百度网马的时想要用到,CAB文件封装器CABARC
Usage: CABARC [options] command cabfile [@list] [files] [dest_dir]
Commands:
L List contents of cabinet (e.g. cabarc l test.cab)
N Create new cabinet (e.g. cabarc n test.cab *.c app.mak *.h)
X Extract file(s) from cabinet (e.g. cabarc x test.cab foo*.c)
例如:cabarc n calc.cab muma.exe
就会把muma.exe压缩为calc.cab文件
下面是网马,calc.exe是cab文件里的木马文件,细看cocoruder大叔的文档就明白了
XML/HTML代码