I’ve released the source for a 97 byte shellcode that executes calc.exe.
Quick links
-
Categories
- Art (3)
- ASCII Art (2)
- Browsers (41)
- Chrome (12)
- Extensions (1)
- Firefox (14)
- Plugins (5)
- Internet Explorer (16)
- Opera (8)
- Safari (10)
- Chrome (12)
- Debugging (2)
- Email (1)
- Funny (6)
- Popups (3)
- Google (11)
- HTTP servers (1)
- Imagine Cup (7)
- Instant Messaging (1)
- Live Messenger (1)
- MediaWiki (2)
- notepad++ (2)
- Programming Languages (54)
- Registry (4)
- Security (38)
- Uncategorized (9)
- Video (2)
- YouTube (1)
- Art (3)
-
Archives
- February 2012
- November 2011
- May 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- October 2009
- September 2009
- August 2009
- July 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- October 2008
- September 2008
- August 2008
- July 2008
- May 2008
- April 2008
2 Comments to “w32-exec-calc-shellcode released”
2011/01/01
I have x86 all versions null-free in 67 bytes.
Hashing uses too many bytes.
I published a pre-7 version that pops cmd.exe. It’s in the first
shellcode presentation on my site. It’s only a
slight alteration to pop calc.exe instead, and Windows 7 compatibility
requires only two additional bytes.
That presentation also includes a size-optimised uppercase-only shellcode.
Maybe you can find something there to interest you.
2011/01/02
Yes, you are right; I used my hashing code from previous shellcode without considering if it is the best solution. Since I’m only making one API call, your solution to look for a function that starts with “WinE” is a lot smaller.
Leave a Comment