Club JK / jkcybersecurity: SLAE64 Exam - Assignment 3 of 7 (Egghunter Shellcode)

Thursday, October 12, 2017

SLAE64 Exam - Assignment 3 of 7 (Egghunter Shellcode)

This post is the third of 7 exam assignments of the Pentester Academy's x86/64 Assembly and Shellcoding on Linux.

SLAE64 - 1501

Success in these 7 assignments results in the Pentester Academy's SLAE64 certification.

http://www.securitytube-training.com/online-courses/x8664-assembly-and-shellcoding-on-linux/index.html

Task:

Study about the Egg Hunter shellcode
Create a working demo of the Egghunter
Should be conﬁgurable for diﬀerent payload

I started with @Blu3Gl0w13's nasm and mades some minor edits. That nasm is here.

After compiling, linking, checking for null bytes, and testing I extracted its opcode and put in in the egghunter section of eggshellcode.c

I used extracted op code from the the execve-stack.nasm for the payload portion of the shellcode.

I compiled it with the following gcc command:

$ gcc -fno-stack-protector -z execstack eggshellcode.c -o eggshellcode

Then, I executed it. It worked. Yay.

Files:

execve-stack.nasm

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)