Skip to main content

Posts

Showing posts from February, 2017

Assignment 5

This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification." http://securitytube-training.com/online-courses/securitytube-linux-assembly-expert/ Student ID: SLAE64-1434 Target Operating System : 64 bit Linux (x86_64 GNU/Linux) Assignment 5: Take any 3 shellcodes from msfpayload (msfvenom), the 64 bit one for Linux, and then use GDB to disassemble it and dissect its functionality. Document the analysis. The three shellcodes that I have decided to analyze are: linux/x64/shell_bind_tcp_random_port linux/x64/exec linux/x64/shell/reverse_tcp  The First Shellcode I have created my own version of this which I have blogged about here: http://a41l4.blogspot.ca/2017/02/shellrandomlisten1434.html The first shellcode that I will analyze is: linux/x64/shell_bind_tcp_random_port Output the shellcode in a compatible format for the C programming language: msfvenom -p linux/x64/shell_bind_tcp_random_p

ShellRandomListen1434

This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification. http://securitytube-training.com/online-courses/securitytube-linux-assembly-expert/ Student ID: SLAE64-1434 Target Operating System : 64 bit Linux (x86_64 GNU/Linux) GutHub Link : https://github.com/rtaylor777/nasm/blob/master/ShellRandomListen1434.nasm Published : https://www.exploit-db.com/exploits/41468/ Size = 54 bytes NULLS = 0 ShellRandomListen1434.nasm Intro This shellcode when executed will listen on a random port for a connection and when a client connects it will present a /bin/sh shell for the client to interact with. Testing Download : wget https://raw.githubusercontent.com/rtaylor777/nasm/master/ShellRandomListen1434.nasm Assuming you have the NASM assembler ( http://www.nasm.us/ ): Assemble : nasm -felf64 ShellRandomListen1434.nasm -o ShellRandomListen1434.o Link : ld ShellRandomListen1434.o -o ShellRandomListen1434

Assignment 4

This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification." http://securitytube-training.com/online-courses/securitytube-linux-assembly-expert/ Student ID: SLAE64-1434 Target Operating System : 64 bit Linux (x86_64 GNU/Linux)  Assignment 4: Create a custom encoding scheme like the "Insertion Encoder" we showed you. PoC (proof of concept) with execve-stack as the shellcode to encode with your schema and then write the decoder to decode and run it. GitHub Link : https://github.com/rtaylor777/nasm/blob/master/Encode1434.zip Intro Encoders and their corresponding decoders serve more than one purpose. They can be used to remove bad bytes from shellcode. They can be used to disguise the shellcode and hide it from malware scanners. Different types of malware scanners can still detect the encoded shellcode. Because they can have a signature of the decoder. Because they can analyze the behavior o

Assignment 3

This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification." http://securitytube-training.com/online-courses/securitytube-linux-assembly-expert/ Student ID: SLAE64-1434 Target Operating System : 64 bit Linux (x86_64 GNU/Linux) Assignment 3 Study about the Egghunter shellcode.Create a working demo of the Egghunter with different payloads. Should be configurable for different payloads. Egg Hunting The idea behind egg hunting is that sometimes the shellcode that you wish to run will not fit in the available buffer that you wish to overflow. But you are able to fit a much smaller shellcode that has just enough code to search in memory for the larger shellcode. We need a way for the smaller shellcode to identify the larger shellcode in memory and we accomplish that by providing an identifier that we can use to recognize our larger shellcode. This identifier is referred to as the egg and finding it is