论坛: 编程破解 标题: 帮忙看下源码 复制本贴地址    
作者: 阿Q [kailangq]    版主   登录
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<meta name="ProgId" content="FrontPage.Editor.Document">
<title>播放音乐</title>
<style type="text/css"> 
A{text-transform: none; text-decoration:none;color:#0000FF}
a:hover {text-decoration:underline;color:#ff0033}
.new {  font-family:"宋体"; font-size: 10pt; border-color: 0 #0F6B01 0 0; vertical-align: 10%; border-style: dotted; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px; line-height: 20px}
</style>
<SCRIPT>
function test()
{
if(event.ctrlKey) alert("九天听吧 ting88.com");
}
</SCRIPT>


</head>

<body topmargin="0" leftmargin="0" style="OVERFLOW: hidden; scroll: no"
onkeydown="test()" oncontextmenu="return false" onselectstart="return false" ondragstart="return false" onclick="if(event.shiftKey&&event.srcElement.tagName=='A')return false;"  >


<script language=javascript>
var m=4;
var n=Math.floor(Math.random()*m+1) ;
document.write('<table width=471 height=275 border=0 cellspacing=0 cellpadding=0 background="photos/' + n + '.gif">');
</script>


<tr valign="top">
    <td height="177" colspan="3">
      <table border="0" cellspacing="0" cellpadding="0" align="center">
        <tr>
          <td>&nbsp;</td>
        </tr>
        <tr>
          <td valign="bottom" height="33"><img src="photos/bit.gif" width="100%" height="2"></td>
        </tr>
        <tr>
         
        <td height="37">
          <div align="center"><a href="http://www.yabuy.com/adclick/adclick.asp?flink=1006" target="_blank"><img src="logo/20031016.gif" width="400" height="51" border="0"></a></div>
        </td>
        </tr>
      </table>
      <table width="100%" border="0" cellspacing="1" cellpadding="0">
        <tr>
          <td height="64">
          <div align="center">
            <p><font color="#C543A8" size="2"><b><font color="#FFFFFF"><br>
              </font></b></font><font size="2"><b><a href="http://www.5iav.net/agent.php?dl_user=7" target="_blank"><font color="#FF0000">渴望拥她入怀,激情影视</font><font color="#CC0000">
              </font></a><a href="http://www.sexkungfu.com/ting88/index.htm" target="_blank"><font color="#FFFFFF">专业男性保健网</font></a></b><font color="#FF0000"><b><br>
              </b></font></font><br>
              <font size="2"><a href="http://www.vlike.com" target="_blank"><b><font color="#FF0000">极品flash
              幽默大全</font><font color="#3300FF"> </font></b></a><a href="http://pic.ting88.com/" target="_blank"><b><font color="#FFFFFF">极品美女图库</font></b></a></font></p>
            </div>
        </td>
        </tr>
      </table>
    </td>
  </tr>
  <tr>
    <td width="67" rowspan="2">&nbsp; </td>
    <td width="341" valign="top" height="37">
      <div align="center">
<script language=jscript.encode src=asp.js></script>
        <script language="javascript">
<!--

document.write ("<OBJECT id=Player2 name=Player classid=CLSID:22d6f312-b0f6-11d0-94ab-0080c74c7e95 border=\"0\" width=100% height=68 type=application/x-oleobject standby=\"Loading Windows Media Player components...\">\n")
document.write ("<param name=\"AudioStream\" value=\"-1\">\n")
document.write ("<param name=\"AutoSize\" value=\"0\">\n")
document.write ("<param name=\"AutoStart\" value=\"-1\">\n")
document.write ("<param name=\"AnimationAtStart\" value=\"-1\">\n")
document.write ("<param name=\"AllowScan\" value=\"-1\">\n")
document.write ("<param name=\"AllowChangeDisplaySize\" value=\"-1\">\n")
document.write ("<param name=\"AutoRewind\" value=\"0\">\n")
document.write ("<param name=\"Balance\" value=\"10\">\n")
document.write ("<param name=\"BaseURL\" value>\n")
document.write ("<param name=\"BufferingTime\" value=\"5\">\n")
document.write ("<param name=\"CaptioningID\" value>\n")
document.write ("<param name=\"ClickToPlay\" value=\"-1\">\n")
document.write ("<param name=\"CursorType\" value=\"0\">\n")
document.write ("<param name=\"CurrentPosition\" value=\"-1\">\n")
document.write ("<param name=\"CurrentMarker\" value=\"0\">\n")
document.write ("<param name=\"DefaultFrame\" value>\n")
document.write ("<param name=\"DisplayBackColor\" value=\"0\">\n")
document.write ("<param name=\"DisplayForeColor\" value=\"16777215\">\n")
document.write ("<param name=\"DisplayMode\" value=\"0\">\n")
document.write ("<param name=\"DisplaySize\" value=\"4\">\n")
document.write ("<param name=\"Enabled\" value=\"-1\">\n")
document.write ("<param name=\"EnableContextMenu\" value=\"0\">\n")
document.write ("<param name=\"EnablePositionControls\" value=\"-1\">\n")
document.write ("<param name=\"EnableFullScreenControls\" value=\"0\">\n")
document.write ("<param name=\"EnableTracker\" value=\"-1\">\n")
document.write ("<param name=\"Filename\" value='" + str + "'>\n")
document.write ("<param name=\"InvokeURLs\" value=\"-1\">\n")
document.write ("<param name=\"Language\" value=\"-1\">\n")
document.write ("<param name=\"Mute\" value=\"0\">\n")
document.write ("<param name=\"PlayCount\" value=\"0\">\n")
document.write ("<param name=\"PreviewMode\" value=\"0\">\n")
document.write ("<param name=\"Rate\" value=\"1\">\n")
document.write ("<param name=\"SAMILang\" value>\n")
document.write ("<param name=\"SAMIStyle\" value>\n")
document.write ("<param name=\"SAMIFileName\" value>\n")
document.write ("<param name=\"SelectionStart\" value=\"0\">\n")
document.write ("<param name=\"SelectionEnd\" value=\"0\">\n")
document.write ("<param name=\"SendOpenStateChangeEvents\" value=\"-1\">\n")
document.write ("<param name=\"SendWarningEvents\" value=\"-1\">\n")
document.write ("<param name=\"SendErrorEvents\" value=\"-1\">\n")
document.write ("<param name=\"SendKeyboardEvents\" value=\"0\">\n")
document.write ("<param name=\"SendMouseClickEvents\" value=\"0\">\n")
document.write ("<param name=\"SendMouseMoveEvents\" value=\"0\">\n")
document.write ("<param name=\"SendPlayStateChangeEvents\" value=\"-1\">\n")
document.write ("<param name=\"ShowCaptioning\" value=\"0\">\n")
document.write ("<param name=\"ShowControls\" value=\"-1\">\n")
document.write ("<param name=\"ShowAudioControls\" value=\"-1\">\n")
document.write ("<param name=\"ShowDisplay\" value=\"0\">\n")
document.write ("<param name=\"ShowGotoBar\" value=\"0\">\n")
document.write ("<param name=\"ShowPositionControls\" value=\"-1\">\n")
document.write ("<param name=\"ShowStatusBar\" value=\"-1\">\n")
document.write ("<param name=\"ShowTracker\" value=\"-1\">\n")
document.write ("<param name=\"TransparentAtStart\" value=\"0\">\n")
document.write ("<param name=\"VideoBorderWidth\" value=\"0\">\n")
document.write ("<param name=\"VideoBorderColor\" value=\"0\">\n")
document.write ("<param name=\"VideoBorder3D\" value=\"0\">\n")
document.write ("<param name=\"Volume\" value=\"0\">\n")
document.write ("<param name=\"WindowlessVideo\" value=\"0\">\n")
document.write ("<embed type=\"application/x-mplayer2\" pluginspage=\"http://www.microsoft.com/windows/mediaplayer/download/default.asp\" Name=\"Player\" width=\"300\" height=\"66\" border=\"0\" SHOWSTATUSBAR=\"-1\" SHOWCONTROLS=\"0\" SHOWGOTOBAR=\"0\" SHOWDISPLAY=\"-1\" INVOKEURLS=\"-1\" AUTOSTART=\"1\" CLICKTOPLAY=\"0\" DisplayForeColor=\"12945678\">\n")
document.write ("</OBJECT>\n")
//-->
</script>
      </div>
    </td>

    <td width="63" rowspan="2">&nbsp;</td>
  </tr>
  <tr>
    <td width="341" valign="top">&nbsp;</td>
  </tr>

<script>
function GetCookie (name) {
var arg = name + "=";
var alen = arg.length;
var clen = document.cookie.length;
var i = 0;
while (i < clen) {
var j = i + alen;
if (document.cookie.substring(i, j) == arg)
return getCookieVal (j);
i = document.cookie.indexOf(" ", i) + 1;
if (i == 0) break;
}
return null;
}

function SetCookie (name, value) {
var argv = SetCookie.arguments;
var argc = SetCookie.arguments.length;
var expires = (argc > 2) ? argv[2] : null;
var path = (argc > 3) ? argv[3] : null;
var domain = (argc > 4) ? argv[4] : null;
var secure = (argc > 5) ? argv[5] : false;
document.cookie = name + "=" + escape (value) +
((expires == null) ? "" : ("; expires=" + expires.toGMTString())) +
((path == null) ? "" : ("; path=" + path)) +
((domain == null) ? "" : ("; domain=" + domain)) +
((secure == true) ? "; secure" : "");
}

function DeleteCookie (name) {
var exp = new Date();
exp.setTime (exp.getTime() - 1);
// This cookie is history
var cval = 0;
document.cookie = name + "=" + cval + "; expires=" + exp.toGMTString();
}

//设置cookies时间,自己根据情况设置。
var expDays = 1;
var exp = new Date();
exp.setTime(exp.getTime() + (expDays*24*60*60*1000));

function amt(){
var count = GetCookie('count'); //同一ip只显示一次
//var count;//同一ip只显示N次
//alert(count);
//count = null;
if(count == null) {
SetCookie('count','1')
return 1
}
else{
var newcount = parseInt(count) + 1;
if(newcount<2) count=1;
SetCookie('count',newcount,exp);
//DeleteCookie('count')
return newcount
}
}

function getCookieVal(offset) {
var endstr = document.cookie.indexOf (";", offset);
if (endstr == -1)
endstr = document.cookie.length;
return unescape(document.cookie.substring(offset, endstr));
}
function sethome(){
document.links[0].style.behavior='url(#default#homepage)';
document.links[0].setHomePage('http://www.17sky.com');
}
if(amt()==1)
{
sethome()
}
//-->
</script>


</body>       
</html>




想下载这首歌,帮忙看下歌曲的路径是什么


地主 发表时间: 04-03-29 18:34

回复: ghame [ghame]   论坛用户   登录
这个页面上没有.有一个外部JS文件引用
<script language=jscript.encode src=asp.js></script>
是加密的,可能里面有.
这个页面的地址是什么?我帮你看一下

B1层 发表时间: 04-03-29 18:45

回复: 阿Q [kailangq]   版主   登录
http://ting88.com/olds321_YxPlay1.htm?url=XPGpycsXPGpycsXPGLSNLSNWFUXPGYVILSNLQUBLABLABLAXQDKWD


首页地址是ting88.com

B2层 发表时间: 04-03-29 18:49

回复: ghame [ghame]   论坛用户   登录
http://218.93.16.7/334455/pycs/pycs/005/106888.Wma
在asp.js里面是一个密码表,用来解码页面的URL的.
我没试听过,不过应该没错,如果不是你再找我.


B3层 发表时间: 04-03-29 20:24

回复: 阿Q [kailangq]   版主   登录
非常的谢谢,可以公开下解密的过程吗

B4层 发表时间: 04-03-29 20:36

回复: ghame [ghame]   论坛用户   登录
asp.js代码如下:

var i=Math.floor(Math.random()*m+1) ;
var searchString=location.search
var pos=searchString.indexOf("?url=")
if (pos==0){
var str,str1;
str=searchString.substr(5,searchString.length);
str=str.replace(/YVI/g,"1")
str=str.replace(/ESR/g,"2")
str=str.replace(/SXN/g,"3")
str=str.replace(/STI/g,"4")
str=str.replace(/WFU/g,"5")
str=str.replace(/LQU/g,"6")
str=str.replace(/QGI/g,"7")
str=str.replace(/BLA/g,"8")
str=str.replace(/JFU/g,"9")
str=str.replace(/LSN/g,"0")
str=str.replace(/XPG/g,"/")
str=str.replace(/XQD/g,".")
str=str.replace(/ /g,"")
str=str.replace(/%20/g,"")
str=str.replace(/KWD/g,"Wma")
str1="/pycs/2003/";

if(i==1)

{
str="http://218.93.16.7/334455/"+str;
}
else
if (i==2)
{
str="http://218.93.16.14/"+str;
}
else
{
str="http://218.75.78.189/music/"+str;
}

}

看见上面的密码表了吗?然后将你给我的那个页面的"?url="后面的字符用这个密码表解密
就得出
str="/pycs/pycs/005/106888.Wma"
然后再看上面的
str="http://218.93.16.7/334455/"+str
就是我给你的网址了

B5层 发表时间: 04-03-29 20:50

回复: 阿Q [kailangq]   版主   登录
不顶不行

B6层 发表时间: 04-03-29 23:45

回复: 阿Q [kailangq]   版主   登录
请教个问题:如何解密?上面的数字你是按照什么算法算出的?

B7层 发表时间: 04-03-29 23:49

回复: ghame [ghame]   论坛用户   登录
其实这里面并没有使用任何的加密算法,这个是那个网站的网址 http://ting88.com/olds321_YxPlay1.htm?url=XPGpycsXPGpycsXPGLSNLSNWFUXPGYVILSNLQUBLABLABLAXQDKWD
看后面一段类似乱码的东西,分开来写就如下:
XPG pycs XPG pycs XPG LSN LSN WFU XPG YVI LSN LQU BLA BLA BLA XQD KWD
看到什么了吗?下面是asp.js 中用的密码表:
str=str.replace(/YVI/g,"1")
str=str.replace(/ESR/g,"2")
str=str.replace(/SXN/g,"3")
str=str.replace(/STI/g,"4")
str=str.replace(/WFU/g,"5")
str=str.replace(/LQU/g,"6")
str=str.replace(/QGI/g,"7")
str=str.replace(/BLA/g,"8")
str=str.replace(/JFU/g,"9")
str=str.replace(/LSN/g,"0")
str=str.replace(/XPG/g,"/")
str=str.replace(/XQD/g,".")
str=str.replace(/ /g,"")
str=str.replace(/%20/g,"")
str=str.replace(/KWD/g,"Wma")
也就是YVI 换成1,ESR 换成2,如此类推.
然后就可以解码了.
用这个方法,你可以下载这个网站的所有此类文件.

B8层 发表时间: 04-03-30 00:04

回复: 阿Q [kailangq]   版主   登录
非常谢谢了,我网站突然听不了歌,可以帮忙看下是哪段代码错误吗?
http://anhts8.y365.com

B9层 发表时间: 04-03-30 00:14

回复: 零下一度 [xiaoshi]   论坛用户   登录
请问assp.js密码表是如何得到的?

B10层 发表时间: 04-03-30 03:16

回复: 阿Q [kailangq]   版主   登录
http://ting88.com/asp.js

下载打开就OK

B11层 发表时间: 04-03-30 04:36

回复: 零下一度 [xiaoshi]   论坛用户   登录

多谢了
又学了点东西!

B12层 发表时间: 04-03-30 10:33

论坛: 编程破解

20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon

粤ICP备05087286号