MiniTelnet(ASM版)

首页 > 资源共享 > MiniTelnet(ASM版)

2008年11月14日 Chinadu 发表评论 87 views 阅读评论

;************************************************ ; :: The world's smallest telnetd - 675 bytes :: ;************************************************ ; coded by Drocon in NASM ; ;It binds and starts listening on port 31337, and once ;a connection is detected, send out a message ;================================================ ;=========== ;necessities ;=========== BITS 32 ;we're 32-bit here, so required for -fbin option %define RVADIFF 1000h-200h %define imagebase 00400000h ;imagebase, i can change it to anything i want, 400000h is usually normal %define CODE_BASE 1000h %define DATA_BASE CODE_BASE %define reloc RVADIFF+imagebase ;very very very important, used for data ;==================== ;PE headers starts here: ;==================== mz_header: .magic dw "MZ" .cblp dw 0 .cp dw 1 .crlc dw 0 .cparhdr dw 4 .minalloc dw 0 .maxalloc dw 0 .ss dw 1 .sp dw 0 .csum dw 0 .ip dw 0 .cs dw 0 .lfarlc dw 40h .ovno dw 0 .res times 4 dw 0 .oemid dw 0 .oeminfo dw 0 .res2 times 10 dw 0 .lfanew dd pe_header ;dos stub, just exits, no "This program must be run under Win32" shit stub: mov ah, 4ch int 21h align 16, DB 0 pe_header: .Signature dd "PE" .Machine dw 14Ch .NumberOfSections dw 1 .TimeDateStamp dd 0 .PointerToSymbolTable dd 0 .NumberOfSymbols dd 0 .SizeOfOptionalHeader dw 0E0h .Characteristics dw 103h .Magic dw 10Bh .MajorLinkerVersion db 0 .MinorLinkerVersion db 0 .SizeOfCode dd 1000h .SizeOfInitializedData dd 1000h .SizeOfUninitialzedData dd 0 .AddressOfEntryPoint dd code .BaseOfCode dd CODE_BASE .BaseOfData dd DATA_BASE .ImageBase dd imagebase .SectionAlignment dd 1000h .FileAlignment dd 200h .MajorOperSystemVersion dw 1 .MinorOperSystemVersion dw 0 .MajorImageVersion dw 0 .MinorImageVersion dw 0 .MajorSubsystemVersion dw 4 .MinorSubsystemVersion dw 0 .Reserved1 dd 0 .SizeOfImage dd 2000h .SizeOfHeaders dd code_end .CheckSum dd 0 .Subsystem dw 2 .DllCharacteristics dw 0 .SizeOfStackReserve dd 100000h .SizeOfStackCommit dd 2000h .SizeOfHeapReserve dd 100000h .SizeOfHeapCommit dd 1000h .LoaderFlags dd 0 .NumberOfRvaAndSizes dd 4 .export times 2 dd 0 .import dd DATA_BASE, import_end-import .misc_sectionz times 28 dd 0 sections: .SectionName db ".nwc",0,0,0,0 ;nuclearwinter :D .VirtualSize dd 1000h .VirtualAddress dd DATA_BASE .SizeOfRawData &nb sp;dd import_end-import .PointerToRawData dd code_end .PointerToRelocations dd 0 .PointerToLinenumbers dd 0 .NumberOfRelocations dw 0 .NumberOfLinenumbers dw 0 .Characteristics dd 0E0000060h ;==================== ;Generic macros for import table building...makes life alot easier ;==================== %macro rva 1 dd RVADIFF+%1 %endmacro %macro apicall 1 call dword [%1+reloc] %endmacro %macro library 2 dd 0 dd 0 dd -1 rva %1 rva %2 %endmacro %define endlibrary times 5 dd 0 %macro api_import 3 %1 rva %2 %if %3=1 dw 0 %endif %endmacro ;========= ;Defines ;========= SOCK_STREAM equ 1 SOCK_DGRAM equ 2 SOCKET_ERROR equ -1 INVALID_SOCKET equ -1 MSG_OOB equ 1 MSG_DONTROUTE equ 4 IPPROTO_IP equ 0 IPPROTO_ICMP equ 1 IPPROTO_IGMP equ 2 IPPROTO_GGP equ 3 IPPROTO_TCP equ 6 IPPROTO_PUP equ 12 IPPROTO_UDP equ 17 IPPROTO_IDP equ 22 IPPROTO_ND equ 77 AF_UNSPEC equ 0 AF_UNIX equ 1 AF_INET equ 2 AF_IMPLINK equ 3 AF_PUP equ 4 AF_CHAOS equ 5 AF_IPX equ 6 AF_NS equ 6 AF_ISO equ 7 AF_OSI equ 7 AF_ECMA equ 8 AF_DATAKIT equ 9 AF_CCITT equ 10 AF_SNA equ 11 AF_DECnet equ 12 AF_DLI equ 13 AF_LAT equ 14 AF_HYLINK equ 15 AF_APPLETALK equ 16 AF_NETBIOS equ 17 AF_VOICEVIEW equ 18 AF_FIREFOX equ 19 AF_UNKNOWN1 equ 20 AF_BAN equ 21 AF_MAX equ 22 PF_UNSPEC equ AF_UNSPEC PF_UNIX equ AF_UNIX PF_INET equ AF_INET PF_IMPLINK equ AF_IMPLINK PF_PUP equ AF_PUP PF_CHAOS equ AF_CHAOS PF_NS equ AF_NS PF_IPX equ AF_IPX PF_ISO equ AF_ISO PF_OSI equ AF_OSI PF_ECMA equ AF_ECMA PF_DATAKIT equ AF_DATAKIT PF_CCITT equ AF_CCITT PF_SNA equ AF_SNA PF_DECnet equ AF_DECnet PF_DLI equ AF_DLI PF_LAT equ AF_LAT PF_HYLINK equ AF_HYLINK PF_APPLETALK equ AF_APPLETALK PF_VOICEVIEW equ AF_VOICEVIEW PF_FIREFOX equ AF_FIREFOX PF_UNKNOWN1 equ AF_UNKNOWN1 PF_BAN equ AF_BAN PF_MAX equ AF_MAX WSADESCRIPTION_LEN equ 256 ; description length WSASYS_STATUS_LEN equ 128 ; system status length STRUC WSADATA alignb 4 .wsa_wVersion resw 1 ; expected caller version .wsa_wHighVersion resw 1 ; highest version supported .wsa_szDescription resb WSADESCRIPTION_LEN+1 ; description .wsa_szSystemStatus resb WSASYS_STATUS_LEN+1 ; system status .wsa_iMaxSockets resw 1 ; maximum # of sockets .wsa_iMaxUdpDg resw 1 ; maximum udp datagram size .wsa_lpVendorInfo resd 1 ; vendor info structure ENDSTRUC %define _WSADATA_ 2+2+(WSADESCRIPTION_LEN+1)+(WSASYS_STATUS_LEN+1)+2+2+4 STRUC SOCKADDR .sa_family resw 1 .sa_data resw 14 ENDSTRUC %define _SOCKADDR_ 2+14 STRUC SOCKADDR_IN .sin_family resw 1 ;address family .sin_port resw 1 ;port number .sin_addr resb 4 ;internet address .sin_zero resb 8 ;zero padding ENDSTRUC ;=========== ;The real start of the program ;=========== ready db "drocon is teh h$x",13,10,0 ready_size equ ($-ready) readymsg equ ready+imagebase code: sub ebp,ebp push esp ; ah...the horror, no structures sub esp, WSADATA_size ; i have to align the stack to and esp, 0FFFFFFFCh ; allocate enough space for add esp, 4 ; WSADADA mov ebx,esp ; ebx now holds WSADATA ; push WSADATA_size ; push ebx ; apicall ZeroMemory push ebx push 101h ; anything works here really.... apicall WSAStartup ; call WSAStartup() push byte 6 ; IPPROTO_TCP push byte 1 ; SOCK_STREAM push byte 2 ; AF_INET apicall socket ; create the socket mov ebx,eax push ebp ; dynamically create the push ebp ; SOCKADDR_IN structure push ebp ; by pushing params in stack push dword 697A0002h ; 697A is network order for 7A69 = 31337 in decimal mov eax,esp ; eax holds SOCKADDR_IN push byte 16 ; sizeof SOCKADDR_IN push eax ; SOCKADDR_IN structure push ebx ; our socket handle from socket() apicall bind ; bind() :) push byte 3 ; max 3 connections push ebx ; socket handle apicall listen ; listen to the port ; push ebx ; push byte 1 ; mov eax,esp ; ; push ebp ; push ebp ; push ebp ; push eax ; push ebp ; apicall select ; add esp,2*4 next: ; go into a loop to accept() push ebp ; 0 push ebp ; 0 push ebx ; socket handle apicall accept ; accept the connection mov edi,eax ; store handle in edi inc eax ; check if there was conn jz next ; nope, go back push ebp ; 0 push byte ready_size ; the size of the welcome message push dword readymsg ;&nbsp ;the welcome message + imagebase push edi ; handle from accept() apicall send ; send the friendly message :) push edi ; okay we're done! apicall closesocket ; time to close the socket! jmp next ; loop back xor eax,eax ; restore eax ret ; return :) align 200h, DB 0 ; very important, we pad the section w/ zeros code_end: ;======== ;IMPORT TABLE - YAHOOO!!!!! ;======== import: library WSOCK32, W32api endlibrary WSOCK32 db "wsock32.dll", 0 W32api: api_import socket, api1, 0 api_import bind, api2, 0 api_import send, api3, 0 api_import listen, api4, 0 api_import select, api5, 0 api_import WSAStartup, api6, 0 api_import accept, api7, 0 api_import closesocket, api8, 1 api1 dw 0 db "socket",0 api2 dw 0 db "bind",0 api3 dw 0 db "send",0 api4 dw 0 db "listen",0 api5 dw 0 db "select",0 api6 dw 0 db "WSAStartup",0 api7 dw 0 db "accept",0 api8 dw 0 db "closesocket",0 import_end: ;OK EOF THAT WAS REAL FUN

2010年07月14日 -- ring3下隐藏服务的代码
2008年11月14日 -- Check MD5(md5sum for php)
2007年04月2日 -- Win32 download url shellcode
2006年10月24日 -- HTML通用免杀
2006年09月21日 -- 超强NB 的弹出代码，不弹都不行，3721，GOOGLE工具都拦截不了。

分类: 资源共享标签: Code

评论 (0) Trackbacks (0) 发表评论 Trackback

本文目前尚无任何评论.

本文目前尚无任何 trackbacks 和 pingbacks.

UAC Snooze 发布,帮助管理你的UAC CMD环境下操作SQL语句的C代码

Chinadu's Blog

MiniTelnet(ASM版)

相关文章

About Me

站内搜索

日历

最新文章

热门文章

近期评论

文章归档

Categories

Blogroll

Archives

2012 年二月
一	二	三	四	五	六	日
« 一
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29