Last Updated: 2007-02-19 11:02:06 UTC
by Daniel Wesemann (Version: 2)
The Lazy Method
Pro: Quick and easy to accomplish
Con: Usually only decodes one (the first) encoding stage. Don't be disappointed if you get the next level of gibberish in your alert pop-up.
The Tom Liston Method
Con: Careful with typos. If you have a typo in the leading textarea definition, the following "document.write(txt)" will go right to the browser, as it originally would have, and the exploit will execute.
The Perl-Fu Method
Pro: Very easy and fast for use on the dumber encoding methods like XOR, Caesar ciphers (character permutations), etc. Also the "safest" method, as this approach alone does not actually execute the hostile code.
The Monkey Wrench Method
To see the above four methods "in action" and try them out on your own, take a peek at my write-up on http://handlers.sans.org/dwesemann/decode/index.html
Caveat: For the first two methods mentioned, be mindful that you are actually running hostile code inside a potentially vulnerable web browser. Make sure to apply the usual precautions (VMWare or the like, deployed far away from any production network you might have, and keeping a keen eye on the firewall log, etc).