Create the ultimate website Trojan, worth reading!

zhaozj2021-02-16  61

Create the ultimate website Trojan, worth reading!

If you open this page, I saw the following program window, then I "Congratulations" You have "cave" ^ o ^

Please note: This article was published in July 2004. So far, the Trojans described in the article have been successfully killed by all anti-virus software. Moreover, Microsoft has also launched patches for this vulnerability under each OS version, so this Trojan has basically failed, please do not try again. Continue to put it here just to provide interested netizens learning tests.

This vulnerability is discovered that it is no longer two days. Considering the security of users, Microsoft and some security organizations do not publicly publish this vulnerability, but recently discovered that there is more and more networks on the Internet, which use the vulnerability bundle troops. After the webpage, the US computer emergency response group (CERT) officially announced a new vulnerability in Microsoft IE browser. At present, this vulnerability has no perfect solution, and users have adopted certain protection measures. It is still not possible to avoid the dangers of this vulnerability. Using this vulnerability, intruders can deceive the IE browser in the IE browser to get the script from other domains and obtain the same permissions as the local area on the target computer. CERT pointed out that invaders can perform the above scripts by using a special URL address when visiting a certain site, giving the credit card information of others even causing the entire network. The working principle of this vulnerability is as follows: IE browser identifies a MHTML file that cannot be accessed or does not exist via ITS or MHTML protocol; ITS protocol processor It may be deceived to access the CHM file from other domains. At this time, intruders can make it carefully designed to CHM files, so that the cross-domain security mode is broken by the intruder from other domains.

Gossip less, immediately enter the topic. It is very simple to realize, I believe that people who know a little HTML can be implemented manually.

Step 1: Write a web page that automatically runs the EXE file, the content is simple, as follows:

There are some access controls in the Body tab, shield the mouse to select, the mouse button, the drag operation of the mouse, prevent Copy, etc. The second label is the code for the load EXE, loads a binary file through the Object label, note that the type type "Application / X-oleObject", the above code joined a "IEPACK.exe" in Object File, if you open this HTML directly, you will find that the exe file is also magical, and if you have seen anything else?

Step 2: File the code above, scheduled "chm.html", and put the EXE file and web pages set in the Object tag in the same directory. Don't use this, you can run, IE doesn't actively download the execution file on the server. Of course, if you find a CHM production tool, you will find that EXE is also the same as the same run after the CHM production tool, open this page and the EXE file. Here I recommend EasyChm, very easy to use. download link? ? ~! @ # $% ^ Use a dog to search. Step 3: This is the most critical, this is also the use of vulnerabilities!

Built an HTM file mm.htm, write the following code: