Sprouty Posted April 11, 2009 Share Posted April 11, 2009 Hi, i've been reading http://isc.sans.org/diary.html, and was wondering the best way to decode this? I know it was allready done on wepawet, but i would like to do it just to satsy myself. I've googled around and find lots of information but can't seem to do it. Any help i would be very gratefull. Cheers, Sprouty Quote Link to comment Share on other sites More sharing options...
digip Posted April 11, 2009 Share Posted April 11, 2009 Hi, i've been reading http://isc.sans.org/diary.html, and was wondering the best way to decode this? I know it was allready done on wepawet, but i would like to do it just to satsy myself. I've googled around and find lots of information but can't seem to do it. Any help i would be very gratefull. Cheers, Sprouty Well, that was only one part of the entire code. Without the functions output, it doesn't execute. If you click the wepawet link, it gives you the output they were able to decode(Much longer and more code). For basic scripts, you can usually just change the output to a textarea box via document.write statement. Go over to my blog and I demonstrate this on some spam I recently got from some wordpress spammers. http://www.twistedpairrecords.com/blog/200...ging-spam-code/ Just looked at what you were asking about. Here is what it gives, which inserted an iframe to another site. http://www.twistedpairrecords.com/digip/isc-dobfiscate.html Quote Link to comment Share on other sites More sharing options...
Sprouty Posted April 16, 2009 Author Share Posted April 16, 2009 Hey Thanks mate apprciate it. one quick question '%3c%69%66%72%61%6d%65%20%6e%61%6d%65%3d%63%33%32%20%73%72%63%3d%27%68%74%74% i know you can decode this with a javascript using document.write and unescape. but do you know how i would i do that from perl? I'm trying put something to gether so i ran run this from my linux command line cheers, Sprouty Quote Link to comment Share on other sites More sharing options...
digip Posted April 16, 2009 Share Posted April 16, 2009 Umm, I think somehting like #! usr/bin/perl print "What do you want to decode?"; $s = <>; $text = decode_entities($s); print "$text" I've never written anything in perl before, so this is just some things I googled and put together from diffeent pieces on the spot. Not sure if it will work. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.