SLAE64 - 1501
Success in these 7 assignments results in the Pentester Academy's SLAE64 certification.
http://www.securitytube-training.com/online-courses/x8664-assembly-and-shellcoding-on-linux/index.html
Task:
• Create a custom encoding scheme like the “Insertion Encoder” we showed you
• PoC with using execve-stack as the shellcode to encode with your schema and execute
All files used in this assignment are below:
https://github.com/clubjk/SLAE64-3/tree/master/exam/encoder
I used the execve-stack.nasm that we created in the course and used a xor encoder. Inspected it for null bytes and confirmed there were none.
I extracted its op code using a modified objdump command.
I pasted the opcode in a xor encoding script. That script is here.
I executed the script and it outputted xor encoded opcode.
Then I pasted the encoded opcode in a xor decoder nasm script. That script is here.
After doing a nasm compile and link, I checked for null bytes using the objdump command.
I extracted the opcode using a modified objdump command.
Then, I pasted the opcode in the shellcode.c template.
I compiled shellcode.c using the following command:
• Create a custom encoding scheme like the “Insertion Encoder” we showed you
• PoC with using execve-stack as the shellcode to encode with your schema and execute
All files used in this assignment are below:
https://github.com/clubjk/SLAE64-3/tree/master/exam/encoder
I used the execve-stack.nasm that we created in the course and used a xor encoder. Inspected it for null bytes and confirmed there were none.
I extracted its op code using a modified objdump command.
I pasted the opcode in a xor encoding script. That script is here.
I executed the script and it outputted xor encoded opcode.
Then I pasted the encoded opcode in a xor decoder nasm script. That script is here.
After doing a nasm compile and link, I checked for null bytes using the objdump command.
I extracted the opcode using a modified objdump command.
Then, I pasted the opcode in the shellcode.c template.
I compiled shellcode.c using the following command:
$ gcc -fno-stack-protector -z execstack
shellcode.c -o shellcode
Then I executed the shellcode binary. It worked. Yay.
File used in this assignment:
No comments:
Post a Comment