danielsauder

Assignment five is about analyzing three different shellcodes, created with msfpayload for Linux/x86. linux/x86/exec I choosed the linux/x86/exec shellcode as first example. With: $ msfpayload linux/x86/exec cmd=”ls” R | ndisasm -u – it is possible to disassemble the shellcode: 00000000 6A0B push byte +0xb 00000002 58 pop eax 00000003 99 cdq 00000004 52 push edx…

This one is about building a custom encoder and decoder. For this I used an insertion / XOR encoder, that splits the shellcode into bytes and inserts a random value. Further the shellcode is decoded using xor with the random value. This way, we have a shellcode, that has nothing to do with the original…

This assignment is about writing a working demo of an egghunter. An egghunter code is basically a piece of code that is searching for a code word (the egg) in the memory. When the egg was found, the egghunter code jumps to the address behind the egg and executes the code at this address. For…

What it is about: •  Create a Shell_Reverse_TCP shellcode – Reverse connects to configured IP and Port – Execs shell on successful connection •  IP and Port should be easily configurable Here is the C code I used for prototyping the assembler code: reverseshellds.c #include <unistd.h> #include <string.h> #include <sys/socket.h> #include <netinet/in.h> #include <arpa/inet.h> int main(void) {…

What it is about: •  Create a Shell_Bind_TCP shellcode – Binds to a port – Execs Shell on incoming connection •  Port number should be easily configurable Here is the C code for the bind shell, I used it for modelling the assembler code: bindshellds.c #include <unistd.h> #include <string.h> #include <sys/socket.h> #include <netinet/in.h> #include <arpa/inet.h> int main(void)…

This blog was created mainly for my SLAE certification. More profiles: Blog in german Twitter Xing profile GIT