[[documentation:modules:shellcodehandler:sch_asn1_smb]]
 
Trace: home » documentation » documentation:modules » shellcodehandler » sch_asn1_smb
Table of Contents

ShellcodeHandler ASN1 SMB

Refer to amberg for more information

Pattern 

	const char *pcre = 
".*(\\xeb\\x02\\xeb\\x6b"
"\\xe8\\xf9\\xff\\xff\\xff\\x53\\x55\\x56\\x57\\x8b\\x6c\\x24\\x18\\x8b\\x45\\x3c"
"\\x8b\\x54\\x05\\x78\\x03\\xd5\\x8b\\x4a\\x18\\x8b\\x5a\\x20\\x03\\xdd\\xe3\\x32"
"\\x49\\x8b\\x34\\x8b\\x03\\xf5\\x33\\xff\\xfc\\x33\\xc0\\xac\\x3a\\xc4\\x74\\x07"
"\\xc1\\xcf\\x0d\\x03\\xf8\\xeb\\xf2\\x3b\\x7c\\x24\\x14\\x75\\xe1\\x8b\\x5a\\x24"
"\\x03\\xdd\\x66\\x8b\\x0c\\x4b\\x8b\\x5a\\x1c\\x03\\xdd\\x8b\\x04\\x8b\\x03\\xc5"
"\\xeb\\x02\\x33\\xc0\\x5f\\x5e\\x5d\\x5b\\x89\\x44\\x24\\x04\\x8b\\x04\\x24\\x89"
"\\x44\\x24\\x08\\x8b\\x44\\x24\\x04\\x83\\xc4\\x08\\xc3\\x5e\\x6a\\x30\\x59\\x64"
"\\x8b\\x19\\x8b\\x5b\\x0c\\x8b\\x5b\\x1c\\x8b\\x1b\\x8b\\x7b\\x08\\x83\\xec\\x1c"
"\\x8b\\xec\\x33\\xc0\\x50\\x68\\x2e\\x65\\x78\\x65\\x89\\x65\\x14\\x57\\x68\\xea"
"\\x49\\x8a\\xe8\\xff\\xd6\\x6a\\x06\\xff\\x75\\x14\\xff\\xd0\\x89\\x45\\x04\\x57"
"\\x68\\xdb\\x8a\\x23\\xe9\\xff\\xd6\\x89\\x45\\x0c\\x57\\x68\\x8e\\x4e\\x0e\\xec"
"\\xff\\xd6\\x33\\xc9\\x66\\xb9\\x6c\\x6c\\x51\\x68\\x33\\x32\\x2e\\x64\\x68\\x77"
"\\x73\\x32\\x5f\\x54\\xff\\xd0\\x8b\\xd8\\x53\\x68\\xb6\\x19\\x18\\xe7\\xff\\xd6"
"\\x89\\x45\\x10\\x53\\x68\\xe7\\x79\\xc6\\x79\\xff\\xd6\\x89\\x45\\x18\\x53\\x68"
"\\x6e\\x0b\\x2f\\x49\\xff\\xd6\\x6a\\x06\\x6a\\x01\\x6a\\x02\\xff\\xd0\\x89\\x45"
"\\x08\\x33\\xc0\\x50\\x50\\x50\\xb8\\x02\\xff..\\x80\\xf4\\xff\\x50\\x8b"
"\\xc4\\x6a\\x10\\x50\\xff\\x75\\x08\\x53\\x68\\xa4\\x1a\\x70\\xc7\\xff\\xd6\\xff"
"\\xd0\\x58\\x53\\x68\\xa4\\xad\\x2e\\xe9\\xff\\xd6\\x6a\\x10\\xff\\x75\\x08\\xff"
"\\xd0\\x33\\xc0\\x50\\x50\\xff\\x75\\x08\\x53\\x68\\xe5\\x49\\x86\\x49\\xff\\xd6"
"\\xff\\xd0\\x8b\\x4d\\x08\\x89\\x45\\x08\\x51\\xff\\x55\\x18\\x81\\xc4\\xfc\\xfe"
"\\xff\\xff\\x8b\\xdc\\x33\\xc9\\x51\\xb1\\xff\\x51\\x53\\xff\\x75\\x08\\xff\\x55"
"\\x10\\x85\\xc0\\x7e\\x0a\\x50\\x53\\xff\\x75\\x04\\xff\\x55\\x0c\\xeb\\xe5\\xff"
"\\x75\\x08\\xff\\x55\\x18\\x57\\x68\\x5b\\x4c\\x1a\\xdd\\xff\\xd6\\xff\\x75\\x04"
"\\xff\\xd0\\x33\\xc0\\x50\\xff\\x75\\x14\\x57\\x68\\x98\\xfe\\x8a\\x0e\\xff\\xd6"
"\\xff\\xd0\\x57\\x68\\xef\\xce\\xe0\\x60\\xff\\xd6\\xff\\xd0).*";

Dependencies

 
documentation/modules/shellcodehandler/sch_asn1_smb.txt · Last modified: 2006/02/17 14:01
 
Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki