Author Topic: Decode this?  (Read 3448 times)

0 Members and 1 Guest are viewing this topic.

November 12, 2009, 07:19:37 pm
Read 3448 times

crim

  • Newbie

  • Offline
  • *

  • 6
Does anyone know how i can decode this?
I've tried Wepawet & jsunpack and none of them are able to decode this

November 12, 2009, 07:50:15 pm
Reply #1

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Can you tell us the url of the script ?

The script requires "document.lastModified" property. I won't decode without this information.
Ruining the bad guy's day

November 12, 2009, 09:20:29 pm
Reply #2

crim

  • Newbie

  • Offline
  • *

  • 6
its fragus

Code: [Select]
http://redirectcounter1.com/news.php
/EDIT by SysAdMini: added Code tags

November 12, 2009, 09:38:58 pm
Reply #3

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Using Malzilla:
 
-download the script

-get the lastmodified property from http header : Last-Modified: Fri, 12 Dec 2008 11:11:40 GMT


-replace lastmodified by its value:

acghiw=document,
befkly=acghiw.lastModified,
copvwx=new Date(befkly).toUTCString()


acghiw=document,
befkly="Fri, 12 Dec 2008 11:11:40 GMT",
copvwx=new Date(befkly).toUTCString()

-run the script
-done

example encoded and decoded attached. pw=infected
Ruining the bad guy's day

November 12, 2009, 09:56:53 pm
Reply #4

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Ruining the bad guy's day