Skip to main content

Shellcode Analysis x86 - SLAE Assignment 0x5

Before we start , I would like to bring your attention to this SLAE course from securitytube which will help you learn Shellcoding - http://www.securitytube-training.com/online-courses/securitytube-linux-assembly-expert/

We all use metasploit in our daily pentest engagements so let's break-up some of the shellcode comes with metasploit.

Analysis :
 1. linux/x86/chmod
 2. linux/x86/exec
 3. linux/x86/read_file

1. linux/x86/chmod -
 msfvenom -p linux/x86/chmod -f raw | ndisasm -u -
msfvenom -p linux/x86/chmod -f c
msfvenom -p linux/x86/chmod -f raw | sctest -vvv -Ss 100000 -G chmod.dot
dot chmod.dot -Tpng -o chmod.png
 2. linux/x86/exec -
 msfvenom -p linux/x86/exec CMD=ls FILE=tmp.bin -f raw | ndisasm -u -
msfvenom -p linux/x86/exec CMD=ls -f c
msfvenom -p linux/x86/exec CMD=ls FILE=tmp.bin -f raw | /opt/libemu/bin/sctest -vvv -Ss 100000 -G exec.dot
dot exec.dot -Tpng -o exec.png
3. linux/x86/read_file -
msfvenom -p linux/x86/shell/reverse_tcp -f raw | ndisasm -u -



 msfvenom -p linux/x86/shell/reverse_tcp -f c
msfvenom -p linux/x86/shell/reverse_tcp -f raw | /opt/libemu/bin/sctest -vvv -Ss 100000 -G rev.dot
dot  rev.dot -Tpng -o rev.png


 This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification: http://www.securitytube-training.com/online-courses/securitytube-linux-assembly-expert/ 

Student-ID: SLAE-1219

Comments

  1. AnonymousMarch 4, 2022 at 11:37 AM

    Play Blackjack Online For Real Money At JT Sportsbook
    Play blackjack for real money at 서산 출장마사지 JT Sportsbook - No deposit free 오산 출장안마 bet needed. Play casino blackjack 충주 출장마사지 online with JT Sportsbook 나주 출장샵 today 광주광역 출장마사지 for real money on

    ReplyDelete

Post a Comment

Popular posts from this blog

Porting exploits from exploit-db to PowerShell - PSP Assignment 0x5

Before we start I would like to bring your attention to this PSP course from  Pentester Academy   - https://www.pentesteracademy.com/course?id=21 . The course is focused on Powershell scripting which can be used in pentesting activities. ( Image Source - xcart ) Description - A powershell script to exploit WordPress Plugin Is-human 1.4.2 - Remote Command Execution and Lunar CMS 3.3 Unauthenticated Remote Command Execution vulnerability. Exploit DB - 1.  https://www.exploit-db.com/exploits/17299/ 2.  https://www.exploit-db.com/exploits/33867 Script Code - Proof of Concept - The script can be found on my github - https://github.com/hexachordanu/PSP/blob/master/Exploits.ps1 This blog post has been created for completing the requirements of the SecurityTube PowerShell for Penetration Testers Certification Exam https://www.pentesteracademy.com/course?id=21 Student ID: PSP-3250
Post a Comment
Read more

Review of Pentester Academy - Attacking and Defending Active Directory Lab

Few months ago I didn't know what Active Directory is, and why should I care about it and never heard about ACL abuse and all. Although I had attended a BPAD (Breaking and Pwning Active Directory) training which was provided by Nullcon but I was not confident enough to go for this course exam, since my day-today activity involves VAPT stuffs related to Web/Network/Mobile and sometimes basic malware analysis (very basic one :p).  I started doing offshore lab and took help from some friends in understanding few Active Directory concepts. I did many silly mistakes during the lab and learned a lot. Meanwhile I registered for Active Directory Lab Course and got it in a discounted offer for first 50 students of about 11k INR  ( 1 mont lab access) :). Before wasting time any further let's dive into the review. The course -  https://www.pentesteracademy.com/activedirectorylab Certification - Certified Red Team Professional The Course Content  - After paying the c...
4 comments
Read more

Hacking Thick Clients – Authorization Bypass

Hello Readers, This post will be focused on setting up a vulnerable thick client application and finding vulnerabilities. The blog post is an unofficial part of the on going series of post by NetSPI. NetSPI has released a vulnerable thick client app called BetaFast which has two versions - BetaBank and BetaFast based on 2-tier and 3-tier architecture respectively. The app is coded by Austin Altmann  and he is writing the walk-through series. Note: At the time of writing this blog, the walk-through/write-up for authorization bypass vulnerability was yet to be published by NetSPI and therefore I decided to create this blog post. All the credit for developing and maintaining this app goes to Austin and NetSPI team. You can find some of the cool write-ups here . Let's start. Setting up Betafast - 1. Download the files from github -  https://github.com/NetSPI/BetaFast  . 2. Extract and open the...
1 comment
Read more