SLAE Assignment #1 | TCP Bind_Shell

After gaining my OSCP in June i decided to go deeper into exploitDev and shellcoding.
And here we are, this is the first of seven posts for the SLAE certification. Addidionally you can find all files on my github account.

Building a bind_shell shellcode is the first task.

In an exercise of the course we have to analyze the well known metasploit payload (linux/x86/bind_shell), so i know which syscalls are necessary. Lets Go:

The picture shows the libemu analyze of the metasploit payload. It seems we need to check the manpages of the syscalls socket, bind, listen and accept.

At first we create a socket:

Okay, next step is binding our port (0x052B is reverseHex for 11013) . The port should easy to change, so i placed a comment 😉

Let’s setup a listener for our connection:

After this we have to accept the incomming connection:

Now we define the in- and output filediscriptors:

And finally our holy shell execution 😉

Okay lets try it.

Great, we build a shellcode to bind a port in Assembly from the scratch and it works 😂

 

This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification:
http://securitytube-training.com/online-courses/securitytube-linux-assembly-expert/

Student ID: SLAE-1036