Sector.Xero Posted December 20, 2009 Share Posted December 20, 2009 Hi. It's snowing and I'm bored. Could any of you guys tell me the trick to viewing these malicious scripts? I would like to see examples on how they are trying to attack my UB3RLE3T3 HAXoR BOX!!!!!! Quote Link to comment Share on other sites More sharing options...
Sparda Posted December 20, 2009 Share Posted December 20, 2009 Most malicious web pages rely on bugs/flaws in JavaScript engines to exploit browsers. There are very few exploits that can be done in HTML alone. You can view them in a text editor quite safely, and download them with wget. Quote Link to comment Share on other sites More sharing options...
digip Posted December 20, 2009 Share Posted December 20, 2009 Just misspell some high profile sites and you will probably find parked domains with malware iframes containing obfuscated javascript. Be brave, wander off the beaten path and then save some scripts to disect...also, turn off javascript(+vbscript if you use IE), java and all plugins before attempting this. If possible, use a vm. Most sites ending in .cn are also good for looking at for this type of stuff, often sent in spam. In fact, create a fake email just to get on spam lists so you can grab all these sorts of scripts from the spam links. I usually follow all the stuff I get sent, and 99% of the sapm is either russian or chinese redirects for drugstores, penis enhancments, casinos and rolex watches. Occasionally a 419 scam here or there, but mostly .cn and .ru links containing malware. Quote Link to comment Share on other sites More sharing options...
Dаrren Kitchen Posted December 22, 2009 Share Posted December 22, 2009 Are you talking about obfuscated javascript? if so these links may help: http://www.aspheute.com/english/20011123.asp http://www.virtualconspiracy.com/content/scrdec/download Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.