Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: help with obfuscated javascript

From: "security.basics" <security.basics () securityfocus lists bitrouters com>
Date: Sat, 6 Jan 2007 08:24:45 +0000
cn/jp/kr language, you can simply try to use document.write() with unescape(your_str) as parameter and u'll see it.
its unicode rep

On Fri, Jan 05, 2007 at 04:21:59AM -0500, Andrew wrote:

X-Original-To: security.basics () securityfocus lists bitrouters com
Delivered-To: security.basics () securityfocus lists bitrouters com
Mailing-List: contact security-basics-help () securityfocus com; run by ezmlm
Precedence: bulk
List-Id: <security-basics.list-id.securityfocus.com>
List-Post: <mailto:security-basics () securityfocus com>
List-Help: <mailto:security-basics-help () securityfocus com>
List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com>
List-Subscribe: <mailto:security-basics-subscribe () securityfocus com>
Resent-Sender: listbounce () securityfocus com
Errors-To: listbounce () securityfocus com
Delivered-To: mailing list security-basics () securityfocus com
Delivered-To: moderator for security-basics () securityfocus com
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:user-agent:mime-version:to:subject:content-type:content-transfer-encoding;
        
b=lUdnHi2180Wc1YE+GXUIXI+5oErw405HYDxR+7fJhdASAXiKC6C6eTgy5Sqga45+kB+TpKMYHJxJr7dzkXYnJkiR4olITt/afqWzw9hWVyfx7Sj45zYQRyHIe4v2XFjPkwXXY7GNuDFiUDsaMIMiRwWZH0Qxu37Otx4JxVtulIc=
Date: Fri, 05 Jan 2007 04:21:59 -0500
From: Andrew <andrewjsm () gmail com>
User-Agent: Thunderbird 1.5.0.9 (Windows/20061207)
To: security-basics () securityfocus com
Subject: help with obfuscated javascript
Resent-Message-Id: <20070105141911.1A8B217424C () outgoing2 securityfocus com>
Resent-Date: Fri,  5 Jan 2007 07:19:11 -0700 (MST)
Resent-From: security-basics-return-42595 () securityfocus com

I'm already familiar with how to unobfuscate  basic unescaped javascript 
such as %79%6C%75%6D, etc.

I recently ran across a file with the following:

unescape("%u9090%u9090%u0feb%u335b%u66c9%u80b9%u8001%uef33%ue243% .....

Any idea what this encoding is/how to decode it?

Thanks!

---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher

Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.

http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------



-- 
adrian ilarion ciobanu (cia)

---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher

Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.

http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: