华域联盟 hta 用hta+javascript实现替换网站被下木马网页中的iframe

用hta+javascript实现替换网站被下木马网页中的iframe

服务器中了病毒是件超级麻烦的事情,尤其是什么熊猫烧香之类的或者变种病毒,因为它们不单单潜伏于计算机里,还会把所有的一些网页文件加上了一些iframe,让访问者继续中毒,我想这也是它得已迅速蔓延的手段吧! 

    如果要把网页中的iframe去掉,是件吃力的苦力活。 

    所以,写了这样的一个小工具,希望能起到一点点的作用。  

    请把代码复制,保存在本地,以hta为扩展名。然后双击执行


复制代码 代码如下:

<html>

<head>

<hta:application id=ReplaceIframApp

    applicationname="RAP 1.0"

    border="dialog" [thick/dialog window/none/thin]
    borderStyle="raised" [normal/complex/raised/static/sunken]
    caption="yes"

    icon="res/warm.ico"

    maximizebutton="no"

    minimizebutton="yes"

    showintaskbar="yes"

    singleinstance="yes"

    sysmenu="yes"

    version="1.0"

    windowstate="normal"

/>

<meta HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=gb2312">

<title>Replace Iframe Application</title>

<script type="text/javascript">

    window.resizeTo(800,520);

    var Class = {

        create:function(){

            return function(){

                this.initialize.apply(this,arguments);

            }

        }

    };

    var $ = function(sname){return document.getElementById(sname);}

    String.prototype.stripTags = function() {

            return this.replace(/<\/?[^>]+>/gi, '');

    };

    String.prototype.escapeHTML = function() {

            var div = document.createElement('div');

            var text = document.createTextNode(this);

            div.appendChild(text);

            return div.innerHTML;

    };

    String.prototype.unescapeHTML = function() {

            var div = document.createElement('div');

            div.innerHTML = this.stripTags();

            return div.childNodes[0] ? div.childNodes[0].nodeValue : '';

    };

    Array.prototype.S = String.fromCharCode(2);

    Array.prototype.in_array = function(e){

        var re = new RegExp(this.S+e+this.S);

        return re.test(this.S+this.join(this.S)+this.S);

    };

    String.prototype.color = function(c){

        return "<span style=\"color:"+ c +"\">"+ this +"</span>";

    };

    ReplaceApp = Class.create();

    ReplaceApp.prototype = {

        initialize:function(args){

            this.foobar = $(args[0]);

            this.container = $(args[1]);

            this.initSet();

            this.fso = new ActiveXObject("Scripting.FileSystemObject");

            this.showFooBar('initializing...');

            this.testFSO();

        },

        initSet:function(){

            this.folders = new Array();

            this.files = new Array();

            this.iframes = new Array();

            this.iframesStr = new Array();

            this.selects = new Array();

            this.iframeFiles = new Array();

            this.iframeNum = 0;

            this.folderNum = 0;

            this.fileNum = 0;

            this.currentFolder='';

        },

        showFooBar:function(msg){

            this.foobar.innerHTML = msg;

        },

        writeContainer:function(c){

            this.container.innerHTML = c;

        },

        testFSO:function(){

            this.drives = new Enumerator(this.fso.Drives);

            var s, n, x;

            s = '';

            for(;!this.drives.atEnd();this.drives.moveNext()){

                x = this.drives.item();

                s = s + x.DriveLetter;

                s += " - ";

                if (x.DriveType == 3)

                 n = x.ShareName;

                else if (x.IsReady)

                 n = x.VolumeName;

                else

                 n = "[驱动器未就绪]";

                s +=   n + "<br>";

            }

            this.writeContainer(s);

        },

        showFolderList:function(folder){

            if(folder=="" || !/^[a-zA-Z]\:\\.*/ig.test(folder) || !this.fso.FolderExists(folder)){

                this.showFooBar('路径不正确'.color('red').bold());

                return;

            }

            this.initSet();

            this.currentFolder = folder;

            this.recFolder(folder);

            this.parseFiles();

        },

        recFolder:function(folder){

            var f, s, fc;

            f = this.fso.getFolder(folder);

            fc = new Enumerator(f.files);

            for(;!fc.atEnd(); fc.moveNext()){

                this.files.push(fc.item());

                this.fileNum++;

            }

            fc = new Enumerator(f.SubFolders);

            for(;!fc.atEnd();fc.moveNext()){

                this.folders.push(fc.item());

                this.folderNum++;

                this.recFolder(fc.item());

            }

        },

        parseFiles:function(){

            var f, s, a, i, c, b;

            for(i=0;i<this.files.length;i++){

                f = this.fso.OpenTextFile(this.files[i],1);

                s = f.ReadAll();

                a = this.balanceMatch(s);

                b = false;

                for(c=0;c<a.length;c++){

                    if(/^<iframe/ig.test(a[c])){

                        if(!b){

                            this.iframeNum++;

                            this.iframeFiles.push(this.files[i]);

                            b = true;

                        }

                        if(!this.iframes.in_array(a[c])){

                            this.iframes.push(a[c]);

                            this.iframesStr.push(a[c].escapeHTML());

                        }

                    }

                }

            }

            this.writeTable();

            var result = {

                '当前目录:':this.currentFolder,

                '目录数:':this.folderNum,

                '文件数:':this.fileNum,

                '查找文件数:':this.iframeNum

            };

            this.writeInfo(result);

        },

        Replace:function(){

            var o, oo, i, f, s, j, stat;

            stat = 0;

            o = $('itable');

            oo = o.getElementsByTagName("INPUT")

            this.selects = new Array();

            for(i=0;i<oo.length;i++){

                if(oo[i].checked){

                    this.selects.push(this.iframes[oo[i].value]);

                }

            }

            for(i=0;i<this.iframeFiles.length;i++){

                f = this.fso.OpenTextFile(this.iframeFiles[i],1);

                s = f.ReadAll();

                for(j=0;j<this.selects.length;j++){

                    var re = new RegExp(this.selects[j]);

                    s = s.replace(re,'');

                }

                f = this.fso.OpenTextFile(this.iframeFiles[i],2);

                f.Write(s);

                f.Close();

                stat++;

                //return;

            }

            var result = {

                '被替换文件数:':stat

            }

            this.writeInfo(result);

        },

        writeTable:function(){

            var s, i;

            s = '';

            s += '<table id="itable" class="tbclass">';

            s += '<tr>';

            s += '    <td width="7%">操作</td>';

            s += '    <td width="93%">iframe 列表</td>';

            s += '</tr>';

            for(i=0;i<this.iframesStr.length;i++){

                s += '<tr>';

                s += '    <td><input type="checkbox" name="ichk" value="'+ i +'" /></td>';

                s += '    <td>'+ this.iframesStr[i] +'</td>';

                s += '</tr>';

            }

            s += '</table>';

            this.writeContainer(s);

        },

        writeInfo:function(oo){

            var s;

            s = '';

            for(o in oo){

                s += o.toString().color('blue') + (eval('oo.'+o)).toString().color('red') + '&nbsp;&nbsp;';

            }

            this.showFooBar(s);

        },

        balanceMatch:function(str){

            var node = "";

            var node_temp = "";

            var n = 0;

            var temp = "";

            var textArray = [];

            str.replace(/((?:.|\n)*?)(<iframe.*?>|<\/iframe.*?>)|((?:.|\n)*?)$/g, callback);

            return textArray;

            function callback(a0, a1, a2, a3)

            {

                if(n == 0)

                {

                    if(a1 && a1 != "")

                    {

                        textArray[textArray.length] = a1;

                    }

                    if(a2 && a2 != "")

                    {

                        if(/.*?\/>/.test(a2))

                        {

                            textArray[textArray.length] = a2;

                        }

                        else

                        {

                            node = a2.match(/[^<]*?[\s>]/)[0];

                            node = node.substring(0, node.length-1);

                            temp += a2;

                            n = 1;

                        }

                    }

                }

                else

                {

                    if(a1 && a1 != "")

                    {

                        temp += a1;

                    }

                    if(a2 && a2 != "")

                    {

                        if(/.*?\/>/.test(a2))

                        {

                            temp += a2;

                        }

                        else if(a2.substr(1,1) == "/")

                        {

                            if(a2 == "</" + node + ">")

                            {

                                temp += a2;

                                n--;

                                if(n == 0)

                                {

                                    textArray[textArray.length] = temp;

                                    temp = "";

                                }

                            }

                            else

                            {

                                temp += a2

                            }

                        }

                        else

                        {

                            node_temp = a2.match(/[^<]*?[\s>]/)[0];

                            node_temp = node_temp.substring(0, node_temp.length-1);

                            temp += a2;

                            if(node == node_temp)

                            {

                                n++;

                            }

                        }

                    }

                }

                if(a3 && a3 != "")

                {

                    textArray[textArray.length] = a3;

                }

            }

        }

    }

    window.onload = function(){

        window.rap = new ReplaceApp(['status_bar','Container']);

    }

</script>

    <style type="text/css" title="currentStyle" media="screen">

        .tbclass{

            border-top:1px solid #ccc;

            border-left:1px solid #ccc;

        }

        .tbclass td{

            border-bottom:1px solid #aaa;

            border-right:1px solid #ccc;

            padding:3px;

            font-size:12px;

        }

    </style>

</head>

<body style="border:0;" bgcolor=buttonface scroll=no>

<table width=100% height=100% style="font-size:9pt">

<tr><td width=100% height=410><div id="Container" style="width:100%;height:100%;border:2 inset;background-color:white;padding:5px;overflow:auto;">loading...</div></td></tr>

<tr><td width=100% height=20>路径:<input type=text id=webPath style="width:293"> <input type="button" style="width:70" onclick="rap.showFolderList($('webPath').value)" value="查找" /> <input type=button style="width:70" onclick="rap.Replace()" value="替换"></td></tr>

<tr><td width=100% height=20><div id="status_bar" style="width:100%;height:100%;border:1 inset;background-color:white;padding:2px;overflow:hidden;"></div></td></tr>

</table>

</body>

</html>

楼主真不错,这么快就有了实现解决的办法,赞一个,

下了一个好象假死了。没有细看你的代码,看起来好复杂,我想实现起来应该不是很复杂把。

/<iframe[^\>]*>\s*<\/iframe>/gi

fso枚举文件夹及其文件htm,html,php,asp等进行替换

不过要是自己的页面确实需要iframe不就全部换完了?

我建议对iframe地址进行匹配,对包含指定字符的地址不替换

这个正则让我回去想想。

本文由 华域联盟 原创撰写:华域联盟 » 用hta+javascript实现替换网站被下木马网页中的iframe

转载请保留出处和原文链接:https://www.cnhackhy.com/13983.htm

本文来自网络,不代表华域联盟立场,转载请注明出处。

作者: sterben

下一篇

已经没有了

发表评论

联系我们

联系我们

2551209778

在线咨询: QQ交谈

邮箱: admin@cnhackhy.com

工作时间:周一至周五,9:00-17:30,节假日休息

关注微信
微信扫一扫关注我们

微信扫一扫关注我们

关注微博
返回顶部