Community
    • Login

    How to view encoded string as text

    Scheduled Pinned Locked Moved General Discussion
    6 Posts 4 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • toubeptT
      toubept
      last edited by

      My server log is showing a large number of entries like this

      %27%29%29%2F%2A%2A%2FaNd%2F%2A%2A%2F6302%3DCONcat%28CHar%28113%29%2BCHar%28106%29%2BCHar%2898%29%2BCHar%2898%29%2BCHar%28113

      If I run the mime tool to url decode it, it shows as

      '))/**/aNd/**/6302=CONcat(CHar(113)+CHar(106)+CHar(98)+CHar(98)+CHar(113

      Is there a way to convert it to plain text?

      Alan KilbornA rdipardoR 2 Replies Last reply Reply Quote 0
      • Alan KilbornA
        Alan Kilborn @toubept
        last edited by Alan Kilborn

        @toubept

        Hmm, what kind of “plain text” are you looking for?
        Meaning, if you had what you want, what would your sample appear like?

        toubeptT 1 Reply Last reply Reply Quote 0
        • toubeptT
          toubept @Alan Kilborn
          last edited by

          @Alan-Kilborn I was hoping for something more human-readable where I don’t have to look up what the codes mean. So instead of CHR(113) it would show q.

          mkupperM 1 Reply Last reply Reply Quote 0
          • rdipardoR
            rdipardo @toubept
            last edited by

            @toubept,

            '))/**/aNd/**/6302=CONcat(CHar(113)+CHar(106)+CHar(98)+CHar(98)+CHar(113

            Your server is logging Transact-SQL queries. mimeTools would have to extract and evaluate those by sending them to a live RDBMS.

            Embedding SQL in a query string is a textbook example of SQL injection, so perhaps mimeTools isn’t your biggest problem right not.

            1 Reply Last reply Reply Quote 4
            • mkupperM
              mkupper @toubept
              last edited by mkupper

              @toubept I would agree with what @rdipardo wrote.

              It appears that your server is either under attack or is the victim of a successful attack. If it’s a public facing server under attack then the front end needs to be locked down more to prevent the attacks from getting to the server. If it’s the victim of a successful attack then you have a large problem.

              Attackers generate hard to decipher strings to prevent or slow you from understanding better what is happening.

              If I wanted to decode lots of text that looked like CHar(113)+CHar(106)+CHar(98)+CHar(98)+CHar(113 then I’d use something other than Notepad++ simply because I don’t know how to do it directly in Notepad++ without lots of thinking and looking things up to see if it’s possible or practical. As I know ASCII I mentally decoded it as qjbbq which seems random and would be further evidence that you are likely dealing with an attacker or have been attacked.

              It is also possible that there is no attacker. Some commercial packages generate hard to decode and understand code snippets to slow down attempts to reverse engineer how those packages work and/or to slow down or prevent attempts to perform automated data scraping of information that is being presented.

              toubeptT 1 Reply Last reply Reply Quote 2
              • toubeptT
                toubept @mkupper
                last edited by

                @mkupper Thank you for your thoughts on this. The strings are from hackers. They aren’t getting in. I wanted to have an automatic script to block them when they try since they try over and over. I know I can use regex to do that but I also wanted to see what they were looking for to see if it is something that might need tightening up. I would have a report that said something like, “10 attempts to access example.php”. But that seems not to be a simple thing so I will just block them with regex and leave it at that. Thanks, again.

                1 Reply Last reply Reply Quote 3
                • First post
                  Last post
                The Community of users of the Notepad++ text editor.
                Powered by NodeBB | Contributors