{"id":7369,"date":"2017-10-09T08:41:11","date_gmt":"2017-10-09T06:41:11","guid":{"rendered":"https:\/\/hansesecure.de\/2017\/10\/slae-assignment-1-tcp-bind_shell\/"},"modified":"2017-10-09T08:41:11","modified_gmt":"2017-10-09T06:41:11","slug":"slae-assignment-1-tcp-bind_shell","status":"publish","type":"post","link":"https:\/\/hansesecure.de\/en\/2017\/10\/slae-assignment-1-tcp-bind_shell\/","title":{"rendered":"SLAE Assignment #1 | TCP Bind_Shell"},"content":{"rendered":"

After gaining my OSCP<\/a> in June I decided to go deeper into exploitDev and shellcoding.
\nAnd here we are, this is the first of seven posts for the SLAE certification. Addidionally you can find all files on my github<\/a> account.<\/p>\n

Building a bind_shell shellcode is the first task.<\/p>\n

In an exercise of the course we have to analyze the well known metasploit payload (linux\/x86\/bind_shell), so i know which syscalls are necessary. Lets Go:\"\"<\/a><\/p>\n

The picture shows the libemu<\/a> analyze of the metasploit payload. It seems we need to check the manpages of the syscalls socket<\/em>, bind<\/em>, listen<\/em> and accept<\/em>.<\/p>\n

At first we create a socket:<\/p>\n

\"\"<\/a><\/p>\n

Okay, next step is binding our port (0x052B is reverseHex for 11013) . The port should be easy to change, so i placed a comment \ud83d\ude09<\/p>\n

\"\"<\/a>Let’s setup a listener for our connection:<\/p>\n

\"\"<\/a>After this we have to accept the incomming connection:<\/p>\n

\"\"<\/a>Now we define the in- and output filediscriptors:<\/p>\n

\"\"<\/a>And finally our holy shell execution \ud83d\ude09<\/p>\n

\"\"<\/a><\/p>\n

Okay lets try it.<\/p>\n

\"\"<\/a><\/p>\n

Great, we build a shellcode to bind a port in assembly from the scratch and it works \ud83d\ude02<\/p>\n

 <\/p>\n

This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification:
\nhttp:\/\/securitytube-training.com\/online-courses\/securitytube-linux-assembly-expert\/<\/a><\/p>\n

Student ID: SLAE-1036<\/p>\n","protected":false},"excerpt":{"rendered":"

After gaining my OSCP in June I decided to go deeper into exploitDev and shellcoding. And here we are, this is the first of seven posts for the SLAE certification. Addidionally you can find all files on my github account. Building a bind_shell shellcode is the first task. In an exercise of the course we […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[257],"tags":[269,270,266,271],"class_list":["post-7369","post","type-post","status-publish","format-standard","hentry","category-deep-dive-techniques","tag-assembler-en","tag-linux-en-2","tag-migration-en","tag-slae-en-2"],"acf":[],"yoast_head":"\nSLAE Assignment #1 | TCP Bind_Shell – HanseSecure GmbH<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hansesecure.de\/en\/2017\/10\/slae-assignment-1-tcp-bind_shell\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SLAE Assignment #1 | TCP Bind_Shell – HanseSecure GmbH\" \/>\n<meta property=\"og:description\" content=\"After gaining my OSCP in June I decided to go deeper into exploitDev and shellcoding. And here we are, this is the first of seven posts for the SLAE certification. Addidionally you can find all files on my github account. Building a bind_shell shellcode is the first task. In an exercise of the course we […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hansesecure.de\/en\/2017\/10\/slae-assignment-1-tcp-bind_shell\/\" \/>\n<meta property=\"og:site_name\" content=\"HanseSecure GmbH\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/facebook.com\/hansesecure\" \/>\n<meta property=\"article:published_time\" content=\"2017-10-09T06:41:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/hansesecure.de\/wp-banane\/uploads\/2017\/10\/slae_1_bindMetaShell-300x248.jpg\" \/>\n<meta name=\"author\" content=\"HanseSecure\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberWarship\" \/>\n<meta name=\"twitter:site\" content=\"@CyberWarship\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"HanseSecure\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2017\\\/10\\\/slae-assignment-1-tcp-bind_shell\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2017\\\/10\\\/slae-assignment-1-tcp-bind_shell\\\/\"},\"author\":{\"name\":\"HanseSecure\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#\\\/schema\\\/person\\\/6ec6ef4887ff2fc97a14f1a7f390f593\"},\"headline\":\"SLAE Assignment #1 | TCP Bind_Shell\",\"datePublished\":\"2017-10-09T06:41:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2017\\\/10\\\/slae-assignment-1-tcp-bind_shell\\\/\"},\"wordCount\":218,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2017\\\/10\\\/slae-assignment-1-tcp-bind_shell\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/hansesecure.de\\\/wp-banane\\\/uploads\\\/2017\\\/10\\\/slae_1_bindMetaShell-300x248.jpg\",\"keywords\":[\"Assembler\",\"Linux\",\"Migration\",\"SLAE\"],\"articleSection\":[\"Deep Dive Techniques\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hansesecure.de\\\/en\\\/2017\\\/10\\\/slae-assignment-1-tcp-bind_shell\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2017\\\/10\\\/slae-assignment-1-tcp-bind_shell\\\/\",\"url\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2017\\\/10\\\/slae-assignment-1-tcp-bind_shell\\\/\",\"name\":\"SLAE Assignment #1 | TCP Bind_Shell – HanseSecure GmbH\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2017\\\/10\\\/slae-assignment-1-tcp-bind_shell\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2017\\\/10\\\/slae-assignment-1-tcp-bind_shell\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/hansesecure.de\\\/wp-banane\\\/uploads\\\/2017\\\/10\\\/slae_1_bindMetaShell-300x248.jpg\",\"datePublished\":\"2017-10-09T06:41:11+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2017\\\/10\\\/slae-assignment-1-tcp-bind_shell\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hansesecure.de\\\/en\\\/2017\\\/10\\\/slae-assignment-1-tcp-bind_shell\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2017\\\/10\\\/slae-assignment-1-tcp-bind_shell\\\/#primaryimage\",\"url\":\"https:\\\/\\\/hansesecure.de\\\/wp-banane\\\/uploads\\\/2017\\\/10\\\/slae_1_bindMetaShell-300x248.jpg\",\"contentUrl\":\"https:\\\/\\\/hansesecure.de\\\/wp-banane\\\/uploads\\\/2017\\\/10\\\/slae_1_bindMetaShell-300x248.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2017\\\/10\\\/slae-assignment-1-tcp-bind_shell\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Startseite\",\"item\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SLAE Assignment #1 | TCP Bind_Shell\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/\",\"name\":\"HanseSecure GmbH\",\"description\":\"Choose the Intruder\",\"publisher\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#organization\",\"name\":\"HanseSecure GmbH\",\"url\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hansesecure.de\\\/wp-content\\\/uploads\\\/2023\\\/05\\\/cropped-000-LOGO-intensiv-schwarz-rot-HanseSecure_LOGO_CTI_Vektor_rotes_H11806.png\",\"contentUrl\":\"https:\\\/\\\/hansesecure.de\\\/wp-content\\\/uploads\\\/2023\\\/05\\\/cropped-000-LOGO-intensiv-schwarz-rot-HanseSecure_LOGO_CTI_Vektor_rotes_H11806.png\",\"width\":512,\"height\":512,\"caption\":\"HanseSecure GmbH\"},\"image\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/facebook.com\\\/hansesecure\",\"https:\\\/\\\/x.com\\\/CyberWarship\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/hansesecure\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UCAABbKOA_stDFkEKS3MSF7Q\",\"https:\\\/\\\/www.instagram.com\\\/hansesecure\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#\\\/schema\\\/person\\\/6ec6ef4887ff2fc97a14f1a7f390f593\",\"name\":\"HanseSecure\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/58fe26b2270315f2ab1268b229465b72c497c86aac3696aaaf2e629ae4e4f0af?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/58fe26b2270315f2ab1268b229465b72c497c86aac3696aaaf2e629ae4e4f0af?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/58fe26b2270315f2ab1268b229465b72c497c86aac3696aaaf2e629ae4e4f0af?s=96&d=mm&r=g\",\"caption\":\"HanseSecure\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SLAE Assignment #1 | TCP Bind_Shell – HanseSecure GmbH","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hansesecure.de\/en\/2017\/10\/slae-assignment-1-tcp-bind_shell\/","og_locale":"en_US","og_type":"article","og_title":"SLAE Assignment #1 | TCP Bind_Shell – HanseSecure GmbH","og_description":"After gaining my OSCP in June I decided to go deeper into exploitDev and shellcoding. And here we are, this is the first of seven posts for the SLAE certification. Addidionally you can find all files on my github account. Building a bind_shell shellcode is the first task. In an exercise of the course we […]","og_url":"https:\/\/hansesecure.de\/en\/2017\/10\/slae-assignment-1-tcp-bind_shell\/","og_site_name":"HanseSecure GmbH","article_publisher":"https:\/\/facebook.com\/hansesecure","article_published_time":"2017-10-09T06:41:11+00:00","og_image":[{"url":"https:\/\/hansesecure.de\/wp-banane\/uploads\/2017\/10\/slae_1_bindMetaShell-300x248.jpg","type":"","width":"","height":""}],"author":"HanseSecure","twitter_card":"summary_large_image","twitter_creator":"@CyberWarship","twitter_site":"@CyberWarship","twitter_misc":{"Written by":"HanseSecure","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hansesecure.de\/en\/2017\/10\/slae-assignment-1-tcp-bind_shell\/#article","isPartOf":{"@id":"https:\/\/hansesecure.de\/en\/2017\/10\/slae-assignment-1-tcp-bind_shell\/"},"author":{"name":"HanseSecure","@id":"https:\/\/hansesecure.de\/en\/#\/schema\/person\/6ec6ef4887ff2fc97a14f1a7f390f593"},"headline":"SLAE Assignment #1 | TCP Bind_Shell","datePublished":"2017-10-09T06:41:11+00:00","mainEntityOfPage":{"@id":"https:\/\/hansesecure.de\/en\/2017\/10\/slae-assignment-1-tcp-bind_shell\/"},"wordCount":218,"commentCount":0,"publisher":{"@id":"https:\/\/hansesecure.de\/en\/#organization"},"image":{"@id":"https:\/\/hansesecure.de\/en\/2017\/10\/slae-assignment-1-tcp-bind_shell\/#primaryimage"},"thumbnailUrl":"https:\/\/hansesecure.de\/wp-banane\/uploads\/2017\/10\/slae_1_bindMetaShell-300x248.jpg","keywords":["Assembler","Linux","Migration","SLAE"],"articleSection":["Deep Dive Techniques"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hansesecure.de\/en\/2017\/10\/slae-assignment-1-tcp-bind_shell\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hansesecure.de\/en\/2017\/10\/slae-assignment-1-tcp-bind_shell\/","url":"https:\/\/hansesecure.de\/en\/2017\/10\/slae-assignment-1-tcp-bind_shell\/","name":"SLAE Assignment #1 | TCP Bind_Shell – HanseSecure GmbH","isPartOf":{"@id":"https:\/\/hansesecure.de\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/hansesecure.de\/en\/2017\/10\/slae-assignment-1-tcp-bind_shell\/#primaryimage"},"image":{"@id":"https:\/\/hansesecure.de\/en\/2017\/10\/slae-assignment-1-tcp-bind_shell\/#primaryimage"},"thumbnailUrl":"https:\/\/hansesecure.de\/wp-banane\/uploads\/2017\/10\/slae_1_bindMetaShell-300x248.jpg","datePublished":"2017-10-09T06:41:11+00:00","breadcrumb":{"@id":"https:\/\/hansesecure.de\/en\/2017\/10\/slae-assignment-1-tcp-bind_shell\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hansesecure.de\/en\/2017\/10\/slae-assignment-1-tcp-bind_shell\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hansesecure.de\/en\/2017\/10\/slae-assignment-1-tcp-bind_shell\/#primaryimage","url":"https:\/\/hansesecure.de\/wp-banane\/uploads\/2017\/10\/slae_1_bindMetaShell-300x248.jpg","contentUrl":"https:\/\/hansesecure.de\/wp-banane\/uploads\/2017\/10\/slae_1_bindMetaShell-300x248.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/hansesecure.de\/en\/2017\/10\/slae-assignment-1-tcp-bind_shell\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Startseite","item":"https:\/\/hansesecure.de\/en\/"},{"@type":"ListItem","position":2,"name":"SLAE Assignment #1 | TCP Bind_Shell"}]},{"@type":"WebSite","@id":"https:\/\/hansesecure.de\/en\/#website","url":"https:\/\/hansesecure.de\/en\/","name":"HanseSecure GmbH","description":"Choose the Intruder","publisher":{"@id":"https:\/\/hansesecure.de\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hansesecure.de\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hansesecure.de\/en\/#organization","name":"HanseSecure GmbH","url":"https:\/\/hansesecure.de\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hansesecure.de\/en\/#\/schema\/logo\/image\/","url":"https:\/\/hansesecure.de\/wp-content\/uploads\/2023\/05\/cropped-000-LOGO-intensiv-schwarz-rot-HanseSecure_LOGO_CTI_Vektor_rotes_H11806.png","contentUrl":"https:\/\/hansesecure.de\/wp-content\/uploads\/2023\/05\/cropped-000-LOGO-intensiv-schwarz-rot-HanseSecure_LOGO_CTI_Vektor_rotes_H11806.png","width":512,"height":512,"caption":"HanseSecure GmbH"},"image":{"@id":"https:\/\/hansesecure.de\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/facebook.com\/hansesecure","https:\/\/x.com\/CyberWarship","https:\/\/www.linkedin.com\/company\/hansesecure","https:\/\/www.youtube.com\/channel\/UCAABbKOA_stDFkEKS3MSF7Q","https:\/\/www.instagram.com\/hansesecure\/"]},{"@type":"Person","@id":"https:\/\/hansesecure.de\/en\/#\/schema\/person\/6ec6ef4887ff2fc97a14f1a7f390f593","name":"HanseSecure","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/58fe26b2270315f2ab1268b229465b72c497c86aac3696aaaf2e629ae4e4f0af?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/58fe26b2270315f2ab1268b229465b72c497c86aac3696aaaf2e629ae4e4f0af?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/58fe26b2270315f2ab1268b229465b72c497c86aac3696aaaf2e629ae4e4f0af?s=96&d=mm&r=g","caption":"HanseSecure"}}]}},"_links":{"self":[{"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/posts\/7369","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/comments?post=7369"}],"version-history":[{"count":0,"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/posts\/7369\/revisions"}],"wp:attachment":[{"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/media?parent=7369"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/categories?post=7369"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/tags?post=7369"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}