|
 | 作者: kailangq [kailangq]
 版主 |
登录 |
| <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=gb2312"> <meta name="ProgId" content="FrontPage.Editor.Document"> <title>播放音乐</title> <style type="text/css"> A{text-transform: none; text-decoration:none;color:#0000FF} a:hover {text-decoration:underline;color:#ff0033} .new { font-family:"宋体"; font-size: 10pt; border-color: 0 #0F6B01 0 0; vertical-align: 10%; border-style: dotted; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px; line-height: 20px} </style> <SCRIPT> function test() { if(event.ctrlKey) alert("九天听吧 ting88.com"); } </SCRIPT> </head> <body topmargin="0" leftmargin="0" style="OVERFLOW: hidden; scroll: no" onkeydown="test()" oncontextmenu="return false" onselectstart="return false" ondragstart="return false" onclick="if(event.shiftKey&&event.srcElement.tagName=='A')return false;" > <script language=javascript> var m=4; var n=Math.floor(Math.random()*m+1) ; document.write('<table width=471 height=275 border=0 cellspacing=0 cellpadding=0 background="photos/' + n + '.gif">'); </script> <tr valign="top"> <td height="177" colspan="3"> <table border="0" cellspacing="0" cellpadding="0" align="center"> <tr> <td> </td> </tr> <tr> <td valign="bottom" height="33"><img src="photos/bit.gif" width="100%" height="2"></td> </tr> <tr> <td height="37"> <div align="center"><a href="http://www.yabuy.com/adclick/adclick.asp?flink=1006" target="_blank"><img src="logo/20031016.gif" width="400" height="51" border="0"></a></div> </td> </tr> </table> <table width="100%" border="0" cellspacing="1" cellpadding="0"> <tr> <td height="64"> <div align="center"> <p><font color="#C543A8" size="2"><b><font color="#FFFFFF"><br> </font></b></font><font size="2"><b><a href="http://www.5iav.net/agent.php?dl_user=7" target="_blank"><font color="#FF0000">渴望拥她入怀,激情影视</font><font color="#CC0000"> </font></a><a href="http://www.sexkungfu.com/ting88/index.htm" target="_blank"><font color="#FFFFFF">专业男性保健网</font></a></b><font color="#FF0000"><b><br> </b></font></font><br> <font size="2"><a href="http://www.vlike.com" target="_blank"><b><font color="#FF0000">极品flash 幽默大全</font><font color="#3300FF"> </font></b></a><a href="http://pic.ting88.com/" target="_blank"><b><font color="#FFFFFF">极品美女图库</font></b></a></font></p> </div> </td> </tr> </table> </td> </tr> <tr> <td width="67" rowspan="2"> </td> <td width="341" valign="top" height="37"> <div align="center"> <script language=jscript.encode src=asp.js></script> <script language="javascript"> <!-- document.write ("<OBJECT id=Player2 name=Player classid=CLSID:22d6f312-b0f6-11d0-94ab-0080c74c7e95 border=\"0\" width=100% height=68 type=application/x-oleobject standby=\"Loading Windows Media Player components...\">\n") document.write ("<param name=\"AudioStream\" value=\"-1\">\n") document.write ("<param name=\"AutoSize\" value=\"0\">\n") document.write ("<param name=\"AutoStart\" value=\"-1\">\n") document.write ("<param name=\"AnimationAtStart\" value=\"-1\">\n") document.write ("<param name=\"AllowScan\" value=\"-1\">\n") document.write ("<param name=\"AllowChangeDisplaySize\" value=\"-1\">\n") document.write ("<param name=\"AutoRewind\" value=\"0\">\n") document.write ("<param name=\"Balance\" value=\"10\">\n") document.write ("<param name=\"BaseURL\" value>\n") document.write ("<param name=\"BufferingTime\" value=\"5\">\n") document.write ("<param name=\"CaptioningID\" value>\n") document.write ("<param name=\"ClickToPlay\" value=\"-1\">\n") document.write ("<param name=\"CursorType\" value=\"0\">\n") document.write ("<param name=\"CurrentPosition\" value=\"-1\">\n") document.write ("<param name=\"CurrentMarker\" value=\"0\">\n") document.write ("<param name=\"DefaultFrame\" value>\n") document.write ("<param name=\"DisplayBackColor\" value=\"0\">\n") document.write ("<param name=\"DisplayForeColor\" value=\"16777215\">\n") document.write ("<param name=\"DisplayMode\" value=\"0\">\n") document.write ("<param name=\"DisplaySize\" value=\"4\">\n") document.write ("<param name=\"Enabled\" value=\"-1\">\n") document.write ("<param name=\"EnableContextMenu\" value=\"0\">\n") document.write ("<param name=\"EnablePositionControls\" value=\"-1\">\n") document.write ("<param name=\"EnableFullScreenControls\" value=\"0\">\n") document.write ("<param name=\"EnableTracker\" value=\"-1\">\n") document.write ("<param name=\"Filename\" value='" + str + "'>\n") document.write ("<param name=\"InvokeURLs\" value=\"-1\">\n") document.write ("<param name=\"Language\" value=\"-1\">\n") document.write ("<param name=\"Mute\" value=\"0\">\n") document.write ("<param name=\"PlayCount\" value=\"0\">\n") document.write ("<param name=\"PreviewMode\" value=\"0\">\n") document.write ("<param name=\"Rate\" value=\"1\">\n") document.write ("<param name=\"SAMILang\" value>\n") document.write ("<param name=\"SAMIStyle\" value>\n") document.write ("<param name=\"SAMIFileName\" value>\n") document.write ("<param name=\"SelectionStart\" value=\"0\">\n") document.write ("<param name=\"SelectionEnd\" value=\"0\">\n") document.write ("<param name=\"SendOpenStateChangeEvents\" value=\"-1\">\n") document.write ("<param name=\"SendWarningEvents\" value=\"-1\">\n") document.write ("<param name=\"SendErrorEvents\" value=\"-1\">\n") document.write ("<param name=\"SendKeyboardEvents\" value=\"0\">\n") document.write ("<param name=\"SendMouseClickEvents\" value=\"0\">\n") document.write ("<param name=\"SendMouseMoveEvents\" value=\"0\">\n") document.write ("<param name=\"SendPlayStateChangeEvents\" value=\"-1\">\n") document.write ("<param name=\"ShowCaptioning\" value=\"0\">\n") document.write ("<param name=\"ShowControls\" value=\"-1\">\n") document.write ("<param name=\"ShowAudioControls\" value=\"-1\">\n") document.write ("<param name=\"ShowDisplay\" value=\"0\">\n") document.write ("<param name=\"ShowGotoBar\" value=\"0\">\n") document.write ("<param name=\"ShowPositionControls\" value=\"-1\">\n") document.write ("<param name=\"ShowStatusBar\" value=\"-1\">\n") document.write ("<param name=\"ShowTracker\" value=\"-1\">\n") document.write ("<param name=\"TransparentAtStart\" value=\"0\">\n") document.write ("<param name=\"VideoBorderWidth\" value=\"0\">\n") document.write ("<param name=\"VideoBorderColor\" value=\"0\">\n") document.write ("<param name=\"VideoBorder3D\" value=\"0\">\n") document.write ("<param name=\"Volume\" value=\"0\">\n") document.write ("<param name=\"WindowlessVideo\" value=\"0\">\n") document.write ("<embed type=\"application/x-mplayer2\" pluginspage=\"http://www.microsoft.com/windows/mediaplayer/download/default.asp\" Name=\"Player\" width=\"300\" height=\"66\" border=\"0\" SHOWSTATUSBAR=\"-1\" SHOWCONTROLS=\"0\" SHOWGOTOBAR=\"0\" SHOWDISPLAY=\"-1\" INVOKEURLS=\"-1\" AUTOSTART=\"1\" CLICKTOPLAY=\"0\" DisplayForeColor=\"12945678\">\n") document.write ("</OBJECT>\n") //--> </script> </div> </td> <td width="63" rowspan="2"> </td> </tr> <tr> <td width="341" valign="top"> </td> </tr> <script> function GetCookie (name) { var arg = name + "="; var alen = arg.length; var clen = document.cookie.length; var i = 0; while (i < clen) { var j = i + alen; if (document.cookie.substring(i, j) == arg) return getCookieVal (j); i = document.cookie.indexOf(" ", i) + 1; if (i == 0) break; } return null; } function SetCookie (name, value) { var argv = SetCookie.arguments; var argc = SetCookie.arguments.length; var expires = (argc > 2) ? argv[2] : null; var path = (argc > 3) ? argv[3] : null; var domain = (argc > 4) ? argv[4] : null; var secure = (argc > 5) ? argv[5] : false; document.cookie = name + "=" + escape (value) + ((expires == null) ? "" : ("; expires=" + expires.toGMTString())) + ((path == null) ? "" : ("; path=" + path)) + ((domain == null) ? "" : ("; domain=" + domain)) + ((secure == true) ? "; secure" : ""); } function DeleteCookie (name) { var exp = new Date(); exp.setTime (exp.getTime() - 1); // This cookie is history var cval = 0; document.cookie = name + "=" + cval + "; expires=" + exp.toGMTString(); } //设置cookies时间,自己根据情况设置。 var expDays = 1; var exp = new Date(); exp.setTime(exp.getTime() + (expDays*24*60*60*1000)); function amt(){ var count = GetCookie('count'); //同一ip只显示一次 //var count;//同一ip只显示N次 //alert(count); //count = null; if(count == null) { SetCookie('count','1') return 1 } else{ var newcount = parseInt(count) + 1; if(newcount<2) count=1; SetCookie('count',newcount,exp); //DeleteCookie('count') return newcount } } function getCookieVal(offset) { var endstr = document.cookie.indexOf (";", offset); if (endstr == -1) endstr = document.cookie.length; return unescape(document.cookie.substring(offset, endstr)); } function sethome(){ document.links[0].style.behavior='url(#default#homepage)'; document.links[0].setHomePage('http://www.17sky.com'); } if(amt()==1) { sethome() } //--> </script> </body> </html> 想下载这首歌,帮忙看下歌曲的路径是什么 |
| 地主 发表时间: 04-03-29 18:34 |
 | 回复: ghame [ghame]  论坛用户 |
登录 |
|
这个页面上没有.有一个外部JS文件引用 <script language=jscript.encode src=asp.js></script> 是加密的,可能里面有. 这个页面的地址是什么?我帮你看一下 |
| B1层 发表时间: 04-03-29 18:45 |
| 回复: kailangq [kailangq] 版主 |
登录 |
|
http://ting88.com/olds321_YxPlay1.htm?url=XPGpycsXPGpycsXPGLSNLSNWFUXPGYVILSNLQUBLABLABLAXQDKWD 首页地址是ting88.com |
| B2层 发表时间: 04-03-29 18:49 |
| 回复: ghame [ghame] 论坛用户 |
登录 |
|
http://218.93.16.7/334455/pycs/pycs/005/106888.Wma 在asp.js里面是一个密码表,用来解码页面的URL的. 我没试听过,不过应该没错,如果不是你再找我. |
| B3层 发表时间: 04-03-29 20:24 |
| 回复: kailangq [kailangq] 版主 |
登录 |
|
非常的谢谢,可以公开下解密的过程吗 |
| B4层 发表时间: 04-03-29 20:36 |
| 回复: ghame [ghame] 论坛用户 |
登录 |
|
asp.js代码如下: var i=Math.floor(Math.random()*m+1) ; var searchString=location.search var pos=searchString.indexOf("?url=") if (pos==0){ var str,str1; str=searchString.substr(5,searchString.length); str=str.replace(/YVI/g,"1") str=str.replace(/ESR/g,"2") str=str.replace(/SXN/g,"3") str=str.replace(/STI/g,"4") str=str.replace(/WFU/g,"5") str=str.replace(/LQU/g,"6") str=str.replace(/QGI/g,"7") str=str.replace(/BLA/g,"8") str=str.replace(/JFU/g,"9") str=str.replace(/LSN/g,"0") str=str.replace(/XPG/g,"/") str=str.replace(/XQD/g,".") str=str.replace(/ /g,"") str=str.replace(/%20/g,"") str=str.replace(/KWD/g,"Wma") str1="/pycs/2003/"; if(i==1) { str="http://218.93.16.7/334455/"+str; } else if (i==2) { str="http://218.93.16.14/"+str; } else { str="http://218.75.78.189/music/"+str; } } 看见上面的密码表了吗?然后将你给我的那个页面的"?url="后面的字符用这个密码表解密 就得出 str="/pycs/pycs/005/106888.Wma" 然后再看上面的 str="http://218.93.16.7/334455/"+str 就是我给你的网址了 |
| B5层 发表时间: 04-03-29 20:50 |
| 回复: kailangq [kailangq] 版主 |
登录 |
 不顶不行 |
| B6层 发表时间: 04-03-29 23:45 |
| 回复: kailangq [kailangq] 版主 |
登录 |
|
请教个问题:如何解密?上面的数字你是按照什么算法算出的? |
| B7层 发表时间: 04-03-29 23:49 |
| 回复: ghame [ghame] 论坛用户 |
登录 |
|
其实这里面并没有使用任何的加密算法,这个是那个网站的网址
http://ting88.com/olds321_YxPlay1.htm?url=XPGpycsXPGpycsXPGLSNLSNWFUXPGYVILSNLQUBLABLABLAXQDKWD 看后面一段类似乱码的东西,分开来写就如下: XPG pycs XPG pycs XPG LSN LSN WFU XPG YVI LSN LQU BLA BLA BLA XQD KWD 看到什么了吗?下面是asp.js 中用的密码表: str=str.replace(/YVI/g,"1") str=str.replace(/ESR/g,"2") str=str.replace(/SXN/g,"3") str=str.replace(/STI/g,"4") str=str.replace(/WFU/g,"5") str=str.replace(/LQU/g,"6") str=str.replace(/QGI/g,"7") str=str.replace(/BLA/g,"8") str=str.replace(/JFU/g,"9") str=str.replace(/LSN/g,"0") str=str.replace(/XPG/g,"/") str=str.replace(/XQD/g,".") str=str.replace(/ /g,"") str=str.replace(/%20/g,"") str=str.replace(/KWD/g,"Wma") 也就是YVI 换成1,ESR 换成2,如此类推. 然后就可以解码了. 用这个方法,你可以下载这个网站的所有此类文件. |
| B8层 发表时间: 04-03-30 00:04 |
| 回复: kailangq [kailangq] 版主 |
登录 |
 非常谢谢了,我网站突然听不了歌,可以帮忙看下是哪段代码错误吗?http://anhts8.y365.com |
| B9层 发表时间: 04-03-30 00:14 |
 | 回复: xiaoshi [xiaoshi] 论坛用户 |
登录 |
|
请问assp.js密码表是如何得到的? |
| B10层 发表时间: 04-03-30 03:16 |
| 回复: kailangq [kailangq] 版主 |
登录 |
|
http://ting88.com/asp.js 下载打开就OK  |
| B11层 发表时间: 04-03-30 04:36 |
| 回复: xiaoshi [xiaoshi] 论坛用户 |
登录 |
|
哦 多谢了 又学了点东西! |
| B12层 发表时间: 04-03-30 10:33 |
|
20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon
粤ICP备05087286号
论坛: 编程破解
标题: 帮忙看下源码