Note: These are XP era shellcodes, 16bit COM files no longer run on modern OS, and the matrix one seems booger-ed too :(
Here are some good demonstration shellcodes:
You can either grab the hexblob from below, or download the source/binary packages.
fire screen - drops an embedded com file and executes it, no download, takes over whole screen, have to ctrl alt delete it. fire.com author unknown. source
laughing skull w/audio - downloads 3 files (about 60k) one is a audio of a meniacial laugh, the other two are a basic animation sequence of a skull laughing. When run it will do the downloads, show the desktop, play the sound, and then play the animation by setting the images as the desktop wallpaper. Pretty funny effect. (pls change the urls if you use this) source
the matrix is watching - Allocates a console, then types a message to it at varying speeds to simulate urgency, displays some ascii art that matches theme of message and then closes. Matrix like theme..Ascii art is compressed with RtlCompressBuffer and decompressed at runtime. source
tubes - same as the fire screen, but this time a cool spiral tube animation source
dropz - same as the fire screen but with a neat water drop animation source
skull wallpaper - downloads a mean looking skull graphic and sets it as the desktop wallpaper source
MessageBox Shellcode - just displays a simple messagebox alert. Unencoded, hexedit to change message.
The fire shellcode i wanted for a loooong time..
Theses all uses the harmony api lookup method and hashs. Although some use a slightly modified version so that I could cache the function pointers instead of doing every lookup on demand. (some like the animation require a lot of repetitive calls in a time sensitive way)
You can just paste these into Shellcode 2 exe if you want an exe to click. If you need null free, slap your own encoder on these.
Hey man,
I have been really interested in this lately (oh and good job) but I have a question that is starting to bug me.
If I download the source files to the hexblobs/shellcode...how can I edit them and reconvert them into shellcode like you have.
This is just so I can for example edit the message in the Matrix shellcode.
Be really awesome if you could help.
Peace.
On 01.09.12 - 1:31pm Dave wrote:
Hi,
You can edit the .asm source files in notepad and then reassemble with nasm.exe
nasm.exe -f bin -O3 -o output.sc source.asm
If the source you are reassembling has an xor encoder at the top of it you can just comment it out so you dont have to manually encode the shellcode after assembly.
Sorry I can not help more, the nasm manual is pretty good, and there is a large userbase to find help on forums or on google.
On 01.09.12 - 2:09pm Chris wrote:
Hi man,
Thanks it worked.
And keep up the awesome work with the blog )
Peace.