存档

文章标签 ‘木马’

各大Asp木马的万能密码

2009年9月22日 1 条评论 535 views

首先十三webshell9.0VIP版和漫步云端修改版,默认密码?x=x或?web=admin
还有易思免杀ASP大马,密码?PageName=PageName
黑羽黑客基地小马默认密码donqee或kaifeng
朽木奥运版最新ASP木马(黑色版本),朽木奥运版最新ASP木马(绿色版本)
黑客动画吧奥运版最新ASP木马(黑色版本),黑客动画吧最新ASP木马(绿色版本)
后门是?Pass=UserPass
这个麻烦点,输入后要刷新

分类: 资源共享 标签: ,

360披露与网警跨省追捕端掉小耗子木马团伙

2009年7月27日 没有评论 106 views

奇虎今日透露,湖北省麻城市网警在360安全中心的协助下,从一起网吧攻击敲诈案入手,将涉嫌制作、传播、并滥施网络暴力的整个“小耗子”木马团伙连根拔起,4名主犯相继在湖北、山东、江西、河北四省被捕.
据360安全专家石晓虹博士介绍,“小耗子”是一款极具攻击性的下载器类型木马,专门负责“干掉”杀毒软件,并源源不断地运送各种盗号木马进入受害用户电 脑,相当于盗号木马的分发渠道和“保镖”,主要以向网游盗号工作室收取 “入门费”牟利.今年4月360安全中心曾曝光“小耗子”的统计后台,当时的中招电脑就达到65497台,而这仅仅是代理“小耗子”传播业务的一个“菜鸟 黑客”的成绩.

据悉,“小耗子”的作者小M是江西省的一名20岁青年,仅有高中学历,但由于黑客社区的技术共享极为方便,他编写木马的技巧也与日俱增,因此受到不少商业盗号组织的青睐,每天收益在6000元以上.
阅读全文...

分类: 业界资讯 标签: , ,

五十三种木马启动方式

2009年7月6日 没有评论 111 views
注册表
1.HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunOnce\
All values in this key are executed, and then their autostart reference is deleted.
3.

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunServices\
All values in this key are executed as services.
4.

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunServicesOnce\
All values in this key are executed as services, and then their autostart reference is deleted.
5.

 

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run\
All values in this key are executed.
6.

 

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\RunOnce\
All values in this key are executed, and then their autostart reference is deleted.
7.

 

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\RunOnce\Setup\
Used only by Setup. Displays a progress dialog box as the keys are run one at a time.
8.

 

HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Run\
Similar to the Run key from HKEY_CURRENT_USER.
9.

 

HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\RunOnce\
Similar to the RunOnce key from HKEY_CURRENT_USER.
10.

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
The "Shell" value is monitored. This value is executed after you log in.
11.

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\
All subkeys are monitored, with special attention paid to the "StubPath" value in each subkey.
12.

 

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\VxD\
All subkeys are monitored, with special attention paid to the "StaticVXD" value in each subkey.
13.

 

HKEY_CURRENT_USER\Control Panel\Desktop
The "SCRNSAVE.EXE" value is monitored. This value is launched when your screen saver activates.
14.

 

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Contro l\Session Manager
The "BootExecute" value is monitored. Files listed here are Native Applications that are executed before Windows starts.
15.

 

HKEY_CLASSES_ROOT\vbsfile\shell\open\command\
Executed whenever a .VBS file (Visual Basic Script) is run.
16.

 

HKEY_CLASSES_ROOT\vbefile\shell\open\command\
Executed whenever a .VBE file (Encoded Visual Basic Script) is run.
17.

 

HKEY_CLASSES_ROOT\jsfile\shell\open\command\
Executed whenever a .JS file (Javascript) is run.
18.

 

HKEY_CLASSES_ROOT\jsefile\shell\open\command\
Executed whenever a .JSE file (Encoded Javascript) is run.
19.

 

HKEY_CLASSES_ROOT\wshfile\shell\open\command\
Executed whenever a .WSH file (Windows Scripting Host) is run.
20.

 

HKEY_CLASSES_ROOT\wsffile\shell\open\command\
Executed whenever a .WSF file (Windows Scripting File) is run.
21.

 

HKEY_CLASSES_ROOT\exefile\shell\open\command\
Executed whenever a .EXE file (Executable) is run.
22.

 

HKEY_CLASSES_ROOT\comfile\shell\open\command\
Executed whenever a .COM file (Command) is run.
23.

 

HKEY_CLASSES_ROOT\batfile\shell\open\command\
Executed whenever a .BAT file (Batch Command) is run.
24.

 

HKEY_CLASSES_ROOT\scrfile\shell\open\command\
Executed whenever a .SCR file (Screen Saver) is run.
25.

 

HKEY_CLASSES_ROOT\piffile\shell\open\command\
Executed whenever a .PIF file (Portable Interchange Format) is run.
26.

 

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\
Services marked to startup automatically are executed before user login.
27.

 

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\Winsock2\Parameters\Protocol_Catalog\Catalog_En tries\
Layered Service Providers, executed before user login.
28.

 

HKEY_LOCAL_MACHINE\System\Control\WOW\cmdline
Executed when a 16-bit Windows executable is executed.
29.

 

HKEY_LOCAL_MACHINE\System\Control\WOW\wowcmdline
Executed when a 16-bit DOS application is executed.
30.

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
Executed when a user logs in.
31.

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad\
Executed by explorer.exe as soon as it has loaded.
32.

 

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\run
Executed when the user logs in.
33.

 

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load
Executed when the user logs in.
34.

 

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\run\
Subvalues are executed when Explorer initialises.
35.

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\Explorer\run\
Subvalues are executed when Explorer initialises.

 

文件夹
1. windir\Start Menu\Programs\Startup\
2. User\Startup\
3. All Users\Startup\
4. windir\system\iosubsys\
5. windir\system\vmm32\
6. windir\Tasks\

 

文件
1. c:\explorer.exe
2. c:\autoexec.bat
3. c:\config.sys
4. windir\wininit.ini
5. windir\winstart.bat
6. windir\win.ini - [windows] "load"
7. windir\win.ini - [windows] "run"
8. windir\system.ini - [boot] "shell"
9. windir\system.ini - [boot] "scrnsave.exe"
10. windir\dosstart.bat
11. windir\system\autoexec.nt
12. windir\system\config.nt

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\
All values in this key are executed.
2.

 

分类: 技术文章 标签: