Added Equivalent base64 pattern samples

Because base64 converts from an 8 bit to a 6 bit character system, you can get 3 unique base64 strings from a single ascii string depending on the position of the first character. for example: base64_encode("system"); base64_encode(" system"); base64_encode("( system"); The above 3 input strings all produce very different base64 signatures even though they all contain the same keyword 'system'. This is because the first letter of system, 's' fall on indices 0,1,2 respectively. I updated several of the base64 samples to include their offset counterparts as the originals would only catch about 1 in 3 of the actual present matches.
2026-06-16 12:30:35 +00:00 · 2017-07-24 12:23:39 -06:00
parent 00bc3c1336
commit 6b55cfd8b3
1 changed files with 26 additions and 6 deletions
--- a/patterns_raw.txt
+++ b/patterns_raw.txt
@@ -2,27 +2,43 @@ uname -a
 /etc/shadow
 /etc/passwd
 WSOstripslashes
-PD9waHA
+PD9waH
+w/cGhw
+8P3Boc
 c3lzdGVt
+N5c3Rlb
+zeXN0ZW
 \x73\x79\x73\x74\x65\x6d' /* case, dec/hex issue? */, // system
 cHJlZ19yZXBsYWNl
+ByZWdfcmVwbGFjZ
+wcmVnX3JlcGxhY2
 \x70\x72\x65\x67\x5f\x72\x65\x70\x6c\x61\x63\x65' /* case, dec/hex issue? */, // preg_replace
-ZXhlYyg
+ZXhlYy
+V4ZWMo
+leGVjK
 \x65\x78\x65\x63' /* dec/hex issue? */, // exec
 ='base'.(32*2).'_de'.'code'
 "base64_decode"
 YmFzZTY0X2RlY29kZ
+Jhc2U2NF9kZWNvZG
+iYXNlNjRfZGVjb2Rl
 "p"."r"."e"."g"."_"
 eval("?>
 ev\x61l
 \x65\166\x61\154\x28' /* dec/hex issue? */,
 \x65\x76\x61\x6C' /* case, dec/hex issue? */,
-ZXZhbCg
+ZXZhbC
+V2YWwo
+ldmFsK
 'ev'.'al'.'
 eval(base64_decode(
 \x47\x4c\x4f\x42\x41LS
 SFRUUF9VU0VSX0FHRU5U
+hUVFBfVVNFUl9BR0VOV
+IVFRQX1VTRVJfQUdFTl
 YWxsb3dfdXJsX2ZvcGVu
+FsbG93X3VybF9mb3Blb
+hbGxvd191cmxfZm9wZW
 ${${
 file_get_contents('http://codepad.org
 PHPJiaMi
@@ -45,7 +61,9 @@ base=base64_encode
 1@1.com
 META http-equiv="refresh" content="0;
 ="create_";global
-YW55cmVzdWx0cy5uZXQ=
+YW55cmVzdWx0cy5uZX
+FueXJlc3VsdHMubmV0
+hbnlyZXN1bHRzLm5ld
 ZOBUGTEL
 MagelangCyber
 //rasta//
@@ -76,7 +94,9 @@ ayu pr1 pr2 pr3 pr4 pr5 pr6
 f0VMRgEBAQA
 0d0a0d0a676c6f62616c20246d795f736d7
 etalfnizg
-JHZpc2l0Y291bnQgPSAkSFRUUF9DT09LSUVfV
+JHZpc2l0Y291bnQgPSAkSFRUUF9DT09LSUVfVf
+R2aXNpdGNvdW50ID0gJEhUVFBfQ09PS0lFX
+kdmlzaXRjb3VudCA9ICRIVFRQX0NPT0tJRV
 edoced_46esab
 VOBRA GANGO
 itsoknoproblembro
@@ -151,4 +171,4 @@ Dr.abolalh
 C0derz.com
 Mr.HiTman
 \x47\x4c\x4f\x42\x41\x4c\x53
-@eval($_POST['
+@eval($_POST['