设为首页收藏本站
开启辅助访问 切换到窄版

安全矩阵

 找回密码
 立即注册
搜索
安全矩阵»安全矩阵 安全矩阵实验室 技术转载 记一个有趣的防红网站反复横跳
返回列表 发新帖
查看: 1006|回复: 0

记一个有趣的防红网站反复横跳

[复制链接]
chenqiang

252

主题

252

帖子

1307

积分

金牌会员

Rank: 6Rank: 6

积分
1307
发表于 2022-8-15 23:26:18 | 显示全部楼层 |阅读模式
原文链接:记一个有趣的防红网站反复横跳


朋友给我发了个网址
编辑
兴冲冲的打开,结果跳转了好几次,是一个视频。。。
编辑
emmm算了。。。画面一出来对视频本身就失去了兴趣。。。
还是分析一下这个《专业防洪》吧
注:本文所有洪均为红字的谐音
分析
访问原始链接:hxxps://mr.baidu.com/KJd?????7e
编辑
重定向到:hxxps://m.baidu.com/56We56eY5Lq6/tc?bdver=2&bdenc=1&bdcl=3&nsrc=hxxp%3A%2F%2Fwww.baidu.com%2Flink%3Furl%3D
URL解码(啊其实这步浏览器帮忙做了),访问
编辑
重定向到hxxp://www.baidu.com/link?url=a3f48d阿巴阿巴6d
再访问
编辑
重定向到hxxp://static.hd.weibo.com/alk/avatar/IMG_CROP_xxxxxx.png#khy
诶?看起来好像应该是微博的头像图床,看起来还是个XSS
访问一下
编辑
(果然)
诶?还有一层垃圾加密?
(AST还原一下)
  1. <span style="color: rgb(248, 248, 242); font-family: Consolas, Monaco, &quot;Andale Mono&quot;, monospace; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: pre; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(59, 60, 52); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;">$.ajax({</span>
  2. <span style="color: rgb(248, 248, 242); font-family: Consolas, Monaco, &quot;Andale Mono&quot;, monospace; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: pre; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(59, 60, 52); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;">  </span><span data-darkmode-bgcolor-16605710584895="rgb(59, 60, 52)" data-darkmode-original-bgcolor-16605710584895="#fff|rgb(248, 248, 248)|rgb(35, 36, 31)" data-darkmode-color-16605710584895="rgb(230, 219, 116)" data-darkmode-original-color-16605710584895="#fff|rgb(68, 68, 68)|rgb(248, 248, 242)|rgb(230, 219, 116)" style="margin: 0px; padding: 0px; outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word; font-family: Consolas, Monaco, &quot;Andale Mono&quot;, monospace; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: pre; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; color: rgb(230, 219, 116);">'url'</span><span style="color: rgb(248, 248, 242); font-family: Consolas, Monaco, &quot;Andale Mono&quot;, monospace; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: pre; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(59, 60, 52); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;">: </span><span data-darkmode-bgcolor-16605710584895="rgb(59, 60, 52)" data-darkmode-original-bgcolor-16605710584895="#fff|rgb(248, 248, 248)|rgb(35, 36, 31)" data-darkmode-color-16605710584895="rgb(230, 219, 116)" data-darkmode-original-color-16605710584895="#fff|rgb(68, 68, 68)|rgb(248, 248, 242)|rgb(230, 219, 116)" style="margin: 0px; padding: 0px; outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word; font-family: Consolas, Monaco, &quot;Andale Mono&quot;, monospace; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: pre; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; color: rgb(230, 219, 116);">"http://abc.cde/xhs.php?callback=?&id="</span><span style="color: rgb(248, 248, 242); font-family: Consolas, Monaco, &quot;Andale Mono&quot;, monospace; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: pre; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(59, 60, 52); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;"> + </span><span data-darkmode-bgcolor-16605710584895="rgb(59, 60, 52)" data-darkmode-original-bgcolor-16605710584895="#fff|rgb(248, 248, 248)|rgb(35, 36, 31)" data-darkmode-color-16605710584895="rgb(230, 219, 116)" data-darkmode-original-color-16605710584895="#fff|rgb(68, 68, 68)|rgb(248, 248, 242)|rgb(230, 219, 116)" style="margin: 0px; padding: 0px; outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word; font-family: Consolas, Monaco, &quot;Andale Mono&quot;, monospace; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: pre; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; color: rgb(230, 219, 116);">window</span><span style="color: rgb(248, 248, 242); font-family: Consolas, Monaco, &quot;Andale Mono&quot;, monospace; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: pre; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(59, 60, 52); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;">.location.hash.replace(</span><span data-darkmode-bgcolor-16605710584895="rgb(59, 60, 52)" data-darkmode-original-bgcolor-16605710584895="#fff|rgb(248, 248, 248)|rgb(35, 36, 31)" data-darkmode-color-16605710584895="rgb(230, 219, 116)" data-darkmode-original-color-16605710584895="#fff|rgb(68, 68, 68)|rgb(248, 248, 242)|rgb(230, 219, 116)" style="margin: 0px; padding: 0px; outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word; font-family: Consolas, Monaco, &quot;Andale Mono&quot;, monospace; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: pre; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; color: rgb(230, 219, 116);">'#'</span><span style="color: rgb(248, 248, 242); font-family: Consolas, Monaco, &quot;Andale Mono&quot;, monospace; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: pre; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(59, 60, 52); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;">,</span><span data-darkmode-bgcolor-16605710584895="rgb(59, 60, 52)" data-darkmode-original-bgcolor-16605710584895="#fff|rgb(248, 248, 248)|rgb(35, 36, 31)" data-darkmode-color-16605710584895="rgb(230, 219, 116)" data-darkmode-original-color-16605710584895="#fff|rgb(68, 68, 68)|rgb(248, 248, 242)|rgb(230, 219, 116)" style="margin: 0px; padding: 0px; outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word; font-family: Consolas, Monaco, &quot;Andale Mono&quot;, monospace; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: pre; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; color: rgb(230, 219, 116);">''</span><span style="color: rgb(248, 248, 242); font-family: Consolas, Monaco, &quot;Andale Mono&quot;, monospace; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: pre; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(59, 60, 52); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;">),</span>
  3. <span style="color: rgb(248, 248, 242); font-family: Consolas, Monaco, &quot;Andale Mono&quot;, monospace; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: pre; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(59, 60, 52); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;">  </span><span data-darkmode-bgcolor-16605710584895="rgb(59, 60, 52)" data-darkmode-original-bgcolor-16605710584895="#fff|rgb(248, 248, 248)|rgb(35, 36, 31)" data-darkmode-color-16605710584895="rgb(230, 219, 116)" data-darkmode-original-color-16605710584895="#fff|rgb(68, 68, 68)|rgb(248, 248, 242)|rgb(230, 219, 116)" style="margin: 0px; padding: 0px; outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word; font-family: Consolas, Monaco, &quot;Andale Mono&quot;, monospace; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: pre; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; color: rgb(230, 219, 116);">'type'</span><span style="color: rgb(248, 248, 242); font-family: Consolas, Monaco, &quot;Andale Mono&quot;, monospace; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: pre; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(59, 60, 52); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;">: </span><span data-darkmode-bgcolor-16605710584895="rgb(59, 60, 52)" data-darkmode-original-bgcolor-16605710584895="#fff|rgb(248, 248, 248)|rgb(35, 36, 31)" data-darkmode-color-16605710584895="rgb(230, 219, 116)" data-darkmode-original-color-16605710584895="#fff|rgb(68, 68, 68)|rgb(248, 248, 242)|rgb(230, 219, 116)" style="margin: 0px; padding: 0px; outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word; font-family: Consolas, Monaco, &quot;Andale Mono&quot;, monospace; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: pre; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; color: rgb(230, 219, 116);">"post"</span><span style="color: rgb(248, 248, 242); font-family: Consolas, Monaco, &quot;Andale Mono&quot;, monospace; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: pre; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(59, 60, 52); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;">,</span>
  4. <span style="color: rgb(248, 248, 242); font-family: Consolas, Monaco, &quot;Andale Mono&quot;, monospace; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: pre; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(59, 60, 52); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;">  </span><span data-darkmode-bgcolor-16605710584895="rgb(59, 60, 52)" data-darkmode-original-bgcolor-16605710584895="#fff|rgb(248, 248, 248)|rgb(35, 36, 31)" data-darkmode-color-16605710584895="rgb(230, 219, 116)" data-darkmode-original-color-16605710584895="#fff|rgb(68, 68, 68)|rgb(248, 248, 242)|rgb(230, 219, 116)" style="margin: 0px; padding: 0px; outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word; font-family: Consolas, Monaco, &quot;Andale Mono&quot;, monospace; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: pre; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; color: rgb(230, 219, 116);">'dataType'</span><span style="color: rgb(248, 248, 242); font-family: Consolas, Monaco, &quot;Andale Mono&quot;, monospace; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: pre; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(59, 60, 52); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;">: </span><span data-darkmode-bgcolor-16605710584895="rgb(59, 60, 52)" data-darkmode-original-bgcolor-16605710584895="#fff|rgb(248, 248, 248)|rgb(35, 36, 31)" data-darkmode-color-16605710584895="rgb(230, 219, 116)" data-darkmode-original-color-16605710584895="#fff|rgb(68, 68, 68)|rgb(248, 248, 242)|rgb(230, 219, 116)" style="margin: 0px; padding: 0px; outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word; font-family: Consolas, Monaco, &quot;Andale Mono&quot;, monospace; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: pre; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; color: rgb(230, 219, 116);">"json"</span><span style="color: rgb(248, 248, 242); font-family: Consolas, Monaco, &quot;Andale Mono&quot;, monospace; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: pre; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(59, 60, 52); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;">,</span>
  5. <span style="color: rgb(248, 248, 242); font-family: Consolas, Monaco, &quot;Andale Mono&quot;, monospace; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: pre; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(59, 60, 52); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;">  </span><span data-darkmode-bgcolor-16605710584895="rgb(59, 60, 52)" data-darkmode-original-bgcolor-16605710584895="#fff|rgb(248, 248, 248)|rgb(35, 36, 31)" data-darkmode-color-16605710584895="rgb(230, 219, 116)" data-darkmode-original-color-16605710584895="#fff|rgb(68, 68, 68)|rgb(248, 248, 242)|rgb(230, 219, 116)" style="margin: 0px; padding: 0px; outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word; font-family: Consolas, Monaco, &quot;Andale Mono&quot;, monospace; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: pre; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; color: rgb(230, 219, 116);">'success'</span><span style="color: rgb(248, 248, 242); font-family: Consolas, Monaco, &quot;Andale Mono&quot;, monospace; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: pre; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(59, 60, 52); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;">: </span><span data-darkmode-bgcolor-16605710584895="rgb(59, 60, 52)" data-darkmode-original-bgcolor-16605710584895="#fff|rgb(248, 248, 248)|rgb(35, 36, 31)" data-darkmode-color-16605710584895="rgb(248, 248, 242)" data-darkmode-original-color-16605710584895="#fff|rgb(68, 68, 68)|rgb(248, 248, 242)" style="margin: 0px; padding: 0px; outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word; color: rgb(248, 248, 242); font-family: Consolas, Monaco, &quot;Andale Mono&quot;, monospace; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: pre; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;"><span data-darkmode-bgcolor-16605710584895="rgb(59, 60, 52)" data-darkmode-original-bgcolor-16605710584895="#fff|rgb(248, 248, 248)|rgb(35, 36, 31)" data-darkmode-color-16605710584895="rgb(255, 56, 129)" data-darkmode-original-color-16605710584895="#fff|rgb(68, 68, 68)|rgb(248, 248, 242)|rgb(249, 38, 114)" data-style="overflow-wrap: break-word; color: rgb(249, 38, 114);" class="js_darkmode__25" style="margin: 0px; padding: 0px; outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word; color: rgb(249, 38, 114);">function</span> (<span data-darkmode-bgcolor-16605710584895="rgb(59, 60, 52)" data-darkmode-original-bgcolor-16605710584895="#fff|rgb(248, 248, 248)|rgb(35, 36, 31)" data-darkmode-color-16605710584895="rgb(248, 248, 242)" data-darkmode-original-color-16605710584895="#fff|rgb(68, 68, 68)|rgb(248, 248, 242)|rgb(248, 248, 242)" style="margin: 0px; padding: 0px; outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word; color: rgb(248, 248, 242);">res</span>) </span><span style="color: rgb(248, 248, 242); font-family: Consolas, Monaco, &quot;Andale Mono&quot;, monospace; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: pre; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(59, 60, 52); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;">{</span>
  6. <span style="color: rgb(248, 248, 242); font-family: Consolas, Monaco, &quot;Andale Mono&quot;, monospace; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: pre; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(59, 60, 52); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;">    </span><span data-darkmode-bgcolor-16605710584895="rgb(59, 60, 52)" data-darkmode-original-bgcolor-16605710584895="#fff|rgb(248, 248, 248)|rgb(35, 36, 31)" data-darkmode-color-16605710584895="rgb(230, 219, 116)" data-darkmode-original-color-16605710584895="#fff|rgb(68, 68, 68)|rgb(248, 248, 242)|rgb(230, 219, 116)" style="margin: 0px; padding: 0px; outline: 0px; max-width: 100%; box-sizing: border-box !important; overflow-wrap: break-word; font-family: Consolas, Monaco, &quot;Andale Mono&quot;, monospace; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: pre; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; color: rgb(230, 219, 116);">window</span><span style="color: rgb(248, 248, 242); font-family: Consolas, Monaco, &quot;Andale Mono&quot;, monospace; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: pre; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(59, 60, 52); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;">.location.replace(res.url);</span>
  7. <span style="color: rgb(248, 248, 242); font-family: Consolas, Monaco, &quot;Andale Mono&quot;, monospace; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: pre; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(59, 60, 52); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;">  }</span>
  8. <span style="color: rgb(248, 248, 242); font-family: Consolas, Monaco, &quot;Andale Mono&quot;, monospace; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: pre; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(59, 60, 52); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;">});</span>
复制代码


唔,这次是最后一层了吧
看一下请求。。。
编辑
。。。。你说你这要是放在正道上那才是正道的光呢。。。你看你这都几家了=_=
再访问。。
编辑
这个重定向有点意思????利用@绕过域名的限制
终于到最后了
编辑
又是加密。。。你烦不烦。。。解开看一下
  1. player({
  2.   'url': "http://picasso-qiniu.xiaohongshu.com/athena-creator/" +  window.location.hash.replace('#', ''),
  3.   'title': dec('bt')
  4. });function dec(id) {
  5.   var matched = window.location.search.substr(1).match(new RegExp("(^|&)"+id+"=([^&]*)(&|$)", 'i'));

  7.   if (matched!= null) return decodeURI(matched[2]);
  8.   return null;
  9. }
复制代码


终于,最后一层。
是一个m3u8文件,拿Play HLS插件或者逍遥哥的m3u8下载器或者类似的m3u8 DL-CLI下载器都可以下载。。。
此外!链接全部打码处理是因为左后一个js很诡异,先不谈链接多了一个.无法访问,
去掉之后,现在访问显示临时域名,不知道有啥用,不清楚是不是什么后门。。。
后记

这一个网页用了几层(我数不清了)跳转。。。
涉及了百度、网易、新浪、小红书,就为了传播一个视频。。。。
还涉及到绕过域名检测,绕过后缀检测。。。
也是蛮拼的=_=


回复

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

小黑屋|安全矩阵

GMT+8, 2024-4-19 15:06 , Processed in 0.015008 second(s), 18 queries .

Powered by Discuz! X4.0

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表