Protocol handler混淆
目录
1 0×00 Protocol handler混淆
rundll32.exe zipfldr.dll,RouteTheCall file://^C^:^/^W^i^n^d^o^w^s^/^s^y^s^t^e^m^3^2^/^c^a^l^c^.^e^x^e
rundll32 url.dll,FileProtocolHandler file://^C^:^/^W^i^n^d^o^w^s^/^s^y^s^t^e^m^3^2^/^c^a^l^c^.^e^x^e
rundll32 url.dll,OpenURL file://^C^:^/^W^i^n^d^o^w^s^/^s^y^s^t^e^m^3^2^/^c^a^l^c^.^e^x^e
r^u^n^d^l^l3^2 u^r^l^.^d^l^l^,^O^p^e^n^U^R^L f^i^l^e://^C^:^/^W^i^n^d^o^w^s^/^s^y^s^t^e^m^3^2^/^c^a^l^c^.^e^x^e
另一种访问url的方法:
rundll32 url.dll,OpenURL http://^2^8^9^9^9^0^9^3^8^0^/
注: 其实这里访问的是http://2899909380,但是访问之后会跳转到www.google.com,原理如下:
String = 172.217.27.4 Binary = 10101100 . 11011001 . 00011011 . 00000100 Integer = 2899909380
通过十六进制/二进制/整型的转换,达到了混淆的效果。
如果你觉得这篇文章对你有所帮助,欢迎赞赏~
