Author: O0 white moon na 0o
From: Sike (SILIC) Information Technology
Address: http://www.blackbap.com/bbsI remember a cow in the past-I remember it was written by a "cyber mortal" (according to someone who said it was one of the top hackers in the hacker Camp). Reg {
Tagshow (Event)
} "> File structure and usage
PS: I may have missed the author, and the original table scolded me.
I am not willing to share with you what I learned.
The article is limited to the level and the depth of writing is not enough.
Okay. Start the text. First, we create a new document, and then create a new document. txt"
Rename it to "XX. url" -- what do you see ??? Yes, the extension is gone !! There is only one icon for IE. And most importantly, you cannot modify the extension by right-clicking and renaming.
In this way, we can use the URL file to make a simple
In fact, the structure of the URL file is very simple. Header:
[Internetshortcut]
Body:
Url = http://www.blackbap.com/bbs/index .{
Tagshow (Event)
} "> PHP
Modified = f00f43b3a875c601d9
Extension:
Iconfile = C:/Windows/system32/shell32.dll/* the path and file of the icon following */
Iconindex = 123/* Where "iconindex = N" indicates that the icons used are the first icons in the specified file */
Note: shell. dll contains all the icons that come with windows. You can use exists to open and view "resources" The header remains unchanged. I will not explain the url = option.
The modified records the HTTP header information of the last modification time on the page, as long as the number of digits is correct, pay attention to uppercase letters!
The role has nothing to do with us. Most of them are used in search engines. For example, Google wants to see if the previously captured page has changed. Let's see if the modified value has changed. For example: [Internetshortcut]
Url = http://www.blackbap.com/index.php
Modified = f00f43b3a875c601d9 Malicious operation:
For example
Iconfile = C:/Windows/regedit.exe
Iconindex = 1
Save and refresh. Check that the Registry is ready. If I change it to the "my computer" icon, put it on a machine.
Cross-traffic scrubbing
Some tomato: Strange, what is this virus? When I open my computer, it becomes a webpage. Why ??? Of course, if the URL is infected with a Trojan, the URL file will not be killed. Although it is not applicable to hooligans, it can be used more than hooligans.
A bit: pseudo-Installation
Disadvantages: easy to handle
Solution: How can I teach this ?? Delete it !! I have seen an advertisement poison in China. I hid my computer and put it in a URL.
Once deleted, this item cannot suppress regeneration !! Alas ~ It is hard to handle the virus, and it is hard to handle the virus, because it is not malicious enough !! You can only manually clear the folder, and open the folder with one run at a time-troublesome!
Because "my computer" and "My Documents" do not have a URL, it is better to hide them. Extended URL File Usage:
Save session
I will not elaborate on this.
For example, if Baidu WAP posts wapp.baidu.com, there is "? SID = xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
This item previously exists {
Tagshow (Event)
} "> Vulnerabilities. Of course, the discoverer is naturally a member of our learning information technology team ~~
After saving it, it is equivalent to logging on to the bookmarks of various mobile phones. After saving it to the mobile phone, you can use Bluetooth to transfer it to each other. Of course, this is an example, which is actually inconvenient to use, besides, Baidu has fixed this problem, making it more difficult to use. I didn't say that !!
Many websites use pseudo-session verification for verification, so I think this is a good thing for mobile phone intrusion ~~ Okay, that's all. I will try again later.
PS: the methods described in this article cannot be used for illegal activities !! |
