/uploads/indra2.php 0 0
1 3 1 0.000359 395256
1 4 0 0.000377 395288 Error->__toString 0 Unknown 0 0
2 5 0 0.000391 395368 Error->getTraceAsString 0 Unknown 0 0
2 5 1 0.000403 395624
2 5 R '#0 {main}'
1 4 1 0.000423 395920
1 4 R 'Error: Call to undefined function hint() in /var/www/html/uploads/indra2.php:4\nStack trace:\n#0 {main}'
0.000475 316880
TRACE END [2023-02-12 20:14:57.936092]
Generated HTML code
<html><head></head><body></body></html>Original PHP code
<?php include("../common/header.php"); ?>
<!-- from https://pentesterlab.com/exercises/php_include_and_post_exploitation/course -->
<?php hint("will include the arg specified in the GET parameter \"page\""); ?>
<form action="/LFI-1/index.php" method="GET">
<input type="text" name="page">
</form>
<?php
include($_GET["page"]);
?>