ASM Polymorphic shellcode (SLAE x86 Assignment #6)

Introduction

This is assignment #6 of the SLAE x86 Exam objectives.

Objectives

  • Take up 3 shellcodes from Shell-Storm and create polymorphic versions of them to beat pattern matching
  • The polymorphic versions cannot be larger than 150% of the existing shellcode
    • Bonus points for making it shorter in length than original
Continue reading “ASM Polymorphic shellcode (SLAE x86 Assignment #6)”

ASM Shellcode analysis (SLAE x86 Assignment #5)

Introduction

This is assignment #5 of the SLAE x86 Exam objectives.

Objectives

  • Take up at least 3 shellcode samples created using msfvenom for linux/x86
  • Use GDB/Ndisasm/Libemu to dissect the functionality of the shellcode
  • Present your analysis
Continue reading “ASM Shellcode analysis (SLAE x86 Assignment #5)”

ASM Encoder (SLAE x86 Assignment #4)

Introduction

This is assignment #4 of the SLAE x86 Exam objectives.

Objectives

  • Create a custom encoding scheme like the “Insertion Encoder” we showed you
  • PoC with using execve-­stack as the shellcode to encode with your schema and execute

Notice

At the time of writing this I already had a shellcode published on packetstorm and exploit-db which could serve as a solution to the exercise, but for completeness of this blog post and to avoid explaining the fstenv technique for clarity purposes.

Continue reading “ASM Encoder (SLAE x86 Assignment #4)”

ASM Egghunter (SLAE x86 Assignment #3)

Introduction

This is assignment #3 of the SLAE x86 Exam objectives.

Objectives

  • Study about the Egg Hunter shellcode
  • Create a working demo of the Egghunter
  • Should be configurable for different payloads
Continue reading “ASM Egghunter (SLAE x86 Assignment #3)”

ASM TCP Reverse Shell (SLAE x86 Assignment #2)

Introduction

This is assignment #2 of the SLAE x86 Exam objectives.

Objectives

  • Crate a Shell_Reverse_TCP shellcode
    • Reverse connects to configured IP and port
    • Execs Shell on successful connection
  • IP and Port number should be easily configurable
Continue reading “ASM TCP Reverse Shell (SLAE x86 Assignment #2)”

C: changing shellcode bytes at the middle (or at shellcode offset)

The Problem

While writing a bindshell shellcode for the SLAE32 course Assignment #1, which will be described in details another blog post, there was an interesting issue while coding the C program. As the exercise required some flexibility on passing the port as an argument, the issue was that there is not a direct way to alter the 2 bytes of shellcode in C, so if you are looking for a way to change some bytes at the middle or at an offset of your shellcode the solution follows below.



Continue reading “C: changing shellcode bytes at the middle (or at shellcode offset)”