Linux Shellcode


This section contains Linux payloads.

 linux_ia32_adduser Src Dis Gen
Linux (IA32) 97 bytes
This payload adds a user account on the target system. The size of this payload varies depending on the attributes of the user being created, such as the username.


 linux_ia32_exec Src Dis Gen
Linux (IA32) 36 bytes
This payload executes a command on the target machine. The size of this payload varies based on the length of the command string.


 linux_ia32_bind Src Dis Gen
Linux (IA32) 84 bytes
This payload listens on a TCP port and waits for a connection. Once the connection has been established it executes /bin/sh with standard I/O redirected to the client TCP connection.


 linux_sparc_bind Src Gen
Linux (SPARC) 180 bytes
This payload listens on a TCP port and waits for a connection. Once the connection has been established it executes /bin/sh with standard I/O redirected to the client TCP connection.


 linux_ia32_bind_stg Src Dis Gen
Linux (IA32) 63 bytes
This payload listens on a TCP port and waits for a connection. Once the connection has been established it reads in a second stage payload and executes it. This is useful for scenarios where you have limited room for your payload.


 linux_ia32_reverse Src Dis Gen
Linux (IA32) 70 bytes
This payload establishes a TCP connection to a given host on a given port and redirects standard I/O from /bin/sh to the established connection.


 linux_sparc_reverse Src Gen
Linux (SPARC) 148 bytes
This payload establishes a TCP connection to a given host on a given port and redirects standard I/O from /bin/sh to the established connection.


 linux_ia32_reverse_stg Src Dis Gen
Linux (IA32) 50 bytes
This payload establishes a TCP connection to a given host on a given port. Once the connection is established a second stage payload is read in and executed. This is useful for scenarios where you have limited room for your initial payload.


 linux_ia32_reverse_udp Src Dis Gen
Linux (IA32) 99 bytes
This payload establishes a UDP connection to a given host on a given port and redirects standard I/O from /bin/sh to the established connection. The shell is created interactively and with readline disabled.


 linux_ia32_findrecv Src Dis Gen
Linux (IA32) 69 bytes
This payload searches all open file descriptors for a four byte tag that is sent by the attacker over the established exploit connection. Once the connection is located the payload executes /bin/sh and redirects standard I/O to the established exploit connection. This is useful for bypassing firewall and NAT restrictions by repurposing the already established exploit connection.


 linux_ia32_findrecv_stg Src Dis Gen
Linux (IA32) 37 bytes
This payload searches all open file descriptors for a four byte tag that is sent by the attacker over the established exploit connection. Once the payload locates the tag it reads in a second stage payload and executes it. This is useful for bypassing firewall and NAT restrictions by repurposing the already established exploit connection.


 linux_ia32_findsock Src Dis Gen
Linux (IA32) 62 bytes
This payload searches all open file descriptors by comparing their source port with the source port that is associated with the attacker's established connection. Once the connection is located the payload executes /bin/sh and redirects standard I/O to the established exploit connection. This is useful for bypassing firewall and NAT restrictions by repurposing the already established exploit connection.