Free call

SLAE Assignment #6 | Polymorphing Shellcodes

10. October 2017

This task (pick up 3 shellcodes from Shell-Storm and use polymorphism to beat pattern matching) sounds really sophisticated but you will see it’s a very handy way for AV evasion for your shellcode. Check my github account for the files.

We have to pick three random shellcodes from shell-storm.

  1. /bin/sh
  2. /bin/sh -c “ping localhost”
  3. chmod 0777 /etc/shadow

Shell

Source

Just changed 0x68732f2f (“hs//”) & 0x6e69622f(“nib/”) into 0x68732f6e (“hs/n“)& 0x69622f2f (“ib//“) 😉

original code morphed code

Ping localhost

Source

Adding some slashes.

original code morphed code

Chmod shadow

Source

Little math to hide the well known hexcode for “adow” 😛

original code morphed code

Playing around with registers and thinking creatively was very funny.

 

This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification:
http://securitytube-training.com/online-courses/securitytube-linux-assembly-expert/

Student ID: SLAE-1036

Similar posts

SLAE Assignment #1 | TCP Bind_Shell

After gaining my OSCP in June I decided to go deeper into exploitDev and shellcoding And here we are this [...]

Read more

9. October 2017

SLAE Assignment #2 | TCP Reverse_Shell

Welcome back to my second post for the SLAE certification Today we are going to build a reverse shell shellcode [...]

Weiterlesen

9. October 2017

SLAE Assignment #3 | x86 EggHunting

Ready for the next level 8211 Method to exploit software even with small space for shellcode EggHunting The third task [...]

Read more

9. October 2017

SLAE Assignment #4 | Custom Shellcode Encoder

Hey ho it 8217 s time for some low level shellcode encoding After going through the encoder examples of the [...]

Weiterlesen

9. October 2017