Side Quest — Part 2

The best way to decode the contents of “n” is to let the script do it for us.

The script already has everything we need to do it, so running something like rhino on the command line should give you everything you need.  Be sure to read the man pages and documentation before you go in to this one, also it will help to have a basic understanding of the script itself.

After running this through we get a more js back, part of it is a iframe that is loaded and it links to another site.

hxxp://xxxxxxxxx.xx.xx/main.php?page=xxxxxxx

After downloading this page, we get a big surprise..

More js.

Here is the summary.


// =0;i--){
w=i;
v=a[w];
dd=(32606-i-2+1);
b=d;
dd=dd-b*m["floo"+"r"](dd/d);
k=v*1+(dd-3);
if(x&&e)c=c+String.fromCharCode(k);
}
e+="a";
md=["a"];
window[e+"l"](c);}
try{5<=prototype;}catch(v){x=1;}

g=”39……”;

a=[];
for(i=0;i<g.length;i+=2){
a.push(parseInt(g.substr(i,2),16));
}
z(123);

Just a little more complicated then the last one, but not much.  Pointing this strait at rhino generated errors so I broke it in to two sets.

The first is populating “a”,  instead of pushing the output of the the last for loop to a you can print it to the screen and redirect to a file.