by Delikon
Released in April 2003
Made in Germany
Introdution:
The idea of my generator is, to generate a genetic shellcode with one click.
i have made a few test, but mainly it is untested.
At default it generates a shellcode which downloads a file called
klein.exe, it is a proggy which opens a msgbox.
The Use:
the shellcodegenerator get the kernelbase address automaticlly(if you
use the shellcode on another machine you need another kernel base
some kernel base addresses:
Win95 (3rd release?) - 0xBFF70000
Win98 (1st and 2nd editions) - 0xBFF70000
WinME - 0xBFF60000
WinNT4 (service pack 4 and 5) - 0x77F00000
my win2k - 0x77E70000
)
the next step is to fill out the downloadpage and the name of the
downloaded file on the taget machine.
Attention-> don't use a big download file, only small trojans like asylum,
or bat-files (or pack it with UPX)
click the "Make Shellcode" button and files will appear the
1.asm (the asm sourcecode)
1.s (compiled sourcecode)
2.asm (the asm decryption routine)
2.s (the compiled asm decryption routine)
and the shellcode.c (the file where the hex-shellcode is in).
If you click "test shellcode" the command "execute 2.s" will start
to test the code.
But if you want to test the real shellcode, compile shellcode.c with
borland or cl.
Changes from v1.0 to v2.0:
- - -added a xor-encoding to avoid NULLS
BUGS:
I have test many different xor-values but only 0x99 works well.
Delikon
MegaSecurity