Menu
I just received a virus that looks something like this
<script type='text/javascript'>
<!--
var s="=nfub!iuuq.frvjw>#sfgsfti#!------REST OF PAYLOAD REMOVED-----?";
m="";
for (i=0; i<s.length; i++)
{
if(s.charCodeAt(i) == 28)
{
m+= '&';
}
else if
(s.charCodeAt(i) == 23)
{ m+= '!';}
else
{
m+=String.fromCharCode(s.charCodeAt(i)-1);
}}
document.write(m);//-->
</script>
I'm not a JS expert but I would like to decrypt the contents of that string. Can you tell me the best way to alter document.write to see what it's doing?
316
Just create a <textarea id="foo"></textarea>, and write
document.getElementsById('foo').value = m;
Alternatively, you could encode < and & to < and & and keep the document.write.
FYI, the payload starts with
<meta http-equiv="refresh"
so looks like it just redirects the user into the a malicious site.
159
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
