My Profile Photo

Personal Webpage of David Duggins

Well, I was born on a normal day in July, 1981 and have been creating chaos ever since. Born in North Carolina, but raised in the aftermath of the Soviet Union, Kazakhstan, I have been messing around with computers nearly my entire life. I wrote my first program in assembly when I was 11. In my early teens I ran a BBS connected to Fidonet and started building a website for my band. In 1999 I was introduced to Linux, and it was love at first compile. I started my career in IT in the early 2000's doing IT for a Car Dealership in Charlotte NC. I wrote my first major web app in Cold Fusion (an ecom app) at that time. In 2006 I left Charlotte and moved down to Columbia where starting working as a developer, freelancer and consultant. Currently I am working as a freelance developer and DevOps consultant!!

Base64_Decode Hack

Ever wonder how a site like Wordpress or Magento get hacked? It’s usually done via a eval/base64_decode hack.

In php, here is how this works:

echo 'Hello World!';

Run this and you get:

Hello World!

If you take this and run it through base64_encode() you get a hash.

Then, we run base64_decode() and we get the command back. We can use the eval() command in conjunction with this:

eval(base64_decode($string));

I’ve seen strings that decode into scripts that build zip files and executables…all used as payloads in spam based attacks.

The good thing is that you can find this type of hack in your code fairly easily.

grep -Rn “base64_decode *(” /var/www

grep -Rn “eval *(” /var/www
© 2024 David Duggins. All rights reserved.