Claudius Coenen ccoenen

## searchLogForJSON.rb
require 'yajl'
require 'yajl/json_gem'

@hostlist = {}

def object_parsed(obj)
  puts  Yajl::Encoder.encode(obj)

  obj.each do |item|
    if item['request'] == 'sender data'

## console.xml
<?xml version="1.0"?>
<settings>
<!--
  Bonus-Tip: set init_dir to the default location, where all your shells should open (can be overriden on a per-shell basis)
-->
  <console change_refresh="10" refresh="100" rows="30" columns="110" buffer_rows="2000" buffer_columns="0" shell="" init_dir="MY PROJECT DIRECTORY" start_hidden="0" save_size="0">
		<colors>
			<color id="0" r="0" g="0" b="0"/>
			<color id="1" r="0" g="0" b="128"/>
			<color id="2" r="0" g="150" b="0"/>

## exploit.js
// # The Exploit comes as an event-invitation, it wants you to klick this link
//   http://www.goo gle.com/url?sa=t&source=web&cd=1&ved=0CBoQFjAA&url=http%3A%2F%2Fwho-spying-u.blogspot.com%2F&ei=SHO2TaA kiNiIAve95Sk&usg=AFQjCNH_JxkE7o8CvUwsLVUwr2eGGP4ecw&sig2=Ye1vqVHrMDHWkRv--npMkw%3 Fqw020fbs (remove spaces if interested)
// # The link is a redirect to ht tp: //ge rman -spy3 .bl ogsp ot.c om/ (remove spaces if interested)
// # you are directed to copy and paste a snipped of JS Code into your address-bar, see loader.js below.
// # This script was taken from iamedwards.com on 2011-04-26
//   this file can be downloaded by using curl with a refer and user-agent like this:
//   curl -i -e "http://www.facebook.com" -A "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0) Gecko/20100101 Firefox/4.0" http://iamedwards.com/german.php?0.214
// # ran it through a beautifier
// # ran it through a for-loop to de-obfuscate the texts like this: for (var t in _0x8a40) { document.write('"'+_0x8a40[t] + '", '); }
// # started comment
	require 'yajl'
	require 'yajl/json_gem'

	@hostlist = {}

	def object_parsed(obj)
	puts Yajl::Encoder.encode(obj)

	obj.each do \|item\|
	if item['request'] == 'sender data'
	<?xml version="1.0"?>
	<settings>
	<!--
	Bonus-Tip: set init_dir to the default location, where all your shells should open (can be overriden on a per-shell basis)
	-->
	<console change_refresh="10" refresh="100" rows="30" columns="110" buffer_rows="2000" buffer_columns="0" shell="" init_dir="MY PROJECT DIRECTORY" start_hidden="0" save_size="0">
	<colors>
	<color id="0" r="0" g="0" b="0"/>
	<color id="1" r="0" g="0" b="128"/>
	<color id="2" r="0" g="150" b="0"/>
	// # The Exploit comes as an event-invitation, it wants you to klick this link
	// http://www.goo gle.com/url?sa=t&source=web&cd=1&ved=0CBoQFjAA&url=http%3A%2F%2Fwho-spying-u.blogspot.com%2F&ei=SHO2TaA kiNiIAve95Sk&usg=AFQjCNH_JxkE7o8CvUwsLVUwr2eGGP4ecw&sig2=Ye1vqVHrMDHWkRv--npMkw%3 Fqw020fbs (remove spaces if interested)
	// # The link is a redirect to ht tp: //ge rman -spy3 .bl ogsp ot.c om/ (remove spaces if interested)
	// # you are directed to copy and paste a snipped of JS Code into your address-bar, see loader.js below.
	// # This script was taken from iamedwards.com on 2011-04-26
	// this file can be downloaded by using curl with a refer and user-agent like this:
	// curl -i -e "http://www.facebook.com" -A "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0) Gecko/20100101 Firefox/4.0" http://iamedwards.com/german.php?0.214
	// # ran it through a beautifier
	// # ran it through a for-loop to de-obfuscate the texts like this: for (var t in _0x8a40) { document.write('"'+_0x8a40[t] + '", '); }
	// # started comment