Thursday, October 21, 2010

Download and Execute Script Shellcode on Windows 7

I have just released a new version of my Download and Execute Script shellcode which now works on Windows 7.

Essentially, the previous method I was using to find the base address of kernel32 was not Windows 7 compatible, so I have now started using this method discovered by SkyLined.

Taking into account some other "efficient-ising" I did while I was making this change, this comes in at only (IIRC) 3 bytes larger than the original.

I haven't tested this on anything other than Windows 7 so far, but hopefully this should still work on Windows 2000 and up.  If you find otherwise, let me know.

See the original blog post on the shellcode here for more information on how to use it.

I still havent been bothered to enable EXITFUNC changing options in the Metasploit module, because I had no need to change this, but if anyone wants this functionality let me know and I will add it.

Download here:

These new versions replace the originals.