SLAE Assignment #1 | TCP Bind_Shell

9. October 2017

After gaining my OSCP in June I decided to go deeper into exploitDev and shellcoding.
And here we are, this is the first of seven posts for the SLAE certification. Addidionally you can find all files on my github account.

Building a bind_shell shellcode is the first task.

In an exercise of the course we have to analyze the well known metasploit payload (linux/x86/bind_shell), so i know which syscalls are necessary. Lets Go:

The picture shows the libemu analyze of the metasploit payload. It seems we need to check the manpages of the syscalls socket, bind, listen and accept.

At first we create a socket:

Okay, next step is binding our port (0x052B is reverseHex for 11013) . The port should be easy to change, so i placed a comment 😉

Let’s setup a listener for our connection:

After this we have to accept the incomming connection:

Now we define the in- and output filediscriptors:

And finally our holy shell execution 😉

Okay lets try it.

Great, we build a shellcode to bind a port in assembly from the scratch and it works 😂

 

This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification:
http://securitytube-training.com/online-courses/securitytube-linux-assembly-expert/

Student ID: SLAE-1036

You are currently viewing a placeholder content from Facebook. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.

More Information

Similar posts

Welcome back to my second post for the SLAE certification. Today we are going to build a reverse_shell shellcode and [...]

9. October 2017

Ready for the next level? – Method to exploit software even with small space for shellcode: EggHunting The third task [...]

9. October 2017

Hey ho, it’s time for some low-level shellcode encoding. After going through the encoder examples of the SLAE material I [...]

9. October 2017

Got time to read? This tasks was a bigger one. We have to pick 3 random metasploit payloads and analyze [...]

9. October 2017