havij
FB招聘站
分类阅读
专栏
公开课
FIT 2019
企业服务
用户服务
搜索
投稿
登录
注册
自动化注入神器—Havij 1.17 Pro破解版 unshell2013-04-17共973895人围观 ,发现 43 个不明物体 工具
Havij是一款自动化的SQL注入工具,它能够帮助渗透测试人员发现和利用Web应用程序的SQL注入漏洞。此次Freebuf会员unshell投递的是Havij Pro v1.17破解版。
破解版安装
1. 安装Havij 1.17
2. 从"Loader"文件夹内拷贝 "Loader.exe" 文件至安装目录
3. 以管理员权限运行"Loader.exe"
4. 点击"Register"
新版本
• Dump all
• New bypass technique for MySQL exploitation parenthesis
• Write file feature additional for MSSQL and MySQL.
• Loading HTML type inputs
• Random signature generator
• Saving information in CSV format
• Advanced evasion tab within the settings
• Injection tab in settings
• \'Non-existent injection worth\' will currently be modified by user (the default value is 999999.9)
• \'Comment mark\' is modified by user (the default worth is --)
• Disabling/enabling of work
• Bugfix: adding manual information in tables tree read
• Bugfix: finding string columns in PostgreSQL
• Bugfix: MS Access blind string kind information extraction
• Bugfix: MSSQL blind motorcar detection once error-based technique fails
• Bugfix: all information blind strategies fail on rehear
• Bugfix: idea columns/tables in MySQL time-based injection
• Bugfix: blinking once merchandising into file
• Bugfix: loading project injection kind (Integer or String)
• Bugfix: HTTPS multi-threading bug
• Bugfix: command execution in MSSQL 2005
特性
1. Supported Databases with injection methods:
MSSQL 2000/2005 with error
MSSQL 2000/2005 no-error union-based
MSSQL blind
MSSQL time-based
MySQL union-based
MySQL blind
MySQL error-based
MySQL time-based
Oracle union-based
Oracle error-based
Oracle blind
PostgreSQL union-based
MS Access union-based
MS Access blind
Sybase (ASE)
Sybase (ASE) Blind
2. HTTPS support
3. Multi-threading
4. Proxy support
5. Automatic information server detection
6. Automatic parameter kind detection (string or integer)
7. Automatic keyword detection (finding the distinction between positive and negative responses)
8. Automatic scan of all parameters.
9. attempting completely different injection syntaxes
10. choices for substitution house by /**/,+,... against IDS or filters
11. Avoids exploitation strings (bypassing magic_quotes and similar filters)
12. Manual injection syntax support
13. Manual queries with result
14. Forcing extrajudicial union
15. Random signature generator
16. totally customizable protocol headers (like referer, user agent...)
17. Loading cookie(s) from web site for authentication
18. Load HTML type inputs
19. protocol Basic and Digest authentication
20. Injecting uniform resource locator rewrite pages
21. Bypassing ModSecurity internet application firewall and similar firewalls
22. Bypassing WebKnight internet application firewall and similar firewalls
23. Instant result
24. idea tables and columns in MySQL<5 (also in blind) and MS Access
25. fast retrieval of tables and columns for MySQL
26. Resuming a antecedently saved table/column extraction session
27. death penalty SQL question against associate Oracle information
28. Custom keyword replacement in injections
29. obtaining one complete row through one request (all in one request)
30. merchandising information into file
31. Saving information as XML
32. Saving information as CSV format
33. facultative xp_cmdshell and remote desktop
34. Multiple table/column extraction strategies
35. Multi-threaded Admin page finder
36. Multi-threaded on-line MD5 cracker
37. obtaining software package data
38. obtaining tables, columns and information
39. Command execution (MSSQL only)
40. Reading remote system files (MySQL only)
41. Creating/writing to a foreign file (MySQL and MsSQL)
42. Insert/update/delete information
43. Unicode support
下载地址
感谢unshell投递
unshell
28 篇文章
等级: 5级
||
上一篇:Cobalt Strike—Armitage商业版下一篇:[更新]天蝎座扫描器0414官方版
这些评论亮了
snow陈伦 (1级)SnowGroup回复
附件不存在,请更新down地址
)101(亮了
fireeye 回复
http://fireeye.ijinshan.com/analyse.html?md5=dfef6a26ba039099724b5cc63116abed&sha1=d994db31af068ab2a314839bfdf2a568dd55dc43&type=1#full
https://www.virustotal.com/zh-cn/file/1ce2375d92e3f15d0ddd89d8995f7a4059bb389c5ce0621794cabfa83ba438c0/analysis/1366356916/
这个Loaderupx脱壳后,结果如下:
行为描述:拷贝自身到其他目录
附加信息:
%windir%\Installer\6859e6c.msi
%temp%\685945a.msi
行为描述:在其他进程中申请内存
附加信息:
%system%\msiexec.exe
行为描述:创建互斥体
附加信息:
"DINPUTWINMM"
"DisableLowDiskWarning"
"OleDfRoot000333468"
"OleDfRoot000333694"
"OleDfRoot00033376D"
"OleDfRoot0003337AA"
"OleDfRoot0003337C5"
"OleDfRoot00033382F"
"OleDfRoot0003354D9"
"OleDfRoot0003356DA"
"OleDfRoot0003358C7"
"OleDfRoot000335903"
"OleDfRoot000335921"
"OleDfRoot000335E3A"
"OleDfRoot000337505"
"OleDfRoot000339441"
"OleDfRoot00033C323"
"RPCSS_REGEVENT:{000C101C-0000-0000-C000-000000000046}"
行为描述:创建进程
附加信息:
%system%\msiexec.exe
行为描述:查找文件
附加信息:
""
行为描述:设置文件属性
附加信息:
C:\Config.Msi >> HIDE
C:\Config.Msi >> SYSTEM
C:\Config.Msi\6859e70.rbf >> HIDE
C:\Config.Msi\6859e70.rbf >> SYSTEM
%windir%\Installer >> HIDE
%windir%\Installer >> SYSTEM
新增 dfef6a26ba039099724b5cc63116abed 1032704 %windir%\installer\6859e6c.msi
新增 2fa08381f60cc0dabac9139c9bb9b59e 6656 %windir%\installer\6859e6e.ipi
新增 91317dda819440fd0fd354bb8dafd163 402550 %windir%\installer\MSI1F.tmp
新增 d69f5ceef660d7442cb2cf0ce2e75754 6501 C:\Config.Msi\6859e70.rbf
新增 f3b25701fe362ec84616a93a45ce9998 2 %temp%\MSI5945b.LOG
新增 7243c641958dfec5a2e825e2ab88cae7 8556 C:\Config.Msi\6859e6f.rbs
新增 dfef6a26ba039099724b5cc63116abed 1032704 %temp%\685945a.msi
删除 无 0 %windir%\WinSxS\Manifests\x86_Micr...
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Fold...
[C:\Config.Msi\] = []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InPr...
[(NULL)] = [C:WINDOWSInstaller6859e6e.ipi]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Roll...
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Roll...
[C:\Config.Msi\6859e6f.rbs] = [0x42378a91]
[C:\Config.Msi\6a143d4.rbs] = [0x42378c44]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [02:\Software\Microsoft\Office\14.0\Common\InstalledPackages\20140000-0028-0411-0000-0000000FF1CE\]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [02:\Software\Microsoft\Office\14.0\Common\Setup\OnDemand\PublishComponentGuid\20140000-0028-0411-0000-0000000FF1CE\]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14SHAREDIMEPADSV.EXE]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14IMEJPIMJPPRED.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C:Documents and SettingsAll UsersApplication DataMicrosoftIME14IMEJPDICTSMSHWJPNR.DIC]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14IMEJPIMJPUEX.EXE]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14IMEJPIMJPCUS.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [00:\CLSID\{CFD5B69C-A5E0-4942-8C47-B0D695F709AF}\LocalServer32\]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [02:\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\downlevel_manifest.9.0.30729.4148\]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14SHAREDIMECFM.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [02:\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_fc8faf94\downlevel_manifest.9.0.30729.4148\]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14SHAREDIMEKLMG.EXE]
[00000000000000000000000000000000] = [C:Program FilesCommon FilesMicrosoft SharedIME14SHAREDIMEKLMG.EXE]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14IMEJPIMJPAPI.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14SHAREDMSCAND20.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14SHAREDIMEDICTUPDATE.EXE]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14SHARED1041IMEPADRS.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C:Documents and SettingsAll UsersApplication DataMicrosoftIME14IMEJPHELPIMJPCL.CHM]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14IMEJPIMJPCD.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [02:\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\downlevel_manifest.9.0.30729.4148\]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14SHAREDIMEFILES.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14SHAREDIMECMPS.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [00:\CLSID\{C6544E9D-B344-48D6-A985-E67EFB51D922}\LocalServer32\]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14IMEJPIMJPCMMP.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14SHAREDIMECFMUI.EXE]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14IMEJPAPPLETSIMJPCLST.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14SHAREDIMEAPIS.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [02:\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.9.0.Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_8a6d3a7b\downlevel_manifest.9.0.30729.4148\]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C:Documents and SettingsAll UsersApplication DataMicrosoftIME14IMEJPDICTSIMJPST.DIC]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14SHAREDIMEPADSM.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14IMEJPIMJPLMP.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [02:\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\downlevel_payload.9.0.30729.4148\]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C:Documents and SettingsAll UsersApplication DataMicrosoftIME14IMEJPDICTSIMJPADFN.DIC]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14SHAREDIMECMNT.EXE]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14SHAREDIMJKAPI.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14IMEJPIMJPDAPI.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14SHAREDIMESPBLD.EXE]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [02:\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\downlevel_payload.9.0.30729.4148\]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14IMEJPAPPLETSIMJPSKEY.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [02:\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\downlevel_manifest.9.0.30729.4148\]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14IMEJPAPPLETSIMJPSKF.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [02:SOFTWAREMicrosoftIMEJPversion]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [02:\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\downlevel_payload.9.0.30729.4148\]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [02:SOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{9CDE85F5-9233-4bf4-89CB-CC7B51BBAD8A}AppPath]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14IMEJPIMJPTIP.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14IMEJPAPPLETSIMJPCAC.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14SHAREDIMENUI.EXE]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [02:\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\downlevel_manifest.9.0.30729.4148\]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedOFFICE14Office Setup ControllerProof.jaIME32.XML]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14IMEJPIMJPUEXC.EXE]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [02:\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.9.0.Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_5d2f9d08\downlevel_manifest.9.0.30729.4148\]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C?WINDOWSsystem32IMJP14.IME]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [00:imesyncURL Protocol]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14IMEJPIMJPMGR.EXE]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C?WINDOWSsystem32IMJP14K.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14SHAREDIMELM.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14SHAREDIMEVER.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14IMEJPIMJPCMLD.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14IMEJPIMJPDUS.EXE]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14IMEJPAPPLETSIMJPKDIC.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14IMEJPIMJPDCT.EXE]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [02:SYSTEMCurrentControlSetControlKeyboard Layoutse0200411Ime File]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14IMEJPIMJPPDMG.EXE]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14SHAREDIMETIP.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14SHAREDIMESEARCH.EXE]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [02:\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.9.0.Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_cd762299\downlevel_manifest.9.0.30729.4148\]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User...
[00004102820011400000000000F01FEC] = [02:\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\downlevel_payload.9.0.30729.4148\]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
[IMJPMIG8.1] = ["C:WINDOWSIMEimjp8_1IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
[%system%\IMJP14.IME] = [0x00000001]
[%system%\IMJP14K.DLL] = [0x00000001]
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSISERVER000\Con...
[ActiveService] = [MSIServer]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSISERVER000...
[ActiveService] = [MSIServer]
)28(亮了
phper 回复
@hardway 拷贝 "Loader.exe" 文件至安装目录,管理员权限运行。我这ok的
)9(亮了
发表评论已有 43 条评论
Lr@dD (1级) 难人 2013-04-17回复 1楼
果断下载了 
亮了(1)
hardway 2013-04-17回复 2楼
loader运行不起来啊
亮了(1)
phper 2013-04-17回复
@hardway 拷贝 "Loader.exe" 文件至安装目录,管理员权限运行。我这ok的
亮了(9)
nnigou 2013-04-17回复 3楼
能运行,但是上面是用户名下面是要授权文件这个怎么解?
亮了(2)
Vica 2013-04-20回复
@nnigou 点击"Register"就注册了,不用管授权文件。
亮了(1)
puzzlewrj 2013-04-17回复 4楼
win7果断loader运行不起来啊
亮了(2)
lxsec (1级) 一个安全屌丝! 2013-04-17回复 5楼
win2003果断运行下来了
不过这个玩意会改注册表或者添加一些注册信息嘛?
亮了(1)
vanderfay (1级) 2013-04-17回复 6楼
64位win7loader运行不了。。。
亮了(1)
阿贵回来了 2013-04-17回复 7楼
//:提示文件中含有盗取网银的木马,具体是不是自己判断,多加小心了。//: 终于升级了哈哈
亮了(2)
苏生不惑 2013-04-17回复 8楼
太给力啦,去下一个
亮了(1)
netorgcom (4级) 2013-04-17回复 9楼
速度很快~~
亮了(1)
Cr0w_A 2013-04-17回复 10楼
已下载!!
亮了(1)
小龅牙的我 2013-04-17回复 11楼
出1.17了,快速围观。。。。
亮了(1)
带脚镣跳舞 2013-04-17回复 12楼
给力
亮了(1)
tester 2013-04-18回复 13楼
win8_x64_pro果断 类型不匹配,13··
亮了(2)
宇少 (1级) 2013-04-18回复 14楼
下载了很不错
亮了(1)
fireeye 2013-04-19回复 15楼
http://fireeye.ijinshan.com/analyse.html?md5=dfef6a26ba039099724b5cc63116abed&sha1=d994db31af068ab2a314839bfdf2a568dd55dc43&type=1#full
https://www.virustotal.com/zh-cn/file/1ce2375d92e3f15d0ddd89d8995f7a4059bb389c5ce0621794cabfa83ba438c0/analysis/1366356916/
这个Loaderupx脱壳后,结果如下:
行为描述:拷贝自身到其他目录
附加信息:
%windir%\Installer\6859e6c.msi
%temp%\685945a.msi
行为描述:在其他进程中申请内存
附加信息:
%system%\msiexec.exe
行为描述:创建互斥体
附加信息:
“DINPUTWINMM”
“DisableLowDiskWarning”
“OleDfRoot000333468″
“OleDfRoot000333694″
“OleDfRoot00033376D”
“OleDfRoot0003337AA”
“OleDfRoot0003337C5″
“OleDfRoot00033382F”
“OleDfRoot0003354D9″
“OleDfRoot0003356DA”
“OleDfRoot0003358C7″
“OleDfRoot000335903″
“OleDfRoot000335921″
“OleDfRoot000335E3A”
“OleDfRoot000337505″
“OleDfRoot000339441″
“OleDfRoot00033C323″
“RPCSS_REGEVENT:{000C101C-0000-0000-C000-000000000046}”
行为描述:创建进程
附加信息:
%system%\msiexec.exe
行为描述:查找文件
附加信息:
“”
行为描述:设置文件属性
附加信息:
C:\Config.Msi >> HIDE
C:\Config.Msi >> SYSTEM
C:\Config.Msi\6859e70.rbf >> HIDE
C:\Config.Msi\6859e70.rbf >> SYSTEM
%windir%\Installer >> HIDE
%windir%\Installer >> SYSTEM
新增 dfef6a26ba039099724b5cc63116abed 1032704 %windir%\installer\6859e6c.msi
新增 2fa08381f60cc0dabac9139c9bb9b59e 6656 %windir%\installer\6859e6e.ipi
新增 91317dda819440fd0fd354bb8dafd163 402550 %windir%\installer\MSI1F.tmp
新增 d69f5ceef660d7442cb2cf0ce2e75754 6501 C:\Config.Msi\6859e70.rbf
新增 f3b25701fe362ec84616a93a45ce9998 2 %temp%\MSI5945b.LOG
新增 7243c641958dfec5a2e825e2ab88cae7 8556 C:\Config.Msi\6859e6f.rbs
新增 dfef6a26ba039099724b5cc63116abed 1032704 %temp%\685945a.msi
删除 无 0 %windir%\WinSxS\Manifests\x86_Micr…
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Fold…
[C:\Config.Msi\] = []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InPr…
[(NULL)] = [C:WINDOWSInstaller6859e6e.ipi]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Roll…
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Roll…
[C:\Config.Msi\6859e6f.rbs] = [0x42378a91]
[C:\Config.Msi\6a143d4.rbs] = [0x42378c44]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [02:\Software\Microsoft\Office\14.0\Common\InstalledPackages\20140000-0028-0411-0000-0000000FF1CE\]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [02:\Software\Microsoft\Office\14.0\Common\Setup\OnDemand\PublishComponentGuid\20140000-0028-0411-0000-0000000FF1CE\]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14SHAREDIMEPADSV.EXE]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14IMEJPIMJPPRED.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C:Documents and SettingsAll UsersApplication DataMicrosoftIME14IMEJPDICTSMSHWJPNR.DIC]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14IMEJPIMJPUEX.EXE]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14IMEJPIMJPCUS.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [00:\CLSID\{CFD5B69C-A5E0-4942-8C47-B0D695F709AF}\LocalServer32\]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [02:\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\downlevel_manifest.9.0.30729.4148\]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14SHAREDIMECFM.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [02:\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_fc8faf94\downlevel_manifest.9.0.30729.4148\]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14SHAREDIMEKLMG.EXE]
[00000000000000000000000000000000] = [C:Program FilesCommon FilesMicrosoft SharedIME14SHAREDIMEKLMG.EXE]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14IMEJPIMJPAPI.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14SHAREDMSCAND20.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14SHAREDIMEDICTUPDATE.EXE]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14SHARED1041IMEPADRS.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C:Documents and SettingsAll UsersApplication DataMicrosoftIME14IMEJPHELPIMJPCL.CHM]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14IMEJPIMJPCD.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [02:\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\downlevel_manifest.9.0.30729.4148\]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14SHAREDIMEFILES.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14SHAREDIMECMPS.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [00:\CLSID\{C6544E9D-B344-48D6-A985-E67EFB51D922}\LocalServer32\]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14IMEJPIMJPCMMP.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14SHAREDIMECFMUI.EXE]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14IMEJPAPPLETSIMJPCLST.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14SHAREDIMEAPIS.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [02:\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.9.0.Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_8a6d3a7b\downlevel_manifest.9.0.30729.4148\]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C:Documents and SettingsAll UsersApplication DataMicrosoftIME14IMEJPDICTSIMJPST.DIC]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14SHAREDIMEPADSM.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14IMEJPIMJPLMP.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [02:\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\downlevel_payload.9.0.30729.4148\]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C:Documents and SettingsAll UsersApplication DataMicrosoftIME14IMEJPDICTSIMJPADFN.DIC]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14SHAREDIMECMNT.EXE]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14SHAREDIMJKAPI.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14IMEJPIMJPDAPI.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14SHAREDIMESPBLD.EXE]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [02:\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\downlevel_payload.9.0.30729.4148\]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14IMEJPAPPLETSIMJPSKEY.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [02:\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\downlevel_manifest.9.0.30729.4148\]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14IMEJPAPPLETSIMJPSKF.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [02:SOFTWAREMicrosoftIMEJPversion]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [02:\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\downlevel_payload.9.0.30729.4148\]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [02:SOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{9CDE85F5-9233-4bf4-89CB-CC7B51BBAD8A}AppPath]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14IMEJPIMJPTIP.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14IMEJPAPPLETSIMJPCAC.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14SHAREDIMENUI.EXE]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [02:\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\downlevel_manifest.9.0.30729.4148\]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedOFFICE14Office Setup ControllerProof.jaIME32.XML]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14IMEJPIMJPUEXC.EXE]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [02:\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.9.0.Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_5d2f9d08\downlevel_manifest.9.0.30729.4148\]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C?WINDOWSsystem32IMJP14.IME]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [00:imesyncURL Protocol]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14IMEJPIMJPMGR.EXE]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C?WINDOWSsystem32IMJP14K.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14SHAREDIMELM.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14SHAREDIMEVER.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14IMEJPIMJPCMLD.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14IMEJPIMJPDUS.EXE]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14IMEJPAPPLETSIMJPKDIC.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14IMEJPIMJPDCT.EXE]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [02:SYSTEMCurrentControlSetControlKeyboard Layoutse0200411Ime File]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14IMEJPIMJPPDMG.EXE]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14SHAREDIMETIP.DLL]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [C:Program FilesCommon FilesMicrosoft SharedIME14SHAREDIMESEARCH.EXE]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [02:\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.9.0.Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_cd762299\downlevel_manifest.9.0.30729.4148\]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User…
[00004102820011400000000000F01FEC] = [02:\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\downlevel_payload.9.0.30729.4148\]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
[IMJPMIG8.1] = ["C:WINDOWSIMEimjp8_1IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
[%system%\IMJP14.IME] = [0x00000001]
[%system%\IMJP14K.DLL] = [0x00000001]
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSISERVER000\Con…
[ActiveService] = [MSIServer]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSISERVER000…
[ActiveService] = [MSIServer]
亮了(28)
free (1级) 2013-07-19回复
@fireeye Test parameter: ID这个是怎么回事?
亮了(2)
xss 2013-04-19回复 16楼
可以注入但是列不出表? 1,15没压力
亮了(1)
7z1 2013-04-22回复
@xss 同样啊。列不出表。不给力…… 用havij 1.16 pro 无压力。。。
亮了(1)
suc 2013-04-24回复
@7z1 求一个1.16哇~1571292602@qq.com
亮了(3)
flowind 2013-04-20回复 17楼
Havij功能是强大..但是了..大家都清楚..绕过过滤是几乎一点辙都没..
还是手动比较好…但是累…
亮了(0)
jekkay (3级) 2013-12-30回复
@flowind 你也去开发个工具把
亮了(1)
demon 2013-04-21回复 18楼
win7 32位运行错误’13′
亮了(5)
农民微博人 2013-05-31回复 19楼
转发微博
亮了(0)
nickname 2013-06-09回复 20楼
loader可以起来,但跑不动啊
亮了(0)
_WaiHoNg 2013-06-12回复 21楼
转发微博
亮了(0)
魂 (1级) 2013-07-29回复 22楼
免杀没做好,报毒了
亮了(2)
iMW (1级) 2013-07-30回复
@魂 被Symantec干掉了
亮了(0)
chensu 2015-05-06回复
@ iMW 大表哥能分享下? 地址挂了
亮了(0)
悠哉 2013-09-14回复 23楼
win7 64 类型不匹配 错误13
亮了(1)
snow陈伦 (1级) SnowGroup 2013-12-03回复 24楼
附件不存在,请更新down地址
亮了(101)
哥哥 2014-02-24回复 25楼
那个,1.19谁破一下?
亮了(0)
xjun 2014-11-25回复
@ 哥哥 我来 哪里有下载地址
亮了(0)
看起来很吊 2014-03-16回复 26楼
地址没有了
亮了(2)
行者向阳 (2级) 信息安全在读 2014-06-14回复 27楼
有人更新下载地址吗?
亮了(0)
行者_travis (1级) 2014-06-16回复 28楼
能再给一个下载地址吗?
亮了(2)
AIR (1级) 2014-07-24回复 29楼
球下載地址
亮了(3)
ere 2014-09-09回复 30楼
列不出库
亮了(1)
504038236 (1级) 2015-06-16回复 31楼
再更新一下下载地址 谢谢诶分享
亮了(0)
第一缕阳光 (1级) 2015-09-20回复 32楼
下载地址失效了
亮了(0)
Jok 2016-07-13回复 33楼
有人更新下载地址吗?
亮了(0)
Joffery (1级) 2017-04-17回复 34楼
run-time error’13′type mismatch
亮了(0)
昵称
请输入昵称
必须您当前尚未登录。登陆?注册邮箱
请输入邮箱地址
必须(保密)表情插图
有人回复时邮件通知我
unshell
这家伙太懒,还未填写个人描述!
28
文章数
7
评论数
最近文章
强大的网站管理软件 - 中国菜刀20141213新版发布
2014.12.14
安全工具Sqlmap免py环境(2013/09/13更新)
2013.11.11
N-Stalker WEB漏洞扫描器
2013.08.14
浏览更多
相关阅读
如何绕过Duo的双因素身份验证Kill Chain:Kali Linux 2.0下可匿名控制台《缺陷周话》第二期:SQL注入使用Digispark和Duck2Spark打造一个廉价USB橡皮鸭Phpsploit:隐蔽的Post-Exploitation框架
特别推荐
关注我们 分享每日精选文章
活动预告
11月
FreeBuf精品公开课·双11学习狂欢节 | 给努力的你打打气
已结束
10月
【16课时-连载中】挖掘CVE不是梦(系列课程2)
已结束
10月
【首节课仅需1元】挖掘CVE不是梦
已结束
9月
【已结束】自炼神兵之自动化批量刷SRC
已结束
FREEBUF免责声明协议条款关于我们加入我们广告及服务寻求报道广告合作联系我们友情链接关注我们
官方微信
新浪微博腾讯微博Twitter赞助商
Copyright © 2018 WWW.FREEBUF.COM All Rights Reserved 沪ICP备13033796号
css.php 正在加载中...0daybank
文章评论