Happy New Year 2018

Shellcode with Chinese characters, win32/64 windows 7

2018


/*

               __
               /\/'-,
       ,--'''''   /"
 ____,'.  )       \___
'"""""------'"""`-----'

Happy New Year -  新年快樂

*/
#include<stdio.h>
#include<string.h>


char shellcode[] = "\x31\xd2\xb2\x30\x64\x8b\x12\x8b\x52\x0c\x8b\x52\x1c\x8b\x42\x08"
                   "\x8b\x72\x20\x8b\x12\x80\x7e\x0c\x33\x75\xf2\x89\xc7\x03\x78\x3c"
                   "\x8b\x57\x78\x01\xc2\x8b\x7a\x20\x01\xc7\x31\xed\x8b\x34\xaf\x01"
                   "\xc6\x45\x81\x3e\x46\x61\x74\x61\x75\xf2\x81\x7e\x08\x45\x78\x69"
                   "\x74\x75\xe9\x8b\x7a\x24\x01\xc7\x66\x8b\x2c\x6f\x8b\x7a\x1c\x01" 
                   "\xc7\x8b\x7c\xaf\xfc\x01\xc7\x68\x61\x72\x20\x01\x68\x77\x20\x59"
                   "\x65\x68\x79\x20\x4e\x65\x68\x48\x61\x70\x70\x89\xe1\xfe\x49\x0f"
                   "\x31\xc0\x51\x50\xff\xd7"
                   "\新\年\快\樂\狗\年\行\大\運\好\運\旺\旺\來";  
 
int main()
{
 
printf("shellcode length %ld\n",(unsigned)strlen(shellcode));
(* (int(*)()) shellcode) ();
}

Got some luck today(MS17-010)

read the news about US officially blame NK for WannaCry’s damage
so i was wondering if I can still find some machines that are vulnerable to MS17-010 in clients network
Just trying to see if I could got some luck for “old” exploit/vulnerability
I did found some machines are still not patched. and reported the problem to clients 🙂

using namap script to scan for possible/vulnerable targets

1. nmap -p445 --script smb-vuln-ms17-010 

2. nmap -p445 --script vuln 

found some possible target

nmapms17-010

Show option for MS17-010 in Metasploit
showoptionms17-010

Successfully get remote shell

ms17-010shell