Recently that IE7 0day shellcode decryption-bug warning-the black bar safety net

ID MYHACK58:62200922228
Type myhack58
Reporter 佚名
Modified 2009-02-20T00:00:00


One, use freshow tool to decrypt

Original link

Need to extract the shellcode decryption

1 dadong replace to % u for once esc decrypt--up

2 esc next fill in 2 1 decode should appear.


Second, The do-it-yourself it, write a decryption code

'Decrypt the code code="%u5549%u5155%u0E1B%u560E%u5656%u520F%u494E%u0F54%u4E42%u0E4C%u0F10%u5944%u0044"

function replaceregex(str) Sstr=Replace(str,"%u","") set regex=new regExp regex. pattern="(..)(..)" regex. IgnoreCase=true regex. global=true matches=regex. replace(Sstr,"$2$1") replaceregex=matches end Function

Function Hex2Str(hexStr) Dim sstr,hextmp For i = 1 To Len(hexStr) step 2 hexTmp = Mid(hexStr,i,2) If hexTmp <> "0 0" Then sstr = sstr & Chr(CLng("&h" & amp; hexTmp) Xor &H21) End If Next Hex2Str = sstr End Function

set fso=CreateObject("scripting. filesystemobject") set fileS=fso. opentextfile("a.txt",8,true) fileS. writeline Hex2Str(replaceregex(code)) files. close set fso=Nothing