#1
|
|||
|
|||
Decrypt Plesk PHP files
This is a simple method for decrypting Plesk PHP files.
Trace "_efree" in "/usr/bin/sw-engine" with Frida, like this: Code:
cd /usr/bin frida-trace -i "_efree" ./sw-engine /opt/psa/admin/htdocs/index.php Code:
/usr/bin/__handlers__/sw_engine/_efree.js Code:
{ onLeave: function (log, retval, state) { if (this.returnAddress == 0x9cc2d6) { var s_addr = this.context.r15.add(128); s_addr = Memory.readPointer(s_addr); var s = Memory.readUtf8String(s_addr); var fd = new File("/tmp/decrypted.php", "w"); fd.write(s); fd.close(); } } } Note that this is for investigation purposes only. If you like Plesk, pay for it. I'm not responsible for any bad usage of this code. Last edited by alexandernst; 09-16-2018 at 23:24. Reason: Fixing a bug |
The Following 13 Users Say Thank You to alexandernst For This Useful Post: | ||
ARUBA (03-18-2019), cachito (03-15-2019), goku (05-08-2019), Indigo (07-19-2019), Mahmoudnia (09-18-2018), niculaita (09-16-2018), nimaarek (09-16-2018), NoneForce (03-16-2019), p4r4d0x (10-31-2018), Sir.V65j (09-23-2018), tonyweb (09-16-2018), uranus64 (09-19-2018), ymg2006 (01-05-2019) |
Tags |
decrypt, php, plesk |
|
|