Thursday, October 12, 2017

SLAE64 Exam - Assignment 3 of 7 (Egghunter Shellcode)

This post is the third of 7 exam assignments of the Pentester Academy's x86/64 Assembly and Shellcoding on Linux.

SLAE64 - 1501

Success in these 7 assignments results in the Pentester Academy's SLAE64 certification.

  • Study about the Egg Hunter shellcode
  • Create a working demo of the Egghunter
  • Should be configurable for different payload
I started with @Blu3Gl0w13's nasm and mades some minor edits.  That nasm is here.

After compiling, linking, checking for null bytes, and testing I extracted its opcode and put in in the egghunter section of eggshellcode.c

I used extracted op code from the the execve-stack.nasm for the payload portion of the shellcode.

I compiled it with the following gcc command:

 $ gcc -fno-stack-protector -z execstack eggshellcode.c -o eggshellcode

Then, I executed it.  It worked.  Yay.


No comments:

Post a Comment