对于淘宝旺旺和支付宝ActiveX控件,我们淘宝卖家是再熟悉不过的了,卖家们可能都仅仅知道他们的表面作用,却很少有人知道这些淘宝的客户端和控件都在背地里对我们的电脑里干了些什么!说出来可能大家都有点诧异。这些客户端和控件不仅仅就是你看见的那些表面的作用,他们在你不知不觉中轻易的获取到了你电脑本机的各种信息。不信?!那薄言就简单的帮大家分析下,只要你安装了淘宝旺旺,他就会在你的电脑上建立一个权限,简称建权,不要和我说你的电脑安装了什么杀毒软件,本机安全策略已经很严密了!还有太多东西你不懂的!除了薄言没有几个人能防得住这样的信息抓取,有点大言不惭了哈!
在这里薄言简单的调用C语言,下面是薄言本人写的一些代码,可以调用出太多东西了,基本上我想要抓取的都可以很轻松的获取到,大家可以参考下,如果看不懂代码的,那你就看看这篇文章的标题,或者下来以后恶补一下计算机知识!另说一句,薄言尚可如此,淘宝的工程师可是比薄言要强大十倍百倍哦!
操作系统的登录用户名
string GetUserName()
{
try
{
string st = "";
ManagementClass mc = new ManagementClass("Win32_ComputerSystem");
ManagementObjectCollection moc = mc.GetInstances();
foreach (ManagementObject mo in moc)
{
st = mo["UserName"].ToString();
}
moc = null;
mc = null;
return st;
}
catch
{
return "unknow";
}
finally
{ }
}
获取MAC地址
string GetMacAddress()
{
try
{
//获取网卡硬件地址
string mac = "";
ManagementClass mc = new ManagementClass("Win32_NetworkAdapterConfiguration");
ManagementObjectCollection moc = mc.GetInstances();
foreach (ManagementObject mo in moc)
{
if ((bool)mo["IPEnabled"] == true)
{
mac = mo["MacAddress"].ToString();
break;
}
}
moc = null;
mc = null;
return mac;
}
catch
{
return "unknow";
}
finally
{ }
}
获取IP地址
///
/// 获取客户端内网IP地址
///
///
private static string getClientLocalIPAddress()
{
string localIP=null;
try
{
IPHostEntry ipHost = System.Net.Dns.GetHostEntry(Dns.GetHostName());// Dns.Resolve(Dns.GetHostName()); ;
IPAddress ipaddress = ipHost.AddressList[0];
localIP = ipaddress.ToString();
return "内网IP地址:"+localIP;
}
catch
{
return "内网IP地址:unknown";
}
finally
{ }
}
///
/// 获得客户端外网IP地址
///
/// IP地址
public static string getClientInternetIPAddress()
{
string internetAddress = "";
try
{
using (WebClient webClient = new WebClient())
{
internetAddress = webClient.DownloadString("http://www.coridc.com/ip");//从外部网页获得IP地址
//判断IP是否合法
if (!System.Text.RegularExpressions.Regex.IsMatch(internetAddress, "[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}"))
{
internetAddress = webClient.DownloadString("http://fw.qq.com/ipaddress");//从腾讯提供的API中获得IP地址
}
}
return "外网IP地址:" + internetAddress;
}
catch
{
return "外网IP地址:unknown";
}
finally
{ }
}
获取硬盘ID
string GetDiskID()
{
try
{
String HDid = "";
ManagementClass mc = new ManagementClass("Win32_DiskDrive");
ManagementObjectCollection moc = mc.GetInstances();
foreach (ManagementObject mo in moc)
{
//HDid = (string)mo.Properties["Model"].ToString();
HDid = (String)mo.Properties["Model"].Value.ToString();
}
moc = null;
mc = null;
return HDid;
}
catch
{
return "unknow";
}
finally
{ }
}
获取CPUid
string GetCpuID()
{
try
{
//获取CPU序列号代码
string cpuInfo = "";//cpu序列号
ManagementClass mc = new ManagementClass("Win32_Processor");
ManagementObjectCollection moc = mc.GetInstances();
foreach (ManagementObject mo in moc)
{
cpuInfo = mo.Properties["ProcessorId"].Value.ToString();
}
moc = null;
mc = null;
return cpuInfo;
}
catch
{
return "unknow";
}
finally
{ }
}
系统名称
string GetSystemType()
{
try
{
string st = "";
ManagementClass mc = new ManagementClass("Win32_ComputerSystem");
ManagementObjectCollection moc = mc.GetInstances();
foreach (ManagementObject mo in moc)
{
st = mo["SystemType"].ToString();
}
moc = null;
mc = null;
return st;
}
catch
{
return "unknow";
}
finally
{ }
}
获取物理内存
string GetTotalPhysicalMemory()
{
try
{
string st = "";
ManagementClass mc = new ManagementClass("Win32_ComputerSystem");
ManagementObjectCollection moc = mc.GetInstances();
foreach (ManagementObject mo in moc)
{
st = mo["TotalPhysicalMemory"].ToString();
}
moc = null;
mc = null;
return st;
}
catch
{
return "unknow";
}
finally
{ }
}
这段代码 直接挖到心脏处
BIOS 编号,支持 AMI, AWARD, PHOENIX
SIZE_T ssize;
LARGE_INTEGER so;
so.LowPart=0x000f0000;
so.HighPart=0×00000000;
ssize=0xffff;
wchar_t strPH[30]=L\\device\\physicalmemory;
DWORD ba=0;
UNICODE_STRING struniph;
struniph.Buffer=strPH;
struniph.Length=0x2c;
struniph.MaximumLength =0x2e;
OBJECT_ATTRIBUTES obj_ar;
obj_ar.Attributes =64;
obj_ar.Length =24;
obj_ar.ObjectName=&struniph;
obj_ar.RootDirectory=0;
obj_ar.SecurityDescriptor=0;
obj_ar.SecurityQualityOfService =0;
HMODULE hinstLib = LoadLibrary("ntdll.dll");
ZWOS ZWopenS=(ZWOS)GetProcAddress(hinstLib,"ZwOpenSection");
ZWMV ZWmapV=(ZWMV)GetProcAddress(hinstLib,"ZwMapViewOfSection");
ZWUMV ZWunmapV=(ZWUMV)GetProcAddress(hinstLib,"ZwUnmapViewOfSection");
//调用函数,对物理内存进行映射
HANDLE hSection;
if( 0 == ZWopenS(&hSection,4,&obj_ar) &&
0 == ZWmapV(
( HANDLE )hSection, //打开Section时得到的句柄
( HANDLE )0xFFFFFFFF, //将要映射进程的句柄,
&ba, //映射的基址
0,
0xFFFF, //分配的大小
&so, //物理内存的地址
&ssize, //指向读取内存块大小的指针
1, //子进程的可继承性设定
0, //分配类型
2 //保护类型
) )
//执行后会在当前进程的空间开辟一段64k的空间,并把f000:0000到f000:ffff处的内容映射到这里
//映射的基址由ba返回,如果映射不再有用,应该用ZwUnmapViewOfSection断开映射
{
BYTE* pBiosSerial = ( BYTE* )ba;
UINT uBiosSerialLen = FindAwardBios( &pBiosSerial );
if( uBiosSerialLen == 0U )
{
uBiosSerialLen = FindAmiBios( &pBiosSerial );
if( uBiosSerialLen == 0U )
{
uBiosSerialLen = FindPhoenixBios( &pBiosSerial );
}
}
if( uBiosSerialLen != 0U )
{
CopyMemory( szSystemInfo + uSystemInfoLen, pBiosSerial, uBiosSerialLen );
uSystemInfoLen += uBiosSerialLen;
}
ZWunmapV( ( HANDLE )0xFFFFFFFF, ( void* )ba );
}
}
// 完毕, 系统特征码已取得。
然后就是ActiveX了,在功能上,插件通常是用来渲染页面里的标签,并不会增加浏览器自身的功能。插件通常实现比较底层的功能,一般以操作系统的本地代码(也叫“原生代码”)编写,可以调用操作系统的API。形式上,插件以动态库(Windows操作系统就是DLL文件)的方式加载到浏览器的进程里,所以安装了淘宝旺旺后,再用淘宝旺旺轮番登陆小号进行操作基本上是必死无疑的,就算不安装淘宝旺旺,当你安装了支付宝控件,同样也是不行的哦!看到这里大家绝望了,想要避开淘宝稽核系统的追踪看来是没戏了,其实不然,安全的方法当然是有的,只是限于篇幅,这里无法展开了,在淘宝稽核系统伪装脱逃技术教程中薄言为大家准备了详细的操作方法和演示!
