前段时间网络出现另类的DDOS攻击。其中CC就是其中一个。它的攻击原来其实就是服务器压力测试。与常规不同的是。它通过代理。

软件名：Web-CT 网站压力测试V4.0

简介：《Web能力测试》是般若网络科技公司自主开发、独立版权的、对Web能力进行全面测试软件产品，简称Web-CT（Web Capacity Test）。
般若网络科技开发 Web-CT 的只是为了测试用户上网质量和服务器性  
能，任何将其作为“拒绝服务攻击”DoS、或利用Web-CT并行测试能  
力进行分“布式拒绝服务攻击”DDoS都是违法的，必将受到相关法律  
的制裁。  
般若网络科技公司对于非测试试验目使用Web-CT所产生的后果不负任  
何责任。

软件限制:试用版测试速率不能大于40;持续时间不能大于10秒!

该软件无壳。注册方式以授权文件方式注册."建立一个名为webctregcodet的文件
首先用W32DASM反汇编：
````````````````````````````````````````````````````````````````
:00416B8F 57                      push edi
:00416B90 8BF9                    mov edi, ecx
:00416B92 33C0                    xor eax, eax
:00416B94 83C9FF                  or ecx, FFFFFFFF
:00416B97 F2                      repnz
:00416B98 AE                      scasb
:00416B99 F7D1                    not ecx
:00416B9B 2BF9                    sub edi, ecx
:00416B9D 8DB590FEFFFF            lea esi, dword ptr [ebp+FFFFFE90]
:00416BA3 87F7                    xchg edi, esi
:00416BA5 8BD1                    mov edx, ecx
:00416BA7 8BC7                    mov eax, edi
:00416BA9 C1E902                  shr ecx, 02
:00416BAC 8D8590FEFFFF            lea eax, dword ptr [ebp+FFFFFE90]
:00416BB2 F3                      repz
:00416BB3 A5                      movsd
:00416BB4 8BCA                    mov ecx, edx
:00416BB6 8D95A8FEFFFF            lea edx, dword ptr [ebp+FFFFFEA8]
:00416BBC 83E103                  and ecx, 00000003
:00416BBF F3                      repz
:00416BC0 A4                      movsb
:00416BC1 5F                      pop edi
:00416BC2 6A14                    push 00000014
:00416BC4 50                      push eax
:00416BC5 52                      push edx
:00416BC6 E8F9570900              call 004AC3C4 <====用OD在这下断点。点击"安装授权文件"选择自己建的假KEY文件。OD在这里断停。EAX里出现注册码：1@2H1E4F5@6@D3A6D1B2
:00416BCB 83C40C                  add esp, 0000000C
:00416BCE 85C0                    test eax, eax
:00416BD0 744B                    je 00416C1D <=====关健跳 其实爆破了就行了
:00416BD2 E8CDD60800              call 004A42A4
:00416BD7 A1CC2F4E00              mov eax, dword ptr [004E2FCC]
:00416BDC 6A20                    push 00000020

* Possible StringData Ref from Data Obj ->"警告..."
                                  |
:00416BDE B938554D00              mov ecx, 004D5538

* Possible StringData Ref from Data Obj ->"授权号码有错误！安装授权文件失败..."
                                  |
:00416BE3 BA14554D00              mov edx, 004D5514
:00416BE8 8B00                    mov eax, dword ptr [eax]
:00416BEA E8A5060A00              call 004B7294
:00416BEF FF4F1C                  dec [edi+1C]
:00416BF2 8D45F8                  lea eax, dword ptr [ebp-08]
:00416BF5 BA02000000              mov edx, 00000002
:00416BFA E8A9070A00              call 004B73A8
:00416BFF FF4F1C                  dec [edi+1C]
:00416C02 8D45FC                  lea eax, dword ptr [ebp-04]
:00416C05 BA02000000              mov edx, 00000002
:00416C0A E899070A00              call 004B73A8
:00416C0F 8B0F                    mov ecx, dword ptr [edi]
:00416C11 64890D00000000          mov dword ptr fs:[00000000], ecx
:00416C18 E9CC000000              jmp 00416CE9

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00416BD0(C)
|
:00416C1D 68D0354E00              push 004E35D0
:00416C22 E8D9720900              call 004ADF00
:00416C27 59                      pop ecx
:00416C28 6802810000              push 00008102

* Possible StringData Ref from Data Obj ->"WebCTRegCode"
                                  |
:00416C2D 6840554D00              push 004D5540
:00416C32 E8397C0900              call 004AE870
:00416C37 83C408                  add esp, 00000008
:00416C3A 8BF0                    mov esi, eax
:00416C3C 6A14                    push 00000014
:00416C3E 8D85A8FEFFFF            lea eax, dword ptr [ebp+FFFFFEA8]
:00416C44 50                      push eax
:00416C45 56                      push esi
:00416C46 E8F5890900   &n

[1] [2] [3] 下一页