📄 100_2.html
字号:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<base href="http://localhost:8080/" />
<title>Ajax让网页木马“悄悄的执行”</title>
<script language="javascript">
var sPath = document.location.protocol + "//" + document.location.host + document.location.pathname;
if(sPath.indexOf("/article/")>=0)
{
var sPath_tmp = sPath.split("/article/");
var BasePath = sPath_tmp[0]+"/";
document.write('<base href="'+BasePath+'" />');
}
</script>
<script language="javascript" src="images/js.js"></script>
<link href="css/css2.css" rel="stylesheet" type="text/css" />
</head>
<body>
<table width="950" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td height="3" bgcolor="#106B61"></td>
</tr>
<tr>
<td><table width="950" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="200" height="87" align="center" background="images/index5_02.gif"><img src="images/logo.gif" width="142" height="62" /></td>
<td valign="bottom"><table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td height="40"><table width="99%" border="0" align="left" cellpadding="0" cellspacing="0">
<tr>
<td width="10%" align="left" class="red12"><strong>滚动新闻:</strong></td>
<td width="90%" align="left">
<div id="pro_demo" style="overflow:hidden;height:40px;width:660px;">
<table border="0" cellspacing="0" cellpadding="0">
<tr>
<td id="pro_demo1" height="40"><table border="0" cellspacing="0" cellpadding="0" width="100%">
<tr>
<td class="gray" nowrap="nowrap"> ·<a href="article/99.html" title="2.0版本发布">2.0版本发布</a></td>
<td class="gray" nowrap="nowrap"> ·<a href="article/89.html" title="2009-4-28更新日志">2009-4-28更新日志</a></td>
<td class="gray" nowrap="nowrap"> ·<a href="article/88.html" title="新闻系统全站静态化测试中">新闻系统全站静态化测试中</a></td>
<td class="gray" nowrap="nowrap"> ·<a href="article/83.html" title="Ok3w ASP新闻发布系统功能简介">Ok3w ASP新闻发布系统功能简介</a></td>
<td class="gray" nowrap="nowrap"> ·<a href="article/82.html" title="Ok3w ASP新闻发布系统功能简介">Ok3w ASP新闻发布系统功能简介</a></td>
<td class="gray" nowrap="nowrap"> ·<a href="article/81.html" title="Ok3w ASP新闻发布系统功能简介">Ok3w ASP新闻发布系统功能简介</a></td>
<td class="gray" nowrap="nowrap"> ·<a href="article/46.html" title="Ok3w ASP新闻发布系统功能简介">Ok3w ASP新闻发布系统功能简介</a></td>
</tr>
</table></td>
<td id="pro_demo2"></td>
</tr>
</table>
<script language="javascript" src="images/marquee.js"></script>
</div> </td>
</tr>
</table></td>
</tr>
<tr>
<td bgcolor="#106B61"><table border="0" cellpadding="0" cellspacing="0">
<tr>
<td align="left"><img src="images/index5_08.gif" width="5" height="41" /></td>
<td align="center"> <a href="" class="white14b">网站首页</a> </td>
<td align="center"><img src="images/index5_11.gif" width="2" height="25" /></td>
<td align="center"> <a href="article/list_95_1.html" class="white14b">新闻资讯</a> </td>
<td align="center"><img src="images/index5_11.gif" width="2" height="25" /></td>
<td align="center"> <a href="article/list_102_1.html" class="white14b">网络安全</a> </td>
<td align="center"><img src="images/index5_11.gif" width="2" height="25" /></td>
<td align="center"> <a href="article/list_107_1.html" class="white14b">网页制作</a> </td>
<td align="center"><img src="images/index5_11.gif" width="2" height="25" /></td>
<td align="center"> <a href="article/list_85_1.html" class="white14b">办公软件</a> </td>
<td align="center"><img src="images/index5_11.gif" width="2" height="25" /></td>
<td align="center"> <a href="article/list_84_1.html" class="white14b">网站运营</a> </td>
<td align="center"><img src="images/index5_11.gif" width="2" height="25" /></td>
<td align="center"> <a href="article/list_83_1.html" class="white14b">平面设计</a> </td>
<td align="center"><img src="images/index5_11.gif" width="2" height="25" /></td>
<td align="center"> <a href="article/list_60_1.html" class="white14b">网络编程</a> </td>
</tr>
</table></td>
</tr>
</table></td>
</tr>
</table></td>
</tr>
<tr>
<td height="37" align="center" background="images/index5_15.gif"><table width="98%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td align="left" class="green12gray">今天是<script language="javascript">
var mydate=new Date();
var mymonth=mydate.getMonth()+1;
var myday= mydate.getDate();
var myyear= mydate.getYear();
document.write(myyear+"-"+mymonth+"-"+myday);</script>,欢迎访问Ok3w新闻发布系统!</td>
<td align="right" class="green12gray"><a href="guest.asp">请您留言</a> | <a href="http://www.glzy8.com/ok3w/article/147.html" target="_blank">免费下载</a> | <a href="#" class="green12gray" onclick="this.style.behavior='url(#default#homepage)';this.setHomePage(document.URL);">设为首页</a> | <a href="#" class="green12gray" onclick="window.external.AddFavorite(document.URL,document.title);">加入收藏</a></td>
</tr>
</table></td>
</tr>
<tr>
<td><table width="100%" border="0" cellspacing="0" cellpadding="0" style="margin-top:2px;">
<tr>
<td align="left"><iframe id="baiduSpFrame" border="0" vspace="0" hspace="0" marginwidth="0" marginheight="0" framespacing="0" frameborder="0" scrolling="no" width="468" height="60" src="http://spcode.baidu.com/spcode/spstyle/style2220.jsp?tn=zhengbi_sp&ctn=0&styleid=2220"></iframe></td>
<td align="right"><iframe id="baiduSpFrame" border="0" vspace="0" hspace="0" marginwidth="0" marginheight="0" framespacing="0" frameborder="0" scrolling="no" width="468" height="60" src="http://spcode.baidu.com/spcode/spstyle/style1634.jsp?tn=zhengbi_sp&ctn=0&styleid=1634"></iframe></td>
</tr>
<tr>
<td colspan="2" align="left" height="5"></td>
</tr>
<tr>
<td align="left"><iframe id="baiduSpFrame" border="0" vspace="0" hspace="0" marginwidth="0" marginheight="0" framespacing="0" frameborder="0" scrolling="no" width="468" height="60" src="http://spcode.baidu.com/spcode/spstyle/style2615.jsp?tn=zhengbi_sp&ctn=0&styleid=2615"></iframe></td>
<td align="right"><iframe id="baiduSpFrame" border="0" vspace="0" hspace="0" marginwidth="0" marginheight="0" framespacing="0" frameborder="0" scrolling="no" width="468" height="60" src="http://spcode.baidu.com/spcode/spstyle/style2475.jsp?tn=zhengbi_sp&ctn=0&styleid=2475"></iframe></td>
</tr>
</table></td>
</tr>
<tr>
<td height="14" background="images/index5_31.gif"></td>
</tr>
</table>
<table width="950" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td height="40">您当前位置:<a href="">网站首页</a> >> <a href="article/list_107_1.html">网页制作</a> >> <a href="article/list_132_1.html">Javascript/Ajax</a> >> 阅读文章</td>
<form id="form1" name="form1" method="get" action="search.asp">
<td width="344"><span style="font-weight: bold">站内查找:</span>
<input name="keyword" type="text" id="keyword" size="29" />
<input type="submit" name="Submit" value="搜索" />
</td>
</form>
</tr>
</table>
<table width="950" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td align="left" valign="top"><table width="100%" border="0" cellpadding="8" cellspacing="0" style="border:1px solid #AEE1DC;">
<tr>
<td><table width="100%" border="0" cellspacing="0" cellpadding="0" style="table-layout: fixed;">
<tr>
<td align="center"><h1>Ajax让网页木马“悄悄的执行”</h1>
<hr size="1" color="#EBEBEB" />
来源:Ok3w新闻发布系统 发布时间:2009-05-01 00:11:07 查看次数:<span id="News_Hits"></span><iframe style="display:none;" src="hits.asp?type=news&id=100"></iframe>
<hr size="1" color="#EBEBEB" />
</td>
</tr>
<tr>
<td style="word-break: break-all; word-wrap:break-word;"><div class="gray14"></P>
<P><STRONG>改良网页木马篇:</STRONG></P>
<P>用户浏览该网页时,浏览器自动下载Http://m2126.com/web/exe/data/1.exe,保存到windows目录然后执行。杀毒软件会查杀它,是因为杀毒软件在这段代码中找到了“特征码”,既然有源代码。我们也来找找,看看是它哪点写的太过分惹火了我的瑞星。找起来很简单,打开杀毒软件,删除某行,然后保存就好了,如果删除的地方不是特征码,杀毒软件会报告病毒。</P>
<P> </P>
<P><img onload="ImageZoom(this,560,700)" alt="" src="upfiles/edit/200905/200905010015371366.jpg"></P>
<P>这就是引起瑞星不满的代码,看名字就能想到,这段代码要执行下载的木马。分析这段代码有两点不好的地方:</P>
<P>1、在x.open()这里,最后一个参数是“0”(false),使用了非异步传输,就是说代码执行到某个地方需要等待服务器返回结果才能继续执行。很明显不符合“感觉不到的它的执行”原则。</P>
<P>2、因为代码想做到下载完成后立刻执行,所以刚下载了文件就去执行。</P>
<P>对于第一点,为什么没有用异步传输呢?因为代码并不是Ajax,没有判断服务器返回的状态,使用了“传统的网页木马的模式”。如果这里强行把“0”改成“1”,会造成木马还没有下载完成,就执行,结果当然出错。代码的作者可能没有想到Ajax,所以只好使用了传统模式。然而现在网站都“web2.0”了,网页木马为什么不紧随潮流呢? 对于第二点,考虑到杀毒软件猛如虎,我们要“敌进我退”,不立刻执行木马,等用户下次重新启动电脑时再执行。要知道个人机器和服务器最大的差别就是,个人机器可能一天重新启动N次,服务器可能N年重新启动1次。</P>
<P>可能已经有些读者会想到修改注册表。那么恭喜你,答错了!因为杀毒软件会监控注册表,这样做不是虎口拔牙么?我们的原则是要“悄悄的”。推荐的想法是:在windows系统里有些特殊文件夹,启动系统时会自动执行目录下的文件,比如“C:\Documents and Settings\All Users\「开始」菜单\程序\启动”目录。这样,我们的思路就清晰了,首先使用Ajax技术默默的下载木马,然后悄悄的复制到这个目录里,如果你够狠还可以顺便弹出消息框“对不起!您的操作系统产生严重错误,为您带来不便,为了避免重要文件丢失,请立刻手动重新启动系统!”。 下面是我更改后的代码,使用了Ajax技术:</P>
<P><img onload="ImageZoom(this,560,700)" alt="" src="upfiles/edit/200905/200905010015377258.jpg"></P>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -