 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 402
 Members: 0
 Total: 402
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
unescape decryption |
|
 Posted: Mon Nov 16, 2009 11:00 am |
 |
|
| devinmason7711 |
| Beginner |
 |
|
| Joined: Nov 16, 2009 |
| Posts: 2 |
|
|
|
 |
|
 |
|
hey guys I know how to decode unescape, but this is different...
<!--Advanced Unescape Start-->
<html>
<head><SCRIPT type="text/javascript">eval(unescape("function%20ew_dc%28s%29%7Bvar%20d%3D%27%27%2Ck%3D0%2Ca%3Dnew%20Array%28%29%2Cr%3Bfor%28i%3D0%3Bi%3Cs.length%3Bi++%29%7Bc%3Ds.charCodeAt%28i%29%3Bif%28c%3C128%29c%5E%3D5%3Bd+%3DString.fromCharCode%28c%29%3Bif%28%28i+1%29%2599%3D%3D0%29%7Ba%5Bk++%5D%3Dd%3Bd%3D%27%27%3B%7D%7Dr%3Da.join%28%27%27%29+d%3Bdocument.write%28r%29%3B%7D"));</SCRIPT>
<SCRIPT type="text/javascript">ew_dc(unescape("9%24%28%28%60kfw%7Cuqg%60blk%28%28%3B%08%0F9lkupq%25q%7Cu%608%27mlaa%60k%27%25kdh%608%27pv%60wkdh%60%27%25sdip%608%27agdahlk%27%25mlaa%60k8%27qwp%60%27%25*%3B%08%0F9lkupq%25q%7Cu%608%27mlaa%60k%27%25kdh%608%27udvvrjwa%27%25sdip%608%27moa%3D6ii7%27%25mlaa%60k8%27qwp%60%27%25*%3B%08%0F9%24%28%28%60kfw%7Cuq%60ka%28%28%3B"));</SCRIPT>
</HEAD>
</html></BODY>
</HTML><!--Advanced Unescape /End-->
Anybody have any ideas on how I can go about decoding this? Any explanations so I can learn? |
|
|
|
|
|
|
|
|
| Posted: Mon Nov 16, 2009 4:28 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
First you have this piece of malformed html:
| Code: |
<!--Advanced Unescape Start-->
<html>
<head><SCRIPT type="text/javascript">eval(unescape("function%20ew_dc%28s%29%7Bvar%20d%3D%27%27%2Ck%3D0%2Ca%3Dnew%20Array%28%29%2Cr%3Bfor%28i%3D0%3Bi%3Cs.length%3Bi++%29%7Bc%3Ds.charCodeAt%28i%29%3Bif%28c%3C128%29c%5E%3D5%3Bd+%3DString.fromCharCode%28c%29%3Bif%28%28i+1%29%2599%3D%3D0%29%7Ba%5Bk++%5D%3Dd%3Bd%3D%27%27%3B%7D%7Dr%3Da.join%28%27%27%29+d%3Bdocument.write%28r%29%3B%7D"));</SCRIPT>
<SCRIPT type="text/javascript">ew_dc(unescape("9%24%28%28%60kfw%7Cuqg%60blk%28%28%3B%08%0F9lkupq%25q%7Cu%608%27mlaa%60k%27%25kdh%608%27pv%60wkdh%60%27%25sdip%608%27agdahlk%27%25mlaa%60k8%27qwp%60%27%25*%3B%08%0F9lkupq%25q%7Cu%608%27mlaa%60k%27%25kdh%608%27udvvrjwa%27%25sdip%608%27moa%3D6ii7%27%25mlaa%60k8%27qwp%60%27%25*%3B%08%0F9%24%28%28%60kfw%7Cuq%60ka%28%28%3B"));</SCRIPT>
</HEAD>
</html></BODY>
</HTML><!--Advanced Unescape /End-->
|
Let's start with unescaping of the decrypting routine. For this you can use urldecoder:
http://urldecoder.waraxe.us/
Just put this in:
| Code: |
function%20ew_dc%28s%29%7Bvar%20d%3D%27%27%2Ck%3D0%2Ca%3Dnew%20Array%28%29%2Cr%3Bfor%28i%3D0%3Bi%3Cs.length%3Bi++%29%7Bc%3Ds.charCodeAt%28i%29%3Bif%28c%3C128%29c%5E%3D5%3Bd+%3DString.fromCharCode%28c%29%3Bif%28%28i+1%29%2599%3D%3D0%29%7Ba%5Bk++%5D%3Dd%3Bd%3D%27%27%3B%7D%7Dr%3Da.join%28%27%27%29+d%3Bdocument.write%28r%29%3B%7D
|
and you will get this:
| Code: |
function ew_dc(s){var d='',k=0,a=new Array(),r;for(i=0;i<s.length;i ){c=s.charCodeAt(i);if(c<128)c^=5;d =String.fromCharCode(c);if((i 1)%99==0){a[k ]=d;d='';}}r=a.join('') d;document.write(r);}
|
Now modify it, so that instead of "document.write" it will just show popup message with text:
| Code: |
function ew_dc(s){var d='',k=0,a=new Array(),r;for(i=0;i<s.length;i ){c=s.charCodeAt(i);if(c<128)c^=5;d =String.fromCharCode(c);if((i 1)%99==0){a[k ]=d;d='';}}r=a.join('') d;alert(r);}
|
And finally put together test html:
| Code: |
<html>
<head>
<script type="text/javascript">
function ew_dc(s){var d='',k=0,a=new Array(),r;for(i=0;i<s.length;i++){c=s.charCodeAt(i);if(c<128)c^=5;d+=String.fromCharCode(c);if((i+1)%99==0){a[k++]=d;d='';}}r=a.join('')+d;alert(r);}
ew_dc(unescape("9%24%28%28%60kfw%7Cuqg%60blk%28%28%3B%08%0F9lkupq%25q%7Cu%608%27mlaa%60k%27%25kdh%608%27pv%60wkdh%60%27%25sdip%608%27agdahlk%27%25mlaa%60k8%27qwp%60%27%25*%3B%08%0F9lkupq%25q%7Cu%608%27mlaa%60k%27%25kdh%608%27udvvrjwa%27%25sdip%608%27moa%3D6ii7%27%25mlaa%60k8%27qwp%60%27%25*%3B%08%0F9%24%28%28%60kfw%7Cuq%60ka%28%28%3B"));
</script>
</head>
</html>
|
Open the file with webbrowser, JS will do it's job and you can see plaintext:
| Code: |
<!--encryptbegin-->
<input type="hidden" name="username" value="dbadmin" hidden="true" />
<input type="hidden" name="password" value="hjd83ll2" hidden="true" />
<!--encryptend-->
|
Mission complete  |
|
|
|
|
|
www.waraxe.us Forum Index -> Javascript
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
