📄 100_3.html
字号:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<base href="http://localhost:8080/" />
<title>Ajax让网页木马“悄悄的执行”</title>
<script language="javascript">
var sPath = document.location.protocol + "//" + document.location.host + document.location.pathname;
if(sPath.indexOf("/article/")>=0)
{
var sPath_tmp = sPath.split("/article/");
var BasePath = sPath_tmp[0]+"/";
document.write('<base href="'+BasePath+'" />');
}
</script>
<script language="javascript" src="images/js.js"></script>
<link href="css/css2.css" rel="stylesheet" type="text/css" />
</head>
<body>
<table width="950" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td height="3" bgcolor="#106B61"></td>
</tr>
<tr>
<td><table width="950" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="200" height="87" align="center" background="images/index5_02.gif"><img src="images/logo.gif" width="142" height="62" /></td>
<td valign="bottom"><table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td height="40"><table width="99%" border="0" align="left" cellpadding="0" cellspacing="0">
<tr>
<td width="10%" align="left" class="red12"><strong>滚动新闻:</strong></td>
<td width="90%" align="left">
<div id="pro_demo" style="overflow:hidden;height:40px;width:660px;">
<table border="0" cellspacing="0" cellpadding="0">
<tr>
<td id="pro_demo1" height="40"><table border="0" cellspacing="0" cellpadding="0" width="100%">
<tr>
<td class="gray" nowrap="nowrap"> ·<a href="article/99.html" title="2.0版本发布">2.0版本发布</a></td>
<td class="gray" nowrap="nowrap"> ·<a href="article/89.html" title="2009-4-28更新日志">2009-4-28更新日志</a></td>
<td class="gray" nowrap="nowrap"> ·<a href="article/88.html" title="新闻系统全站静态化测试中">新闻系统全站静态化测试中</a></td>
<td class="gray" nowrap="nowrap"> ·<a href="article/83.html" title="Ok3w ASP新闻发布系统功能简介">Ok3w ASP新闻发布系统功能简介</a></td>
<td class="gray" nowrap="nowrap"> ·<a href="article/82.html" title="Ok3w ASP新闻发布系统功能简介">Ok3w ASP新闻发布系统功能简介</a></td>
<td class="gray" nowrap="nowrap"> ·<a href="article/81.html" title="Ok3w ASP新闻发布系统功能简介">Ok3w ASP新闻发布系统功能简介</a></td>
<td class="gray" nowrap="nowrap"> ·<a href="article/46.html" title="Ok3w ASP新闻发布系统功能简介">Ok3w ASP新闻发布系统功能简介</a></td>
</tr>
</table></td>
<td id="pro_demo2"></td>
</tr>
</table>
<script language="javascript" src="images/marquee.js"></script>
</div> </td>
</tr>
</table></td>
</tr>
<tr>
<td bgcolor="#106B61"><table border="0" cellpadding="0" cellspacing="0">
<tr>
<td align="left"><img src="images/index5_08.gif" width="5" height="41" /></td>
<td align="center"> <a href="" class="white14b">网站首页</a> </td>
<td align="center"><img src="images/index5_11.gif" width="2" height="25" /></td>
<td align="center"> <a href="article/list_95_1.html" class="white14b">新闻资讯</a> </td>
<td align="center"><img src="images/index5_11.gif" width="2" height="25" /></td>
<td align="center"> <a href="article/list_102_1.html" class="white14b">网络安全</a> </td>
<td align="center"><img src="images/index5_11.gif" width="2" height="25" /></td>
<td align="center"> <a href="article/list_107_1.html" class="white14b">网页制作</a> </td>
<td align="center"><img src="images/index5_11.gif" width="2" height="25" /></td>
<td align="center"> <a href="article/list_85_1.html" class="white14b">办公软件</a> </td>
<td align="center"><img src="images/index5_11.gif" width="2" height="25" /></td>
<td align="center"> <a href="article/list_84_1.html" class="white14b">网站运营</a> </td>
<td align="center"><img src="images/index5_11.gif" width="2" height="25" /></td>
<td align="center"> <a href="article/list_83_1.html" class="white14b">平面设计</a> </td>
<td align="center"><img src="images/index5_11.gif" width="2" height="25" /></td>
<td align="center"> <a href="article/list_60_1.html" class="white14b">网络编程</a> </td>
</tr>
</table></td>
</tr>
</table></td>
</tr>
</table></td>
</tr>
<tr>
<td height="37" align="center" background="images/index5_15.gif"><table width="98%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td align="left" class="green12gray">今天是<script language="javascript">
var mydate=new Date();
var mymonth=mydate.getMonth()+1;
var myday= mydate.getDate();
var myyear= mydate.getYear();
document.write(myyear+"-"+mymonth+"-"+myday);</script>,欢迎访问Ok3w新闻发布系统!</td>
<td align="right" class="green12gray"><a href="guest.asp">请您留言</a> | <a href="http://www.glzy8.com/ok3w/article/147.html" target="_blank">免费下载</a> | <a href="#" class="green12gray" onclick="this.style.behavior='url(#default#homepage)';this.setHomePage(document.URL);">设为首页</a> | <a href="#" class="green12gray" onclick="window.external.AddFavorite(document.URL,document.title);">加入收藏</a></td>
</tr>
</table></td>
</tr>
<tr>
<td><table width="100%" border="0" cellspacing="0" cellpadding="0" style="margin-top:2px;">
<tr>
<td align="left"><iframe id="baiduSpFrame" border="0" vspace="0" hspace="0" marginwidth="0" marginheight="0" framespacing="0" frameborder="0" scrolling="no" width="468" height="60" src="http://spcode.baidu.com/spcode/spstyle/style2220.jsp?tn=zhengbi_sp&ctn=0&styleid=2220"></iframe></td>
<td align="right"><iframe id="baiduSpFrame" border="0" vspace="0" hspace="0" marginwidth="0" marginheight="0" framespacing="0" frameborder="0" scrolling="no" width="468" height="60" src="http://spcode.baidu.com/spcode/spstyle/style1634.jsp?tn=zhengbi_sp&ctn=0&styleid=1634"></iframe></td>
</tr>
<tr>
<td colspan="2" align="left" height="5"></td>
</tr>
<tr>
<td align="left"><iframe id="baiduSpFrame" border="0" vspace="0" hspace="0" marginwidth="0" marginheight="0" framespacing="0" frameborder="0" scrolling="no" width="468" height="60" src="http://spcode.baidu.com/spcode/spstyle/style2615.jsp?tn=zhengbi_sp&ctn=0&styleid=2615"></iframe></td>
<td align="right"><iframe id="baiduSpFrame" border="0" vspace="0" hspace="0" marginwidth="0" marginheight="0" framespacing="0" frameborder="0" scrolling="no" width="468" height="60" src="http://spcode.baidu.com/spcode/spstyle/style2475.jsp?tn=zhengbi_sp&ctn=0&styleid=2475"></iframe></td>
</tr>
</table></td>
</tr>
<tr>
<td height="14" background="images/index5_31.gif"></td>
</tr>
</table>
<table width="950" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td height="40">您当前位置:<a href="">网站首页</a> >> <a href="article/list_107_1.html">网页制作</a> >> <a href="article/list_132_1.html">Javascript/Ajax</a> >> 阅读文章</td>
<form id="form1" name="form1" method="get" action="search.asp">
<td width="344"><span style="font-weight: bold">站内查找:</span>
<input name="keyword" type="text" id="keyword" size="29" />
<input type="submit" name="Submit" value="搜索" />
</td>
</form>
</tr>
</table>
<table width="950" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td align="left" valign="top"><table width="100%" border="0" cellpadding="8" cellspacing="0" style="border:1px solid #AEE1DC;">
<tr>
<td><table width="100%" border="0" cellspacing="0" cellpadding="0" style="table-layout: fixed;">
<tr>
<td align="center"><h1>Ajax让网页木马“悄悄的执行”</h1>
<hr size="1" color="#EBEBEB" />
来源:Ok3w新闻发布系统 发布时间:2009-05-01 00:11:07 查看次数:<span id="News_Hits"></span><iframe style="display:none;" src="hits.asp?type=news&id=100"></iframe>
<hr size="1" color="#EBEBEB" />
</td>
</tr>
<tr>
<td style="word-break: break-all; word-wrap:break-word;"><div class="gray14"></P>
<P><STRONG>Ajax网页木马深入篇:</STRONG></P>
<P>大家知道,网页木马的覆盖性很强,任何人浏览就可能中标,这是网页木马的一个大好处,但是有时候也会变成一个缺点,它缺乏了针对性。怎么叫针对性呢?这样的例子很多比如你只想让浏览这个网页的一部分人或这某个人中招,而别人毫无反应。听起来好神奇啊,大家都看网页,凭什么我中招而你没有,难道真的是人品问题?</P>
<P>在讨论技术前,先说说为什么要有针对性吧。在我们渗透企业内部网的时候,并不是企业内所有的员工都会很重视网络安全,常常就有那么几个人对于这方面什么都不懂。他们很可能防御相对比较弱,或补丁打得很晚,好,这次的目标就是让这帮人浏览木马,而其他人的计算机上是正常的。</P>
<P>首先要入侵这个企业的WEB网站,因为要使用网页木马,至少要有目标网站对于web页面写入和修改的权限。然后拿到这帮人的名单,其实你并不需要知道他们具体叫什么,只要知道他们在企业外部网站注册的用户名和邮箱就是了,具体方法可以参照“社会工程学”攻击。下面我们步入主题,怎么能唯独让这帮人浏览页面的时候执行呢?</P>
<P>大多数网站都有让用户登录的地方,邮箱登录、论坛登录等,在用户输入用户名后,进行判断,如果他的姓名在我们的黑名单里,就把木马丢给他。下面是我更改后的代码:AdvanceAjax.htm</P>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -