Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/javascript/382.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
我的网站中的恶意javascript代码_Javascript_Obfuscation - Fatal编程技术网
Fatal编程技术网
  • javascript/
  • 我的网站中的恶意javascript代码

我的网站中的恶意javascript代码

javascript

我的网站中的恶意javascript代码,javascript,obfuscation,Javascript,Obfuscation,我在我的网站sourcecode中找到此代码: var _0xd28d=["\x5F\x30\x78\x33\x32\x6C\x73\x6A\x39","\x5F\x78\x6C\x74","\x5F\x78\x38\x66\x6B\x63\x33","\x66\x6C\x6F\x6F\x72","\x72\x61\x6E\x64\x6F\x6D","\x6C\x65\x6E\x67\x74\x68"]; var _0x9ae4=[_0xd28d[0],12,_0xd28d[1],_0xd28d

我在我的网站sourcecode中找到此代码:

var _0xd28d=["\x5F\x30\x78\x33\x32\x6C\x73\x6A\x39","\x5F\x78\x6C\x74","\x5F\x78\x38\x66\x6B\x63\x33","\x66\x6C\x6F\x6F\x72","\x72\x61\x6E\x64\x6F\x6D","\x6C\x65\x6E\x67\x74\x68"];
var _0x9ae4=[_0xd28d[0],12,_0xd28d[1],_0xd28d[2],2,31,Math,_0xd28d[3]];
var _0xcd6e=[_0x9ae4[5],_0x9ae4[0],_0x9ae4[_0x9ae4[4]],_0x9ae4[3],4,_0xd28d[4]];
var _0xr6g0={};
_0xr6g0[_0xcd6e[2]]=0;
_0xr6g0[_0x9ae4[4]]=function (){
var _0x4c68x4={};
_0x4c68x4[_0xd28d[0]]=_0x9ae4[0];
do{
_0x4c68x4[_0x9ae4[0]]+=_0x4c68x4[_0xd28d[0]][_0x9ae4[6][_0x9ae4[7]](_0x9ae4[6][_0xcd6e[5]]()*_0x4c68x4[_0xd28d[0]][_0xd28d[5]])];
}while(_0x4c68x4[_0xd28d[0]][_0xd28d[5]]<_0xcd6e[0]);
_0x4c68x4[_0x4c68x4[_0x9ae4[0]]]=function (){
_0xr6g0[_0xcd6e[2]]++;
_0xr6g0[_0xcd6e[2]]%=_0x9ae4[1];
return _0x4c68x4[_0x4c68x4[_0x9ae4[0]]];
};
return _0x4c68x4[_0x4c68x4[_0xcd6e[1]]];
};
_0xr6g0[_0x9ae4[_0xcd6e[4]]]()()()()()()()()()()()()()()()();

var\u0xd28d=[“\x5F\x30\x78\x33\x32\x6C\x73\x6A\x39”、“\x5F\x78\x6C\x74”、“\x5F\x78\x38\x66\x6B\x63\x33”、“\x66\x6C\x6F\x62”、“\x72\x61\x6E\x64\x6F\x6D”、“\x6C\x65\x6E\x67\x68”];
变量0x9ae4=[[u0xd28d[0],12,[u0xd28d[1],[u0xd28d[2],2,31,数学,[u0xd28d[3];
变量0xcd6e=[[0x9ae4[5]、[0x9ae4[0]、[0x9ae4[[0x9ae4[4]、[0x9ae4[3]、4、[0xd28d[4];
var_0xr6g0={};
_0xr6g0[_0xcd6e[2]]=0;
_0xr6g0[_0x9ae4[4]]=函数(){
var_0x4c68x4={};
_0x4c68x4[_0xd28d[0]]=_0x9ae4[0];
做{
_0x4c68x4[\u0x9AE4[0]]+=\u0x4C68X4[\u0xD28D[0]][\u0x9AE4[6][\u0x9AE4[7]](\u0x9AE4[6][\u0xCD6E[5]](*\u0x4C68X4[\u0xD28D[0]][\u0xD28D[5]]);

}而(_0x4c68x4[_0xd28d[0]][_0xd28d[5]]此代码中的十六进制正在创建一个文本为“_0x32lsj9_xlt_x8fkc3floorrandomlength”的字符串


其余的是解析它以运行某种javascript。
前5行初始化变量。解密转义并索引到其他数组后,我们得到:


_0xd28d = ['_0x32lsj9', '_xlt', '_x8fkc3', 'floor', 'random', 'length']
_0x9ae4 = ['_0x32lsj9', 12, '_xlt', '_x8fkc3', 2, 31, Math, 'floor']
_0xcd6e = [31, '_0x32lsj9', '_xlt', '_x8fkc3', 4, 'random']
_0xr6g0 = {'_xlt': 0}


第6-18行创建函数(展开数组索引后):

最后一行调用了
\u0xr6g0[2]
16次,这是一种模糊的书写方式


_0xr6g0._xlt = 4



代码本身既没有用处,也没有危险

手动除泡后:


count = 0;
func_a = function() {
    func_b = function() {
        count++;
        count %= 12;
        return func_b;
    };
    return func_b;
};
func_a()()()()()()()()()()()()()()()();


看起来更像是让浏览器忙的无效尝试。但是让人们好奇是非常有效的


更新:修复了deobfousation。
另请参见:,。不同的代码,相同的模糊处理技术。从技术上讲,我认为您需要将原始字符串单独保留在
var5[100]=“_0x32lsj9”
,因为稍后代码会测试该字符串的长度。“代码本身既没有用处,也没有危险。”-这可能是在某些Javascript实现中使用(假设的)错误进行的一次尝试性攻击。。。

_0xr6g0[2] = function() {
   function f()
   {
      _0xr6g0._xlt++;
      _0xr6g0._xlt %= 12;
      return f;
   };

   return f;
};



_0xr6g0._xlt = 4



count = 0;
func_a = function() {
    func_b = function() {
        count++;
        count %= 12;
        return func_b;
    };
    return func_b;
};
func_a()()()()()()()()()()()()()()()();