Shellcoding on linux
Shellcoding on linux is relatively easier to start than shellcoding on windows. There are a few things to know before getting started.
1. Whats the purpose of the shellcode? Shellcode is usually a small program performing a simple task. e.g. Add an administrative user to compromised system.
2. Syscall number or numbers you need to use. The number is placed in eax. Syscall number list
3. Which other registers are required? e.g. for a simple exit shellcode ebx is required to be a 0 and eax requires the syscall 1.
4. Style of assembly programming. At&t or intel e.g. At&t uses instruction source, destination and intel uses instruction destination, source.
5. Tools: Nasm, ld, and objdump. e.g. Compiling file shellcode.asm using nasm would be “nasm -f elf shellcode.asm”.
linking the shellcode.o file created by nasm would be “ld shellcode.o -o shellcode”.
Dumping opcodes for use in your shellcode would be “objdump -d shellcode”. The middle section of opcodes would be placed together in a “\x00\x00” format.
6. Eliminate null bytes from your opcodes. Null bytes are two 0s and prematurely terminate the shellcode. e.g. (intel syntax) instead of mov eax,1 use mov al,1(use the 8bit part of eax) or push byte 1 and pop eax. Instead of mov ebx,0 use xor ebx,ebx.
- @PertoDK @packetu @brandoncarroll @kmcnam1 @iggdawg @PolskiSergey Its def the modem. We had them swapped out at oth… twitter.com/i/web/status/9… 3 days ago
- @PertoDK @packetu @brandoncarroll @kmcnam1 @iggdawg @PolskiSergey Was hoping maybe there was a secret tac way to get it accomplished. :-/ 3 days ago
- @PertoDK @packetu @brandoncarroll @kmcnam1 @iggdawg @PolskiSergey Asa w/fp services. ASA5506 at each of the sites.… twitter.com/i/web/status/9… 3 days ago
- @PertoDK @packetu @brandoncarroll @kmcnam1 @iggdawg @PolskiSergey Yea some how scp the config from fpm to the modul… twitter.com/i/web/status/9… 3 days ago
- @packetu @brandoncarroll @kmcnam1 @iggdawg @PolskiSergey @PertoDK waiting for them to replace the modems but in the meantime out of sync 3 days ago
- @packetu @brandoncarroll @kmcnam1 @iggdawg @PolskiSergey @PertoDK I have a unique situation with some Comcast sites. Their modems drop ipsec 3 days ago
- An error has occurred; the feed is probably down. Try again later.