Category: SLAE32

SLAE32 – Bonus1, Download file shellcode

I learned a lot during Securitytube Linux Assembly Expert 32-bit course and decided to create a shellcode which downloads a file from the victim machine to the attacker’s machine. I used the same Makefile for the build process I had created earlier. 1. The pseudo code of the shellcode: Create a socket Connect back to…


SLAE32 – Assigment #7, Custom crypter

In the last assignment of Securitytube Linux Assembly Expert 32-bit, I had to create a custom crpyter and test it with the execve-stack shellcode. If we want to avoid AV and IDS systems, we have to transform the shellcode somehow into a non-recognizable format. AV and IDS uses pattern recognition methods to find well-known shellcodes….


SLAE32 – Assigment #6, Polymorphic shellcodes

In the sixth assignment of the Securitytube Linux Assembly Expert 32-bit, I had to create polymorphic versions of three shellcode from the http://shell-storm.org/shellcode/. The three shellcodes I chose are: Linux x86 chmod 666 /etc/passwd & /etc/shadow – 57 bytes Linux/x86 – sends Phuck3d! to all terminals – 60 bytes Linux/x86 iptables –flush 43 bytes Polymorphism means…


SLAE32 – Assigment #5, Analysis of 3 Msfpayload

List of linux/86 related payloads can be viewed with the following command: msfvenom -l payloads | grep linux/x86 I chose the following three payload for analysis: linux/x86/shell/reverse_tcp (two staged) linux/x86/read_file linux/x86/chmod     1. linux/x86/shell/reverse_tcp I decided to analyze the two staged reverse shell. I was always curious how it works. The linux/x86/shell_reverse_tcp is the one-staged version…


SLAE32 – Assigment #4, Custom encoder

The fourth assignment of the Securitytube Linux Assembly Expert 32-bit was to create a custom encoder. The AntiVirus softwares and Intrusion Detection Systems use pattern matching technique to detect and recognize well-known shellcodes. One way to avoid detection is to transform the shellcode into another, unrecognizable format. This process is called encoding. The shellcode should…


SLAE32 – Assigment #3, Egghunter

In the third assignment of the Securitytube Linux Assembly Expert 32-bit certification I had to create a working demo of an egghunter. The egghunter is a small shellcode which searches the virtual address space for a unique pattern. When the unique pattern is found, it jumps to the instruction next to the pattern and starts to execute it. The…


SLAE32 – Assigment #2, Shell_Reverse_TCP

In the second assignment of the Securitytube Linux Assembly Expert 32-bit certification I had to create a Shell_Reverse_TCP shellcode. This is very similar to the Shell_Bind_TCP, although a little bit simpler. I used the same Makefile to ease the build process. 1. The pseudo code of the Shell_Bind_TCP Create a socket Connect to the remote port…


SLAE32 – Assigment #1, Shell_Bind_TCP

In the first assignment of the Securitytube Linux Asssembly Expert 32-bit, I had to create a Shell_Bind_TCP shellcode. As the shellcode development requires lots of repetitive and error prone tasks, I created a Makefile first to make my life easier. The Makefile can: compile the shellcode.asm file run the compiled shellcode debug the shellcode disassemble the…