SLAE64 - 1501
Success in these 7 assignments results in the Pentester Academy's SLAE64 certification.
http://www.securitytube-training.com/online-courses/x8664-assembly-and-shellcoding-on-linux/index.html
All 3 files used in this assignment are here:
https://github.com/clubjk/SLAE64-3/tree/master/exam/polymorphic
Assignment:
- Take up to 3 shell codes from Shell-Storm and create polymorphic versions of them to beat pattern matching
- The polymorphic versions cannot be larger than 150% of the existing shellcode
- Bonus points for making it shorter in length than original
I took the nasm file from the above link, nasm-compiled and linked it. Used a modified objdump command to extract its shellcode.
I pasted the shellcode into the shellcode.c template.
$ gcc -fno-stack-protector -z execstack
shellcode1.c -o shellcode1
I executed the shellcode, confirmed that it executed "cat /etc/passwd", and noted it's size (82 bytes).
Polymorphic version of the original nasm
I made the following modifications to the original nasm to create a polymorphic version to evade pattern matching:
(did this in each of the four "xor rax, rax" commands.
I did the same thing for a "xor rdx, rdx" command.
I nasm compiled and linked it, then extracted its shellcode and pasted into the shellcode.c template.
I executed it, confirmed that it executed "cat /etc/passwd" and noted it had 97 bytes.
http://shell-storm.org/shellcode/files/shellcode-603.php - ("execve /bin/sh") (30 bytes)
I created a binary based upon the above shellcode, then a shellcode binary and executed it.
Then I created a polymorphic version of its nasm with the following edits.
Then I created shellcode from this nasm and executed it.
I confirmed that it executed "execve /bin/sh" as the original did and that it's size was 56 bytes.
http://shell-storm.org/shellcode/files/shellcode-896.php - (add "127.1.1.1 google.lk" to /etc/hosts) (113 bytes)
I made the following edits in 3.nasm.
I executed the new version of the shellcode, saw that it added the line to /etc/hosts, and that it's size was 133 bytes.
Test results:
Files used in this assignment:
1.nasm
1poly.nasm
shellcode1.c
shellcode1poly.c
2.nasm
2poly.nasm
shellcode2.c
shellcode2poly.c
3.nasm
3poly.nasm
shellcode3.c
shellcode3poly.c
No comments:
Post a Comment