Pada saat mencoba template gratisan, kdang kita terheran-heran saat blog kita tiba-tiba ter-redirect secara otomatis.
Contoh Script Redirect otomatis:
<script type='text/javascript'>
$(document)["ready"](function() {$("#credit")["html"]("<a href="URLDOMAIN">BLOG TEMPLATE</a>"); setInterval(function() { if (!$("#credit:visible")["length"]) {window["location"]["href"] = "URLDOMAIN"}}, 3000)});
</script>
Tapi setelah kita cari di template kok ga nemu2. Bisa dipastikan kode Javascript-nya sudah di-Obfuscated.
Ada yang
mau lihat lihat koleksi atau membeli KAOS
DAKWAH atau KAOS
DISTRO bisa di lihat stok nya di GHIRAH
Ini dia cara menemukannya
<footer class='footerku' id='footerku'>
<span class='credit-link'> Template By <a href='URLDOMAIN' id='credit' title='BLOG TEMPLATE'>BLOG TEMPLATE</a></span>
</footer>
*Warna merah : Kalau dihapus, blog kita akan ter-redirect
2. Cari kode Javascript yang di-obfuscated pada template
Contoh kode yang di-obvuscated:
<script type='text/javascript'>
//<![CDATA[
var summary = 38;
var ry = "<h4>Similar Posts</h4>";
rn = "<h5>No related post available</h5>";
eval(function(w, i, s, e) {
var lIll = 0;
var ll1I = 0;
var Il1l = 0;
var ll1l = [];
var l1lI = [];
while (true) {
if (lIll < 5) l1lI.push(w.charAt(lIll));
else if (lIll < w.length) ll1l.push(w.charAt(lIll));
lIll++;
if (ll1I < 5) l1lI.push(i.charAt(ll1I));
else if (ll1I < i.length) ll1l.push(i.charAt(ll1I));
ll1I++;
if (Il1l < 5) l1lI.push(s.charAt(Il1l));
else if (Il1l < s.length) ll1l.push(s.charAt(Il1l));
Il1l++;
if (w.length + i.length + s.length + e.length == ll1l.length + l1lI.length + e.length) break;
}
var lI1l = ll1l.join('');
var I1lI = l1lI.join('');
ll1I = 0;
var l1ll = [];
for (lIll = 0; lIll < ll1l.length; lIll += 2) {
var ll11 = -1;
if (I1lI.charCodeAt(ll1I) % 2) ll11 = 1;
l1ll.push(String.fromCharCode(parseInt(lI1l.substr(lIll, 2), 36) - ll11));
ll1I++;
if (ll1I >= l1lI.length) ll1I = 0;
}
return l1ll.join('');
}('8f8991u2z2829333916243q01211m25312q1b3v2c1d3q011z2k3q01222k3v3u37262t203p112238231s27352z14212x252z1a3u29111z38251s27332z1632281w1z121611133v2b2q192z241u3u2v2z2n113w262c133x2b2q172z2611121m233e1i2e2936182x3u101z1o380y101z3b233x2z2938182x3s10111o2e162t3b233x29213x3b233v29233x111z2s2911222s271u3u291p2o1i27222o2c1z2314193v111122223316312q193v111k1v332z1d322p2c1z3w2o211o1e27311q1m23111s273r173126162c1c3e', 'f784611326f3a308d8b74df064e321d9')); //]]>
$(document).ready(function() {
$( & quot;.taze & quot;).click(function() {
$( & quot;.jeep & quot;).slideToggle( & quot; normal & quot;);
});
});
$(document).ready(function() {
$( & quot;.tabe & quot;).click(function() {
$( & quot;.deep & quot;).slideToggle( & quot; normal & quot;);
});
});
</script>
*Kode warna merah adalah kode yang telah di-obvuscate. (Kode sebenarnya lebih panjang, saya potong biar ga terlalu panjang
3. Copy kode warna merah, dan kemudian paste pada Tool DeObfuscate Javascript.
Contoh tool: _http://deobfuscatejavascript.com/
4. Biasanya setelah di-Deobvuscate, script Redirect langsung bisa ditemukan. Tapi kadang masih ada yang berupa format Hex. Jadi kita harus menggunakan tool Hex Decoder: _http://ddecode.com/hexdecoder/
Contoh kode:
$(document)["\x72\x65\x61\x64\x79"](function() {
$("\x23\x63\x72\x65\x64\x69\x74")["\x68\x74\x6D\x6C"]("\x3C\x61\x20\x68\x72\x65\x66\x3D\x22\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x62\x6C\x6F\x67\x67\x65\x72\x74\x68\x65\x6D\x65\x39\x2E\x63\x6F\x6D\x2F\x22\x3E\x42\x6C\x6F\x67\x67\x65\x72\x74\x68\x65\x6D\x65\x39\x3C\x2F\x61\x3E");
setInterval(function() {
if (!$("\x23\x63\x72\x65\x64\x69\x74\x3A\x76\x69\x73\x69\x62\x6C\x65")["\x6C\x65\x6E\x67\x74\x68"]) {
window["\x6C\x6F\x63\x61\x74\x69\x6F\x6E"]["\x68\x72\x65\x66"] = "\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x62\x6C\x6F\x67\x67\x65\x72\x74\x68\x65\x6D\x65\x39\x2E\x63\x6F\x6D\x2F"
}
}, 3000)
});
5. Setelah di-decode, ketemu deh akhirnya
Post A Comment:
0 comments: