ShellcodeHandler Generic LinkBindTrans
Vulnerability
Description
Reference
Analysis
/*
00402111 ba 83538300 mov edx,835383
00402116 ffd6 call esi ; socket()
00402118 53 push ebx
00402119 53 push ebx
0040211a 53 push ebx
0040211b 68 0200d63a push 3ad60002 ; 3ad6 <- port
00402120 8bd4 mov edx,esp
00402122 8bd8 mov ebx,eax
00402124 6a 10 push 10
00402126 52 push edx
00402127 53 push ebx
00402128 ba 0090a6c2 mov edx,c2a69000
0040212d ffd6 call esi ; bind()
0040212f 40 inc eax
00402130 50 push eax
00402131 53 push ebx
00402132 ba 7a3b73a1 mov edx,a1733b7a
00402137 ffd6 call esi ; listen()
00402139 50 push eax
0040213a 50 push eax
0040213b 53 push ebx
0040213c ba 10d36900 mov edx,69d310
00402141 ffd6 call esi ; accept()
00402143 8bd8 mov ebx,eax
00402145 33c0 xor eax,eax
00402147 50 push eax
00402148 b4 02 mov ah,2
0040214a 50 push eax
0040214b 55 push ebp
0040214c 53 push ebx
0040214d ba 005860e2 mov edx,e2605800
00402152 ffd6 call esi ; recv()
00402154 bf 1cf174c0 mov edi,c074f11c ; authentication key
00402159 ffe5 jmp ebp
*/
Pattern
const char *pcre =
"\\xba\\x83\\x53\\x83\\x00\\xff\\xd6\\x53\\x53\\x53\\x68\\x02\\x00"
"(..)\\x8b\\xd4\\x8b\\xd8\\x6a\\x10\\x52\\x53\\xba\\x00\\x90"
"\\xa6\\xc2\\xff\\xd6\\x40\\x50\\x53\\xba\\x7a\\x3b\\x73\\xa1\\xff"
"\\xd6\\x50\\x50\\x53\\xba\\x10\\xd3\\x69\\x00\\xff\\xd6\\x8b\\xd8"
"\\x33\\xc0\\x50\\xb4\\x02\\x50\\x55\\x53\\xba\\x00\\x58\\x60\\xe2"
"\\xff\\xd6\\xbf(....)\\xff\\xe5";
Dependencies
