SLAE Assignment #1 | TCP Bind_Shell

9. Oktober 2017

After gaining my OSCP in June i decided to go deeper into exploitDev and shellcoding.
And here we are, this is the first of seven posts for the SLAE certification. Addidionally you can find all files on my github account.

Building a bind_shell shellcode is the first task.

In an exercise of the course we have to analyze the well known metasploit payload (linux/x86/bind_shell), so i know which syscalls are necessary. Lets Go:

The picture shows the libemu analyze of the metasploit payload. It seems we need to check the manpages of the syscalls socket, bind, listen and accept.

At first we create a socket:

Okay, next step is binding our port (0x052B is reverseHex for 11013) . The port should easy to change, so i placed a comment 😉

Let’s setup a listener for our connection:

After this we have to accept the incomming connection:

Now we define the in- and output filediscriptors:

And finally our holy shell execution 😉

Okay lets try it.

Great, we build a shellcode to bind a port in Assembly from the scratch and it works 😂

 

This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification:
http://securitytube-training.com/online-courses/securitytube-linux-assembly-expert/

Student ID: SLAE-1036

Sie sehen gerade einen Platzhalterinhalt von Facebook. Um auf den eigentlichen Inhalt zuzugreifen, klicken Sie auf die Schaltfläche unten. Bitte beachten Sie, dass dabei Daten an Drittanbieter weitergegeben werden.

Mehr Informationen

Ähnliche Beiträge

Welcome back to my second post for the SLAE certification. Today we are going to build a reverse_shell shellcode and [...]

9. Oktober 2017

Ready for the next level? – Method to exploit software even with small space for shellcode: EggHunting The third task [...]

9. Oktober 2017

Hey ho, it’s time for some low-level shellcode encoding. After going through the encoder examples of the SLAE material i [...]

9. Oktober 2017

Got time to read? This tasks was a bigger one. We have to pick 3 random metasploit payloads and analyze [...]

9. Oktober 2017