Notification

×

Iklan

Iklan

>

Cara Menghapus Script Redirect Tersembunyi Themplate Detikweb (Deobfuscate Javascript)

Friday, May 21, 2021 | Friday, May 21, 2021 WIB Last Updated 2021-06-04T06:56:33Z

karawangportal
Cara Menghapus Script Redirect Tersembunyi Themplate Detikweb (Deobfuscate Javascript)


 

KARAWANGPORTAL - Pada saat mencoba template gratisan, kadang kita terheran-heran saat blog kita tiba-tiba ter-redirect secara otomatis.:D
Contoh Script Redirect otomatis:
<script type='text/javascript'>
[COLOR="#FF0000"]$(document)["ready"](function() {$("#credit")["html"]("<a href="URLDOMAIN">BLOG TEMPLATE</a>");    setInterval(function() { if (!$("#credit:visible")["length"]) {window["location"]["href"] = "URLDOMAIN"}}, 3000)});[/COLOR]
</script>
Tapi setelah kita cari di template kok ga nemu2. Bisa dipastikan kode Javascript-nya sudah di-Obfuscated.
Ini dia cara menemukannya:D.
1. Biasanya blog kita akan di-redirect secara otomatis jika menghapus kode link credit.
Contoh:
<footer class='footerku' id='footerku'>
<span class='credit-link'> Template By [COLOR="#FF0000"]<a href='URLDOMAIN' id='credit' title='BLOG TEMPLATE'>BLOG TEMPLATE</a>[/COLOR]</span>
</footer>
 *Warna merah : Kalau dihapus, blog kita akan ter-redirect
2. Cari kode Javascript yang di-obfuscated pada template
Contoh kode yang di-obvuscated:
<script type='text/javascript'>
    //<![CDATA[
    var summary = 38;
    var ry = "<h4>Similar Posts</h4>";
    rn = "<h5>No related post available</h5>";
    [COLOR="#FF0000"]eval(function(w, i, s, e) {
        var lIll = 0;
        var ll1I = 0;
        var Il1l = 0;
        var ll1l = [];
        var l1lI = [];
        while (true) {
            if (lIll < 5) l1lI.push(w.charAt(lIll));
            else if (lIll < w.length) ll1l.push(w.charAt(lIll));
            lIll++;
            if (ll1I < 5) l1lI.push(i.charAt(ll1I));
            else if (ll1I < i.length) ll1l.push(i.charAt(ll1I));
            ll1I++;
            if (Il1l < 5) l1lI.push(s.charAt(Il1l));
            else if (Il1l < s.length) ll1l.push(s.charAt(Il1l));
            Il1l++;
            if (w.length + i.length + s.length + e.length == ll1l.length + l1lI.length + e.length) break;
        }
        var lI1l = ll1l.join('');
        var I1lI = l1lI.join('');
        ll1I = 0;
        var l1ll = [];
        for (lIll = 0; lIll < ll1l.length; lIll += 2) {
            var ll11 = -1;
            if (I1lI.charCodeAt(ll1I) % 2) ll11 = 1;
            l1ll.push(String.fromCharCode(parseInt(lI1l.substr(lIll, 2), 36) - ll11));
            ll1I++;
            if (ll1I >= l1lI.length) ll1I = 0;
        }
        return l1ll.join('');
    }('8f8991u2z2829333916243q01211m25312q1b3v2c1d3q011z2k3q01222k3v3u37262t203p112238231s27352z14212x252z1a3u29111z38251s27332z1632281w1z121611133v2b2q192z241u3u2v2z2n113w262c133x2b2q172z2611121m233e1i2e2936182x3u101z1o380y101z3b233x2z2938182x3s10111o2e162t3b233x29213x3b233v29233x111z2s2911222s271u3u291p2o1i27222o2c1z2314193v111122223316312q193v111k1v332z1d322p2c1z3w2o211o1e27311q1m23111s273r173126162c1c3e', 'f784611326f3a308d8b74df064e321d9'));[/COLOR] //]]>  
    $(document).ready(function() {
        $( & quot;.taze & quot;).click(function() {
            $( & quot;.jeep & quot;).slideToggle( & quot; normal & quot;);
        });
    });
    $(document).ready(function() {
        $( & quot;.tabe & quot;).click(function() {
            $( & quot;.deep & quot;).slideToggle( & quot; normal & quot;);
        });
    });
</script>
*Kode warna merah adalah kode yang telah di-obvuscate. (Kode sebenarnya lebih panjang, saya potong biar ga terlalu panjang
3. Copy kode warna merah, dan kemudian paste pada Tool DeObfuscate Javascript.
Contoh tool: _http://deobfuscatejavascript.com/
4. Biasanya setelah di-Deobvuscate, script Redirect langsung bisa ditemukan. Tapi kadang masih ada yang berupa format Hex. Jadi kita harus menggunakan tool Hex Decoder: _http://ddecode.com/hexdecoder/
Contoh kode:
$(document)["\x72\x65\x61\x64\x79"](function() {
    $("\x23\x63\x72\x65\x64\x69\x74")["\x68\x74\x6D\x6C"]("\x3C\x61\x20\x68\x72\x65\x66\x3D\x22\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x62\x6C\x6F\x67\x67\x65\x72\x74\x68\x65\x6D\x65\x39\x2E\x63\x6F\x6D\x2F\x22\x3E\x42\x6C\x6F\x67\x67\x65\x72\x74\x68\x65\x6D\x65\x39\x3C\x2F\x61\x3E");
    setInterval(function() {
        if (!$("\x23\x63\x72\x65\x64\x69\x74\x3A\x76\x69\x73\x69\x62\x6C\x65")["\x6C\x65\x6E\x67\x74\x68"]) {
            window["\x6C\x6F\x63\x61\x74\x69\x6F\x6E"]["\x68\x72\x65\x66"] = "\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x62\x6C\x6F\x67\x67\x65\x72\x74\x68\x65\x6D\x65\x39\x2E\x63\x6F\x6D\x2F"
        }
    }, 3000)
});

5. Setelah di-decode, ketemu deh akhirnya...
Yang Tersembunyi alias Terselubung tuh biasanya berbahaya
Peringatan...!!!
Sebaiknya Kalian Beli Themplate Premium dan Hargailah Devlopernya dan Jika Kalian Memakai themplatenya pun jangan Hilangkan Kreditnya Terimakasih Semoga Artikel Ini Bermanfaat


×
Berita Terbaru Update