|
In case that the hacker comes back (I hope that won't happen...), I'll post his new creation here.
Now I understand how drive-by infections work: open a "harmless" page with the injected script, an iframe is opened outside the visible area, and from there some malware gets installed. Really nice. Fortunately my computer was found clean after a 30 hours scan with 4 virus scanners.
|
|
|
|
|
Bernhard Hiller wrote: from there some malware gets installed Doesn't the browser ask before downloading/launching ANY file or extension? I always believed that I'm pretty safe from malware unless I click "downlad and run". Users get infected due to their gullibility ("scan your computer for problems and give us your credit card number by the way. And a phone number, just in case.") and lack of experience.
Right?
[edit] like this: Yu0Tube - Kareena Kapoor slapped a senior news reporter in a meeting [^] (quite smart, spotted in a commantary on "real" YouTube, but blocking all links is a bit unrealistic)
Greetings - Jacek
|
|
|
|
|
nice job!
That's pretty crafty there, on the original Javascript, an iFrame off the browser window, hidden from view.
Your code is crafty too.
|
|
|
|
|
Thanks Jim.
I've a 20 year history of reversing code - I taught myself to program in x86 ASM during high-school by dissasembling whatever programs I had to hand.
It's just a matter of experience/exposure, I guess.
|
|
|
|
|
So you must be around 48,
I took computer class in summer school of 1974 with wood shop. We had a Western Electric teletype machine, that stored our programs on yellow paper tape with rubber bands.
So we wrote programs in basic on paper, and typed them in, and ran them on a Sigma 7 Mainframe at UC Irvine.
In high school, I dropped computer class and took surf class instead, counted as a PE credit, should of stuck with it. Oh well.
Didn't pick up computers again till 1986, bought a IBM XT, but didn't know what to do with it, so I wrote programs in basic, and ran them off floppy disks. Bought a hard drive 2 years later.
I can reverse engineer a lot of things, but not code down to that level.
|
|
|
|
|
Nah, I'm just a young'n - 35, Wed next week, in fact.
Neato! Dad used to bring home punch cards for us to draw on as kids, back I suppose in about 1982 or so. We had a ball trying to imagine what all the 'dots' were that we were trying to join-up.
I think I was first exposed to Basic in about 1985 or so - A girl down the road had a ?? and I can remember vividly entering a program that would calculate your age in the year 2000 - a time that seemed a million years away. Damn - nearly as far past it now as we were before it, back then!
Isn't it funny where life takes us? I picked up programming when we were forced to occupy the computer-room at school when on detention.. I quickly swiped turbo Pascal 6 and Turbo C++ 3.1 from the network. But when a fellow nerd gave me a copies of his dad's TASM, MASM and Sourcer commenting dissasembler I was like a you-know-what in a you-know where! Still don't know what would have happened if I'd behaved that way I was supposed to back then..
Oh how I do envy you - we got our first piece of computerized anything in about 1990 when M&D spent about $4000 on a 386-33 complete with a whopping 40Mb HDD and 4, thats right count 'em, 4 MB of RAM.. That was an enormous purchase for m&d back then.
I was a bright but lonely kid, so was probably really lucky to have been exposed to computers at that time of my life - I still remember the stunning, overwhelming joy I felt as a 16 year old when I reverse-engineered the registration-code for UniVBE (video bios extender software) and turned shareware software into a registered version.
Heck, I still remember the reg code for Sourcer - B309868-ytht 20 years after I got it..
Now, if only I could reverse engineer people and social situations. :laughs:
Simon.
|
|
|
|
|
I started working for Xerox in 1983, and the office was filled with Xerox Word Processors, a text based system that printed to Diablo Printers. In 1985, we moved to Costa Mesa, and a new secret room was built and filled with Xerox 6065 Documenters, a tall brown tower hooked to 19" monitors, optical mouse, running Xerox Windows attached to a Xerox 2700 Laser Printer via serial cable. I was amazed at it, and started spending time learning how to use them. But all you could do was type a document, save it, and print it, and send and receive email via the internet. Yes we had internet back then.
They couldn't sell a single one starting at $40K each. At the same time, UC Irvine was one of my customers, and I started seeing all these IBM PC's popping up everywhere running WordStar, with Diablo Daisywheel printers.
So I thought to myself, I better buy one of those, they look like the future. Spent a whopping $2200 on it, with 128K of ram. My dad was a merchant marine, and thought it was a complete waste of money. Little did I know that those little beige boxes with green monitors would take off.
That's the story.
I'm sure everyone has a great story, should of took this to the lounge.
|
|
|
|
|
haha, you beat me, today i saw it and i found the same function. well, reading this hacking code i learned few sh*t today
like you can call a function of a object as string indexed array
i.e.
console.log( String["fromCharCode"](100));
i had no idea that is allowed in js
But the fact which is still poking me. How on earth the hacker managed to injact the code to the orginal code in the server???????????????????????????????????????
I wish I could believe there is an after life.
|
|
|
|
|
Mohibur Rashid wrote: But the fact which is still poking me. How on earth the hacker managed to injact the code to the orginal code in the server?
Indeed. I've often wondered about these things myself. Is it (a) a modification to the file stored on the server, or (b) an in-transit modification to the html payload (as some hotels and ISPs are known to do).
It sure is the pow(2,6) dollar question.
Make it work. Then do it better - Andrei Straut
|
|
|
|
|
please send me ajax simple program.......
|
|
|
|
|
See my answer to your other question.
One of these days I'm going to think of a really clever signature.
|
|
|
|
|
|
Try a Google search; you will find lots of information.
One of these days I'm going to think of a really clever signature.
|
|
|
|
|
|
I know that they are a rather good Dutch football team.
|
|
|
|
|
|
It's easy to crop,rotate,change colors of images.I want to use some senior image porcessing functions like DCT or FFT on HTML5 canvas? Is there any ready-made libs?
crop
<a href="http://www.webresourcesdepot.com/jquery-image-crop-plugin-jcrop">http://www.webresourcesdepot.com/jquery-image-crop-plugin-jcrop</a>[<a href="http://www.webresourcesdepot.com/jquery-image-crop-plugin-jcrop" target="_blank" title="New Window">^</a>]
rotate
<a href="http://code.google.com/p/jquery-rotate/">http://code.google.com/p/jquery-rotate/</a>[<a href="http://code.google.com/p/jquery-rotate/" target="_blank" title="New Window">^</a>]
change colors
<a href="http://github.com/mezzoblue/PaintbrushJS">http://github.com/mezzoblue/PaintbrushJS</a>[<a href="http://github.com/mezzoblue/PaintbrushJS" target="_blank" title="New Window">^</a>]
dct
<a href="http://en.wikipedia.org/wiki/Discrete_cosine_transform">http://en.wikipedia.org/wiki/Discrete_cosine_transform</a>[<a href="http://en.wikipedia.org/wiki/Discrete_cosine_transform" target="_blank" title="New Window">^</a>]
fft
<a href="http://en.wikipedia.org/wiki/Fft">http://en.wikipedia.org/wiki/Fft</a>[<a href="http://en.wikipedia.org/wiki/Fft" target="_blank" title="New Window">^</a>]
javascript dct fft
|
|
|
|
|
I'm toying around with objects for the first time, I'm kind of fuzzy about passing back an object to use in another function. It doesn't bomb, but my product object in load_Template is empty.
I looking for some clarity in understanding this.
function load_Template() {
var exitCode = 0;
$(document).ready(function () {
var product = new Object();
product = load_Structure_Product();
alert(product.ID);
});
return exitCode;
}
function load_Structure_Product() {
var product = new Object();
$(document).ready(function () {
product.ID = getParameterByName("cid");
if (product.ID != 33) {
product.PartNumber = "03-12E";
product.ManPartNumber = "03-12E";
});
return product;
}
|
|
|
|
|
Well of course it's empty, since you never assigned anything into it! You set up a document.ready handler which will later push some stuff into it, for some reason – since that function's already called inside a ready handler, I don't understand why you've done that. Just assign things directly into there!
function load_Structure_Product(){
var product = { ID: getParameterByName("cid") };
if(product.ID != 33) {
product.PartNumber = "03-12E";
product.ManPartNumber = "03-12E";
}
return product;
}
|
|
|
|
|
Thanks,
I was wondering it I had to initialize the object like a structure in c++
The 33 was a mistake, suppose to be != ""
Let me try it today
|
|
|
|
|
I am looking through JavaScript and searching the web to try to learn what it is doing. I see this as the first line of text. var RVIPath = RVIPath || {};
I know the || is a logical operator for OR. But the rest makes no sense to me.
|
|
|
|
|
I'm not sure what you're looking at. But what that does is assigns a new blank object ( {} ) to that variable if it didn't previously exist. (Actually, it also does it if that variable contains 0, false, an empty string, null or possibly an empty object or array, as well as undefined. But I'm sure its purpose is to ensure it is assigned to something before further processing.)
|
|
|
|
|
Thanks Bob.
But why the OR operand?
Here is the rest of the code:
// This function will open a new window with the URL of the Image requested.
OpenImageWindow = function (ImageViewer, RVIPath)
{
if (RVIPath != "XX") {
var hgt = screen.height - 20;
var wdt = screen.width * .5;
var lft = 1100;
var window_chrome = "toolbar=no,resizable=yes,height=" + hgt + ",width=" + wdt;
cas_window1 = window.open(RVIPath, "NewWindow", window_chrome);
cas_ window1.focus();
}
}
// This function will read thru a subfile and determine if the the Image field has a "Y" in it.
// If it does then it will set the field to " " and display the Scanner Images.
// If it does not then it sets the field to " " and leaves the URL blank.
DisplayScannerImage = function (elementsLength, imgCharField, imgImage, ScannerPath, startingID)
{
var startpoint = startingID;
var next = startpoint;
for (var i = 0; i < elementsLength; i++) {
var imgtext = document.getElementById(imgCharField + next);
var imgUrl = document.getElementById(imgImage + next);
if ($(imgtext).text() != 'Y') {
$(imgtext).text(' ');
$(imgUrl).hide();
}
if ($(imgtext).text() == 'Y') {
$(imgtext).text(' ');
$(imgUrl).attr('src', ScannerPath);
}
next = next + 1;
}
}
|
|
|
|
|
fellathedog wrote: But why the OR operand? It's a shorthand way of saying:
if (RVIPath != NULL)
RVIPath = RVIPath;
else
RVIPath = new object;
if (RVIPath == NULL)
RVIPath = new object;
One of these days I'm going to think of a really clever signature.
|
|
|
|
|
We had a missionary from Japan Sunday at church that said "the Japaneese language was created by the devil", in reference to it being hard to learn. Coming from a very safe comfortable environment to the web sometimes makes me think the same about JavaScript. I will learn this and be looking back and laughing at this comment. Thanks.
|
|
|
|