Translate

Sunday, October 14, 2012

JS/RunForestRun/PseudoRandom Domains Cracked


I was helping out the crusades this weekend and my goal was to crack all the domains possible for the JS/RunForestRun/PseudoRandom infection.  Here you go!


All the domains from 01/01/12 00:00:01 to 01/01/15 00:00:01

So the script finds the current unix time (based on seconds since standard epoch of 1/1/1970)
example October 14 2012 12:04:15 = 1350216241

That is the only input it needs.  So I thought brute force the damn thing!  Testing it appears the domain only changes every 9000 seconds.  With that in mind I changed this;

function myFunction(){
    var unix = Math.round(new Date()/1000);
    var domainName = generatePseudoRandomString(unix, 16, 'info');
    alert(domainName);
}

to this;

for(var zzz=0;zzz<1420070460;zzz+=9000)
{
    var unix = zzz;
    var domainName = generatePseudoRandomString(unix, 16, 'info');
    document.write(unix + ' - ' + domainName + "<p>");
}

Here is the output ( about 21000 domains)

http://pastebin.com/k3k7ibvJ



No comments:

Post a Comment