=k3Rn=
Sep 27 2004, 02:13 AM
hi,
i just found this string in a code snippel for a port scanner.
| CODE |
\\x00\\xEE\\xB1\\x04\\x52\\xCD\\x00\\x02\\x44\\x66\\x40\\x9E\\x08\\x00\\x45\\x00\\x00\\x28\\x03\\x6D\\x40\\x00\\x80\\x06\\xE0\\x5E\\x0A\\x06\\x01\\xAB\\x0A\\x06\\x01\\x4E
|
the guy fires this string against port 5190.
someone has a clue what this could be?
thx
=k3Rn=
Digital_Spirit
Sep 27 2004, 02:24 AM
THat's just part of a shellcode, the chars you see are known as Hexidecimals.
Aicd
Sep 27 2004, 03:41 AM
for some odd reason i think he knows that
its probably some odd ball piece of code that he saw in the port scanner source.
he just wants to know what it does.. if its malicious or not basically
anyways sorry mate i can't help you out.
Aicd
Dirrk
Sep 27 2004, 03:53 AM
guessing it has something to do with aim seeing how aim runs via 5190 i believe probably wrong i am an idiot
Digital_Spirit
Sep 27 2004, 04:11 AM
It's probablly just a booter. Notice that the first char is \x00
sounds like a dos to me. Don't be so hard on yourself dirrk,
learning is a process. These forums are here to help you with
what you don't know as opposed to pointing it out.
=k3Rn=
Sep 27 2004, 01:25 PM
someone perhaps has an idead how to find out more about that code?
ashk1a
Sep 27 2004, 01:52 PM
its a shell code u have to learn c or c++ to find out whats that
=k3Rn=
Sep 27 2004, 02:58 PM
if it was a shellcode, it would be odd to just send it to a tcp port, first you gotta have access to the memory stack - if i am not wrong. correct me pls ...
so i thought it might be an exploit code or something in that direction ...
and shellcodes have nothing to do with c.
strohunter
Sep 27 2004, 07:24 PM
yep, he should learn x86 asm ^^
ashk1a
Sep 27 2004, 09:00 PM
u didnt get me dude ...i mean if u want to know how u can use a shell code in writing exploit u have to know c or c++ or .... to send as a socket
strohunter
Sep 27 2004, 10:39 PM
well you have to know x86 asm, C (or C++ but it's ugly, or why not PERL) BSD socket style (with the WSA addon thing on windows) and heap/stack/buffer overflow.
fido
Sep 27 2004, 11:46 PM
have alook ...
import javax.swing.*;import java.awt.*;import java.awt.event.*;import java.io.*;import java.net.*;class port extends JFrame implements ActionListener { JLabel label1 = new JLabel("Enter IP Address"); JLabel start = new JLabel("Start"); JLabel end = new JLabel("End"); JTextField text = new JTextField("",15); JTextField Tstart = new JTextField("",5); JTextField Tend = new JTextField("",5); JButton scan = new JButton("Scan"); JButton stop = new JButton("stop scanning"); JTextArea area = new JTextArea(20,240); JPanel panel = new JPanel(); Socket socket = null; PrintWriter wr; int index = 0; public port() { setTitle("Port scanner v1.0"); setSize(300,350); setLocation(100,200); setResizable(false); Container con = getContentPane(); con.setLayout(new GridLayout(2,1)); panel.setLayout(new GridLayout(4,2)); panel.add(label1); panel.add(text); panel.add(start); panel.add(Tstart); panel.add(end); panel.add(Tend); panel.add(scan); panel.add(stop); JScrollPane scroll = new JScrollPane(area); con.add(panel); con.add(scroll); scan.addActionListener(this); stop.addActionListener(this); } Socket s = null; public void actionPerformed(ActionEvent e) { if(e.getSource() == scan) { index = 0; Thread th = new Thread() { public void run() { int port1 = Integer.parseInt(Tstart.getText()); int port2 = Integer.parseInt(Tend.getText()); String address = text.getText(); for(int i = port1;i < port2 + 1;i++) { if(index == 0) try { s = new Socket(InetAddress.getByName(address),i); wr = new PrintWriter(new OutputStreamWriter(s.getOutputStream()),true); if(i == 5190) wr.println("\\x00\\xEE\\xB1\\x04\\x52\\xCD\\x00\\x02\\x44\\x66\\x40\\x9E\\x08\\x00\\x45\\x00\\x00\\x28\\x03\\x6D\\x40\\x00\\x80\\x06\\xE0\\x5E\\x0A\\x06\\x01\\xAB\\x0A\\x06\\x01\\x4E"); area.append("Port " + i +" is open"+"\n"); s.close(); }catch(IOException e) { area.append("Scanning port "+i+"\n"); } else break; } } }; th.start(); } else if(e.getSource() == stop) { index = 1; Tstart.setText(""); Tend.setText(""); }} public static void main(String args[]) { port p = new port(); p.show();}}
------
just cut and paste, and break on the semi colon...the formatting all gone array, but its basically a port scanner, which when it finds 5190, sends the shellcode, I didnt have time to look into nemore
Fido
=k3Rn=
Sep 28 2004, 04:04 AM
it's the code i got it from
feel great, but this doesn't answer my question at all.
ashk1a
Sep 28 2004, 08:11 AM
| QUOTE |
| well you have to know x86 asm, C (or C++ but it's ugly, or why not PERL) BSD socket style (with the WSA addon thing on windows) and heap/stack/buffer overflow |
u can write an exploit in every program that u want and tanq for info
*=k3Rn=
that scanner is scanning a ip and sending this shell code and checking if the ip is vulnerable or not
=k3Rn=
Sep 28 2004, 04:51 PM
ashk1a: you just don't know what you are talking about.
cSb
Sep 28 2004, 06:08 PM
that looks a lot like:
This code too bad i dont know Vietnamese
mdk
Sep 30 2004, 12:19 PM
its a simple single ip portscanner. for some reason it sends this code if port 5190 is reached. perhabs ist something about the "AOL Instant Messenger AIM "Away" Message Remote Exploit" because AIM runs on port 5190. but im not shure.
*edit*
i attached the compiled files for you.
you need a java re insatlled (java.com if you dont have)
nolimit
Oct 1 2004, 12:01 PM
Incase your wondering, the shellcode in character format is
CODE
C:\CODING\c++\test\Debug>cpp1
ε▒♦R═ ☻Df@ E (♥m@ Ç♠α^
♠☺½
♠☺N
(nulls changed to spaces)
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
