如何通过访问网站来下载文件?
我说的是将文件下载到计算机而不让用户知道任何文件已下载,就像病毒一样。有些病毒在下载时不会询问用户是否要下载文件,而是自行下载。我正在尝试创建一个简单的防病毒软件。他们是怎么做到的
I'm talking about getting a file download to computer without letting user know any files have downloaded, just like a virus. Some virus are getting downloaded without asking a user if you wanna download a file it just download it self. I'm trying to create an simple antivirus. How do they do that
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
我认为可以做到这一点的唯一方法是利用缓冲区溢出并在堆栈被破坏后执行任意代码(以执行文件下载)。
话虽如此,我非常怀疑您是否能够找到任何存在此类漏洞的当今浏览器。如今,浏览器引起的病毒(virii?;))仅在用户手动执行下载/安装的系统上猖獗运行。
编辑:我还要提到,实际上让它工作需要高水平的技能(因为“任意”代码通常是特定于处理器的汇编指令)。需要更高水平的技能和知识来防范它。
The only way that I would think that this could be done is by exploiting a buffer overflow and executing arbitrary code once the stack's been smashed (to execute the file download).
Having said that, I very highly doubt you'd be able to find any present day browsers that have any such vulnerabilities. These days, browser-caused viruses (virii? ;)) only run rampant on systems that have users that execute the downloads/installs manually.
Edit: I'll also mention that actually getting this to work takes a high level of skill (as the "arbitrary" code is usually processor-specific assembly instructions). It takes an even higher level of skill and knowledge to protect against it.
不,你不能那样做。甚至病毒也需要在下载后执行。
据我所知,当我浏览某些网页时,我只是收到了包含在我点击某些网站时监视我的cookie。 CMIIW
nope you cannot do that. even the virus they need to be executed after downloaded.
as far as i know, when I did browse some web I just got cookies that contains spying me when I clicked on some websites. cmiiw
也许将您的程序解析为 javascript 并插入到您的网站?
或者插入到另一个站点,然后在您的站点中放置一个 iframe,以避免被 AV 列入黑名单。
Aso 我在某处读到 WMF 文件可以被利用。
Maybe parsing your program to javascript and inserting to your site?
Or insert to another site and then put an iframe in your site to avoid blacklisting by AVs.
Aso I have read somewhere that WMF-files can be exploited.