Thursday, October 12, 2017

SLAE64 Exam - Assignment 3 of 7 (Egghunter Shellcode)

This post is the third of 7 exam assignments of the Pentester Academy's x86/64 Assembly and Shellcoding on Linux.

SLAE64 - 1501

Success in these 7 assignments results in the Pentester Academy's SLAE64 certification.

http://www.securitytube-training.com/online-courses/x8664-assembly-and-shellcoding-on-linux/index.html


Task:
  • Study about the Egg Hunter shellcode
  • Create a working demo of the Egghunter
  • Should be configurable for different payload
I started with @Blu3Gl0w13's nasm and mades some minor edits.  That nasm is here.

After compiling, linking, checking for null bytes, and testing I extracted its opcode and put in in the egghunter section of eggshellcode.c




I used extracted op code from the the execve-stack.nasm for the payload portion of the shellcode.



I compiled it with the following gcc command:


 $ gcc -fno-stack-protector -z execstack eggshellcode.c -o eggshellcode


Then, I executed it.  It worked.  Yay.

Files:

No comments:

Post a Comment