Security Basics mailing list archives
Re: help with obfuscated javascript
From: "security.basics" <security.basics () securityfocus lists bitrouters com>
Date: Tue, 9 Jan 2007 00:50:16 +1100
cn/jp/kr language, you can simply try to use document.write() with unescape(your_str) as parameter and u'll see it. its unicode rep On Fri, Jan 05, 2007 at 04:21:59AM -0500, Andrew wrote:
X-Original-To: security.basics () securityfocus lists bitrouters com Delivered-To: security.basics () securityfocus lists bitrouters com Mailing-List: contact security-basics-help () securityfocus com; run by ezmlm Precedence: bulk List-Id: <security-basics.list-id.securityfocus.com> List-Post: <mailto:security-basics () securityfocus com> List-Help: <mailto:security-basics-help () securityfocus com> List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com> List-Subscribe: <mailto:security-basics-subscribe () securityfocus com> Resent-Sender: listbounce () securityfocus com Errors-To: listbounce () securityfocus com Delivered-To: mailing list security-basics () securityfocus com Delivered-To: moderator for security-basics () securityfocus com DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
h=received:message-id:date:from:user-agent:mime-version:to:subject:content-t ype:content-transfer-encoding;
b=lUdnHi2180Wc1YE+GXUIXI+5oErw405HYDxR+7fJhdASAXiKC6C6eTgy5Sqga45+kB+TpKMYHJ xJr7dzkXYnJkiR4olITt/afqWzw9hWVyfx7Sj45zYQRyHIe4v2XFjPkwXXY7GNuDFiUDsaMIMiRw WZH0Qxu37Otx4JxVtulIc=
Date: Fri, 05 Jan 2007 04:21:59 -0500 From: Andrew <andrewjsm () gmail com> User-Agent: Thunderbird 1.5.0.9 (Windows/20061207) To: security-basics () securityfocus com Subject: help with obfuscated javascript Resent-Message-Id:
<20070105141911.1A8B217424C () outgoing2 securityfocus com>
Resent-Date: Fri, 5 Jan 2007 07:19:11 -0700 (MST)
Resent-From: security-basics-return-42595 () securityfocus com
I'm already familiar with how to unobfuscate basic unescaped javascript
such as %79%6C%75%6D, etc.
I recently ran across a file with the following:
unescape("%u9090%u9090%u0feb%u335b%u66c9%u80b9%u8001%uef33%ue243% ....
Any idea what this encoding is/how to decode it?
Thanks!
---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher Detect Malicious Web Content and Exploits in Real-Time. Anti-Virus engines can't detect unknown or new threats. LinkScanner can. Web surfing just became a whole lot safer. http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------
-- adrian ilarion ciobanu (cia) --------------------------------------------------------------------------- This list is sponsored by: ByteCrusher Detect Malicious Web Content and Exploits in Real-Time. Anti-Virus engines can't detect unknown or new threats. LinkScanner can. Web surfing just became a whole lot safer. http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect --------------------------------------------------------------------------- This message and its attachments may contain legally privileged or confidential information. It is intended solely for the named addressee. If you are not the addressee indicated in this message (or responsible for delivery of the message to the addressee), you may not copy or deliver this message or its attachments to anyone. Rather, you should permanently delete this message and its attachments and kindly notify the sender by reply e-mail. Any content of this message and its attachments which does not relate to the official business of the sending company must be taken not to have been sent or endorsed by that company or any of its related entities. No warranty is made that the e-mail or attachment(s) are free from computer virus or other defect. This message and its attachments may contain legally privileged or confidential information. It is intended solely for the named addressee. If you are not the addressee indicated in this message (or responsible for delivery of the message to the addressee), you may not copy or deliver this message or its attachments to anyone. Rather, you should permanently delete this message and its attachments and kindly notify the sender by reply e-mail. Any content of this message and its attachments which does not relate to the official business of the sending company must be taken not to have been sent or endorsed by that company or any of its related entities. No warranty is made that the e-mail or attachment(s) are free from computer virus or other defect.
--------------------------------------------------------------------------- This list is sponsored by: ByteCrusher Detect Malicious Web Content and Exploits in Real-Time. Anti-Virus engines can't detect unknown or new threats. LinkScanner can. Web surfing just became a whole lot safer. http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect ---------------------------------------------------------------------------
Current thread:
- help with obfuscated javascript Andrew (Jan 05)
- Re: help with obfuscated javascript security.basics (Jan 08)
- Re: help with obfuscated javascript security.basics (Jan 08)
- Re: help with obfuscated javascript security.basics (Jan 08)
- Re: help with obfuscated javascript security.basics (Jan 08)
- <Possible follow-ups>
- RE: help with obfuscated javascript Krpata, Tyler (Jan 08)
- Re: help with obfuscated javascript billyfunk (Jan 08)
- Re: help with obfuscated javascript billyfunk (Jan 08)