BSD Shellcode


This section contains payloads for BSD derivatives.

 bsd_ia32_exec Src Dis Gen
BSD (IA32) 41 bytes
This payload executes a command on the target machine. The size of this payload varies based on the length of the command string.


 bsd_ia32_bind Src Dis Gen
BSD (IA32) 78 bytes
This payload listens on a TCP port and waits for a connection. Once the connection has been established it executes /bin/sh with standard I/O redirected to the client TCP connection.


 bsd_sparc_bind Src Gen
BSD (SPARC) 168 bytes
This payload listens on a TCP port and waits for a connection. Once the connection has been established it executes /bin/sh with standard I/O redirected to the client TCP connection.


 bsd_ia32_bind_stg Src Dis Gen
BSD (IA32) 54 bytes
This payload listens on a TCP port and waits for a connection. Once the connection has been established it reads in a second stage payload and executes it. This is useful for scenarios where you have limited room for your payload.


 bsd_ia32_reverse Src Dis Gen
BSD (IA32) 68 bytes
This payload establishes a TCP connection to a given host on a given port and redirects standard I/O from /bin/sh to the established connection.


 bsd_sparc_reverse Src Gen
BSD (SPARC) 132 bytes
This payload establishes a TCP connection to a given host on a given port and redirects standard I/O from /bin/sh to the established connection.


 bsd_ia32_reverse_stg Src Dis Gen
BSD (IA32) 43 bytes
This payload establishes a TCP connection to a given host on a given port. Once the connection is established a second stage payload is read in and executed. This is useful for scenarios where you have limited room for your initial payload.


 bsd_ia32_findrecv Src Dis Gen
BSD (IA32) 70 bytes
This payload searches all open file descriptors for a four byte tag that is sent by the attacker over the established exploit connection. Once the connection is located the payload executes /bin/sh and redirects standard I/O to the established exploit connection. This is useful for bypassing firewall and NAT restrictions by repurposing the already established exploit connection.


 bsd_ia32_findrecv_stg Src Dis Gen
BSD (IA32) 40 bytes
This payload searches all open file descriptors for a four byte tag that is sent by the attacker over the established exploit connection. Once the payload locates the tag it reads in a second stage payload and executes it. This is useful for bypassing firewall and NAT restrictions by repurposing the already established exploit connection.