Friday, October 13, 2017

SLAE64 Exam - Assignment 4 of 7 (Custom Encoder Shellcode)

This post is the fourth of 7 exam assignments of the Pentester Academy's x86/64 Assembly and Shellcoding on Linux.

SLAE64 - 1501

Success in these 7 assignments results in the Pentester Academy's SLAE64 certification.

http://www.securitytube-training.com/online-courses/x8664-assembly-and-shellcoding-on-linux/index.html


Task:
• Create a custom encoding scheme like the “Insertion Encoder” we showed you
• PoC with using execve-stack as the shellcode to encode with your schema and execute 

All files used in this assignment are below:
https://github.com/clubjk/SLAE64-3/tree/master/exam/encoder


I used the execve-stack.nasm that we created in the course and used a xor encoder.  Inspected it for null bytes and confirmed there were none.



I extracted its op code using a modified objdump command.




I pasted the opcode in a xor encoding script.  That script is here.





I executed the script and it outputted xor encoded opcode.



Then I pasted the encoded opcode in a xor decoder nasm script.  That script is here.




After doing a nasm compile and link, I checked for null bytes using the objdump command.



I extracted the opcode using a modified objdump command.



Then, I pasted the opcode in the shellcode.c template.



I compiled shellcode.c using the following command:


$   gcc -fno-stack-protector -z execstack shellcode.c -o shellcode


Then I executed the shellcode binary.  It worked.  Yay.

File used in this assignment:

No comments:

Post a Comment